mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-24 07:28:06 +00:00
Merge pull request #284 from yoavAqua/expected-result
Genereate expected result automatically for each test
This commit is contained in:
commit
ff6443e279
@ -72,6 +72,7 @@ type Check struct {
|
|||||||
State `json:"status"`
|
State `json:"status"`
|
||||||
ActualValue string `json:"actual_value"`
|
ActualValue string `json:"actual_value"`
|
||||||
Scored bool `json:"scored"`
|
Scored bool `json:"scored"`
|
||||||
|
ExpectedResult string `json:"expected_result"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Runner wraps the basic Run method.
|
// Runner wraps the basic Run method.
|
||||||
@ -188,6 +189,7 @@ func (c *Check) run() State {
|
|||||||
finalOutput := c.Tests.execute(out.String())
|
finalOutput := c.Tests.execute(out.String())
|
||||||
if finalOutput != nil {
|
if finalOutput != nil {
|
||||||
c.ActualValue = finalOutput.actualResult
|
c.ActualValue = finalOutput.actualResult
|
||||||
|
c.ExpectedResult = finalOutput.ExpectedResult
|
||||||
if finalOutput.testResult {
|
if finalOutput.testResult {
|
||||||
c.State = PASS
|
c.State = PASS
|
||||||
} else {
|
} else {
|
||||||
|
@ -58,6 +58,7 @@ type compare struct {
|
|||||||
type testOutput struct {
|
type testOutput struct {
|
||||||
testResult bool
|
testResult bool
|
||||||
actualResult string
|
actualResult string
|
||||||
|
ExpectedResult string
|
||||||
}
|
}
|
||||||
|
|
||||||
func failTestItem(s string) *testOutput {
|
func failTestItem(s string) *testOutput {
|
||||||
@ -135,8 +136,10 @@ func (t *testItem) execute(s string) *testOutput {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
expectedResultPattern := ""
|
||||||
switch t.Compare.Op {
|
switch t.Compare.Op {
|
||||||
case "eq":
|
case "eq":
|
||||||
|
expectedResultPattern = "'%s' is equal to '%s'"
|
||||||
value := strings.ToLower(flagVal)
|
value := strings.ToLower(flagVal)
|
||||||
// Do case insensitive comparaison for booleans ...
|
// Do case insensitive comparaison for booleans ...
|
||||||
if value == "false" || value == "true" {
|
if value == "false" || value == "true" {
|
||||||
@ -146,6 +149,7 @@ func (t *testItem) execute(s string) *testOutput {
|
|||||||
}
|
}
|
||||||
|
|
||||||
case "noteq":
|
case "noteq":
|
||||||
|
expectedResultPattern = "'%s' is not equal to '%s'"
|
||||||
value := strings.ToLower(flagVal)
|
value := strings.ToLower(flagVal)
|
||||||
// Do case insensitive comparaison for booleans ...
|
// Do case insensitive comparaison for booleans ...
|
||||||
if value == "false" || value == "true" {
|
if value == "false" || value == "true" {
|
||||||
@ -155,32 +159,41 @@ func (t *testItem) execute(s string) *testOutput {
|
|||||||
}
|
}
|
||||||
|
|
||||||
case "gt":
|
case "gt":
|
||||||
|
expectedResultPattern = "%s is greater then %s"
|
||||||
a, b := toNumeric(flagVal, t.Compare.Value)
|
a, b := toNumeric(flagVal, t.Compare.Value)
|
||||||
result.testResult = a > b
|
result.testResult = a > b
|
||||||
|
|
||||||
case "gte":
|
case "gte":
|
||||||
|
expectedResultPattern = "%s is greater or equal to %s"
|
||||||
a, b := toNumeric(flagVal, t.Compare.Value)
|
a, b := toNumeric(flagVal, t.Compare.Value)
|
||||||
result.testResult = a >= b
|
result.testResult = a >= b
|
||||||
|
|
||||||
case "lt":
|
case "lt":
|
||||||
|
expectedResultPattern = "%s is lower then %s"
|
||||||
a, b := toNumeric(flagVal, t.Compare.Value)
|
a, b := toNumeric(flagVal, t.Compare.Value)
|
||||||
result.testResult = a < b
|
result.testResult = a < b
|
||||||
|
|
||||||
case "lte":
|
case "lte":
|
||||||
|
expectedResultPattern = "%s is lower or equal to %s"
|
||||||
a, b := toNumeric(flagVal, t.Compare.Value)
|
a, b := toNumeric(flagVal, t.Compare.Value)
|
||||||
result.testResult = a <= b
|
result.testResult = a <= b
|
||||||
|
|
||||||
case "has":
|
case "has":
|
||||||
|
expectedResultPattern = "'%s' has '%s'"
|
||||||
result.testResult = strings.Contains(flagVal, t.Compare.Value)
|
result.testResult = strings.Contains(flagVal, t.Compare.Value)
|
||||||
|
|
||||||
case "nothave":
|
case "nothave":
|
||||||
|
expectedResultPattern = " '%s' not have '%s'"
|
||||||
result.testResult = !strings.Contains(flagVal, t.Compare.Value)
|
result.testResult = !strings.Contains(flagVal, t.Compare.Value)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value)
|
||||||
} else {
|
} else {
|
||||||
|
result.ExpectedResult = fmt.Sprintf("'%s' is present", t.Flag)
|
||||||
result.testResult = isset
|
result.testResult = isset
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
result.ExpectedResult = fmt.Sprintf("'%s' is not present", t.Flag)
|
||||||
notset := !match
|
notset := !match
|
||||||
result.testResult = notset
|
result.testResult = notset
|
||||||
}
|
}
|
||||||
@ -206,8 +219,11 @@ func (ts *tests) execute(s string) *testOutput {
|
|||||||
return finalOutput
|
return finalOutput
|
||||||
}
|
}
|
||||||
|
|
||||||
|
expectedResultArr := make([]string, len(res))
|
||||||
|
|
||||||
for i, t := range ts.TestItems {
|
for i, t := range ts.TestItems {
|
||||||
res[i] = *(t.execute(s))
|
res[i] = *(t.execute(s))
|
||||||
|
expectedResultArr[i] = res[i].ExpectedResult
|
||||||
}
|
}
|
||||||
|
|
||||||
var result bool
|
var result bool
|
||||||
@ -221,11 +237,16 @@ func (ts *tests) execute(s string) *testOutput {
|
|||||||
for i := range res {
|
for i := range res {
|
||||||
result = result && res[i].testResult
|
result = result && res[i].testResult
|
||||||
}
|
}
|
||||||
|
// Generate an AND expected result
|
||||||
|
finalOutput.ExpectedResult = strings.Join(expectedResultArr, " AND ")
|
||||||
|
|
||||||
case or:
|
case or:
|
||||||
result = false
|
result = false
|
||||||
for i := range res {
|
for i := range res {
|
||||||
result = result || res[i].testResult
|
result = result || res[i].testResult
|
||||||
}
|
}
|
||||||
|
// Generate an OR expected result
|
||||||
|
finalOutput.ExpectedResult = strings.Join(expectedResultArr, " OR ")
|
||||||
}
|
}
|
||||||
|
|
||||||
finalOutput.testResult = result
|
finalOutput.testResult = result
|
||||||
|
Loading…
Reference in New Issue
Block a user