1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 06:08:06 +00:00
Commit Graph

30 Commits

Author SHA1 Message Date
Liz Rice
07f3c40dc7
Better handling of parameters and config audits (#674)
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4
2020-08-12 14:32:42 +01:00
yoavrotems
10f4e6c691
Refactor testitem-set (#668)
* set: default true

Refactor testitem-set to be default true

* fix typo

Co-authored-by: Liz Rice <liz@lizrice.com>

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-08-10 17:12:41 +03:00
Huang Huang
db109daf43
Support multiple values flag when check the audit output (#652) 2020-08-03 10:31:54 +03:00
yoavrotems
1b5b6c2afe
Remove os.exit When not needed (#631)
* Update test.go

* Update test_test.go
2020-06-28 17:29:55 +03:00
yoavrotems
60f2fb592a
Add option to do bitmask (#565)
* Add option to do bitwise and between two value in order to compare permissions

* Update test.go

Removed self debug note

* Update test_test.go

FIx typo

* Update test.go

* Update test.go

Switched between max and requested value, because accidentally assigned them oppositely  and remove old function relate to octal base

* Update test_test.go

* Update test_test.go
2020-03-16 12:25:46 +00:00
Huang Huang
0b07f40c9b
Support parse boolean flag with no value (#579)
* Support parse boolean flag with no value

* Add test for parse boolean flag with false value

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
2020-03-03 11:54:38 -05:00
Roberto Rojas
9fc13ca02e
Fixes Issue #538 (#539)
* Adds openshift to autodetect node type

* detect okd node units

* OCP fixes
2019-12-13 11:04:58 -05:00
Sebastian Ehmann
56fa231376 Remove nil check (#493)
As the length of a nil slice is defined as 0, the nil check is
redundand. (suggested by golanci-lint/gosimple)
2019-11-05 20:23:31 -05:00
Sebastian Ehmann
b9be7daa4a Directly convert buffer to string (#492)
Using `buf.String()` instead of `fmt.Sprintf` is simpler
2019-11-05 20:07:41 -05:00
Roberto Rojas
4416e46967
Adds Unit Tests for check/toNumeric (#401)
* fixes issue #364

* fixed unit test error text
2019-10-12 18:46:19 -04:00
Roberto Rojas
937bfc7b2e issue #344: Adds support for array comparison. Every element in the s… (#367)
* issue #344: Adds support for array comparison. Every element in the source array must exist in the target array.

* issue #344: Fixed typo and found if condition based on code review

* adds unit tests for valid_elements comparison

* removes spaces from split strings
2019-07-26 11:11:59 -07:00
Roberto Rojas
dab5e92bb5 Issue #363: Adds Unit Tests for Test Comparisons (#366)
* issue #363: starts unit tests for Test Comparison.

* issue #363: Adds tests for "eq" operation

* changes test result message

* issue #363: Adds tests for "noteq" operation

* issue #363: Adds tests for "gt" operation

* issue #363: Adds tests for "lt" operation

* issue #363: Adds tests for "gte" operation

* issue #363: Adds tests for "lte" operation

* issue #363: Adds tests for "has" operation

* issue #363: Adds tests for "nothave" operation

* issue #363: Adds tests for "regex" operation
2019-07-17 10:08:11 -04:00
Roberto Rojas
d43cdfdf01 Issue #355: Adds Unit Tests for JSONPath Parse & Execute (#358)
* issue #335: Adds json/yaml unmarshal Unit Tests.

* issue #335: Adds jsonpath Unit Tests.

* issue #335: Removes log package.
2019-07-12 07:09:27 +01:00
wwwil
e4f0f470ee Add regex op to test 2019-06-04 11:38:17 +01:00
Yoav Hizkiahou
ddb677bc69 Generate expected result by strings join 2019-05-26 10:15:00 +03:00
Yoav Hizkiahou
d1c3e3163b Genereate expected result automatically for each test 2019-05-26 10:14:25 +03:00
Yoav Hizkiahou
240c8ad5b0 The check's actual result property is now set to be the audit command's output
fix #280
2019-05-16 10:48:04 +03:00
Liz Rice
902a10f1c7
Just have one path for both json and yaml 2019-04-11 17:09:33 +01:00
Liz Rice
c887794807
Merge branch 'master' into feature/json-config 2019-04-11 10:03:07 +01:00
Abubakr-Sadik Nii Nai Davis
4b8a7ffbe1 Add ":" as a valid flag-value separator for tests
This is useful for checking values in YAML (possibly JSON) kubernetes config files.
2019-04-10 22:47:26 +00:00
Florent Delannoy
4d3144ca21 Support JSON and YAML configuration
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`

These new options are fully backwards-compatible with the existing
tests.

Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
2019-03-21 12:13:31 +00:00
Liz Rice
cd231106cc
Improve comment
Tests could easily be marked "skip" because the user doesn't want to run them in their environment, and in this common case the set of tests will be non-nil
2019-02-18 08:46:26 +00:00
Abubakr-Sadik Nii Nai Davis
e899e941f7 Add OCP 3.10 benchmarks. 2019-02-15 19:44:39 +00:00
Itai Ben-Natan
e9076233dd Support actual result in json output.
This commit adds the actual value of the result
of the value which was returned by the test.
2018-07-30 14:19:18 +00:00
Philippe ALEXANDRE
7b61cf60fe Add strings.ToLower ... 2018-05-15 11:52:49 +02:00
Philippe ALEXANDRE
c4e7487ba7 Do case insensitive comparaison for booleans - Fix #125 2018-05-15 11:48:49 +02:00
Juned Memon
44994ced33 Fixed issue of The controls for master - admission control showing wrong status #49 2017-09-13 04:31:43 +05:30
Abubakr-Sadik Nii Nai Davis
d2fa9d35b6 Rewrite audit commands in the check definition that contain shell builtins
and modify text to command function to support this.

Shell builtins fail the binary command lookup test which result in a
WARN. Audit commands which include shell builtins must use the form:

   "/bin/sh -c 'sh-builtin arg'"

So they are executed properly. Additionally Go will fail to execute
commands involving shell builtins if they are not in the above format.
2017-08-12 18:41:41 +00:00
Abubakr-Sadik Nii Nai Davis
e08e069174 Update controls to CIS Kubernetes Benchmark v1.1.0 2017-07-24 17:30:13 +00:00
Amir Jerbi
154a140f74 Initial commit 2017-06-19 17:01:57 +03:00