forked from tenable/terrascan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds: e2e test for docker IaC provider (tenable#968)
* Adds: e2e test for docker IaC provider * fix: added helper method to compare sarif output
- Loading branch information
Showing
29 changed files
with
766 additions
and
693 deletions.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
...r_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_human.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
|
||
|
||
Violation Details - | ||
|
||
Description : Ensure platform flag with FROM command is not used for Docker file | ||
File : Dockerfile | ||
Line : 1 | ||
Severity : MEDIUM | ||
|
||
----------------------------------------------------------------------- | ||
|
||
|
||
Scan Summary - | ||
|
||
File/Folder : /Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation | ||
IaC Type : docker | ||
Scanned At : 2021-08-06 14:15:03.202473 +0000 UTC | ||
Policies Validated : 9 | ||
Violated Policies : 1 | ||
Low : 0 | ||
Medium : 1 | ||
High : 0 | ||
|
||
|
29 changes: 29 additions & 0 deletions
29
...ockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_human_verbose.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
|
||
|
||
Violation Details - | ||
|
||
Description : Ensure platform flag with FROM command is not used for Docker file | ||
File : Dockerfile | ||
Line : 1 | ||
Severity : MEDIUM | ||
Rule Name : docFilePlatformFlag | ||
Rule ID : AC_DOCKER_0001 | ||
Resource Name : Dockerfile | ||
Resource Type : docker_from | ||
Category : Infrastructure Security | ||
|
||
----------------------------------------------------------------------- | ||
|
||
|
||
Scan Summary - | ||
|
||
File/Folder : /Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker | ||
IaC Type : docker | ||
Scanned At : 2021-08-06 12:56:35.047008 +0000 UTC | ||
Policies Validated : 9 | ||
Violated Policies : 1 | ||
Low : 0 | ||
Medium : 1 | ||
High : 0 | ||
|
||
|
28 changes: 28 additions & 0 deletions
28
...er_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_json.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"results": { | ||
"violations": [ | ||
{ | ||
"rule_name": "docFilePlatformFlag", | ||
"description": "Ensure platform flag with FROM command is not used for Docker file", | ||
"rule_id": "AC_DOCKER_0001", | ||
"severity": "MEDIUM", | ||
"category": "Infrastructure Security", | ||
"resource_name": "Dockerfile", | ||
"resource_type": "docker_from", | ||
"file": "Dockerfile", | ||
"line": 1 | ||
} | ||
], | ||
"skipped_violations": null, | ||
"scan_summary": { | ||
"file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation", | ||
"iac_type": "docker", | ||
"scanned_at": "2021-08-06 14:02:26.891841 +0000 UTC", | ||
"policies_validated": 9, | ||
"violated_policies": 1, | ||
"low": 0, | ||
"medium": 1, | ||
"high": 0 | ||
} | ||
} | ||
} |
10 changes: 10 additions & 0 deletions
10
...an/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_junit_xml.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<testsuites tests="9" name="TERRASCAN_POLICY_SUITES" failures="1" time="0"> | ||
<testsuite tests="9" failures="1" time="0" name="TERRASCAN_POLICY_SUITE" package="/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation"> | ||
<properties> | ||
<property name="Terrascan Version" value="v1.8.1"></property> | ||
</properties> | ||
<testcase classname="Dockerfile" name="[ERROR] resource: "Dockerfile" at line: 1, violates: RULE - AC_DOCKER_0001" severity="MEDIUM" category="Infrastructure Security"> | ||
<failure message="Description: Ensure platform flag with FROM command is not used for Docker file, File: Dockerfile, Line: 1, Severity: MEDIUM, Rule Name: docFilePlatformFlag, Rule ID: AC_DOCKER_0001, Resource Name: Dockerfile, Resource Type: docker_from, Category: Infrastructure Security" type=""></failure> | ||
</testcase> | ||
</testsuite> | ||
</testsuites> |
55 changes: 55 additions & 0 deletions
