arno
/
kube-bench
mirror of https://github.com/aquasecurity/kube-bench.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #301 from wwwil/op-regex

Browse Source 
Add regex compare op
pull/319/head
Liz Rice 5 years ago committed by GitHub
parent c379df19b0 5e3ff51fa9
commit ea7400aa4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
README.md
Unescape View File

@ -232,6 +232,9 @@ These operations are:
- `lte`: tests if the flag value is less than or equal to the compared value. - `lte`: tests if the flag value is less than or equal to the compared value.
- `has`: tests if the flag value contains the compared value. - `has`: tests if the flag value contains the compared value.
- `nothave`: tests if the flag value does not contain the compared value. - `nothave`: tests if the flag value does not contain the compared value.
- `regex`: tests if the flag value matches the compared value regular expression.
When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$'`, to avoid issues with string escaping.
# Roadmap # Roadmap
Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release. Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release.

10
check/data
Unescape View File

@ -297,3 +297,13 @@ groups:
op: eq op: eq
value: "false" value: "false"
set: true set: true
- id: 26
text: "check regex op matches"
tests:
test_items:
- path: "{.currentMasterVersion}"
compare:
op: regex
value: '^1\.12.*$'
set: true

5
check/test.go
Unescape View File

@ -185,6 +185,11 @@ func (t *testItem) execute(s string) *testOutput {
case "nothave": case "nothave":
expectedResultPattern = " '%s' not have '%s'" expectedResultPattern = " '%s' not have '%s'"
result.testResult = !strings.Contains(flagVal, t.Compare.Value) result.testResult = !strings.Contains(flagVal, t.Compare.Value)
case "regex":
expectedResultPattern = " '%s' matched by '%s'"
opRe := regexp.MustCompile(t.Compare.Value)
result.testResult = opRe.MatchString(flagVal)
} }
result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value) result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value)

12
check/test_test.go
Unescape View File

@ -152,6 +152,10 @@ func TestTestExecute(t *testing.T) {
controls.Groups[0].Checks[22], controls.Groups[0].Checks[22],
"authentication:\n anonymous:\n enabled: false", "authentication:\n anonymous:\n enabled: false",
}, },
{
controls.Groups[0].Checks[26],
"currentMasterVersion: 1.12.7",
},
} }
for _, c := range cases { for _, c := range cases {
@ -180,6 +184,14 @@ func TestTestExecuteExceptions(t *testing.T) {
controls.Groups[0].Checks[25], controls.Groups[0].Checks[25],
"broken } yaml\nenabled: true", "broken } yaml\nenabled: true",
}, },
{
controls.Groups[0].Checks[26],
"currentMasterVersion: 1.11",
},
{
controls.Groups[0].Checks[26],
"currentMasterVersion: ",
},
} }
for _, c := range cases { for _, c := range cases {

Write Preview
Loading…
Cancel
Save