From 37a1ec033aa1711ac75b2f89b038684d5de80dba Mon Sep 17 00:00:00 2001
From: Daniel Stoica <daniel.stoica@enea.com>
Date: Tue, 7 Jan 2020 13:33:53 +0200
Subject: [PATCH] Add Vuls security test for x86_64

JIRA: VAL-79
Signed-off-by: Daniel Stoica <daniel.stoica@enea.com>
Change-Id: I6aa553d50fc33327ee893382aec0eee605a94eb1
---
 docker/os/Dockerfile      | 42 ++++++++++++++++++++++++++++++++++++--
 tests/os/vuls/config      |  2 ++
 tests/os/vuls/config.toml |  8 ++++++++
 tests/os/vuls/vuls.robot  | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 102 insertions(+), 2 deletions(-)
 create mode 100644 tests/os/vuls/config
 create mode 100644 tests/os/vuls/config.toml
 create mode 100644 tests/os/vuls/vuls.robot

diff --git a/docker/os/Dockerfile b/docker/os/Dockerfile
index 58bed23..95d8cfe 100644
--- a/docker/os/Dockerfile
+++ b/docker/os/Dockerfile
@@ -28,6 +28,9 @@ RUN apt-get update && apt-get -y install \
     libffi-dev \
     make \
     libssl-dev \
+    golint \
+    sqlite3 \
+    debian-goodies \
     build-essential \
     autoconf automake autotools-dev m4 \
     linux-headers-generic \
@@ -60,8 +63,16 @@ COPY --from=build /opt/akraino/ltp.tar.gz /opt/akraino/ltp.tar.gz
 COPY --from=build /opt/akraino/lynis-remote.tar.gz /opt/akraino/lynis-remote.tar.gz
 
 
-RUN apt-get update && apt-get -y install \
-    python3-pip python3.6 && \
+RUN apt-get update && apt-get -y upgrade && apt-get -y install \
+    python3-pip python3.6 \
+    sqlite \
+    debian-goodies \
+    wget \
+    curl apt-transport-https ca-certificates software-properties-common && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
+    add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
+    apt-get update && \
+    apt-get install -y docker-ce && \
     cd /usr/bin && ln -s python3 python && \
     pip3 install -r /wheels/requirements/pip-requirements.txt \
                  -f /wheels && \
@@ -70,6 +81,33 @@ RUN apt-get update && apt-get -y install \
     rm -rf /var/cache/apt/* && \
     rm -rf /var/lib/apt/lists/*
 
+# Fetches vuls databases
+SHELL ["/bin/bash", "-c"]
+RUN wget https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz -P /root/ && \
+    cd /root/ && \
+    tar -xzf go1.12.6.linux-amd64.tar.gz -C /root/ && \
+    export GOROOT=/root/go && \
+    export GOPATH=/root/go/src && \
+    export PATH=$PATH:/root/go/bin:/root/go/src/bin && \
+    mkdir -p /root/go/src/github.com/future-architect && \
+    cd /root/go/src/github.com/future-architect && \
+    git clone https://github.com/future-architect/vuls && \
+    cd vuls && \
+    make install && \
+    mkdir -p /root/go/src/github.com/kotakanbe && \
+    git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/go-cve-dictionary.git && \
+    cd /root/go/src/github.com/kotakanbe/go-cve-dictionary/ && \
+    make install && \
+    mkdir /opt/akraino/validation/tests/os/vuls/ && \
+    for i in $(seq 2002 "$(date +"%Y")"); do go-cve-dictionary fetchnvd -http-proxy=${HTTP_PROXY} -dbpath /opt/akraino/validation/tests/os/vuls/cve.sqlite3 -years "$i"; done && \
+    git -C /root/go/src/github.com/kotakanbe clone https://github.com/kotakanbe/goval-dictionary.git && \
+    cd /root/go/src/github.com/kotakanbe/goval-dictionary && \
+    make install && \
+    goval-dictionary fetch-ubuntu -http-proxy=${HTTP_PROXY} -dbpath=/opt/akraino/validation/tests/os/vuls/oval.sqlite3 16 && \
+    cd /opt/akraino/validation/tests/os/vuls && \
+    tar cvzf db.tar.gz *.sqlite3 && \
+    rm *.sqlite3
+
 # Install bluval dependencies
 RUN pip3 install -r /opt/akraino/validation/bluval/requirements.txt
 ENV LC_ALL=C.UTF-8
diff --git a/tests/os/vuls/config b/tests/os/vuls/config
new file mode 100644
index 0000000..8025e68
--- /dev/null
+++ b/tests/os/vuls/config
@@ -0,0 +1,2 @@
+Host *
+     StrictHostKeyChecking no
diff --git a/tests/os/vuls/config.toml b/tests/os/vuls/config.toml
new file mode 100644
index 0000000..1329cd5
--- /dev/null
+++ b/tests/os/vuls/config.toml
@@ -0,0 +1,8 @@
+[servers]
+
+[servers.akraino]
+host = "HOST"
+port = "22"
+user = "USERNAME"
+keyPath = "/root/.ssh/id_rsa"
+containerType = "docker"
diff --git a/tests/os/vuls/vuls.robot b/tests/os/vuls/vuls.robot
new file mode 100644
index 0000000..6ddc283
--- /dev/null
+++ b/tests/os/vuls/vuls.robot
@@ -0,0 +1,52 @@
+##############################################################################
+# Copyright (c) 2019 AT&T Intellectual Property.                             #
+# Copyright (c) 2019 Nokia.                                                  #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License");            #
+# you maynot use this file except in compliance with the License.            #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+*** Settings ***
+Library           SSHLibrary
+Library           OperatingSystem
+Library           BuiltIn
+Library           Process
+
+*** Variables ***
+${LOG_PATH}       /opt/akraino/validation/tests/os/vuls
+
+*** Test Cases ***
+Run Vuls test
+    Set Environment Variable  GOROOT  /root/go
+    Set Environment Variable  GOPATH  /root/go/src
+    Set Environment Variable  PATH  /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/go/bin:/root/go/src/bin
+    Set Environment Variable  LC_ALL  en_US.UTF-8
+    Set Environment Variable  LANG  en_US.UTF-8
+
+    ${rc} =  Run And Return Rc  install -D /opt/akraino/validation/tests/os/vuls/config /root/.ssh/
+    Should Be Equal As Integers  ${rc}  0
+
+    ${rc} =  Run And Return Rc  sed -i 's/HOST/${HOST}/g' config.toml
+    Should Be Equal As Integers  ${rc}  0
+
+    ${rc} =  Run And Return Rc  sed -i 's/USERNAME/${USERNAME}/g' config.toml
+    Should Be Equal As Integers  ${rc}  0
+
+    ${rc} =  Run And Return Rc  tar xvzf db.tar.gz -C /opt/akraino/validation/tests/os/vuls/
+    Should Be Equal As Integers  ${rc}  0
+ 
+    ${rc} =  Run And Return Rc  vuls scan -config config.toml -ssh-config
+    Should Be Equal As Integers  ${rc}  0
+
+    ${rc}  ${output} =  Run And Return Rc And Output  vuls report
+    Should Be Equal As Integers  ${rc}  0
+    Append To File  ${LOG_PATH}/vuls.log  ${output}${\n}
-- 
2.16.6