Skip to content

Commit

Permalink
feat: bash unit test - adding repo (#101)
Browse files Browse the repository at this point in the history 
* feat: bash unit test - adding repo

* fix: clean dummy data

Co-authored-by: carolina valencia <krol3@users.noreply.github.com>
  • Loading branch information
@krol3
krol3 and krol3 committed Apr 8, 2022
1 parent f39d297 commit 40c4ca9
Show file tree
Hide file tree
Showing 10 changed files with 1,176 additions and 1 deletion.
24 changes: 24 additions & 0 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.25.0
jobs:
build:
name: build
runs-on: ubuntu-20.04
steps:

- name: Setup BATS
uses: mig4/setup-bats@v1
with:
bats-version: 1.2.1

- name: Check out code
uses: actions/checkout@v1

- name: Install Trivy
run: |
curl -sfL https://github.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ env.TRIVY_VERSION }}
- name: Test
run: bats -r .
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
.idea/
*.test
2 changes: 1 addition & 1 deletion entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ done

scanType=$(echo $scanType | tr -d '\r')
export artifactRef="${imageRef}"
if [ "${scanType}" = "fs" ] || [ "${scanType}" = "config" ] || [ "${scanType}" = "rootfs" ];then
if [ "${scanType}" = "repo" ] || [ "${scanType}" = "fs" ] || [ "${scanType}" = "config" ] || [ "${scanType}" = "rootfs" ];then
artifactRef=$(echo $scanRef | tr -d '\r')
fi
input=$(echo $input | tr -d '\r')
Expand Down
8 changes: 8 additions & 0 deletions test/data/config.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
+---------------------------+------------+-----------+----------+------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+-----------+----------+------------------------------------------+
| Dockerfile Security Check | DS002 | root user | HIGH | Specify at least 1 USER |
| | | | | command in Dockerfile with |
| | | | | non-root user as argument |
| | | | | -->avd.aquasec.com/appshield/ds002 |
+---------------------------+------------+-----------+----------+------------------------------------------+
17 changes: 17 additions & 0 deletions test/data/fs.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"SchemaVersion": 2,
"ArtifactName": ".",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
}
}
941 changes: 941 additions & 0 deletions test/data/image-sarif.test
View file

Large diffs are not rendered by default.

