github.com/crowdsecurity/crowdsec@v1.6.1/test/bats/20_hub_items.bats (about) 1 #!/usr/bin/env bats 2 # vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si: 3 4 set -u 5 6 setup_file() { 7 load "../lib/setup_file.sh" 8 ./instance-data load 9 HUB_DIR=$(config_get '.config_paths.hub_dir') 10 export HUB_DIR 11 INDEX_PATH=$(config_get '.config_paths.index_path') 12 export INDEX_PATH 13 CONFIG_DIR=$(config_get '.config_paths.config_dir') 14 export CONFIG_DIR 15 } 16 17 teardown_file() { 18 load "../lib/teardown_file.sh" 19 } 20 21 setup() { 22 load "../lib/setup.sh" 23 load "../lib/bats-file/load.bash" 24 ./instance-data load 25 hub_strip_index 26 } 27 28 teardown() { 29 ./instance-crowdsec stop 30 } 31 32 #---------- 33 # 34 # Tests that don't need to be repeated for each hub type 35 # 36 37 @test "hub versions are correctly sorted during sync" { 38 # hash of an empty file 39 sha256_empty="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" 40 41 # add two versions with the same hash, that don't sort the same way 42 # in a lexical vs semver sort. CrowdSec should report the latest version 43 44 new_hub=$( \ 45 jq --arg DIGEST "$sha256_empty" <"$INDEX_PATH" \ 46 '. * {collections:{"crowdsecurity/sshd":{"versions":{"1.2":{"digest":$DIGEST, "deprecated": false}, "1.10": {"digest":$DIGEST, "deprecated": false}}}}}' \ 47 ) 48 echo "$new_hub" >"$INDEX_PATH" 49 50 rune -0 cscli collections install crowdsecurity/sshd 51 52 truncate -s 0 "$CONFIG_DIR/collections/sshd.yaml" 53 54 rune -0 cscli collections inspect crowdsecurity/sshd -o json 55 # XXX: is this supposed to be tainted or up to date? 56 rune -0 jq -c '[.local_version,.up_to_date,.tainted]' <(output) 57 assert_json '["1.10",false,false]' 58 } 59 60 @test "do not unmarshal state attributes" { 61 new_hub=$( \ 62 jq <"$INDEX_PATH" \ 63 '. * {parsers:{"crowdsecurity/syslog-logs":{"tainted":true, "installed":true, "local":true}}}' 64 ) 65 echo "$new_hub" >"$INDEX_PATH" 66 67 rune -0 cscli parsers inspect crowdsecurity/syslog-logs --no-metrics 68 assert_output --partial 'tainted: false' 69 assert_output --partial 'installed: false' 70 assert_output --partial 'local: false' 71 } 72 73 @test "hub index with invalid (non semver) version numbers" { 74 rune -0 cscli collections remove crowdsecurity/sshd --purge 75 76 new_hub=$( \ 77 jq <"$INDEX_PATH" \ 78 '. * {collections:{"crowdsecurity/sshd":{"versions":{"1.2.3.4":{"digest":"foo", "deprecated": false}}}}}' \ 79 ) 80 echo "$new_hub" >"$INDEX_PATH" 81 82 rune -0 cscli collections install crowdsecurity/sshd 83 rune -1 cscli collections inspect crowdsecurity/sshd --no-metrics -o json 84 # XXX: we are on the verbose side here... 85 rune -0 jq -r ".msg" <(stderr) 86 assert_output --regexp "failed to read Hub index: failed to sync items: failed to scan .*: while syncing collections sshd.yaml: 1.2.3.4: Invalid Semantic Version. Run 'sudo cscli hub update' to download the index again" 87 } 88 89 @test "removing or purging an item already removed by hand" { 90 rune -0 cscli parsers install crowdsecurity/syslog-logs 91 rune -0 cscli parsers inspect crowdsecurity/syslog-logs -o json 92 rune -0 jq -r '.local_path' <(output) 93 rune -0 rm "$(output)" 94 95 rune -0 cscli parsers remove crowdsecurity/syslog-logs --debug 96 assert_stderr --partial "removing crowdsecurity/syslog-logs: not installed -- no need to remove" 97 98 rune -0 cscli parsers inspect crowdsecurity/syslog-logs -o json 99 rune -0 jq -r '.path' <(output) 100 rune -0 rm "$HUB_DIR/$(output)" 101 102 rune -0 cscli parsers remove crowdsecurity/syslog-logs --purge --debug 103 assert_stderr --partial "removing crowdsecurity/syslog-logs: not downloaded -- no need to remove" 104 105 rune -0 cscli parsers remove crowdsecurity/linux --all --error --purge --force 106 rune -0 cscli collections remove crowdsecurity/linux --all --error --purge --force 107 refute_output 