Skip to content

Commit

Permalink
fix dist upgrade statement (#43)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomoyamachi
tomoyamachi authored Jul 11, 2019
1 parent fb6bebb commit 99d1975
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 2 deletions.
26 changes: 24 additions & 2 deletions pkg/assessor/manifest/manifest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,14 +154,14 @@ func assessHistory(index int, cmd types.History) []*types.Assessment {
})
}

if strings.Contains(cmd.CreatedBy, "upgrade") {
if useDistUpgrade(cmdSlices) {
assesses = append(assesses, &types.Assessment{
Type: types.AvoidDistUpgrade,
Filename: "docker config",
Desc: fmt.Sprintf("Avoid upgrade in container : %s", cmd.CreatedBy),
})
}
if strings.Contains(cmd.CreatedBy, "sudo") {
if useSudo(cmdSlices) {
assesses = append(assesses, &types.Assessment{
Type: types.AvoidSudo,
Filename: "docker config",
Expand All @@ -172,6 +172,28 @@ func assessHistory(index int, cmd types.History) []*types.Assessment {
return assesses
}

func useSudo(cmdSlices map[int][]string) bool {
for _, cmdSlice := range cmdSlices {
if containsAll(cmdSlice, []string{"sudo"}) {
return true
}
}
return false

}

func useDistUpgrade(cmdSlices map[int][]string) bool {
for _, cmdSlice := range cmdSlices {
if containsThreshold(cmdSlice, []string{"apt-get", "apt", "apk", "dist-upgrade"}, 2) {
return true
}
if containsThreshold(cmdSlice, []string{"apt-get", "apt", "apk", "upgrade"}, 2) {
return true
}
}
return false
}

func useADDstatement(cmdSlices map[int][]string) bool {
for _, cmdSlice := range cmdSlices {
if containsAll(cmdSlice, []string{"ADD", "in"}) {
Expand Down
36 changes: 36 additions & 0 deletions pkg/assessor/manifest/manifest_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,42 @@ func TestAddStatement(t *testing.T) {
}
}

func TestUseDistUpgrade(t *testing.T) {
var tests = map[string]struct {
cmdSlices map[int][]string
expected bool
}{
"UseUpgrade": {
cmdSlices: map[int][]string{
0: {
"apt-get", "upgrade",
},
},
expected: true,
},
"UseAptUpgrade": {
cmdSlices: map[int][]string{
0: {"apt", "upgrade"},
1: {"addgroup", "--system", "--gid", "101", "nginx"},
},
expected: true,
},
"NoAptUpgrade": {
cmdSlices: map[int][]string{
0: {"pip", "install", "--upgrade", "pip", "setuptools"},
1: {"pip", "install", "upgrade", "pip", "setuptools"},
},
expected: false,
},
}
for testname, v := range tests {
actual := useDistUpgrade(v.cmdSlices)
if actual != v.expected {
t.Errorf("%s want: %t, got %t", testname, v.expected, actual)
}
}
}

func loadImageFromFile(path string) (config types.Image, err error) {
read, err := os.Open(path)
if err != nil {
Expand Down

0 comments on commit 99d1975

Please sign in to comment.