arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-31 10:01:06 +00:00
Code Issues Releases Wiki Activity

Merge pull request #301 from wwwil/op-regex

Browse Source 
Add regex compare op
This commit is contained in:
Liz Rice 2019-06-19 12:10:29 +02:00 committed by GitHub
commit ea7400aa4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -232,6 +232,9 @@ These operations are:
- `lte`: tests if the flag value is less than or equal to the compared value. - `lte`: tests if the flag value is less than or equal to the compared value.
- `has`: tests if the flag value contains the compared value. - `has`: tests if the flag value contains the compared value.
- `nothave`: tests if the flag value does not contain the compared value. - `nothave`: tests if the flag value does not contain the compared value.
- `regex`: tests if the flag value matches the compared value regular expression.
When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$'`, to avoid issues with string escaping.
# Roadmap # Roadmap
Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release. Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release.

10
check/data
View File

@ -297,3 +297,13 @@ groups:
op: eq op: eq
value: "false" value: "false"
set: true set: true
- id: 26
text: "check regex op matches"
tests:
test_items:
- path: "{.currentMasterVersion}"
compare:
op: regex
value: '^1\.12.*$'
set: true

5
check/test.go
View File

@ -185,6 +185,11 @@ func (t *testItem) execute(s string) *testOutput {
case "nothave": case "nothave":
expectedResultPattern = " '%s' not have '%s'" expectedResultPattern = " '%s' not have '%s'"
result.testResult = !strings.Contains(flagVal, t.Compare.Value) result.testResult = !strings.Contains(flagVal, t.Compare.Value)
case "regex":
expectedResultPattern = " '%s' matched by '%s'"
opRe := regexp.MustCompile(t.Compare.Value)
result.testResult = opRe.MatchString(flagVal)
} }
result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value) result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value)

12
check/test_test.go
View File

@ -152,6 +152,10 @@ func TestTestExecute(t *testing.T) {
controls.Groups[0].Checks[22], controls.Groups[0].Checks[22],
"authentication:\n anonymous:\n enabled: false", "authentication:\n anonymous:\n enabled: false",
}, },
{
controls.Groups[0].Checks[26],
"currentMasterVersion: 1.12.7",
},
} }
for _, c := range cases { for _, c := range cases {
@ -180,6 +184,14 @@ func TestTestExecuteExceptions(t *testing.T) {
controls.Groups[0].Checks[25], controls.Groups[0].Checks[25],
"broken } yaml\nenabled: true", "broken } yaml\nenabled: true",
}, },
{
controls.Groups[0].Checks[26],
"currentMasterVersion: 1.11",
},
{
controls.Groups[0].Checks[26],
"currentMasterVersion: ",
},
} }
for _, c := range cases { for _, c := range cases {