| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: Ic8e9eab90c537584b2c771bdeb59c0b43deb992e
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
This prevents obscured output when redirecting output to
a file descriptor.
Change-Id: Ie56b6f65b1d2adffc69d3f75a9c8f98c0444faa8
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Adds '--verbose' option and leverages 'logging' module
facilities.
Change-Id: I9b079c476949788678167afb1ed115ad4490d99c
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: I43b1c47509afef0f25176e244ab2f6f565afbc3b
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
The hassle of casting and validating input options values is moved
from the script logic directly into the ArgumentParser's object
instantiation.
Change-Id: I79ed80286d1219f841d496538acdc50d2113d723
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: I0c8cd452fbf740f3b1c7988bf7aa7341a747c75e
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Show usage if no option provided.
Change-Id: I1ed01464f4b689e6b716887e7719e8de6c0f1e42
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
ROP_file_creator.sh spawns 'sleep' cmd as a child
hence it needs to be killed as well on clean up.
Change-Id: Ic2007e710b6efa0028ebd239f26b7eff6a9e04ea
Issue-ID: INT-1577
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
The update must be scoped by a lock on yang module
Other changes:
- 'action' field no longer deleted; handling CREATED/MODIFIED events on
this field
- Configurable delay on timed-transitions via SWUG_TIMED_TRANSITION_TO
environment variable
Issue-ID: INT-1516
Change-Id: I22fb7b558ae371b6cff487633eae606f8fe535e1
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
Issue-ID: INT-1564
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I32d9e25e4d4d0bfab7fdfa5979db266a0826604c
Signed-off-by: mrichomme <morgan.richomme@orange.com>
|
|
- fix json errors
- fix not related rst error
(due to a broken link as jira.opnfv.org is no more responding)
Issue-ID: INT-1285
Change-Id: I733a491c4204334fc532abcf9dbbdc2226900d5b
Signed-off-by: zhaoliping123 <zhaoliping@chinamobile.com>
Signed-off-by: mrichomme <morgan.richomme@orange.com>
|
|
Change-Id: Ia29f79227e21e623489a7b340496f18def5f7a52
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: I0c0ea8612e0f0ac6b2198dc78908bd604f5ad61c
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: I7218c5ca61669197d1e79189e841b0062524c02d
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Change-Id: I52079b276332c0bf2ffcea047ab8129066aff185
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
The crash was caused by:
- the '--permanent' option while updating the ietf-keystore by
sysrepocfg
- missing some Yang modules on sysrepo installation
Other changes:
1. Added TLS integration tests, including reconfiguration
2. reconfigure-*.sh are now synchronous, only returnig after restart is
completed
Issue-ID: INT-1516
Change-Id: Iddc03fc968aaab60931596045437ba0c78448b08
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
Functional test for verifying that the service handles
bad API prefix in URI string properly and returns appropriate
response to the client.
Change-Id: I5e5e8a9dcd6fe05bd2b4536790d16e825aa21679
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Functional test for verifying that the service handles
bad MOI class in URI string properly and returns appropriate
response to the client.
Change-Id: I606aaba5c400f81e8142a34f250bc249251feaf7
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Functional test for verifying that the service forbids
API access with proper http code and message should
the client provide wrong auth credentials.
Change-Id: I78d5f050e99c23fd7116468ff007078b3cd56987
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Should the URI prefix length in the request be incorrect
and not contain two "/" the service would fail with "empty
response" on client side due to unhandled "list index
out of range" in the server process while trying to get
the idName from pathlist[4] which throws IndexError.
Prefix validation, id and class variable assignment are
wrapped up in try-except clause to evaluate the prefix check
correctly, catch the exception and return appropriate response
to the client.
Change-Id: If6333228fbdd3a8075ade55436c3ca9bb8a97caa
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
The correct http code for wrong REST API url should
be http "404 Not Found", not "401 Unauthorized".
Change-Id: I78710fcd4c43926dbba3227c4099bf6239095f19
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
File layout was also restructured for better
readability.
Change-Id: Id1cba755127319c45ec50b08d12daa543c8c9ae5
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Pytest setup as entrypoint to gating job in CI.
Change-Id: If052af0f7c8272844f644cb3789dbc3a8451c629
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
This adds additional unit tests for the service provider for
PATCH and DELETE request methods.
Change-Id: If0cce9c713f2999c859910661308c24ac68f04d6
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
This adds pytest based unit tests for the service provider.
Testing PUT and GET requests is covered within this patch.
