tests: display the number of issues detected
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan
parent
701cb887d6
commit
e2514c2fac
@ -26,7 +26,12 @@ Changes in version 1.8.3
|
||||
|
||||
* tests/test01_pkgquality
|
||||
tests/test02_pkgsecurity - Davide Madrisan:
|
||||
Be less verbose.
|
||||
Be less verbose and write the grand total of the issues detected by each
|
||||
plugin.
|
||||
|
||||
* po/it/test01_pkgquality
|
||||
po/it/test02_pkgsecurity.po - Davide Madrisan:
|
||||
Updated.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# translation of it.po to Italiana
|
||||
# Copyright (C) 2008 Davide Madrisan
|
||||
# Copyright (C) 2008,2012 Davide Madrisan
|
||||
# Davide Madrisan <davide.madrisan@gmail.com>
|
||||
|
||||
msgid ""
|
||||
@ -102,3 +102,6 @@ msgstr "ricerca di pacchetti con errato tag BuildArch"
|
||||
|
||||
msgid "this package should be tagged \\`noarch'"
|
||||
msgstr "questo pacchetto dovrebbe essere di tipo \\`noarch'"
|
||||
|
||||
msgid "Quality checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
|
||||
msgstr "Controlli di qualità: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# translation of it.po to Italiana
|
||||
# Copyright (C) 2008 Davide Madrisan
|
||||
# Copyright (C) 2008,2012 Davide Madrisan
|
||||
# Davide Madrisan <davide.madrisan@gmail.com>
|
||||
|
||||
msgid ""
|
||||
@ -60,3 +60,6 @@ msgstr "Suggerimento per script bash (richiede \\`mktemp')"
|
||||
|
||||
msgid "Hint for perl scripts"
|
||||
msgstr "Suggerimento per script perl"
|
||||
|
||||
msgid "Security checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
|
||||
msgstr "Ccntrolli di sicurezza: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"
|
||||
|
||||
@ -56,6 +56,8 @@ function alltests() {
|
||||
[ -d "$tmpextractdir" ] || notify.error $"\
|
||||
(bug)"" -- $FUNCNAME: "$"no such file or directory"" \`$tmpextractdir'"
|
||||
|
||||
local total_issues=0
|
||||
|
||||
# check for broken symlinks
|
||||
# - symlinks to files in the buildroot directory for rpm
|
||||
# (usable for a symlink attacks)
|
||||
@ -93,6 +95,7 @@ function alltests() {
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"\
|
||||
wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
|
||||
let "total_issues += 1"
|
||||
fi
|
||||
done
|
||||
popd >/dev/null
|
||||
@ -123,6 +126,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
|
||||
notify.note "$(\
|
||||
strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \
|
||||
sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
|
||||
let "total_issues += 1"
|
||||
done
|
||||
let "i += 1"
|
||||
done
|
||||
@ -148,6 +152,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
|
||||
notify.note "$(\
|
||||
strings -a $filename | grep "$BUILDDIR" | sort -bu | \
|
||||
sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
|
||||
let "total_issues += 1"
|
||||
done
|
||||
let "i += 1"
|
||||
done
|
||||
@ -169,6 +174,7 @@ find -mindepth 1 -type f -name \*.so -exec file {} \; | \
|
||||
grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect plugin \`${NOTE}$f${NORM}'"
|
||||
let "total_issues += 1"
|
||||
done
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
@ -193,6 +199,7 @@ checking for wrong file attributes in bin and lib directories""${NORM}..."
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
|
||||
let "total_issues += 1"
|
||||
done
|
||||
let "i += 1"
|
||||
popd >/dev/null
|
||||
@ -221,9 +228,10 @@ checking for binary files installed in /etc (see FHS)""${NORM}..."
|
||||
case $f in
|
||||
./etc/rc.d/init.d/*) ;;
|
||||
*) let "warning = 1" &&
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
|
||||
{ notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
|
||||
let "total_issues += 1"; } ;;
|
||||
esac
|
||||
done
|
||||
popd >/dev/null
|
||||
@ -280,7 +288,8 @@ $([[ "$rpm_macro_uninstallinfo" ]] &&
|
||||
echo "$rpm_macro_uninstallinfo %{name}.info" ||
|
||||
echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info")
|
||||
exit 0
|
||||
---------------------------------------"; }
|
||||
---------------------------------------"
|
||||
let "total_issues += $error"; }
|
||||
done
|
||||
|
||||
# check packages for wrong user and/or group ownerships
|
||||
@ -302,6 +311,7 @@ package not found"": \`${pck##*/}'"
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']"
|
||||
let "total_issues += 1"
|
||||
fi
|
||||
done )
|
||||
done
|
||||
@ -319,9 +329,10 @@ checking packages for desktop files installed in the applnk dir""${NORM}..."
|
||||
case $f in
|
||||
.${rpmdatadir}/applnk/*.desktop)
|
||||
let "warning = 1" &&
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
|
||||
{ notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"found suspect file"": \
|
||||
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
|
||||
let "total_issues += 1"; } ;;
|
||||
*) ;;
|
||||
esac
|
||||
done
|
||||
@ -357,6 +368,11 @@ ${NOTE}"$"Hint"":${NORM}
|
||||
-----------------------------
|
||||
${NOTE}"$"Hint"":${NORM}
|
||||
BuildArch: noarch
|
||||
-----------------------------"; }
|
||||
-----------------------------"
|
||||
let "total_issues += 1"; }
|
||||
fi
|
||||
|
||||
notify.note "\
|
||||
--> ${NOTE}"$"Quality checks: \
|
||||
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
# test02_pkgsecurity -- @package@ test (rpm security checks)
|
||||
# Copyright (C) 2008 Davide Madrisan <davide.madrisan@gmail.com>
|
||||
# Copyright (C) 2008,2012 Davide Madrisan <davide.madrisan@gmail.com>
|
||||
|
||||
[ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] &&
|
||||
echo $"this script requires bash version 2 or better" >&2 && exit 1
|
||||
@ -68,6 +68,8 @@ function alltests() {
|
||||
done
|
||||
}
|
||||
|
||||
local total_issues=0
|
||||
|
||||
notify.note \
|
||||
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
|
||||
|
||||
@ -83,6 +85,7 @@ function alltests() {
|
||||
if [ "$rpath" ]; then
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note "${f/./}\nRPATH: $rpath"
|
||||
let "total_issues += 1"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
@ -102,6 +105,7 @@ function alltests() {
|
||||
if [[ "$(file $f | grep " setuid ")" ]]; then
|
||||
notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note "${NOTE}${f/./}${NORM}"
|
||||
let "total_issues += 1"
|
||||
fi
|
||||
done
|
||||
popd >/dev/null
|
||||
@ -129,7 +133,8 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
|
||||
let "vulnerable = 1" &&
|
||||
{ notify.warning "${NOTE}${pck##*/}${NORM}"
|
||||
notify.note $"\
|
||||
seems to be affected"": \`${NOTE}${f/./}${NORM}'"; }
|
||||
seems to be affected"": \`${NOTE}${f/./}${NORM}'"
|
||||
let "total_issues += 1"; }
|
||||
done
|
||||
popd >/dev/null
|
||||
let "i += 1"
|
||||
@ -147,4 +152,8 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
|
||||
use File::Temp qw/ tempfile /;
|
||||
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
|
||||
-----------------------------"
|
||||
|
||||
notify.note "\
|
||||
--> ${NOTE}"$"Security checks: \
|
||||
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user