From 99d1975410abf3e7d618bec63133ad8b026381ec Mon Sep 17 00:00:00 2001 From: Tomoya Amachi Date: Thu, 11 Jul 2019 23:31:56 +0900 Subject: [PATCH] fix dist upgrade statement (#43) --- pkg/assessor/manifest/manifest.go | 26 +++++++++++++++++-- pkg/assessor/manifest/manifest_test.go | 36 ++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/pkg/assessor/manifest/manifest.go b/pkg/assessor/manifest/manifest.go index ac65458..5c7f244 100644 --- a/pkg/assessor/manifest/manifest.go +++ b/pkg/assessor/manifest/manifest.go @@ -154,14 +154,14 @@ func assessHistory(index int, cmd types.History) []*types.Assessment { }) } - if strings.Contains(cmd.CreatedBy, "upgrade") { + if useDistUpgrade(cmdSlices) { assesses = append(assesses, &types.Assessment{ Type: types.AvoidDistUpgrade, Filename: "docker config", Desc: fmt.Sprintf("Avoid upgrade in container : %s", cmd.CreatedBy), }) } - if strings.Contains(cmd.CreatedBy, "sudo") { + if useSudo(cmdSlices) { assesses = append(assesses, &types.Assessment{ Type: types.AvoidSudo, Filename: "docker config", @@ -172,6 +172,28 @@ func assessHistory(index int, cmd types.History) []*types.Assessment { return assesses } +func useSudo(cmdSlices map[int][]string) bool { + for _, cmdSlice := range cmdSlices { + if containsAll(cmdSlice, []string{"sudo"}) { + return true + } + } + return false + +} + +func useDistUpgrade(cmdSlices map[int][]string) bool { + for _, cmdSlice := range cmdSlices { + if containsThreshold(cmdSlice, []string{"apt-get", "apt", "apk", "dist-upgrade"}, 2) { + return true + } + if containsThreshold(cmdSlice, []string{"apt-get", "apt", "apk", "upgrade"}, 2) { + return true + } + } + return false +} + func useADDstatement(cmdSlices map[int][]string) bool { for _, cmdSlice := range cmdSlices { if containsAll(cmdSlice, []string{"ADD", "in"}) { diff --git a/pkg/assessor/manifest/manifest_test.go b/pkg/assessor/manifest/manifest_test.go index fcba1fe..f84bb09 100644 --- a/pkg/assessor/manifest/manifest_test.go +++ b/pkg/assessor/manifest/manifest_test.go @@ -332,6 +332,42 @@ func TestAddStatement(t *testing.T) { } } +func TestUseDistUpgrade(t *testing.T) { + var tests = map[string]struct { + cmdSlices map[int][]string + expected bool + }{ + "UseUpgrade": { + cmdSlices: map[int][]string{ + 0: { + "apt-get", "upgrade", + }, + }, + expected: true, + }, + "UseAptUpgrade": { + cmdSlices: map[int][]string{ + 0: {"apt", "upgrade"}, + 1: {"addgroup", "--system", "--gid", "101", "nginx"}, + }, + expected: true, + }, + "NoAptUpgrade": { + cmdSlices: map[int][]string{ + 0: {"pip", "install", "--upgrade", "pip", "setuptools"}, + 1: {"pip", "install", "upgrade", "pip", "setuptools"}, + }, + expected: false, + }, + } + for testname, v := range tests { + actual := useDistUpgrade(v.cmdSlices) + if actual != v.expected { + t.Errorf("%s want: %t, got %t", testname, v.expected, actual) + } + } +} + func loadImageFromFile(path string) (config types.Image, err error) { read, err := os.Open(path) if err != nil {