Change-Id: Id9bcb870b032c6fce64985a5fd501bbd44031f50
Issue-ID: INT-1529
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
to aid troubleshooting integration with OpenDaylight
- Add more integration tests
- Defaults to generic subscriber
Issue-ID: INT-1516
Change-Id: Ib5bbf4cdbba6cdfee901f6c07dfa195a21cd8bbb
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
Change-Id: I430b3c8743d103f5e4bb6396a151495cc31843d6
Issue-ID: INT-1508
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Issue-ID: INT-1523
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I2be0865395b12e1f277834b0c096f5d183cb5056
Signed-off-by: mrichomme <morgan.richomme@orange.com>
|
|
Required change for the forthcoming fix on tox execution in
ci-management/jjb/integration/integration-docker.yaml
Issue-ID: INT-1124
Change-Id: I70c3351e5cf691a9eaeb7b49ec276d825016e0fa
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
This version was upgraded to 0.8.9 on 2020-04-09.
Fortunately the new 0.9.4 fixes the bug that was forcing us to use
the old 0.8.x
Issue-ID: INT-1124
Change-Id: I6dacac8925af047d2e5342a76da6eb221074ddd9
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
Even if CLI got a NO GO for frankfurt, docker update is planned
to fix security issues for frankfurt
As a consequence, CLI must be removed from the xfail list
Issue-ID: INT-1480
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I78dccd2bdabe05515ff8ab64d30e9e5d6f97e74b
|
|
- Using loguru to follow new recommend standard
- Renamed Yang model filename to comply with
https://tools.ietf.org/html/rfc6020#section-5.2
- Renamed initialization data to reflect the target datastore
Issue-ID: INT-1516
Signed-off-by: ebo <eliezio.oliveira@est.tech>
Change-Id: Ifde9e832b6a308dc918e3a84e03bfd43ad0f9b63
|
|
Issue-ID: INT-1517
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I235b0fdf12b265a256c371126e218826e74a9133
|
|
- Simple SSH and TLS configuration. Instead of specific Netopeer2
XML configuration files, the user only needs to provide:
For SSH: id_XXX.pub
For TLS: server_key.pem, server_cert.pem, and ca.pem
- SSH and TLS can be reconfigured at runtime by running
/opt/bin/reconfigure-ssh.sh and /opt/bin/reconfigure-tls.sh respectively
- Improved log readability by using zlog (on C applications) and loguru
for Python
See the updated documentation under ../docs for more information.
Issue-ID: INT-1516
Change-Id: I21052d2524f0610c6197875a544113cce1a02787
Signed-off-by: ebo <eliezio.oliveira@est.tech>
|
|
--no-site-packages and --distribute are marked DEPRECATED
and retained only for backward compatibility so removing.
Change-Id: I3cc66b5c09363d5b982537cc28b8f66609743121
Issue-ID: INT-1508
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Tag 2.6.1 is no longer available.
Change-Id: I5a2cb51d21b4c6d75aff387e87976ede184a92b2
Issue-ID: INT-1508
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Tag 2.6.1 is no longer available.
Change-Id: Ia2ce3f2d1d25e5f941cd2b49ed213445960e8a04
Issue-ID: INT-1508
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
As discussed during SECCOM call on 31.03.2020 SO team pushed hard to
finialize AAF integration in F but failed due to AAF issues.
Per TSC decision they should be granted a waiver as a project which
has been impacted by AAF
Issue-ID: OJSI-138
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I46028f2d3de80f5ca7dc274cf6af26000b766f32
|
|
To follow a common protocol of testing Golang based
applications in CI we need a 'build' target for doing
a local (non-docker) build to verify 'go build' routine.
It's however not added to "all" target as that one already
references docker based build by default.
Change-Id: I2e380ef09a1ae18456d7288f853d085617149338
Issue-ID: SECCOM-261
Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
|
|
Moving CSV data conversion and "expected failure" filtering away from
main function made testing these features easier. Utility behaviour
remained unchanged.
Issue-ID: SECCOM-261
Change-Id: I4cabfc7b352434c84a613c02f44af3c9630be970
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch makes scanner compatible with its shell predecessor. The same
"expected failure" list format is used i.e.
# Comment line; will be ignored
SERVICE1 NODEPORT1
SERVICE2 NODEPORT2
Single space character is used as a field separator.
Issue-ID: SECCOM-261
Change-Id: Ieedd4e98a83ffe242c695133fdf7342e17efa9a2
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: SECCOM-261
Change-Id: I465282a8793191c45d288284a127e80e1fecf513
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Each node might be described with 3 types of addresses [1]. Some
providers also use node annotations [2] for assigned addresses.
