openmamba/autospec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tests: display the number of issues detected

Browse Source 
Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com>
This commit is contained in:
Davide Madrisan 2012-01-13 00:17:57 +01:00
parent 701cb887d6
commit e2514c2fac
5 changed files with 49 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -26,7 +26,12 @@ Changes in version 1.8.3
* tests/test01_pkgquality * tests/test01_pkgquality
tests/test02_pkgsecurity - Davide Madrisan: tests/test02_pkgsecurity - Davide Madrisan:
Be less verbose. Be less verbose and write the grand total of the issues detected by each
plugin.
* po/it/test01_pkgquality
po/it/test02_pkgsecurity.po - Davide Madrisan:
Updated.
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

5
po/it/test01_pkgquality.po
View File

@ -1,5 +1,5 @@
# translation of it.po to Italiana # translation of it.po to Italiana
# Copyright (C) 2008 Davide Madrisan # Copyright (C) 2008,2012 Davide Madrisan
# Davide Madrisan <davide.madrisan@gmail.com> # Davide Madrisan <davide.madrisan@gmail.com>
msgid "" msgid ""
@ -102,3 +102,6 @@ msgstr "ricerca di pacchetti con errato tag BuildArch"
msgid "this package should be tagged \\`noarch'" msgid "this package should be tagged \\`noarch'"
msgstr "questo pacchetto dovrebbe essere di tipo \\`noarch'" msgstr "questo pacchetto dovrebbe essere di tipo \\`noarch'"
msgid "Quality checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
msgstr "Controlli di qualità: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"

5
po/it/test02_pkgsecurity.po
View File

@ -1,5 +1,5 @@
# translation of it.po to Italiana # translation of it.po to Italiana
# Copyright (C) 2008 Davide Madrisan # Copyright (C) 2008,2012 Davide Madrisan
# Davide Madrisan <davide.madrisan@gmail.com> # Davide Madrisan <davide.madrisan@gmail.com>
msgid "" msgid ""
@ -60,3 +60,6 @@ msgstr "Suggerimento per script bash (richiede \\`mktemp')"
msgid "Hint for perl scripts" msgid "Hint for perl scripts"
msgstr "Suggerimento per script perl" msgstr "Suggerimento per script perl"
msgid "Security checks: ${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s)."
msgstr "Ccntrolli di sicurezza: pacchetti controllati: ${#rpmpkg_name[@]}; problemi riscontrati: $total_issues"

28
tests/test01_pkgquality.in
View File

@ -56,6 +56,8 @@ function alltests() {
[ -d "$tmpextractdir" ] || notify.error $"\ [ -d "$tmpextractdir" ] || notify.error $"\
(bug)"" -- $FUNCNAME: "$"no such file or directory"" \`$tmpextractdir'" (bug)"" -- $FUNCNAME: "$"no such file or directory"" \`$tmpextractdir'"
local total_issues=0
# check for broken symlinks # check for broken symlinks
# - symlinks to files in the buildroot directory for rpm # - symlinks to files in the buildroot directory for rpm
# (usable for a symlink attacks) # (usable for a symlink attacks)
@ -93,6 +95,7 @@ function alltests() {
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"\ notify.note $"\
wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'" wrong symlink"": \`${NOTE}${f/./}${NORM}' --> \`${NOTE}$(readlink $f)${NORM}'"
let "total_issues += 1"
fi fi
done done
popd >/dev/null popd >/dev/null
@ -123,6 +126,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\ notify.note "$(\
strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \ strings -a $filename | grep "^$SPEC_BUILDROOT" | sort -bu | \
sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")" sed "s,$SPEC_BUILDROOT\(.*\), - [%buildroot]\1,")"
let "total_issues += 1"
done done
let "i += 1" let "i += 1"
done done
@ -148,6 +152,7 @@ echo $filename | sed "s,$tmpextractdir/$i,," )${NORM}"
notify.note "$(\ notify.note "$(\
strings -a $filename | grep "$BUILDDIR" | sort -bu | \ strings -a $filename | grep "$BUILDDIR" | sort -bu | \
sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")" sed "s,$BUILDDIR,[%_builddir],g;s,.*, - &,")"
let "total_issues += 1"
done done
let "i += 1" let "i += 1"
done done
@ -169,6 +174,7 @@ find -mindepth 1 -type f -name \*.so -exec file {} \; | \
grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do grep ' shared object,' | sed -n 's/.\(.*\):.*/\1/p'`; do
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect plugin \`${NOTE}$f${NORM}'" notify.note $"found suspect plugin \`${NOTE}$f${NORM}'"
let "total_issues += 1"
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
@ -193,6 +199,7 @@ checking for wrong file attributes in bin and lib directories""${NORM}..."
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \ notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"
done done
let "i += 1" let "i += 1"
popd >/dev/null popd >/dev/null
@ -221,9 +228,10 @@ checking for binary files installed in /etc (see FHS)""${NORM}..."
case $f in case $f in
./etc/rc.d/init.d/*) ;; ./etc/rc.d/init.d/*) ;;
*) let "warning = 1" && *) let "warning = 1" &&
notify.warning "${NOTE}${pck##*/}${NORM}" { notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \ notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"; } ;;
esac esac
done done
popd >/dev/null popd >/dev/null
@ -280,7 +288,8 @@ $([[ "$rpm_macro_uninstallinfo" ]] &&
echo "$rpm_macro_uninstallinfo %{name}.info" || echo "$rpm_macro_uninstallinfo %{name}.info" ||
echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info") echo "${path_installinfo:-/sbin/install-info} --delete %{name}.info")
exit 0 exit 0
---------------------------------------"; } ---------------------------------------"
let "total_issues += $error"; }
done done
# check packages for wrong user and/or group ownerships # check packages for wrong user and/or group ownerships
@ -302,6 +311,7 @@ package not found"": \`${pck##*/}'"
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \ notify.note $"found suspect file"": \
\`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']" \`${NOTE}$9${NORM}' [uid:\`${NOTE}$3${NORM}', gid:\`${NOTE}$4${NORM}']"
let "total_issues += 1"
fi fi
done ) done )
done done
@ -319,9 +329,10 @@ checking packages for desktop files installed in the applnk dir""${NORM}..."
case $f in case $f in
.${rpmdatadir}/applnk/*.desktop) .${rpmdatadir}/applnk/*.desktop)
let "warning = 1" && let "warning = 1" &&
notify.warning "${NOTE}${pck##*/}${NORM}" { notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"found suspect file"": \ notify.note $"found suspect file"": \
\`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]" ;; \`${NOTE}${f/./}${NORM}' [$(ls -l "$f" | sed 's, .*,,')]"
let "total_issues += 1"; } ;;
*) ;; *) ;;
esac esac
done done
@ -357,6 +368,11 @@ ${NOTE}"$"Hint"":${NORM}
----------------------------- -----------------------------
${NOTE}"$"Hint"":${NORM} ${NOTE}"$"Hint"":${NORM}
BuildArch: noarch BuildArch: noarch
-----------------------------"; } -----------------------------"
let "total_issues += 1"; }
fi fi
notify.note "\
--> ${NOTE}"$"Quality checks: \
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
} }

