diff options
| author | mo khan <mo.khan@gmail.com> | 2020-10-27 15:45:26 -0600 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-10-27 15:45:26 -0600 |
| commit | 63eb2cf09c0e15c56433a3e150153f0cc9f30f5b (patch) | |
| tree | 65ea86baa3a15245cc22ed089edeff9c99c3fc99 | |
| parent | b45dbeff17dd837936cf61c64b7e51a2eec07bb6 (diff) | |
test: scan a vulnerable webgoat image
| -rw-r--r-- | lib/e2e/docker.rb | 9 | ||||
| -rw-r--r-- | spec/fixtures/docker/empty/Dockerfile | 1 | ||||
| -rw-r--r-- | spec/integration/klar_spec.rb | 11 | ||||
| -rw-r--r-- | spec/support/shared/with_scanner.rb | 2 |
4 files changed, 15 insertions, 8 deletions
diff --git a/lib/e2e/docker.rb b/lib/e2e/docker.rb index 121e47b..f8347e9 100644 --- a/lib/e2e/docker.rb +++ b/lib/e2e/docker.rb @@ -24,13 +24,14 @@ class Docker Dir.chdir pwd do arguments = [ :docker, :run, '--rm', + "--add-host=clair-vulnerabilities-db:127.0.0.1", + "--add-host=maven.test:127.0.0.1", + "--network=host", "--volume=#{project_path}:/tmp/app", - '--add-host=clair-vulnerabilities-db:127.0.0.1', - '--add-host=maven.test:127.0.0.1', - '--network=host', + "--workdir=/tmp/app", env_options ] - arguments.push(debug ? ["-it", "--entrypoint=''", image, '/bin/bash -l'] : [image, '/analyzer run']) + arguments.push(debug ? ["-it", "--entrypoint=''", image, '/bin/sh'] : [image, '/analyzer run']) command = expand(arguments) system(command, exception: true) end diff --git a/spec/fixtures/docker/empty/Dockerfile b/spec/fixtures/docker/empty/Dockerfile new file mode 100644 index 0000000..6b4ce3c --- /dev/null +++ b/spec/fixtures/docker/empty/Dockerfile @@ -0,0 +1 @@ +FROM registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e diff --git a/spec/integration/klar_spec.rb b/spec/integration/klar_spec.rb index 13ebb94..f834b30 100644 --- a/spec/integration/klar_spec.rb +++ b/spec/integration/klar_spec.rb @@ -2,8 +2,13 @@ RSpec.describe 'klar' do let(:scanner) { 'klar' } - let(:project_fixture) { 'docker/compose' } - let(:env) { { DOCKER_IMAGE: 'mokhan/minbox:latest' } } - specify { expect(subject).to match_schema(:container_scanning) } + context "when scanning a vulnerable webgoat image" do + let(:project_fixture) { 'docker/alpine-3.10' } + let(:env) { { DOCKER_IMAGE: 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e' } } + + pending { expect(subject).to match_schema(:container_scanning) } + specify { expect(subject['vulnerabilities'].length).to be > 1 } + specify { expect(subject['vulnerabilities']).to all(include('category' => 'container_scanning')) } + end end diff --git a/spec/support/shared/with_scanner.rb b/spec/support/shared/with_scanner.rb index 7fbc99c..421ff95 100644 --- a/spec/support/shared/with_scanner.rb +++ b/spec/support/shared/with_scanner.rb @@ -13,7 +13,7 @@ RSpec.shared_context 'with scanner' do let(:report_types) do { 'gemnasium-maven' => :dependency_scanning, - 'klar' => :container_scanning, + 'klar' => :"container-scanning", 'spotbugs' => :sast } end |