diff --git a/test/docker/docker_api_test.go b/test/docker/docker_api_test.go index 73e6692..0a5a6ab 100644 --- a/test/docker/docker_api_test.go +++ b/test/docker/docker_api_test.go @@ -81,6 +81,31 @@ func TestGoldenPath(t *testing.T) { waitForReady(t, cli, id) } +// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported +// by Ubuntu +func TestSecurityVulnerabilities(t *testing.T) { + cli, err := client.NewEnvClient() + if err != nil { + t.Fatal(err) + } + containerConfig := container.Config{ + // Override the entrypoint to make "apt" only receive security updates, then check for updates + Entrypoint: []string{"bash", "-c", "source /etc/os-release && echo \"deb http://security.ubuntu.com/ubuntu/ ${VERSION_CODENAME}-security main restricted\" > /etc/apt/sources.list && apt-get update 2>&1 >/dev/null && apt-get --simulate -qq upgrade"}, + } + id := runContainer(t, cli, &containerConfig) + defer cleanContainer(t, cli, id) + // rc is the return code from apt-get + rc := waitForContainer(t, cli, id, 10) + if rc != 0 { + t.Fatalf("Expected success, got %v", rc) + } + log := inspectLogs(t, cli, id) + lines := strings.Split(strings.TrimSpace(log), "\n") + if len(lines) > 0 && lines[0] != "" { + t.Errorf("Expected no vulnerabilities, found the following:\n%v", log) + } +} + func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) { search := "QMNAME(" + expectedName + ")" cli, err := client.NewEnvClient() diff --git a/test/docker/docker_api_test_util.go b/test/docker/docker_api_test_util.go index 7258b17..528bc98 100644 --- a/test/docker/docker_api_test_util.go +++ b/test/docker/docker_api_test_util.go @@ -143,11 +143,11 @@ func getCoverageExitCode(t *testing.T, orig int64) int64 { f := filepath.Join(coverageDir(t), "exitCode") _, err := os.Stat(f) if err != nil { - t.Log(err) + //t.Log(err) return orig } // Remove the file, ready for the next test - //defer os.Remove(f) + defer os.Remove(f) buf, err := ioutil.ReadFile(f) if err != nil { t.Log(err)