From 10f8fdddb0d58e4cf15177bc4bb29775244c4cfe Mon Sep 17 00:00:00 2001 From: DANIEL STOICA Date: Tue, 24 Mar 2020 14:46:22 +0200 Subject: [PATCH] Enable vuls and lynis tests in CI - added the os layer in validation/bluval/bluval-iec.yaml - made change in vuls robot script to sincronize the path complements https://gerrit.akraino.org/r/c/ci-management/+/3307 Signed-off-by: DANIEL STOICA Depends-On: I9e5349a0e3e3a1e7331a5f5b4b4a8d5a1b01aa51 Change-Id: Ibb16f76405f5b43797e0d859db0681759adf5e18 --- bluval/bluval-iec.yaml | 11 +++++++++++ tests/os/vuls/vuls.robot | 22 ++++++++-------------- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/bluval/bluval-iec.yaml b/bluval/bluval-iec.yaml index 1da0158..86fbef2 100644 --- a/bluval/bluval-iec.yaml +++ b/bluval/bluval-iec.yaml @@ -19,6 +19,7 @@ blueprint: name: demo layers: - k8s + - os k8s: &k8s - @@ -29,3 +30,13 @@ blueprint: name: kube-hunter what: kube-hunter optional: "True" + + os: &os + - + name: lynis + what: lynis + optional: "False" + - + name: vuls + what: vuls + optional: "False" diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot index c630c5a..3b3a901 100644 --- a/tests/os/vuls/vuls.robot +++ b/tests/os/vuls/vuls.robot @@ -22,9 +22,6 @@ Library BuiltIn Suite Setup Open Connection And Log In Suite Teardown Close All Connections -*** Variables *** -${LOG_PATH} /opt/akraino/validation/tests/os/vuls - *** Test Cases *** Run Vuls test Set Environment Variable GOROOT /root/go @@ -33,38 +30,35 @@ Run Vuls test Set Environment Variable LC_ALL en_US.UTF-8 Set Environment Variable LANG en_US.UTF-8 - ${rc} = Run And Return Rc install -D /opt/akraino/validation/tests/os/vuls/config /root/.ssh/ - Should Be Equal As Integers ${rc} 0 - - ${rc} = Run And Return Rc sed -i 's/HOST/${HOST}/g' config.toml + ${rc} = Run And Return Rc install -D ${CURDIR}/config /root/.ssh/ Should Be Equal As Integers ${rc} 0 - ${rc} = Run And Return Rc sed -i 's/USERNAME/${USERNAME}/g' config.toml + ${rc} = Run And Return Rc sed -i -e 's/HOST/${HOST}/g' -e 's/USERNAME/${USERNAME}/g' ${CURDIR}/config.toml Should Be Equal As Integers ${rc} 0 - ${rc} = Run And Return Rc tar xvzf db.tar.gz -C /opt/akraino/validation/tests/os/vuls/ + ${rc} = Run And Return Rc tar xvzf ${CURDIR}/db.tar.gz -C ${CURDIR} Should Be Equal As Integers ${rc} 0 ${os} = SSHLibrary.Execute Command source /etc/os-release && echo $ID - ${rc} = Run And Return Rc vuls scan -config config.toml -ssh-config + ${rc} = Run And Return Rc vuls scan -config ${CURDIR}/config.toml -ssh-config Should Be Equal As Integers ${rc} 0 - Run Keyword IF '${os}' == 'ubuntu' Run vuls for ubuntu ELSE IF '${os}' == 'centos' Run vuls for centos ELSE FAIL Distro '${os}' not supported + Run Keyword IF '${os}' == 'ubuntu' Run vuls for ubuntu ELSE IF '${os}' == 'centos' Run vuls for centos ELSE FAIL Distro '${os}' not supported *** Keywords *** Run vuls for ubuntu ${os_version} = SSHLibrary.Execute Command source /etc/os-release && echo $VERSION_ID | cut -d '.' -f1 - ${rc} ${output} = Run And Return Rc And Output vuls report -cvedb-sqlite3-path=${LOG_PATH}/cve.sqlite3 -ovaldb-sqlite3-path=${LOG_PATH}/oval_ubuntu_${os_version}.sqlite3 + ${rc} ${output} = Run And Return Rc And Output vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_ubuntu_${os_version}.sqlite3 Should Be Equal As Integers ${rc} 0 Append To File ${LOG_PATH}/vuls.log ${output}${\n} Run vuls for centos - ${rc} ${output} = Run And Return Rc And Output vuls report -cvedb-sqlite3-path=${LOG_PATH}/cve.sqlite3 -ovaldb-sqlite3-path=${LOG_PATH}/oval_centos.sqlite3 -gostdb-sqlite3-path=${LOG_PATH}/gost_centos.sqlite3 + ${rc} ${output} = Run And Return Rc And Output vuls report -config ${CURDIR}/config.toml -cvedb-sqlite3-path=${CURDIR}/cve.sqlite3 -ovaldb-sqlite3-path=${CURDIR}/oval_centos.sqlite3 -gostdb-sqlite3-path=${CURDIR}/gost_centos.sqlite3 Should Be Equal As Integers ${rc} 0 Append To File ${LOG_PATH}/vuls.log ${output}${\n} Open Connection And Log In Open Connection ${HOST} - Login With Public Key ${USERNAME} ${SSH_KEYFILE} + Login With Public Key ${USERNAME} ${SSH_KEYFILE} \ No newline at end of file -- 2.16.6