55
...r_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
{ | ||
"version": "2.1.0", | ||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | ||
"runs": [ | ||
{ | ||
"tool": { | ||
"driver": { | ||
"name": "terrascan", | ||
"version": "1.9.0", | ||
"informationUri": "https://github.com/accurics/terrascan", | ||
"rules": [ | ||
{ | ||
"id": "AC_DOCKER_0001", | ||
"name": "docFilePlatformFlag", | ||
"shortDescription": { | ||
"text": "Ensure platform flag with FROM command is not used for Docker file" | ||
}, | ||
"properties": { | ||
"category": "Infrastructure Security", | ||
"severity": "MEDIUM" | ||
} | ||
} | ||
] | ||
} | ||
}, | ||
"results": [ | ||
{ | ||
"ruleId": "AC_DOCKER_0001", | ||
"level": "warning", | ||
"message": { | ||
"text": "Ensure platform flag with FROM command is not used for Docker file" | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation/Dockerfile" | ||
}, | ||
"region": { | ||
"startLine": 1 | ||
} | ||
}, | ||
"logicalLocations": [ | ||
{ | ||
"name": "Dockerfile", | ||
"kind": "docker_from" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} |
9 changes: 9 additions & 0 deletions
9
...ker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_xml.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<results> | ||
<scan_errors></scan_errors> | ||
<passed_rules></passed_rules> | ||
<violations> | ||
<violation rule_name="docFilePlatformFlag" description="Ensure platform flag with FROM command is not used for Docker file" rule_id="AC_DOCKER_0001" severity="MEDIUM" category="Infrastructure Security" resource_name="Dockerfile" resource_type="docker_from" file="Dockerfile" line="1"></violation> | ||
</violations> | ||
<skipped_violations></skipped_violations> | ||
<scan_summary file_folder="/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation" iac_type="docker" scanned_at="2021-08-06 14:02:50.027126 +0000 UTC" policies_validated="9" violated_policies="1" low="0" medium="1" high="0"></scan_summary> | ||
</results> |
22 changes: 22 additions & 0 deletions
22
...er_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_yaml.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
results: | ||
violations: | ||
- rule_name: docFilePlatformFlag | ||
description: Ensure platform flag with FROM command is not used for Docker file | ||
rule_id: AC_DOCKER_0001 | ||
severity: MEDIUM | ||
category: Infrastructure Security | ||
resource_name: Dockerfile | ||
resource_type: docker_from | ||
file: Dockerfile | ||
line: 1 | ||
skipped_violations: [] | ||
scan_summary: | ||
file/folder: /Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/docker/dockerfile_with_platform_flag_violation | ||
iac_type: docker | ||
scanned_at: 2021-08-06 14:03:08.139109 +0000 UTC | ||
policies_validated: 9 | ||
violated_policies: 1 | ||
low: 0 | ||
medium: 1 | ||
high: 0 | ||
|
55 changes: 55 additions & 0 deletions
55
.../e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
{ | ||
"version": "2.1.0", | ||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | ||
"runs": [ | ||
{ | ||
"tool": { | ||
"driver": { | ||
"name": "terrascan", | ||
"version": "1.9.0", | ||
"informationUri": "https://github.com/accurics/terrascan", | ||
"rules": [ | ||
{ | ||
"id": "AC_K8S_0001", | ||
"name": "noHttps", | ||
"shortDescription": { | ||
"text": "TLS disabled can affect the confidentiality of the data in transit" | ||
}, | ||
"properties": { | ||
"category": "Network Security", | ||
"severity": "HIGH" | ||
} | ||
} | ||
] | ||
} | ||
}, | ||
"results": [ | ||
{ | ||
"ruleId": "AC_K8S_0001", | ||
"level": "error", | ||
"message": { | ||
"text": "TLS disabled can affect the confidentiality of the data in transit" | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "file:///Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml" | ||
}, | ||
"region": { | ||
"startLine": 1 | ||
} | ||
}, | ||
"logicalLocations": [ | ||
{ | ||
"name": "ingress-demo-disallowed", | ||
