mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-25 09:28:16 +00:00
bugfix: false negative when audit_config is defined along with audit and config file not found (#1367)
Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured. As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file. file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127` Resolve: #1364
This commit is contained in:
parent
e1d1053358
commit
b942ed3f0b
@ -208,6 +208,14 @@ func (c *Check) runAuditCommands() (lastCommand string, err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
c.AuditConfigOutput, err = runAudit(c.AuditConfig)
|
c.AuditConfigOutput, err = runAudit(c.AuditConfig)
|
||||||
|
// when file not found then error comes as exit status 127
|
||||||
|
if err != nil && strings.Contains(err.Error(), "exit status 127") &&
|
||||||
|
(c.AuditEnvOutput != "" || c.AuditOutput != "") {
|
||||||
|
// suppress file not found error when there is Audit OR auditEnv output present
|
||||||
|
glog.V(3).Info(err)
|
||||||
|
err = nil
|
||||||
|
c.AuditConfigOutput = ""
|
||||||
|
}
|
||||||
return c.AuditConfig, err
|
return c.AuditConfig, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -227,8 +235,8 @@ func (c *Check) execute() (finalOutput *testOutput, err error) {
|
|||||||
t.auditUsed = AuditCommand
|
t.auditUsed = AuditCommand
|
||||||
result := *(t.execute(c.AuditOutput))
|
result := *(t.execute(c.AuditOutput))
|
||||||
|
|
||||||
// Check for AuditConfigOutput only if AuditConfig is set
|
// Check for AuditConfigOutput only if AuditConfig is set and auditConfigOutput is not empty
|
||||||
if !result.flagFound && c.AuditConfig != "" {
|
if !result.flagFound && c.AuditConfig != "" && c.AuditConfigOutput != "" {
|
||||||
// t.isConfigSetting = true
|
// t.isConfigSetting = true
|
||||||
t.auditUsed = AuditConfig
|
t.auditUsed = AuditConfig
|
||||||
result = *(t.execute(c.AuditConfigOutput))
|
result = *(t.execute(c.AuditConfigOutput))
|
||||||
|
@ -69,6 +69,31 @@ func TestCheck_Run(t *testing.T) {
|
|||||||
},
|
},
|
||||||
Expected: PASS,
|
Expected: PASS,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "Scored checks that pass should PASS when config file is not present",
|
||||||
|
check: Check{
|
||||||
|
Scored: true,
|
||||||
|
Audit: "echo hello",
|
||||||
|
AuditConfig: "/test/config.yaml",
|
||||||
|
Tests: &tests{TestItems: []*testItem{{
|
||||||
|
Flag: "hello",
|
||||||
|
Set: true,
|
||||||
|
}}},
|
||||||
|
},
|
||||||
|
Expected: PASS,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Scored checks that pass should FAIL when config file is not present",
|
||||||
|
check: Check{
|
||||||
|
Scored: true,
|
||||||
|
AuditConfig: "/test/config.yaml",
|
||||||
|
Tests: &tests{TestItems: []*testItem{{
|
||||||
|
Flag: "hello",
|
||||||
|
Set: true,
|
||||||
|
}}},
|
||||||
|
},
|
||||||
|
Expected: FAIL,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, testCase := range testCases {
|
for _, testCase := range testCases {
|
||||||
|
Loading…
Reference in New Issue
Block a user