107 changes: 107 additions & 0 deletions test/data/image.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
+-------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------+------------------+----------+-------------------+---------------+---------------------------------------+
| curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |
| | | | | | via integer overflow |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-14618 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2018-16839 | | | 7.61.1-r1 | curl: Integer overflow leading |
| | | | | | to heap-based buffer overflow in |
| | | | | | Curl_sasl_create_plain_message() |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16839 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2018-16840 | | | | curl: Use-after-free when closing |
| | | | | | "easy" handle in Curl_close() |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16840 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2018-16842 | | | | curl: Heap-based buffer over-read |
| | | | | | in the curl tool warning formatting |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16842 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |
| | | | | | stack buffer overflow |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3822 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2019-5481 | | | 7.61.1-r3 | curl: double free due to |
| | | | | | subsequent call of realloc() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5481 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5482 |
+-------------+------------------+ +-------------------+---------------+---------------------------------------+
| git | CVE-2018-17456 | | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code |
| | | | | | execution via .gitmodules |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-17456 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2019-1353 | | | 2.15.4-r0 | git: NTFS protections inactive |
| | | | | | when running Git in the |
| | | | | | Windows Subsystem for... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1353 |
+-------------+------------------+ +-------------------+---------------+---------------------------------------+
| libbz2 | CVE-2019-12900 | | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write |
| | | | | | in function BZ2_decompress |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12900 |
+-------------+------------------+ +-------------------+---------------+---------------------------------------+
| libcurl | CVE-2018-16839 | | 7.61.1-r0 | 7.61.1-r1 | curl: Integer overflow leading |
| | | | | | to heap-based buffer overflow in |
| | | | | | Curl_sasl_create_plain_message() |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16839 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2018-16840 | | | | curl: Use-after-free when closing |
| | | | | | "easy" handle in Curl_close() |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16840 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2018-16842 | | | | curl: Heap-based buffer over-read |
| | | | | | in the curl tool warning formatting |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-16842 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |
| | | | | | stack buffer overflow |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3822 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2019-5481 | | | 7.61.1-r3 | curl: double free due to |
| | | | | | subsequent call of realloc() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5481 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5482 |
+-------------+------------------+ +-------------------+---------------+---------------------------------------+
| musl | CVE-2019-14697 | | 1.1.18-r3 | 1.1.18-r4 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment im ...... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14697 |
+-------------+ + + + + +
| musl-utils | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-------------+------------------+ +-------------------+---------------+---------------------------------------+
| sqlite-libs | CVE-2019-8457 | | 3.21.0-r1 | 3.25.3-r1 | sqlite: heap out-of-bound |
| | | | | | read in function rtreenode() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-8457 |
+-------------+------------------+----------+-------------------+---------------+---------------------------------------+
+-----------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------+------------------+----------+-------------------+---------------+---------------------------------------+
| rand_core | CVE-2020-25576 | CRITICAL | 0.4.0 | 0.3.1, 0.4.2 | An issue was discovered |
| | | | | | in the rand_core crate |
| | | | | | before 0.4.2 for Rust.... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25576 |
+-----------+------------------+ +-------------------+---------------+---------------------------------------+
| smallvec | CVE-2019-15551 | | 0.6.9 | 0.6.10 | An issue was discovered |
| | | | | | in the smallvec crate |
| | | | | | before 0.6.10 for Rust.... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15551 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2019-15554 | | | | An issue was discovered |
| | | | | | in the smallvec crate |
| | | | | | before 0.6.10 for Rust.... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15554 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-25900 | | | 0.6.14, 1.6.1 | An issue was discovered |
| | | | | | in the smallvec crate |
| | | | | | before 0.6.14 and 1.x... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-25900 |
+-----------+------------------+----------+-------------------+---------------+---------------------------------------+
17 changes: 17 additions & 0 deletions test/data/repo.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"SchemaVersion": 2,
"ArtifactName": "https://github.com/aquasecurity/trivy-action/",
"ArtifactType": "repository",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
}
}
17 changes: 17 additions & 0 deletions test/data/rootfs.test
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"SchemaVersion": 2,
"ArtifactName": ".",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
}
}
43 changes: 43 additions & 0 deletions test/test.bats
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/usr/bin/env bats

@test "trivy image" {
# trivy image --severity CRITICAL -o image.test knqyf263/vuln-image:1.2.3
./entrypoint.sh '-a image' '-i knqyf263/vuln-image:1.2.3' '-b table' '-h image.test' '-g CRITICAL'
result="$(diff ./test/data/image.test image.test)"
[ "$result" == '' ]
}

@test "trivy image sarif report" {
# trivy image --severity CRITICAL -f sarif -o image-sarif.test knqyf263/vuln-image:1.2.3
./entrypoint.sh '-a image' '-i knqyf263/vuln-image:1.2.3' '-b sarif' '-h image-sarif.test' '-g CRITICAL'
result="$(diff ./test/data/image-sarif.test image-sarif.test)"
[ "$result" == '' ]
}

@test "trivy config" {
# trivy conf -o config.test .
./entrypoint.sh '-a config' '-j .' '-b table' '-h config.test'
result="$(diff ./test/data/config.test config.test)"
[ "$result" == '' ]
}

@test "trivy rootfs" {
# trivy rootfs -o rootfs.test -f json .
./entrypoint.sh '-a rootfs' '-j .' '-b json' '-h rootfs.test'
result="$(diff ./test/data/rootfs.test rootfs.test)"
[ "$result" == '' ]
}

@test "trivy fs" {
# trivy fs -f json -o fs.test .
./entrypoint.sh '-a fs' '-j .' '-b json' '-h fs.test'
result="$(diff ./test/data/fs.test fs.test)"
[ "$result" == '' ]
}

@test "trivy repo" {
# trivy repo -f json -o repo.test --severity CRITICAL https://github.com/aquasecurity/trivy-action/
./entrypoint.sh '-b json' '-h repo.test' '-g CRITICAL' '-a repo' '-j https://github.com/aquasecurity/trivy-action/'
result="$(diff ./test/data/repo.test repo.test)"
[ "$result" == '' ]
}

0 comments on commit 40c4ca9

Please sign in to comment.