From f5515d72a3be17c58fc6439e825e3b35400af6e0 Mon Sep 17 00:00:00 2001 From: Arthur Barr Date: Tue, 5 Dec 2017 10:17:31 +0000 Subject: [PATCH] Test for security vulnerabilities --- test/docker/docker_api_test.go | 25 +++++++++++++++++++++++++ test/docker/docker_api_test_util.go | 4 ++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/test/docker/docker_api_test.go b/test/docker/docker_api_test.go index 73e6692..0a5a6ab 100644 --- a/test/docker/docker_api_test.go +++ b/test/docker/docker_api_test.go @@ -81,6 +81,31 @@ func TestGoldenPath(t *testing.T) { waitForReady(t, cli, id) } +// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported +// by Ubuntu +func TestSecurityVulnerabilities(t *testing.T) { + cli, err := client.NewEnvClient() + if err != nil { + t.Fatal(err) + } + containerConfig := container.Config{ + // Override the entrypoint to make "apt" only receive security updates, then check for updates + Entrypoint: []string{"bash", "-c", "source /etc/os-release && echo \"deb http://security.ubuntu.com/ubuntu/ ${VERSION_CODENAME}-security main restricted\" > /etc/apt/sources.list && apt-get update 2>&1 >/dev/null && apt-get --simulate -qq upgrade"}, + } + id := runContainer(t, cli, &containerConfig) + defer cleanContainer(t, cli, id) + // rc is the return code from apt-get + rc := waitForContainer(t, cli, id, 10) + if rc != 0 { + t.Fatalf("Expected success, got %v", rc) + } + log := inspectLogs(t, cli, id) + lines := strings.Split(strings.TrimSpace(log), "\n") + if len(lines) > 0 && lines[0] != "" { + t.Errorf("Expected no vulnerabilities, found the following:\n%v", log) + } +} + func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) { search := "QMNAME(" + expectedName + ")" cli, err := client.NewEnvClient() diff --git a/test/docker/docker_api_test_util.go b/test/docker/docker_api_test_util.go index 7258b17..528bc98 100644 --- a/test/docker/docker_api_test_util.go +++ b/test/docker/docker_api_test_util.go @@ -143,11 +143,11 @@ func getCoverageExitCode(t *testing.T, orig int64) int64 { f := filepath.Join(coverageDir(t), "exitCode") _, err := os.Stat(f) if err != nil { - t.Log(err) + //t.Log(err) return orig } // Remove the file, ready for the next test - //defer os.Remove(f) + defer os.Remove(f) buf, err := ioutil.ReadFile(f) if err != nil { t.Log(err)