13
tests/test02_pkgsecurity.in
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# test02_pkgsecurity -- @package@ test (rpm security checks) # test02_pkgsecurity -- @package@ test (rpm security checks)
# Copyright (C) 2008 Davide Madrisan <davide.madrisan@gmail.com> # Copyright (C) 2008,2012 Davide Madrisan <davide.madrisan@gmail.com>
[ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] && [ -z "$BASH" ] || [ ${BASH_VERSION:0:1} -lt 2 ] &&
echo $"this script requires bash version 2 or better" >&2 && exit 1 echo $"this script requires bash version 2 or better" >&2 && exit 1
@ -68,6 +68,8 @@ function alltests() {
done done
} }
local total_issues=0
notify.note \ notify.note \
" * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..." " * ${NOTE}"$"checking for RPATH vulnerabilities""${NORM}..."
@ -83,6 +85,7 @@ function alltests() {
if [ "$rpath" ]; then if [ "$rpath" ]; then
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${f/./}\nRPATH: $rpath" notify.note "${f/./}\nRPATH: $rpath"
let "total_issues += 1"
fi fi
fi fi
done done
@ -102,6 +105,7 @@ function alltests() {
if [[ "$(file $f | grep " setuid ")" ]]; then if [[ "$(file $f | grep " setuid ")" ]]; then
notify.warning "${NOTE}${pck##*/}${NORM}" notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note "${NOTE}${f/./}${NORM}" notify.note "${NOTE}${f/./}${NORM}"
let "total_issues += 1"
fi fi
done done
popd >/dev/null popd >/dev/null
@ -129,7 +133,8 @@ checking for unsecure use of \`\$\$' in shell and perl scripts""${NORM}..."
let "vulnerable = 1" && let "vulnerable = 1" &&
{ notify.warning "${NOTE}${pck##*/}${NORM}" { notify.warning "${NOTE}${pck##*/}${NORM}"
notify.note $"\ notify.note $"\
seems to be affected"": \`${NOTE}${f/./}${NORM}'"; } seems to be affected"": \`${NOTE}${f/./}${NORM}'"
let "total_issues += 1"; }
done done
popd >/dev/null popd >/dev/null
let "i += 1" let "i += 1"
@ -147,4 +152,8 @@ ${NOTE}"$"Hint for perl scripts"":${NORM}
use File::Temp qw/ tempfile /; use File::Temp qw/ tempfile /;
(\$fh,\$file) = tempfile ('<script_name>.XXXXXX'); (\$fh,\$file) = tempfile ('<script_name>.XXXXXX');
-----------------------------" -----------------------------"
notify.note "\
--> ${NOTE}"$"Security checks: \
${#rpmpkg_name[@]} package(s) checked: $total_issues warning(s).""${NORM}"
} }