zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/test/blackbox/cve.bats

zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/test/blackbox/cve.bats (about)

     1  # Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci"
     2  #       Makefile target installs & checks all necessary tooling
     3  #       Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
     4  
     5  load helpers_zot
     6  
     7  function verify_prerequisites {
     8      if [ ! $(command -v curl) ]; then
     9          echo "you need to install curl as a prerequisite to running the tests" >&3
    10          return 1
    11      fi
    12  
    13      if [ ! $(command -v jq) ]; then
    14          echo "you need to install jq as a prerequisite to running the tests" >&3
    15          return 1
    16      fi
    17  
    18      return 0
    19  }
    20  
    21  function setup_file() {
    22      export REGISTRY_NAME=main
    23      # Verify prerequisites are available
    24      if ! $(verify_prerequisites); then
    25          exit 1
    26      fi
    27  
    28      # Download test data to folder common for the entire suite, not just this file
    29      skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/golang:1.20 oci:${TEST_DATA_DIR}/golang:1.20
    30      # Setup zot server
    31      local zot_root_dir=${BATS_FILE_TMPDIR}/zot
    32      local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
    33      mkdir -p ${zot_root_dir}
    34      zot_port=$(get_free_port)
    35      echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
    36      cat >${zot_config_file} <<EOF
    37  {
    38      "distSpecVersion": "1.1.0-dev",
    39      "storage": {
    40          "rootDirectory": "${zot_root_dir}"
    41      },
    42      "http": {
    43          "address": "0.0.0.0",
    44          "port": "${zot_port}"
    45      },
    46      "log": {
    47          "level": "debug",
    48          "output": "${BATS_FILE_TMPDIR}/zot.log"
    49      },
    50      "extensions": {
    51          "search": {
    52              "enable": true,
    53              "cve": {
    54                  "updateInterval": "24h"
    55              }
    56          }
    57      }
    58  }
    59  EOF
    60      zot_serve ${ZOT_PATH} ${zot_config_file}
    61      wait_zot_reachable ${zot_port}
    62  
    63      # setup zli to add zot registry to configs
    64      local registry_url="http://127.0.0.1:${zot_port}/"
    65      zli_add_config ${REGISTRY_NAME} ${registry_url}
    66  }
    67  
    68  function teardown() {
    69      # conditionally printing on failure is possible from teardown but not from from teardown_file
    70      cat ${BATS_FILE_TMPDIR}/zot.log
    71  }
    72  
    73  function teardown_file() {
    74      zot_stop_all
    75  }
    76  
    77  @test "cve by image name and tag" {
    78      zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
    79      run skopeo --insecure-policy copy --dest-tls-verify=false \
    80          oci:${TEST_DATA_DIR}/golang:1.20 \
    81          docker://127.0.0.1:${zot_port}/golang:1.20
    82      [ "$status" -eq 0 ]
    83      run curl http://127.0.0.1:${zot_port}/v2/_catalog
    84      [ "$status" -eq 0 ]
    85      [ $(echo "${lines[-1]}" | jq '.repositories[]') = '"golang"' ]
    86      run curl http://127.0.0.1:${zot_port}/v2/golang/tags/list
    87      [ "$status" -eq 0 ]
    88      [ $(echo "${lines[-1]}" | jq '.tags[]') = '"1.20"' ]
    89      run ${ZLI_PATH} cve list golang:1.20 --config ${REGISTRY_NAME}
    90      [ "$status" -eq 0 ]
    91  
    92      echo ${lines[@]}
    93  
    94      found=0
    95      for i in "${lines[@]}"
    96      do
    97  
    98          if [[ "$i" = *"CVE-2011-4915     LOW       fs/proc/base.c in the Linux kernel through 3..."* ]]; then
    99              found=1
   100          fi
   101      done
   102      [ "$found" -eq 1 ]
   103  }