From 22d27434c9729c9cfe0d9c952ceb5a6e6775499a Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 15 Oct 2016 16:38:33 +0200 Subject: Enhance pkg support on FreeBSD --- include/binaries | 4 ++++ include/tests_ports_packages | 48 +++++++++++++++++++++++--------------------- 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/include/binaries b/include/binaries index 0f8a13dc..4323d73a 100644 --- a/include/binaries +++ b/include/binaries @@ -184,6 +184,10 @@ pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; LogText " Found known binary: pacman (package manager) - ${BINARY}" ;; perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; LogText "Found ${BINARY} (version ${PERLVERSION})" ;; php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; LogText "Found known binary: php (programming language intrepreter) - ${BINARY} (version ${PHPVERSION})" ;; + pkg) + PKG_BINARY="${BINARY}" + LogText " Found known binary: pkg (software package administration) - ${BINARY}" + ;; pkg_admin) PKGADMINBINARY="${BINARY}"; LogText " Found known binary: pkg_admin (software package administration) - ${BINARY}" ;; postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; LogText " Found known binary: postconf (postfix configuration) - ${BINARY}" ;; postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; LogText " Found known binary: postfix (postfix binary) - ${BINARY}" ;; diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 0f5a3e0b..8e094163 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -652,37 +652,39 @@ # Description : Check for vulnerable FreeBSD packages (with pkg) # Notes : Related vulnerability file is /var/db/pkg/vuln.xml # TODO : Run this in any jail - if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi + if [ ! -z "${PKG_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg" if [ ${SKIPTEST} -eq 0 ]; then COUNT=0 PACKAGE_AUDIT_TOOL_FOUND=1 PACKAGE_AUDIT_TOOL="pkg audit" - FIND=$(/usr/sbin/pkg audit > /dev/null 2>&1) - if [ $? -eq 0 ]; then - LogText "Result: pkg audit results are clean" - Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN - AddHP 10 10 - elif [ $? -eq 1 ]; then - if [ ! -z "${FIND}" ]; then - VULNERABLE_PACKAGES_FOUND=1 - Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW - for ITEM in ${FIND}; do - COUNT=$((COUNT + 1)) - Report "vulnerable_package[]=${ITEM}" - LogText "Vulnerable package: ${ITEM}" - AddHP 1 2 - done - ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages" + if [ -f ${ROOTDIR}var/db/pkg/vuln.xml ]; then + FIND=$(${PKG_BINARY} audit 2> /dev/null) + if [ $? -eq 0 ]; then + LogText "Result: pkg audit results are clean" + Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN + AddHP 10 10 + elif [ $? -eq 1 ]; then + if [ ! -z "${FIND}" ]; then + VULNERABLE_PACKAGES_FOUND=1 + Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW + for ITEM in ${FIND}; do + COUNT=$((COUNT + 1)) + Report "vulnerable_package[]=${ITEM}" + LogText "Vulnerable package: ${ITEM}" + AddHP 1 2 + done + ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages" + else + LogText "Result: found an exit code greater than zero, yet no output" + fi else - LogText "Result: found an exit code greater than zero, yet no output" + LogText "Result: exited with code $?" + ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}" fi - elif [ $? -eq 65 ]; then - LogText "Result: exited with code 65, meaning there is no vulnerability database" - ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f" else - LogText "Result: exited with code $?" - ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}" + LogText "Result: could not find vulnerability database" + ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f" fi fi # -- cgit v1.2.3