108 refute_stderr 109 } 110 111 @test "a local item is not tainted" { 112 # not from cscli... inspect 113 rune -0 mkdir -p "$CONFIG_DIR/collections" 114 rune -0 touch "$CONFIG_DIR/collections/foobar.yaml" 115 rune -0 cscli collections inspect foobar.yaml -o json 116 rune -0 jq -e '[.tainted,.local==false,true]' <(output) 117 118 rune -0 cscli collections install crowdsecurity/sshd 119 rune -0 truncate -s0 "$CONFIG_DIR/collections/sshd.yaml" 120 rune -0 cscli collections inspect crowdsecurity/sshd -o json 121 rune -0 jq -e '[.tainted,.local==true,false]' <(output) 122 123 # and not from hub update 124 rune -0 cscli hub update 125 assert_stderr --partial "collection crowdsecurity/sshd is tainted" 126 refute_stderr --partial "collection foobar.yaml is tainted" 127 } 128 129 @test "a local item's name defaults to its filename" { 130 rune -0 mkdir -p "$CONFIG_DIR/collections" 131 rune -0 touch "$CONFIG_DIR/collections/foobar.yaml" 132 rune -0 cscli collections list -o json 133 rune -0 jq -r '.[][].name' <(output) 134 assert_output "foobar.yaml" 135 rune -0 cscli collections list foobar.yaml 136 rune -0 cscli collections inspect foobar.yaml -o json 137 rune -0 jq -e '[.installed,.local==true,true]' <(output) 138 } 139 140 @test "a local item can provide its own name" { 141 rune -0 mkdir -p "$CONFIG_DIR/collections" 142 echo "name: hi-its-me" > "$CONFIG_DIR/collections/foobar.yaml" 143 rune -0 cscli collections list -o json 144 rune -0 jq -r '.[][].name' <(output) 145 assert_output "hi-its-me" 146 rune -0 cscli collections list hi-its-me 147 rune -0 cscli collections inspect hi-its-me -o json 148 rune -0 jq -e '[.installed,.local]==[true,true]' <(output) 149 } 150 151 @test "a local item cannot be downloaded by cscli" { 152 rune -0 mkdir -p "$CONFIG_DIR/collections" 153 rune -0 touch "$CONFIG_DIR/collections/foobar.yaml" 154 rune -1 cscli collections install foobar.yaml 155 assert_stderr --partial "foobar.yaml is local, can't download" 156 rune -1 cscli collections install foobar.yaml --force 157 assert_stderr --partial "foobar.yaml is local, can't download" 158 } 159 160 @test "a local item cannot be removed by cscli" { 161 rune -0 mkdir -p "$CONFIG_DIR/collections" 162 rune -0 touch "$CONFIG_DIR/collections/foobar.yaml" 163 rune -0 cscli collections remove foobar.yaml 164 assert_stderr --partial "foobar.yaml is a local item, please delete manually" 165 rune -0 cscli collections remove foobar.yaml --purge 166 assert_stderr --partial "foobar.yaml is a local item, please delete manually" 167 rune -0 cscli collections remove foobar.yaml --force 168 assert_stderr --partial "foobar.yaml is a local item, please delete manually" 169 rune -0 cscli collections remove --all 170 assert_stderr --partial "foobar.yaml is a local item, please delete manually" 171 rune -0 cscli collections remove --all --purge 172 assert_stderr --partial "foobar.yaml is a local item, please delete manually" 173 } 174 175 @test "a dangling link is reported with a warning" { 176 rune -0 mkdir -p "$CONFIG_DIR/collections" 177 rune -0 ln -s /this/does/not/exist.yaml "$CONFIG_DIR/collections/foobar.yaml" 178 rune -0 cscli hub list 179 assert_stderr --partial "link target does not exist: $CONFIG_DIR/collections/foobar.yaml -> /this/does/not/exist.yaml" 180 rune -0 cscli hub list -o json 181 rune -0 jq '.collections' <(output) 182 assert_json '[]' 183 } 184 185 @test "tainted hub file, not enabled, install --force should repair" { 186 rune -0 cscli scenarios install crowdsecurity/ssh-bf 187 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 188 local_path="$(jq -r '.local_path' <(output))" 189 echo >> "$local_path" 190 rm "$local_path" 191 rune -0 cscli scenarios install crowdsecurity/ssh-bf --force 192 rune -0 cscli scenarios inspect crowdsecurity/ssh-bf -o json 193 rune -0 jq -c '.tainted' <(output) 194 assert_output 'false' 195 }