Skip to content

Commit

Permalink
moving dast test to indepent file
Browse files Browse the repository at this point in the history
The dast test for far operator is moved to a separate file, and it
is labeled with additional "dast" label, to be able to run it apart
from the rest of the operator tests if needed.
  • Loading branch information
frajamomo committed Dec 3, 2024
1 parent bc98123 commit a7ce030
Show file tree
Hide file tree
Showing 6 changed files with 75 additions and 39 deletions.
1 change: 0 additions & 1 deletion images/rhwa/dast/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# Use the official RAPIDast image as the base
FROM quay.io/redhatproductsecurity/rapidast:2.8.0


# Set working directory to the RAPIDast installation
WORKDIR /opt/rapidast

Expand Down
61 changes: 61 additions & 0 deletions tests/rhwa/far-operator/tests/dast.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
package tests

import (
"encoding/json"
"fmt"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"

"github.com/openshift-kni/eco-goinfra/pkg/deployment"
"github.com/openshift-kni/eco-goinfra/pkg/reportxml"

"github.com/openshift-kni/eco-gotests/tests/rhwa/far-operator/internal/farparams"
rapidast "github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rapidast"
. "github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rhwainittools"
"github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rhwaparams"
)

var _ = Describe(
"FAR Post Deployment tests",
Ordered,
ContinueOnFailure,
Label(farparams.Label), Label("dast"), func() {
BeforeAll(func() {
By("Get FAR deployment object")
farDeployment, err := deployment.Pull(
APIClient, farparams.OperatorDeploymentName, rhwaparams.RhwaOperatorNs)
Expect(err).ToNot(HaveOccurred(), "Failed to get FAR deployment")

By("Verify FAR deployment is Ready")
Expect(farDeployment.IsReady(rhwaparams.DefaultTimeout)).To(BeTrue(), "FAR deployment is not Ready")
})

It("Verify FAR Operator passes trivy scan without vulnerabilities", reportxml.ID("76877"), func() {

By("Creating rapidast pod")
dastTestPod := rapidast.PrepareRapidastPod(APIClient)

output, err := rapidast.RunRapidastScan(*dastTestPod, rhwaparams.RhwaOperatorNs)
Expect(err).ToNot(HaveOccurred())

By("Checking vulnerability scan results")
var parsableStruct rapidast.DASTReport
err = json.Unmarshal(output.Bytes(), &parsableStruct)
Expect(err).ToNot(HaveOccurred())

var vulnerabilityFound = false
for _, resource := range parsableStruct.Resources {
for _, result := range resource.Results {
if result.MisconfSummary.Failures > 0 {
fmt.Printf("%d vulnerability(s) found in %s\n", result.MisconfSummary.Failures, resource.Name)
for _, misconfiguration := range result.Misconfigurations {
fmt.Printf("- %+v\n", misconfiguration)
}
vulnerabilityFound = true
}
}
}
Expect(vulnerabilityFound).NotTo(BeTrue(), "Found vulnerability(s)")
})
})
30 changes: 0 additions & 30 deletions tests/rhwa/far-operator/tests/far.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package tests

import (
"encoding/json"
"fmt"

. "github.com/onsi/ginkgo/v2"
Expand All @@ -12,7 +11,6 @@ import (
"github.com/openshift-kni/eco-goinfra/pkg/reportxml"

"github.com/openshift-kni/eco-gotests/tests/rhwa/far-operator/internal/farparams"
. "github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rapidast"
. "github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rhwainittools"
"github.com/openshift-kni/eco-gotests/tests/rhwa/internal/rhwaparams"

Expand Down Expand Up @@ -46,32 +44,4 @@ var _ = Describe(
)
Expect(err).ToNot(HaveOccurred(), "Pod is not ready")
})

It("Verify FAR Operator passes trivy scan without vulnerabilities", reportxml.ID("76877"), func() {

By("Creating rapidast pod")
dastTestPod := PrepareRapidastPod(APIClient)

By("Running vulnerability scan")
command := []string{"bash", "-c",
fmt.Sprintf("NAMESPACE=%s rapidast.py --config ./config/rapidastConfig.yaml 2> /dev/null", rhwaparams.RhwaOperatorNs)}
output, err := dastTestPod.ExecCommand(command)
Expect(err).ToNot(HaveOccurred(), "Command failed")

By("Checking vulnerability scan results")
var parsableStruct DASTReport
err = json.Unmarshal(output.Bytes(), &parsableStruct)
Expect(err).ToNot(HaveOccurred())

var vulnerability_found bool = false
for _, resource := range parsableStruct.Resources {
for _, result := range resource.Results {
if result.MisconfSummary.Failures > 0 {
fmt.Printf("%d vulnerability(s) found in %s\n", result.MisconfSummary.Failures, resource.Name)
vulnerability_found = true
}
}
}
Expect(vulnerability_found).NotTo(BeTrue(), "Found vulnerability(s)")
})
})
1 change: 1 addition & 0 deletions tests/rhwa/internal/rapidast/dastreport.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package rapidast

// DASTReport struct that receives the results of the rapidast scan.
type DASTReport struct {
ClusterName string
Resources []struct {
Expand Down
15 changes: 10 additions & 5 deletions tests/rhwa/internal/rapidast/rapidast.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package rapidast

import (
"bytes"
"fmt"
"time"

"github.com/golang/glog"
Expand All @@ -19,6 +21,7 @@ const (
logLevel = rhwaparams.LogLevel
)

// PrepareRapidastPod initializes the pod in the cluster that allows to run rapidast.
func PrepareRapidastPod(apiClient *clients.Settings) *pod.Builder {
nodes, err := nodes.List(apiClient)
if err != nil {
Expand Down Expand Up @@ -65,11 +68,6 @@ func PrepareRapidastPod(apiClient *clients.Settings) *pod.Builder {
DefineOnNode(nodes[0].Object.Name).
WithTolerationToMaster().
WithPrivilegedFlag()
if err != nil {
glog.V(logLevel).Infof(
"Error in rapidast client pod definition %s", err.Error())
}

dastTestPod.Definition.Spec.ServiceAccountName = "trivy-service-account"

_, err = dastTestPod.CreateAndWaitUntilRunning(time.Minute)
Expand All @@ -79,5 +77,12 @@ func PrepareRapidastPod(apiClient *clients.Settings) *pod.Builder {
}

return dastTestPod
}

// RunRapidastScan executes the rapidast scan configured in the container.
func RunRapidastScan(dastTestPod pod.Builder, namespace string) (bytes.Buffer, error) {
command := []string{"bash", "-c",
fmt.Sprintf("NAMESPACE=%s rapidast.py --config ./config/rapidastConfig.yaml 2> /dev/null", namespace)}

return dastTestPod.ExecCommand(command)
}
6 changes: 3 additions & 3 deletions tests/rhwa/internal/rhwaparams/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ const (
RhwaOperatorNs = "openshift-workload-availability"
// DefaultTimeout represents the default timeout.
DefaultTimeout = 300 * time.Second
// TestNamespaceName namespace where all dast test cases are performed
// TestNamespaceName namespace where all dast test cases are performed.
TestNamespaceName = "dast-tests"

// LogLevel for the supporting functions.
LogLevel = 90

// TestContainerDast specifies the container image to use for rapidast tests.
TestContainerDast = "quay.io/frmoreno/eco-dast:latest"
)

0 comments on commit a7ce030

Please sign in to comment.