This patch filters out all IP addresses from nodes list. External IPs
take precedence over internal ones. The first address on the extracted
slice will be later used to run the scan on.
This behaviour could be later modified to e.g. loop over all extracted
IP addresses (if scan fails).
[1] https://kubernetes.io/docs/concepts/architecture/nodes/#addresses
[2] https://github.com/rancher/rke/blob/master/k8s/node.go#L18
Issue-ID: SECCOM-261
Change-Id: Ifd094447f778da378dfe1aee765f552b6ebd669f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Utility "sslendpoints" and related packages make use of idiomatic Go
testing commands, i.e. go test [./...]. Thanks to Go Modules [1] nothing
else is needed to run internal tests for this tool.
Unfortunately it's not the case for all Go-based Integration tools. In
order to use a single automated verification script in CI additional
"make" target is required. It will provide temporary compatibility layer
with utilities setting up test environment on their own with "make test"
target.
This patch should be reverted upon removal of such cases (currently:
after dropping "../k8s/check" tool in favour of Aquasec solution).
[1] https://blog.golang.org/using-go-modules (see "Adding a dependency"
test execution explanation)
Issue-ID: INT-1498
Change-Id: I14c83f7f193c7688590366db988ff02c13c036a4
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch has not made "sslendpoints" fully compatible with
"check_for_nonssl_endpoints.sh" script yet. It sets up basic development
environment for Golang-based checkers, though.
Tool output will be added to the README after reaching full
compatibility with previous (script) version.
Development environment brought by this patch is heavily based on:
https://github.com/SamsungSLAV/boruta
Issue-ID: SECCOM-261
Change-Id: I8f035b63bea13785c40971ede5fdbbc9b6810168
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
This patch introduces a series of patches that will provide tools which
will succeed current security check scripts. Its two main reasons are:
* increasing tools verifiability by providing internal tests,
* improving "expected failure" support by suppressing carefully selected
set of special cases.
Each tool will use following directory structure (generated with
"tree -a --charset=ascii" command):
.
`-- check_module
|-- Dockerfile
|-- .dockerignore
|-- .gitignore
|-- go.mod
|-- main.go
|-- Makefile
|-- README
|-- README.rst -> README
`-- submodule
|-- submodule.go
`-- submodule_test.go
This will allow using Go Modules mechanism within its limitations [1]
for "non-go-get-able modules" [2][3][4] - also in case of separating
code into several modules used by multiple "check modules", e.g.
.
|-- common
| |-- common.go
| |-- common_test.go
| `-- go.mod
`-- check_module
|-- go.mod
`-- ...
It would require migration from separate Dockerfiles to a single one
(multi-stage), though.
Provided Makefiles are intended to simplify local development
(Docker-less building) and container images preparation. READMEs clarify
utility requirements and usage - file without extension is for VCS
reference, symlink for proper syntax rendering.
[1] https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository
[2] https://github.com/golang/go/wiki/Modules#can-i-work-entirely-outside-of-vcs-on-my-local-filesystem
[3] https://github.com/golang/go/issues/26645#issuecomment-408572701
[4] https://www.dim13.org/go-get-cgit
Issue-ID: SECCOM-261
Change-Id: I48eeeda66bd5570d249e96e101e431e6bab75cb3
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
|
Issue-ID: INT-1387
Signed-off-by: Huang Cheng <duke.huangcheng@huawei.com>
Change-Id: I23bda3ec2a31569d4857b2f16b9a607c64abd9f0
|
|
Change-Id: I8b0155a0a6022d7b6d172c1b46d1b7d189fcbe8a
Issue-ID: INT-1210
Signed-off-by: Enbo Wang <wangenbo@huawei.com>
|
|
* v0.7.7 of netopeer used
* SSLAuthenticationHelper marked as primary bean to avoid duplicated-bean exception
* spring props properly mounted into container
Change-Id: Ib6bb32f32a7f60786901ffbf592b1a26b5cb1cbf
Issue-ID: INT-1320
Signed-off-by: Tomasz Golabek <tomasz.golabek@nokia.com>
|
|
Issue-ID: INT-1480
Change-Id: Iabd7932e0eb8f8981d064aee0f4d8c44df65a379
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
|
Bartek Grzybowski
ebo
mrichomme
zhaoliping123
Bartosz Gardziejewski
Krzysztof Opasiak
Pawel Wieczorek
Huang Cheng
Enbo Wang
Tomasz Golabek