Skip to content

Commit

Permalink
Merge pull request #170 from Chandan-DK/fix-chainsaw-tests
Browse files Browse the repository at this point in the history 
fix: update chainsaw tests violations messages
  • Loading branch information
@anusha94
anusha94 authored Sep 29, 2024
2 parents 1094f7f + dd1a443 commit 2a503c0
Show file tree
Hide file tree
Showing 46 changed files with 135 additions and 104 deletions.
4 changes: 2 additions & 2 deletions dockerfile-best-practices/check-apt-command-force-yes/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-apt-command-force-yes
error: ~
violations:
- message: refrain from using the '--force-yes' option with `apt-get` as it bypasses important package validation checks and can potentially compromise the stability and security of your system.
- message: refrain from using the '--force-yes' option with `apt-get` as it bypasses important package validation checks and can potentially compromise the stability and security of your system. (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -87,7 +87,7 @@ spec:
name: check-apt-command-force-yes
error: ~
violations:
- message: refrain from using the '--force-yes' option with `apt` as it bypasses important package validation checks and can potentially compromise the stability and security of your system.
- message: refrain from using the '--force-yes' option with `apt` as it bypasses important package validation checks and can potentially compromise the stability and security of your system. (CHECK=spec.rules[0].assert.all[1])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/check-authentication/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: detect-unauthenticated-flag
error: ~
violations:
- message: Dockerfile contains the '--allow-unauthenticated' which is not preferred
- message: Dockerfile contains the '--allow-unauthenticated' which is not preferred (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/check-certificate-validation-curl/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-certificate-validation-curl
error: ~
violations:
- message: Ensure certificate validation is enabled by not using `--insecure` option
- message: Ensure certificate validation is enabled by not using `--insecure` option (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion ...erfile-best-practices/check-certificate-validation-nodejs-env-var/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-certificate-validation-nodejs-env-var
error: ~
violations:
- message: Ensure certificate validation is enabled by using `NODE_TLS_REJECT_UNAUTHORIZED` env with value set to `1`
- message: Ensure certificate validation is enabled by using `NODE_TLS_REJECT_UNAUTHORIZED` env with value set to `1` (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
4 changes: 2 additions & 2 deletions dockerfile-best-practices/check-certificate-validation-pip3/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-certificate-validation-pip3
error: ~
violations:
- message: Ensure certificate validation is enabled by not using `--trusted-host` option with pip3
- message: Ensure certificate validation is enabled by not using `--trusted-host` option with pip3 (CHECK=spec.rules[0].assert.all[1])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -86,7 +86,7 @@ spec:
name: check-certificate-validation-pip3
error: ~
violations:
- message: Ensure certificate validation is enabled by not using `--trusted-host` option with pip
- message: Ensure certificate validation is enabled by not using `--trusted-host` option with pip (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion ...erfile-best-practices/check-certificate-validation-python-env-var/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-certificate-validation-python-env-var
error: ~
violations:
- message: Ensure certificate validation is enabled by using `PYTHONHTTPSVERIFY` env with value set to `1`
- message: Ensure certificate validation is enabled by using `PYTHONHTTPSVERIFY` env with value set to `1` (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/check-certificate-validation-wget/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-certificate-validation-wget
error: ~
violations:
- message: Ensure certificate validation is enabled by not using `--no-check-certificate` option
- message: Ensure certificate validation is enabled by not using `--no-check-certificate` option (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
8 changes: 4 additions & 4 deletions dockerfile-best-practices/check-missing-signature-options/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-missing-signature-options
error: ~
violations:
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nodigest` flag
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nodigest` flag (CHECK=spec.rules[0].assert.all[3])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -86,7 +86,7 @@ spec:
name: check-missing-signature-options