"kind": "kubernetes_ingress" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} |
28 changes: 28 additions & 0 deletions
28
...scan/golden/resource_prioritising/max_severity_set/docker/dockerfile_max_severity_low.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"results": { | ||
"violations": [ | ||
{ | ||
"rule_name": "docFilePlatformFlag", | ||
"description": "Ensure platform flag with FROM command is not used for Docker file", | ||
"rule_id": "AC_DOCKER_0001", | ||
"severity": "LOW", | ||
"category": "Infrastructure Security", | ||
"resource_name": "Dockerfile", | ||
"resource_type": "docker_from", | ||
"file": "Dockerfile", | ||
"line": 1 | ||
} | ||
], | ||
"skipped_violations": null, | ||
"scan_summary": { | ||
"file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set/docker", | ||
"iac_type": "docker", | ||
"scanned_at": "2021-08-06 10:17:42.375856 +0000 UTC", | ||
"policies_validated": 9, | ||
"violated_policies": 1, | ||
"low": 1, | ||
"medium": 0, | ||
"high": 0 | ||
} | ||
} | ||
} |
28 changes: 28 additions & 0 deletions
28
...olden/resource_prioritising/max_severity_set_none/docker/dockerfile_max_severity_none.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"results": { | ||
"violations": null, | ||
"skipped_violations": [ | ||
{ | ||
"rule_name": "docFilePlatformFlag", | ||
"description": "Ensure platform flag with FROM command is not used for Docker file", | ||
"rule_id": "AC_DOCKER_0001", | ||
"severity": "MEDIUM", | ||
"category": "Infrastructure Security", | ||
"resource_name": "Dockerfile", | ||
"resource_type": "docker_from", | ||
"file": "Dockerfile", | ||
"line": 1 | ||
} | ||
], | ||
"scan_summary": { | ||
"file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/max_severity_set_none/docker", | ||
"iac_type": "docker", | ||
"scanned_at": "2021-08-06 10:20:27.27704 +0000 UTC", | ||
"policies_validated": 9, | ||
"violated_policies": 0, | ||
"low": 0, | ||
"medium": 0, | ||
"high": 0 | ||
} | ||
} | ||
} |
28 changes: 28 additions & 0 deletions
28
...can/golden/resource_prioritising/min_severity_set/docker/dockerfile_min_severity_high.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"results": { | ||
"violations": [ | ||
{ | ||
"rule_name": "docFilePlatformFlag", | ||
"description": "Ensure platform flag with FROM command is not used for Docker file", | ||
"rule_id": "AC_DOCKER_0001", | ||
"severity": "HIGH", | ||
"category": "Infrastructure Security", | ||
"resource_name": "Dockerfile", | ||
"resource_type": "docker_from", | ||
"file": "Dockerfile", | ||
"line": 1 | ||
} | ||
], | ||
"skipped_violations": null, | ||
"scan_summary": { | ||
"file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_prioritising/min_severity_set/docker", | ||
"iac_type": "docker", | ||
"scanned_at": "2021-08-06 10:30:28.495621 +0000 UTC", | ||
"policies_validated": 9, | ||
"violated_policies": 1, | ||
"low": 0, | ||
"medium": 0, | ||
"high": 1 | ||
} | ||
} | ||
} |
28 changes: 28 additions & 0 deletions
28
test/e2e/scan/golden/resource_skipping/dockerfile_resource_skipping.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
{ | ||
"results": { | ||
"violations": null, | ||
"skipped_violations": [ | ||
{ | ||
"rule_name": "docFilePlatformFlag", | ||
"description": "Ensure platform flag with FROM command is not used for Docker file", | ||
"rule_id": "AC_DOCKER_0001", | ||
"severity": "MEDIUM", | ||
"category": "Infrastructure Security", | ||
"resource_name": "Dockerfile", | ||
"resource_type": "docker_from", | ||
"file": "Dockerfile", | ||
"line": 1 | ||
} | ||
], | ||
"scan_summary": { | ||
"file/folder": "/Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/resource_skipping/docker", | ||
"iac_type": "docker", | ||
"scanned_at": "2021-08-06 10:32:56.961838 +0000 UTC", | ||
"policies_validated": 9, | ||
"violated_policies": 0, | ||
"low": 0, | ||
"medium": 0, | ||
"high": 0 | ||
} | ||
} | ||
} |
Oops, something went wrong.