academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

RHEL Security Vulnerability Test (#270)

Browse Source 
* check for security vulnerabilities on rhel

* import

* check host is red hat

* filepath join

* imports
This commit is contained in:
LPowlett
2019-02-04 10:25:55 +00:00
committed by Arthur Barr
parent df6ce917c2
commit 43676049b7
2 changed files with 47 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/testing.md
View File

@@ -8,6 +8,12 @@ You need to ensure you have the following tools installed:
* [dep](https://github.com/golang/dep) (official Go dependency management tool) - needed to prepare for running the tests * [dep](https://github.com/golang/dep) (official Go dependency management tool) - needed to prepare for running the tests
* [Helm](https://helm.sh) - only needed for running the Kubernetes tests * [Helm](https://helm.sh) - only needed for running the Kubernetes tests
### Prerequisites for testing a RedHat image
If you want to test a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux. You must also have the following tools installed:
* [Yum](http://yum.baseurl.org/) (available in `rhel-7-server-extras`)
* [Buildah](https://buildah.io) (available in `rhel-7-server-extras`)
## Running the tests ## Running the tests
There are two main sets of tests: There are two main sets of tests:

43
test/docker/docker_api_test.go
View File

@@ -34,6 +34,8 @@ import (
"github.com/docker/docker/api/types/network" "github.com/docker/docker/api/types/network"
"github.com/docker/docker/client" "github.com/docker/docker/client"
"github.com/docker/go-connections/nat" "github.com/docker/go-connections/nat"
"github.com/ibm-messaging/mq-container/internal/command"
) )
func TestLicenseNotSet(t *testing.T) { func TestLicenseNotSet(t *testing.T) {
@@ -106,9 +108,9 @@ func goldenPath(t *testing.T, metric bool) {
stopContainer(t, cli, id) stopContainer(t, cli, id)
} }
// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported // TestSecurityVulnerabilitiesUbuntu checks for any vulnerabilities in the image, as reported
// by Ubuntu // by Ubuntu
func TestSecurityVulnerabilities(t *testing.T) { func TestSecurityVulnerabilitiesUbuntu(t *testing.T) {
t.Parallel() t.Parallel()
cli, err := client.NewEnvClient() cli, err := client.NewEnvClient()
if err != nil { if err != nil {
@@ -135,6 +137,43 @@ func TestSecurityVulnerabilities(t *testing.T) {
} }
} }
// TestSecurityVulnerabilitiesRedHat checks for any vulnerabilities in the image, as reported
// by Red Hat
func TestSecurityVulnerabilitiesRedHat(t *testing.T) {
t.Parallel()
cli, err := client.NewEnvClient()
if err != nil {
t.Fatal(err)
}
_, ret, _ := command.Run("bash", "-c", "test -f /etc/redhat-release")
if ret != 0 {
t.Skip("Skipping test because host is not RedHat-based")
}
rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -f /etc/redhat-release")
if rc != 0 {
t.Skip("Skipping test because container is not RedHat-based")
}
id, _, err := command.Run("buildah", "from", imageName())
if err != nil {
t.Fatal(err)
}
id = strings.TrimSpace(id)
defer command.Run("buildah", "rm", id)
mnt, _, err := command.Run("buildah", "mount", id)
if err != nil {
t.Fatal(err)
}
mnt = strings.TrimSpace(mnt)
_, _, err = command.Run("bash", "-c", "cp /etc/yum.repos.d/* "+ filepath.Join(mnt, "/etc/yum.repos.d/"))
if err != nil {
t.Fatal(err)
}
out, ret, _ := command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
if ret != 1{
t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
}
}
func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) { func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) {
search := "QMNAME(" + expectedName + ")" search := "QMNAME(" + expectedName + ")"
cli, err := client.NewEnvClient() cli, err := client.NewEnvClient()