Skip to content

Commit

Permalink
fix tests
Browse files Browse the repository at this point in the history 
Signed-off-by: Simar <simar@linux.com>
  • Loading branch information
@simar7
simar7 committed Jul 16, 2023
1 parent 4be1fb3 commit 970e377
Show file tree
Hide file tree
Showing 7 changed files with 135 additions and 13 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yaml
View file
@@ -1,7 +1,7 @@
name: "build"
on: [push, pull_request]
env:
TRIVY_VERSION: 0.42.1
TRIVY_VERSION: 0.43.1
BATS_LIB_PATH: '/usr/lib/'
jobs:
build:
Expand Down
56 changes: 55 additions & 1 deletion test/data/config-sarif.test
View file
Expand Up @@ -62,9 +62,36 @@
"LOW"
]
}
},
{
"id": "AVD-KSV-01010",
"name": "Misconfiguration",
"shortDescription": {
"text": "ConfigMap with sensitive content"
},
"fullDescription": {
"text": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/misconfig/avd-ksv-01010",
"help": {
"text": "Misconfiguration AVD-KSV-01010\nType: Kubernetes Security Check\nSeverity: HIGH\nCheck: ConfigMap with sensitive content\nMessage: ConfigMap 'foo-config' in 'default' namespace stores sensitive contents in key(s) or value(s) '{\"key\"}'\nLink: [AVD-KSV-01010](https://avd.aquasec.com/misconfig/avd-ksv-01010)\nStoring sensitive content such as usernames and email addresses in configMaps is unsafe",
"markdown": "**Misconfiguration AVD-KSV-01010**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Kubernetes Security Check|HIGH|ConfigMap with sensitive content|ConfigMap 'foo-config' in 'default' namespace stores sensitive contents in key(s) or value(s) '{\"key\"}'|[AVD-KSV-01010](https://avd.aquasec.com/misconfig/avd-ksv-01010)|\n\nStoring sensitive content such as usernames and email addresses in configMaps is unsafe"
},
"properties": {
"precision": "very-high",
"security-severity": "8.0",
"tags": [
"misconfiguration",
"security",
"HIGH"
]
}
}
],
"version": "0.42.1"
"version": "0.43.1"
}
},
"results": [
Expand Down Expand Up @@ -121,6 +148,33 @@
}
}
]
},
{
"ruleId": "AVD-KSV-01010",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Artifact: configmap.yaml\nType: kubernetes\nVulnerability AVD-KSV-01010\nSeverity: HIGH\nMessage: ConfigMap 'foo-config' in 'default' namespace stores sensitive contents in key(s) or value(s) '{\"key\"}'\nLink: [AVD-KSV-01010](https://avd.aquasec.com/misconfig/avd-ksv-01010)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "configmap.yaml",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "configmap.yaml"
}
}
]
}
],
"columnKind": "utf16CodeUnits",
Expand Down
37 changes: 37 additions & 0 deletions test/data/config.test
View file
Expand Up @@ -78,6 +78,43 @@
}
}
]
},
{
"Target": "configmap.yaml",
"Class": "config",
"Type": "kubernetes",
"MisconfSummary": {
"Successes": 140,
"Failures": 1,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Kubernetes Security Check",
"ID": "AVD-KSV-01010",
"AVDID": "AVD-KSV-01010",
"Title": "ConfigMap with sensitive content",
"Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe",
"Message": "ConfigMap 'foo-config' in 'default' namespace stores sensitive contents in key(s) or value(s) '{\"key\"}'",
"Namespace": "builtin.kubernetes.KSV01010",
"Query": "data.builtin.kubernetes.KSV01010.deny",
"Resolution": "Remove sensitive content from configMap data value",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-ksv-01010",
"References": [
"https://avd.aquasec.com/misconfig/avd-ksv-01010"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Kubernetes",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
}
]
}
37 changes: 37 additions & 0 deletions test/data/fs-scheck.test
View file
Expand Up @@ -78,6 +78,43 @@
}
}
]
},
{
"Target": "configmap.yaml",
"Class": "config",
"Type": "kubernetes",
"MisconfSummary": {
"Successes": 140,
"Failures": 1,
"Exceptions": 0
},
"Misconfigurations": [
{
"Type": "Kubernetes Security Check",
"ID": "AVD-KSV-01010",
"AVDID": "AVD-KSV-01010",
"Title": "ConfigMap with sensitive content",
"Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe",
"Message": "ConfigMap 'foo-config' in 'default' namespace stores sensitive contents in key(s) or value(s) '{\"key\"}'",
"Namespace": "builtin.kubernetes.KSV01010",
"Query": "data.builtin.kubernetes.KSV01010.deny",
"Resolution": "Remove sensitive content from configMap data value",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/avd-ksv-01010",
"References": [
"https://avd.aquasec.com/misconfig/avd-ksv-01010"
],
"Status": "FAIL",
"Layer": {},
"CauseMetadata": {
"Provider": "Kubernetes",
"Service": "general",
"Code": {
"Lines": null
}
}
}
]
}
]
}
2 changes: 1 addition & 1 deletion test/data/image-sarif.test
View file
Expand Up @@ -37,7 +37,7 @@
}
}
],
"version": "0.42.1"
"version": "0.43.1"
}
},
"results": [
Expand Down
7 changes: 2 additions & 5 deletions test/data/image-trivyignores.test
View file
Expand Up @@ -75,15 +75,12 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 2 (CRITICAL: 2)
Total: 1 (CRITICAL: 1)

┌──────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├──────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├──────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ smallvec │ CVE-2021-25900 │ │ 0.6.9 │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ smallvec │ CVE-2021-25900 │ CRITICAL │ 0.6.9 │ 1.6.1, 0.6.14 │ An issue was discovered in the smallvec crate before 0.6.14 │
│ │ │ │ │ │ and 1.x... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-25900 │
└──────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
7 changes: 2 additions & 5 deletions test/data/image.test
View file
Expand Up @@ -75,15 +75,12 @@ Total: 19 (CRITICAL: 19)

rust-app/Cargo.lock (cargo)
===========================
Total: 5 (CRITICAL: 5)
Total: 4 (CRITICAL: 4)

┌───────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├───────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ openssl │ CVE-2018-20997 │ CRITICAL │ 0.8.3 │ 0.10.9 │ Use after free in openssl │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20997 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ rand_core │ CVE-2020-25576 │ │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ rand_core │ CVE-2020-25576 │ CRITICAL │ 0.4.0 │ 0.3.1, 0.4.2 │ An issue was discovered in the rand_core crate before 0.4.2 │
│ │ │ │ │ │ for Rust.... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-25576 │
├───────────┼────────────────┤ ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
Expand Down

0 comments on commit 970e377

Please sign in to comment.