Merge pull request #1205 from kolenichsj/alpine_apk

Adding support for Alpine Package Keeper
author: Michael Boelen <michael.boelen@cisofy.com> 2022-02-10 14:00:38 +0300
committer: GitHub <noreply@github.com> 2022-02-10 14:00:38 +0300
commit: cd433e928efe334bbb4b86fb5833f4d6ebd62f28 (patch)
tree: 6fd12dccf0e166282493bc5573298293e8a746b2
parent: e0b5dcf7d467f89b5c3896c67bd5743e9e3dfb95 (diff)
parent: eb46f39c447b45db8198b4cf613c4129873492e1 (diff)
4 files changed, 68 insertions, 0 deletions
diff --git a/include/binaries b/include/binaries
index fb8147ce..7aabba42 100644
--- a/include/binaries
+++ b/include/binaries
@@ -134,6 +134,7 @@
                             aide)                   AIDEBINARY=${BINARY};              LogText "  Found known binary: aide (file integrity checker) - ${BINARY}" ;;
                             apache2)                HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
                             apt)                    APTBINARY=${BINARY};               LogText "  Found known binary: apt (package manager) - ${BINARY}" ;;
+                            apk)                    APKBINARY=${BINARY};               LogText "  Found known binary: apk (package manager) - ${BINARY}" ;;
                             arch-audit)             ARCH_AUDIT_BINARY="${BINARY}";     LogText "  Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;;
                             auditd)                 AUDITDBINARY=${BINARY};            LogText "  Found known binary: auditd (audit framework) - ${BINARY}" ;;
                             awk)                    AWKBINARY=${BINARY};               LogText "  Found known binary: awk (string tool) - ${BINARY}" ;;
diff --git a/include/consts b/include/consts
index 1dc3f893..5d618429 100644
--- a/include/consts
+++ b/include/consts
@@ -43,6 +43,7 @@ ETC_PATHS="/etc /usr/local/etc"
 # == Variable initializing ==
 #
     APTBINARY=""
+    APKBINARY=""
     ARCH_AUDIT_BINARY=""
     AUDITORNAME=""
     AUDITCTLBINARY=""
diff --git a/include/functions b/include/functions
index de36ed11..5b211707 100644
--- a/include/functions
+++ b/include/functions
@@ -2098,6 +2098,9 @@
         elif [ -n "${XBPSBINARY}" ]; then
             output=$(${XBPSBINARY} ${package} 2> /dev/null | ${GREPBINARY} "^ii")
             exit_code=$?
+        elif [ -n "${APKBINARY}" ]; then
+            output=$(${APKBINARY} search ${package} 2> /dev/null | ${GREPBINARY} ${package})
+            exit_code=$?
         else
             if [ "${package}" != "__dummy__" ]; then
                 ReportException "PackageIsInstalled:01 (test=${TEST_NO:-unknown})"
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index e757bd0a..54d849e2 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -468,6 +468,34 @@
 #################################################################################
 #
     # Test        : PKGS-7346
+    # Description : Check Alpine Package Keeper (apk)
+    if [ -x ${ROOTDIR}/sbin/apk ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying apk"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        COUNT=0
+        Display --indent 4 --text "- Searching apk package manager" --result "${STATUS_FOUND}" --color GREEN
+        LogText "Result: Found apk binary"
+        Report "package_manager[]=apk"
+        PACKAGE_MGR_PKG=1
+        LogText "Test: Querying apk info -v to get package list"
+        Display --indent 6 --text "- Querying package manager"
+        LogText "Output:"
+        SPACKAGES=$(apk info -v | ${SEDBINARY} -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)/\1,\2/' | sort)
+        for J in ${SPACKAGES}; do
+            COUNT=$((COUNT + 1))
+            PACKAGE_NAME=$(echo ${J} | ${CUTBINARY} -d ',' -f1)
+            PACKAGE_VERSION=$(echo ${J} | ${CUTBINARY} -d ',' -f2)
+            LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
+            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
+        done
+        Report "installed_packages=${COUNT}"
+    else
+        LogText "Result: apk "${STATUS_NOT_FOUND}", test skipped"
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7346
     # Description : Check packages which are removed, but still own configuration files, cron jobs etc
     # Notes       : Cleanup: for pkg in $(dpkg -l | ${GREPBINARY} "^rc" | ${CUTBINARY} -d' ' -f3); do aptitude purge ${pkg}; done
     if [ -x ${ROOTDIR}usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
@@ -1236,6 +1264,41 @@
 #
 #################################################################################
 #
+    # Test        : PKGS-7395
+    # Description : Check Alpine upgradeable packages
+    if [ "${LINUX_VERSION}" = "Alpine Linux" ]  && [ -x "${ROOTDIR}sbin/apk" ]; then
+        PREQS_MET="YES"
+    else
+        PREQS_MET="NO"
+    fi
+
+    Register --test-no PKGS-7395 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Alpine updates"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ${REFRESH_REPOSITORIES} -eq 1 ]; then
+            LogText "Action: updating package repository with apk"
+            ${ROOTDIR}sbin/apk update
+            LogText "Result: apk finished"
+        else
+            LogText "Result: using a possibly outdated repository, as updating is disabled via configuration"
+        fi
+        LogText "Test: Checking packages which can be upgraded via apk version -l '<'"
+        FIND=$(${ROOTDIR}sbin/apk version -l '<' | ${GREPBINARY} '<' | ${SEDBINARY} 's/\s\+<\s/</g')
+        if [ -z "${FIND}" ]; then
+            LogText "Result: no packages found which can be upgraded"
+            Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_NONE}" --color GREEN
+            AddHP 3 3
+        else
+            LogText "Result: found one or more packages which can be upgraded"
+            Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_FOUND}" --color YELLOW
+            for ITEM in ${FIND}; do
+                ITEM=$(echo ${ITEM} | ${SEDBINARY}  -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)<([a-z,A-Z,0-9,-,.]+)/\1 from \2 to \3/')
+                LogText "${ITEM}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
     # Test        : PKGS-7398
     # Description : Check package audit tool
     Register --test-no PKGS-7398 --weight L --network YES --category security --description "Check for package audit tool"
author	Michael Boelen <michael.boelen@cisofy.com>	2022-02-10 14:00:38 +0300
committer	GitHub <noreply@github.com>	2022-02-10 14:00:38 +0300
commit	cd433e928efe334bbb4b86fb5833f4d6ebd62f28 (patch)
tree	6fd12dccf0e166282493bc5573298293e8a746b2
parent	e0b5dcf7d467f89b5c3896c67bd5743e9e3dfb95 (diff)
parent	eb46f39c447b45db8198b4cf613c4129873492e1 (diff)