Permalink
Browse files

Improve docker-bench-security json output

Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
  • Loading branch information...
mstemm committed Jul 12, 2018
1 parent bbf43c8 commit ec7d8ce690bbd38b709b679d85857351c328db09
@@ -141,10 +141,8 @@ main () {
printf "\n"
info "Checks: $totalChecks"
info "Score: $currentScore"
integerjson "checks" "$totalChecks"
integerjson "score" "$currentScore"
endjson "$(date +%s)"
endjson "$totalChecks" "$currentScore" "$(date +%s)"
}
main "$@"
@@ -15,6 +15,7 @@ host_configuration() {
check_1_11
check_1_12
check_1_13
check_1_end
}
docker_daemon_configuration() {
@@ -37,6 +38,7 @@ docker_daemon_configuration() {
check_2_16
check_2_17
check_2_18
check_2_end
}
docker_daemon_files() {
@@ -61,6 +63,7 @@ docker_daemon_files() {
check_3_18
check_3_19
check_3_20
check_3_end
}
container_images() {
@@ -76,6 +79,7 @@ container_images() {
check_4_9
check_4_10
check_4_11
check_4_end
}
container_runtime() {
@@ -112,12 +116,14 @@ container_runtime() {
check_5_29
check_5_30
check_5_31
check_5_end
}
docker_security_operations() {
check_6
check_6_1
check_6_2
check_6_end
}
docker_swarm_configuration() {
@@ -131,11 +137,13 @@ docker_swarm_configuration() {
check_7_8
check_7_9
check_7_10
check_7_end
}
community_checks() {
check_c
check_c_1
check_c_end
}
# CIS
@@ -30,17 +30,43 @@ yell () {
}
beginjson () {
printf "{\n \"dockerbenchsecurity\": \"%s\",\n \"start\": %s," "$1" "$2" | tee "$logger.json" 2>/dev/null 1>&2
printf "{\n \"dockerbenchsecurity\": \"%s\",\n \"start\": %s,\n \"tests\": [" "$1" "$2" | tee "$logger.json" 2>/dev/null 1>&2
}
endjson (){
printf "\n \"end\": %s \n}\n" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2
printf "\n ], \"checks\": %s, \"score\": %s, \"end\": %s \n}\n" "$1" "$2" "$3" | tee -a "$logger.json" 2>/dev/null 1>&2
}
logjson (){
printf "\n \"%s\": \"%s\"," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
}
integerjson (){
printf "\n \"%s\": %s," "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
SSEP=
SEP=
startsectionjson() {
printf "%s\n {\"id\": \"%s\", \"desc\": \"%s\", \"results\": [" "$SSEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
SEP=
SSEP=","
}
endsectionjson() {
printf "\n ]}" | tee -a "$logger.json" 2>/dev/null 1>&2
}
starttestjson() {
printf "%s\n {\"id\": \"%s\", \"desc\": \"%s\", " "$SEP" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
SEP=","
}
resulttestjson() {
if [ $# -eq 1 ]; then
printf "\"result\": \"%s\"}" "$1" | tee -a "$logger.json" 2>/dev/null 1>&2
elif [ $# -eq 2 ]; then
# Result also contains details
printf "\"result\": \"%s\", \"details\": \"%s\"}" "$1" "$2" | tee -a "$logger.json" 2>/dev/null 1>&2
else
# Result also includes details and a list of items. Add that directly to details and to an array property "items"
itemsJson=$(printf "["; ISEP=""; for item in $3; do printf "%s\"%s\"" "$ISEP" "$item"; ISEP=","; done; printf "]")
printf "\"result\": \"%s\", \"details\": \"%s: %s\", \"items\": %s}" "$1" "$2" "$3" "$itemsJson" | tee -a "$logger.json" 2>/dev/null 1>&2
fi
}
Oops, something went wrong.

0 comments on commit ec7d8ce

Please sign in to comment.