diff options
| author |   morganrol <morgan.richomme@orange.com> | 2021-08-24 16:49:19 +0200 |
|---|---|---|
| committer | morganrol <morgan.richomme@orange.com> | 2021-08-30 14:59:46 +0200 |
| commit | 978b2e5a8a00e2d9439afd65ab9c487b50a6357b (patch) | |
| tree | 2f3adb47de3341c8d6d9576330fcdf3d4d43ecc1 | |
| parent | 771c3370182ba117978edf296c9145cb387e2c1b (diff) | |
[WAIVERS] Update regex to exclude DCAE temp dockers
DCAE create pods during the tests
these dockers are created without limits
As security tests are executed after the tests, such pods are detected as part
of the unlimitted pods
Until it is fixed, we can add them in the waiver list
Issue-ID: TEST-360
Signed-off-by: morganrol <morgan.richomme@orange.com>
Change-Id: Ifb514aa15beab885b5dc15505ebb244fd1a71f95
| -rw-r--r-- | security/scripts/check_security_root.sh | 2 | ||||
| -rw-r--r-- | security/scripts/check_unlimitted_pods.sh | 22 |
2 files changed, 12 insertions, 12 deletions
diff --git a/security/scripts/check_security_root.sh b/security/scripts/check_security_root.sh index f5b55c3..90ccd6b 100644 --- a/security/scripts/check_security_root.sh +++ b/security/scripts/check_security_root.sh @@ -68,7 +68,7 @@ while IFS= read -r line; do sed -i "/$line/d" $FILTERED_PODS_LIST fi # tmp ugly workaround to exlude dep (temporary dcae dockers) - if grep -e dep-$wl_name <<< "$line" > /dev/null ;then + if grep -e "^dep.*dcae-tcagen2" <<< "$line" > /dev/null ;then sed -i "/$line/d" $FILTERED_PODS_LIST fi done < $WL_RAW_FILE_PATH diff --git a/security/scripts/check_unlimitted_pods.sh b/security/scripts/check_unlimitted_pods.sh index ced1530..2456766 100644 --- a/security/scripts/check_unlimitted_pods.sh +++ b/security/scripts/check_unlimitted_pods.sh @@ -62,24 +62,24 @@ while IFS= read -r line; do # for each line we test if it is in the white list with a regular expression while IFS= read -r wl_line; do wl_name=$(echo $wl_line | awk {'print $1'}) - if grep -e $K8S_NAMESPACE-$wl_name <<< "$line" > /dev/null ;then - # Found in white list, exclude it - sed -i "/$line/d" $FILTERED_PODS_LIST - fi + if grep -e $K8S_NAMESPACE-$wl_name <<< "$line" > /dev/null ;then + # Found in white list, exclude it + sed -i "/$line/d" $FILTERED_PODS_LIST + fi # tmp ugly workaround to exlude dep (temporary dcae dockers) - if grep -e dep-$wl_name <<< "$line" > /dev/null ;then - sed -i "/$line/d" $FILTERED_PODS_LIST - fi + if grep -e "^dep.*dcae-tcagen2" <<< "$line" > /dev/null ;then + sed -i "/$line/d" $FILTERED_PODS_LIST + fi done < $WL_RAW_FILE_PATH done < $FILTERED_PODS_LIST if [ -s $FILTERED_PODS_LIST ] then - code=1 - nb_errors=`cat $FILTERED_PODS_LIST | wc -l` - echo "Test FAIL: $nb_errors pod(s) launched without limit" - cat $FILTERED_PODS_LIST + code=1 + nb_errors=`cat $FILTERED_PODS_LIST | wc -l` + echo "Test FAIL: $nb_errors pod(s) launched without limit" + cat $FILTERED_PODS_LIST else echo "Test PASS: No pod launched without limit" fi |