error: ~
violations:
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nosignature` flag
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nosignature` flag (CHECK=spec.rules[0].assert.all[2])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -119,7 +119,7 @@ spec:
name: check-missing-signature-options
error: ~
violations:
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--noverify` flag
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--noverify` flag (CHECK=spec.rules[0].assert.all[1])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -152,7 +152,7 @@ spec:
name: check-missing-signature-options
error: ~
violations:
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nofiledigest` flag
- message: Ensure that packages with untrusted or missing signatures are not used by rpm via `--nofiledigest` flag (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
6 changes: 3 additions & 3 deletions dockerfile-best-practices/check-nogpgcheck/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ spec:
name: check-nogpgcheck
error: ~
violations:
- message: Enable GPG signature checking with yum by not using `--nogpgcheck` flag
- message: Enable GPG signature checking with yum by not using `--nogpgcheck` flag (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -142,7 +142,7 @@ spec:
name: check-nogpgcheck
error: ~
violations:
- message: Enable GPG signature checking with dnf by not using `--nogpgcheck` flag
- message: Enable GPG signature checking with dnf by not using `--nogpgcheck` flag (CHECK=spec.rules[0].assert.all[1])
errors:
- type: FieldValueInvalid
value: true
Expand Down Expand Up @@ -175,7 +175,7 @@ spec:
name: check-nogpgcheck
error: ~
violations:
- message: Enable GPG signature checking with tdnf by not using `--nogpgcheck` flag
- message: Enable GPG signature checking with tdnf by not using `--nogpgcheck` flag (CHECK=spec.rules[0].assert.all[2])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/check-npm-config-strict-ssl/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-npm-config-strict-ssl
error: ~
violations:
- message: Ensure certificate validation is enabled by setting `NODE_TLS_REJECT_UNAUTHORIZED` env with value set to `true`
- message: Ensure certificate validation is enabled by setting `NODE_TLS_REJECT_UNAUTHORIZED` env with value set to `true` (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/check-untrust-flag/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: detect-untrusted-flag
error: ~
violations:
- message: Dockerfile contains the '--allow-untrusted' which is not preferred
- message: Dockerfile contains the '--allow-untrusted' which is not preferred (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/detect-multiple-instructions/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: detect-multiple-instructions
error: ~
violations:
- message: Found multiple instructions in a single line
- message: Found multiple instructions in a single line (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/disallow-sudo-operations/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: detect-sudo-operations
error: ~
violations:
- message: Dockerfile contains the 'sudo' operation which is not preferred
- message: Dockerfile contains the 'sudo' operation which is not preferred (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/prefer-copy-over-add/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: prefer-copy-over-add
error: ~
violations:
- message: Avoid the use of ADD instructions in Dockerfiles
- message: Avoid the use of ADD instructions in Dockerfiles (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/validate-healthcheck-instruction/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: validate-healthcheck-instruction
error: ~
violations:
- message: HEALTHCHECK instruction is not defined
- message: HEALTHCHECK instruction is not defined (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
2 changes: 1 addition & 1 deletion dockerfile-best-practices/validate-user-instruction/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: validate-user-instruction
error: ~
violations:
- message: USER instruction is not present in the Dockerfile
- message: USER instruction is not present in the Dockerfile (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
4 changes: 2 additions & 2 deletions terraform/config/ecs-best-practices/check-awsvpc-network-mode/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-awsvpc-network-mode
error: ~
violations:
- message: ECS services and tasks are required to use awsvpc network mode.
- message: ECS services and tasks are required to use awsvpc network mode. (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
(value != 'awsvpc'): true
Expand Down Expand Up @@ -86,7 +86,7 @@ spec:
name: check-awsvpc-network-mode
error: ~
violations:
- message: ECS services and tasks are required to use awsvpc network mode.
