diff --git a/test/data/patched-report.json b/test/data/patched-report.json deleted file mode 100644 index eb53d8b..0000000 --- a/test/data/patched-report.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "SchemaVersion": 2, - "ArtifactName": "docker.io/library/nginx:1.21.6-patched", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "debian", - "Name": "11.3" - }, - "ImageID": "sha256:4319b9b0e0c27a4bacdbbad76d395db69eb6dc4e48e6a6e638f43847d62eb8cc", - "DiffIDs": [ - "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be", - "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665", - "sha256:53ae81198b641f2911dfc469313edde2fe690bf230efaa823a4aa836d08336e0", - "sha256:57d3fc88cb3f95fe3daac8591dabe1c161af0fcfd4cf099aa3f994c888ac7877", - "sha256:747b7a567071ddb822a072c4dadc2ef50ef6d1bf35ce477e9a559f1df1b7c571", - "sha256:33e3df466e11254954ba3b06301c93c066a1f699e2ddd80f0214340236d57935", - "sha256:51c98b98a5dbf9446e1ca18d0c1aed31e48bbf955419510a26e5317dc003e397" - ], - "RepoTags": [ - "nginx:1.21.6-patched" - ], - "ImageConfig": { - "architecture": "amd64", - "container": "0a702bec7d2ceb935c6501ae3dfc1ab850f9ea46b9296eb1323b2b826595f954", - "created": "2022-05-28T05:41:03.228946845Z", - "docker_version": "20.10.12", - "history": [ - { - "created": "2022-05-28T01:20:23Z", - "created_by": "/bin/sh -c #(nop) ADD file:134f25aec8adf83cb940ba073a3409ca85dbb5ae592b704f95193e7d2539a3bc in / " - }, - { - "created": "2022-05-28T01:20:23Z", - "created_by": "/bin/sh -c #(nop) CMD [\"bash\"]", - "empty_layer": true - }, - { - "created": "2022-05-28T05:40:43Z", - "created_by": "/bin/sh -c #(nop) LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", - "empty_layer": true - }, - { - "created": "2022-05-28T05:40:43Z", - "created_by": "/bin/sh -c #(nop) ENV NGINX_VERSION=1.21.6", - "empty_layer": true - }, - { - "created": "2022-05-28T05:40:44Z", - "created_by": "/bin/sh -c #(nop) ENV NJS_VERSION=0.7.3", - "empty_layer": true - }, - { - "created": "2022-05-28T05:40:44Z", - "created_by": "/bin/sh -c #(nop) ENV PKG_RELEASE=1~bullseye", - "empty_layer": true - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c set -x \u0026\u0026 addgroup --system --gid 101 nginx \u0026\u0026 adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos \"nginx user\" --shell /bin/false --uid 101 nginx \u0026\u0026 apt-get update \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \u0026\u0026 NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; found=''; for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo \"Fetching GPG key $NGINX_GPGKEY from $server\"; apt-key adv --keyserver \"$server\" --keyserver-options timeout=10 --recv-keys \"$NGINX_GPGKEY\" \u0026\u0026 found=yes \u0026\u0026 break; done; test -z \"$found\" \u0026\u0026 echo \u003e\u00262 \"error: failed to fetch GPG key $NGINX_GPGKEY\" \u0026\u0026 exit 1; apt-get remove --purge --auto-remove -y gnupg1 \u0026\u0026 rm -rf /var/lib/apt/lists/* \u0026\u0026 dpkgArch=\"$(dpkg --print-architecture)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \" \u0026\u0026 case \"$dpkgArch\" in amd64|arm64) echo \"deb https://nginx.org/packages/mainline/debian/ bullseye nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 apt-get update ;; *) echo \"deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx\" \u003e\u003e /etc/apt/sources.list.d/nginx.list \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chmod 777 \"$tempDir\" \u0026\u0026 savedAptMark=\"$(apt-mark showmanual)\" \u0026\u0026 apt-get update \u0026\u0026 apt-get build-dep -y $nginxPackages \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 DEB_BUILD_OPTIONS=\"nocheck parallel=$(nproc)\" apt-get source --compile $nginxPackages ) \u0026\u0026 apt-mark showmanual | xargs apt-mark auto \u003e /dev/null \u0026\u0026 { [ -z \"$savedAptMark\" ] || apt-mark manual $savedAptMark; } \u0026\u0026 ls -lAFh \"$tempDir\" \u0026\u0026 ( cd \"$tempDir\" \u0026\u0026 dpkg-scanpackages . \u003e Packages ) \u0026\u0026 grep '^Package: ' \"$tempDir/Packages\" \u0026\u0026 echo \"deb [ trusted=yes ] file://$tempDir ./\" \u003e /etc/apt/sources.list.d/temp.list \u0026\u0026 apt-get -o Acquire::GzipIndexes=false update ;; esac \u0026\u0026 apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl \u0026\u0026 apt-get remove --purge --auto-remove -y \u0026\u0026 rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \u0026\u0026 if [ -n \"$tempDir\" ]; then apt-get purge -y --auto-remove \u0026\u0026 rm -rf \"$tempDir\" /etc/apt/sources.list.d/temp.list; fi \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d" - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c #(nop) COPY file:65504f71f5855ca017fb64d502ce873a31b2e0decd75297a8fb0a287f97acf92 in / " - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c #(nop) COPY file:0b866ff3fc1ef5b03c4e6c8c513ae014f691fb05d530257dfffd07035c1b75da in /docker-entrypoint.d " - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7de297435e32af634f29f7132ed0550d342cad9fd20158258 in /docker-entrypoint.d " - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c #(nop) COPY file:09a214a3e07c919af2fb2d7c749ccbc446b8c10eb217366e5a65640ee9edcc25 in /docker-entrypoint.d " - }, - { - "created": "2022-05-28T05:41:02Z", - "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"/docker-entrypoint.sh\"]", - "empty_layer": true - }, - { - "created": "2022-05-28T05:41:03Z", - "created_by": "/bin/sh -c #(nop) EXPOSE 80", - "empty_layer": true - }, - { - "created": "2022-05-28T05:41:03Z", - "created_by": "/bin/sh -c #(nop) STOPSIGNAL SIGQUIT", - "empty_layer": true - }, - { - "created": "2022-05-28T05:41:03Z", - "created_by": "/bin/sh -c #(nop) CMD [\"nginx\" \"-g\" \"daemon off;\"]", - "empty_layer": true - }, - { - "created": "2023-08-01T16:17:42Z", - "created_by": "mount / from exec sh -c apt install --no-install-recommends --allow-change-held-packages -y libexpat1 libk5crypto3 libtirpc-common libwebp6 libxpm4 libcurl4 libkrb5support0 libx11-6 ncurses-bin gpgv libc6 libpcre2-8-0 libtiff5 libxml2 zlib1g libgnutls30 libsystemd0 libtirpc3 libx11-data libc-bin libssl1.1 libtasn1-6 libtinfo6 openssl libkrb5-3 libudev1 ncurses-base libfreetype6 libgssapi-krb5-2 curl libxslt1.1 \u0026\u0026 apt clean -y", - "comment": "buildkit.exporter.image.v0" - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be", - "sha256:58354abe5f0e9e8cf3849a697cd86bfefb8448b9deb74e3d13aa3e4c98dd3665", - "sha256:53ae81198b641f2911dfc469313edde2fe690bf230efaa823a4aa836d08336e0", - "sha256:57d3fc88cb3f95fe3daac8591dabe1c161af0fcfd4cf099aa3f994c888ac7877", - "sha256:747b7a567071ddb822a072c4dadc2ef50ef6d1bf35ce477e9a559f1df1b7c571", - "sha256:33e3df466e11254954ba3b06301c93c066a1f699e2ddd80f0214340236d57935", - "sha256:51c98b98a5dbf9446e1ca18d0c1aed31e48bbf955419510a26e5317dc003e397" - ] - }, - "config": { - "Cmd": [ - "nginx", - "-g", - "daemon off;" - ], - "Entrypoint": [ - "/docker-entrypoint.sh" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "NGINX_VERSION=1.21.6", - "NJS_VERSION=0.7.3", - "PKG_RELEASE=1~bullseye" - ], - "Image": "sha256:84a2e27303200422deb89ae538dbbc442ac0ffa72c7be4d6f1d3b4bd32dcd451", - "Labels": { - "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" - }, - "StopSignal": "SIGQUIT" - } - } - }, - "Results": [ - { - "Target": "docker.io/library/nginx:1.21.6-patched (debian 11.3)", - "Class": "os-pkgs", - "Type": "debian" - } - ] -} diff --git a/test/test.bats b/test/test.bats index 03e42e4..0b6de46 100755 --- a/test/test.bats +++ b/test/test.bats @@ -16,5 +16,6 @@ teardown_file(){ @test "Run trivy on patched image" { run trivy image --vuln-type os --ignore-unfixed -f json -o nginx.1.21.6-patched.json 'docker.io/library/nginx:1.21.6-patched' run diff "./data/patched-report.json" "nginx.1.21.6-patched.json" - assert_equal "$output" "" + vulns=$(echo $json | jq '.Results[0].Vulnerabilities | length') + assert_equal "0" "$vulns" }