tests: display the number of issues detected

Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-01-13 00:17:57 +01:00
parent 701cb887d6
commit e2514c2fac
5 changed files with 49 additions and 13 deletions

View File

@ -26,7 +26,12 @@ Changes in version 1.8.3
* tests/test01_pkgquality
tests/test02_pkgsecurity - Davide Madrisan:
Be less verbose.
Be less verbose and write the grand total of the issues detected by each
plugin.
* po/it/test01_pkgquality
po/it/test02_pkgsecurity.po - Davide Madrisan:
Updated.
--------------------------------------------------------------------------------

View File

@ -1,5 +1,5 @@
# translation of it.po to Italiana
# Copyright (C) 2008 Davide Madrisan
# Copyright (C) 2008,2012 Davide Madrisan
# Davide Madrisan <davide.madrisan@gmail.com>
msgid ""
@ -102,3 +102,6 @@ msgstr "ricerca di pacchetti con errato tag BuildArch"
msgid "this package should be tagged \\`noarch'"
msgstr "questo pacchetto dovrebbe essere di tipo \\`noarch'"
msgid "Quality checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
msgstr "Controlli di qualità: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"

View File

@ -1,5 +1,5 @@
# translation of it.po to Italiana
# Copyright (C) 2008 Davide Madrisan
# Copyright (C) 2008,2012 Davide Madrisan
# Davide Madrisan <davide.madrisan@gmail.com>
msgid ""
@ -60,3 +60,6 @@ msgstr "Suggerimento per script bash (richiede \\`mktemp')"
msgid "Hint for perl scripts"
msgstr "Suggerimento per script perl"
msgid "Security checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
msgstr "Ccntrolli di sicurezza: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"

View File

@ -56,6 +56,8 @@ function alltests() {
[ -d "$tmpextractdir" ] || notify.error $"\
(bug)"" -- $FUNCNAME: "$"no such file or directory"" \`$tmpextractdir'"
local total_issues=0
# check for broken symlinks
# - symlinks to files in the buildroot directory for rpm
# (usable for a symlink attacks)
@ -93,6 +95,7 @@ function alltests() {
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"\
wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
let "total_issues += 1"
fi
done
popd >/dev/null
@ -123,6 +126,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\
strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \
sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
let "total_issues += 1"
done
let "i += 1"
done
@ -148,6 +152,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\
strings -a $filename | grep "$BUILDDIR" | sort -bu | \
sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
let "total_issues += 1"
done
let "i += 1"
done
@ -169,6 +174,7 @@ find -mindepth 1 -type f -name \*.so -exec file {} \; | \
grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect plugin \`${NOTE}$f${NORM}'"
let "total_issues += 1"
done
popd >/dev/null
let "i += 1"
@ -193,6 +199,7 @@ checking for wrong file attributes in bin and lib directories""${NORM}..."
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"
done
let "i += 1"
popd >/dev/null
@ -221,9 +228,10 @@ checking for binary files installed in /etc (see FHS)""${NORM}..."
case $f in
./etc/rc.d/init.d/*) ;;
*) let "warning = 1" &&
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
{ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"; } ;;
esac
done
popd >/dev/null
@ -280,7 +288,8 @@ $([[ "$rpm_macro_uninstallinfo" ]] &&
echo "$rpm_macro_uninstallinfo %{name}.info" ||
echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info")
exit 0
---------------------------------------"; }
---------------------------------------"
let "total_issues += $error"; }
done
# check packages for wrong user and/or group ownerships
@ -302,6 +311,7 @@ package not found"": \`${pck##*/}'"
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']"
let "total_issues += 1"
fi
done )
done
@ -319,9 +329,10 @@ checking packages for desktop files installed in the applnk dir""${NORM}..."
case $f in
.${rpmdatadir}/applnk/*.desktop)
let "warning = 1" &&
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;;
{ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"; } ;;
*) ;;
esac
done
@ -357,6 +368,11 @@ ${NOTE}"$"Hint"":${NORM}
-----------------------------
${NOTE}"$"Hint"":${NORM}
BuildArch: noarch
-----------------------------"; }
-----------------------------"
let "total_issues += 1"; }
fi
notify.note "\
--> ${NOTE}"$"Quality checks: \
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
}

View File

@ -1,6 +1,6 @@
#!/bin/bash
# test02_pkgsecurity -- @package@ test (rpm security checks)
# Copyright (C) 2008 Davide Madrisan <davide.madrisan@gmail.com>
# Copyright (C) 2008,2012 Davide Madrisan <davide.madrisan@gmail.com>
[ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] &&
echo $"this script requires bash version 2 or better" >&2 && exit 1
@ -68,6 +68,8 @@ function alltests() {
done
}
local total_issues=0
notify.note \
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
@ -83,6 +85,7 @@ function alltests() {
if [ "$rpath" ]; then
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${f/./}\nRPATH: $rpath"
let "total_issues += 1"
fi
fi
done
@ -102,6 +105,7 @@ function alltests() {
if [[ "$(file $f | grep " setuid ")" ]]; then
notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${NOTE}${f/./}${NORM}"
let "total_issues += 1"
fi
done
popd >/dev/null
@ -129,7 +133,8 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
let "vulnerable = 1" &&
{ notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"\
seems to be affected"": \`${NOTE}${f/./}${NORM}'"; }
seems to be affected"": \`${NOTE}${f/./}${NORM}'"
let "total_issues += 1"; }
done
popd >/dev/null
let "i += 1"
@ -147,4 +152,8 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
use File::Temp qw/ tempfile /;
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
-----------------------------"
notify.note "\
--> ${NOTE}"$"Security checks: \
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
}