diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2016-10-15 17:12:49 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-10-15 17:12:49 +0300 |
| commit | d88f755f40f6fd39afc78ec947695a10ccafc111 (patch) | |
| tree | 9b07e4531cc1525a8033d4e0f47b4eb8fc5284a9 /include | |
| parent | b9561b515b7a32dba1ea159bfacdc5063fe09e51 (diff) | |
[PKGS-7381] check pkg audit and report when the vulnerability database is missing
Diffstat (limited to 'include')
| -rw-r--r-- | include/tests_ports_packages | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages index a20b9106..a6927046 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -650,19 +650,20 @@ # # Test : PKGS-7381 # Description : Check for vulnerable FreeBSD packages (with pkg) - # TODO : Update the repository first - if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available, or missing vulnerability database"; fi + # Notes : Related vulnerability file is /var/db/pkg/vuln.xml + # TODO : Run this in any jail + if [ -x /usr/sbin/pkg -a ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg" if [ ${SKIPTEST} -eq 0 ]; then COUNT=0 PACKAGE_AUDIT_TOOL_FOUND=1 PACKAGE_AUDIT_TOOL="pkg audit" - FIND=$(/usr/sbin/pkg audit -q 2> /dev/null) + FIND=$(/usr/sbin/pkg audit >& /dev/null) if [ $? -eq 0 ]; then LogText "Result: pkg audit results are clean" Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN AddHP 10 10 - else + elif [ $? -eq 1 ]; then if [ ! -z "${FIND}" ]; then VULNERABLE_PACKAGES_FOUND=1 Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW @@ -676,6 +677,10 @@ else LogText "Result: found an exit code greater than zero, yet no output" fi + elif [ $? -eq 65 ]; then + ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f" + else + ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}" fi fi # |