FilesExpand file tree

 main

/

hash_test.go

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

127 lines (106 loc) · 4.29 KB

 main

/

hash_test.go

Top

File metadata and controls

• Code
• Blame

127 lines (106 loc) · 4.29 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

// SPDX-FileCopyrightText: the secureCodeBox authors

//

// SPDX-License-Identifier: Apache-2.0

package utils

import (

. "github.com/onsi/ginkgo"

. "github.com/onsi/gomega"

executionv1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"

batchv1 "k8s.io/api/batch/v1"

corev1 "k8s.io/api/core/v1"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

)

var scanType executionv1.ScanType = executionv1.ScanType{

ObjectMeta: metav1.ObjectMeta{

Name: "nmap",

Namespace: "default",

},

Spec: executionv1.ScanTypeSpec{

ExtractResults: executionv1.ExtractResults{

Type: "nmap-xml",

Location: "/home/securecodebox/nmap-results.xml",

},

JobTemplate: batchv1.Job{

Spec: batchv1.JobSpec{

Template: corev1.PodTemplateSpec{

Spec: corev1.PodSpec{

Containers: []corev1.Container{

{

Name: "foobar",

Image: "securecodebox/scanner-nmap:7.91-r0",

Command: []string{

"nmap",

"-oX",

"/home/securecodebox/nmap-results.xml",

},

},

},

},

},

TTLSecondsAfterFinished: nil,

},

},

}}

// Tests that getAnnotationsForScan drops all annotations not prefixed with "*.securecodebox.io/*"

var _ = Describe("ScanType Hashing", func() {

Context("ScanType Hashing", func() {

It("should hash scantype consistently", func() {

hashValues := HashScanType(scanType)

// note: this hash changes with every kubernetes release as kubernetes adds new field to their objects which causes the hashes to change.

Expect(hashValues).To(Equal(uint64(6491418262890710719)), "Should hash scantype consistently")

})

It("should ignore non-scb annotations on the scantypes", func() {

originalScanType := scanType.DeepCopy()

originalScanType.ObjectMeta.Annotations = map[string]string{

"foo.example.com/bar": "54165165135",

}

modifiedScantype := scanType.DeepCopy()

modifiedScantype.ObjectMeta.Annotations = map[string]string{

"foo.example.com/bar": "719839183223",

}

Expect(HashScanType(*originalScanType)).To(Equal(HashScanType(*modifiedScantype)), "Should ignore non scb annotation on the scantypes")

})

It("should include scb annotations in the hash", func() {

originalScanType := scanType.DeepCopy()

originalScanType.ObjectMeta.Annotations = map[string]string{

"foo.example.com/bar": "54165165135",

"auto-discovery.securecodebox.io/scantype-hash": "same-hash",

}

modifiedScantype := scanType.DeepCopy()

modifiedScantype.ObjectMeta.Annotations = map[string]string{

"foo.example.com/bar": "719839183223",

"auto-discovery.securecodebox.io/scantype-hash": "other-hash",

}

Expect(HashScanType(*originalScanType)).NotTo(Equal(HashScanType(*modifiedScantype)), "Should not equal as hash should include *.securecodebox.io/* annotations")

})

It("should ignore non-scb labels on the scantypes", func() {

originalScanType := scanType.DeepCopy()

originalScanType.ObjectMeta.Labels = map[string]string{

"foo.example.com/bar": "54165165135",

}

modifiedScantype := scanType.DeepCopy()

modifiedScantype.ObjectMeta.Labels = map[string]string{

"foo.example.com/bar": "719839183223",

}

Expect(HashScanType(*originalScanType)).To(Equal(HashScanType(*modifiedScantype)), "Should ignore non scb labels on the scantypes")

})

It("should include scb labels in the hash", func() {

originalScanType := scanType.DeepCopy()

originalScanType.ObjectMeta.Labels = map[string]string{

"foo.example.com/bar": "54165165135",

"auto-discovery.securecodebox.io/scantype-hash": "same-hash",

}

modifiedScantype := scanType.DeepCopy()

modifiedScantype.ObjectMeta.Labels = map[string]string{

"foo.example.com/bar": "719839183223",

"auto-discovery.securecodebox.io/scantype-hash": "other-hash",

}

Expect(HashScanType(*originalScanType)).NotTo(Equal(HashScanType(*modifiedScantype)), "Should not equal as hash should include *.securecodebox.io/* labels")

})

It("should ignore auto-generated attributes", func() {

modifiedScantype := scanType.DeepCopy()

modifiedScantype.ResourceVersion = "ajbsdiavof1t2hvasjhdvaj"

Expect(HashScanType(scanType)).To(Equal(HashScanType(*modifiedScantype)), "Should ignore auto generated attributes")

})

})

})