- message: ECS services and tasks are required to use awsvpc network mode. (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
(value != 'awsvpc'): true
Expand Down
2 changes: 1 addition & 1 deletion ...config/ecs-best-practices/validate-ecs-container-insights-enabled/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: validate-ecs-container-insights-enabled
error: ~
violations:
- message: ECS container insights are not enabled
- message: ECS container insights are not enabled (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueRequired
(value != 'enabled'): true
Expand Down
2 changes: 1 addition & 1 deletion ...ig/ecs-best-practices/validate-ecs-task-definition-pid-mode-check/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: validate-ecs-task-definition-pid-mode-check
error: ~
violations:
- message: ECS task definitions shares the host's process namespace
- message: ECS task definitions shares the host's process namespace (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
(value != 'task'): true
Expand Down
2 changes: 1 addition & 1 deletion terraform/config/ecs-best-practices/validate-ecs-task-public-ip/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: validate-ecs-task-public-ip
error: ~
violations:
- message: Public IP address should not be enabled
- message: Public IP address should not be enabled (CHECK=spec.rules[0].assert.any[0])
errors:
- type: FieldValueInvalid
value: true
Expand Down
4 changes: 2 additions & 2 deletions terraform/config/ecs-best-practices/validate-efs-volume-encryption/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ spec:
name: validate-efs-volume-encryption
error: ~
violations:
- message: "Transit Encryption is not `ENABLED` for EFS volumes in ECS Task definitions"
- message: "Transit Encryption is not `ENABLED` for EFS volumes in ECS Task definitions (CHECK=spec.rules[0].assert.all[0])"
errors:
- type: FieldValueInvalid
value: false
Expand Down Expand Up @@ -139,7 +139,7 @@ spec:
name: validate-efs-volume-encryption
error: ~
violations:
- message: "Transit Encryption is not `ENABLED` for EFS volumes in ECS Task definitions"
- message: "Transit Encryption is not `ENABLED` for EFS volumes in ECS Task definitions (CHECK=spec.rules[0].assert.all[0])"
errors:
- type: FieldValueInvalid
value: false
Expand Down
4 changes: 2 additions & 2 deletions terraform/config/s3-best-practices/abort-incomplete-uploads/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
name: abort-incomplete-uploads
error: ~
violations:
- message: Set the 'days_after_initiation' argument value to a Positive Integer value in 'abort_incomplete_multipart_upload' inside the lifecycle configuration block
- message: Set the 'days_after_initiation' argument value to a Positive Integer value in 'abort_incomplete_multipart_upload' inside the lifecycle configuration block (CHECK=spec.rules[0].assert.all[1])
errors:
- type: FieldValueInvalid
value: false
Expand Down Expand Up @@ -84,7 +84,7 @@ spec:
name: abort-incomplete-uploads
error: ~
violations:
- message: S3 Bucket Lifecycle Configuration 'status' needs to be set to 'Enabled'
- message: S3 Bucket Lifecycle Configuration 'status' needs to be set to 'Enabled' (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: Disabled
Expand Down
2 changes: 1 addition & 1 deletion terraform/config/s3-best-practices/disable-s3-acl/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
name: disable-s3-access-control-list
error: ~
violations:
- message: Access Control List(ACL) should be disabled for an S3 Bucket
- message: Access Control List(ACL) should be disabled for an S3 Bucket (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
(value=='BucketOwnerEnforced'): false
Expand Down
2 changes: 1 addition & 1 deletion terraform/config/s3-best-practices/enable-aws-cloudtrail/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ spec:
name: check-aws-cloudtrail-logging
error: ~
violations:
- message: Set the enable_logging argument in aws_cloudtrail resource to true
- message: Set the enable_logging argument in aws_cloudtrail resource to true (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
4 changes: 2 additions & 2 deletions terraform/config/s3-best-practices/enable-kms-encryption/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
name: check-encryption-setting
error: ~
violations:
- message: S3 server side encryption is not set to KMS
- message: S3 server side encryption is not set to KMS (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down Expand Up @@ -84,7 +84,7 @@ spec:
name: check-encryption-setting
error: ~
violations:
- message: S3 server side encryption is not set to KMS
- message: S3 server side encryption is not set to KMS (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
2 changes: 1 addition & 1 deletion terraform/config/s3-best-practices/enable-lifecycle-configuration/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
name: check-s3-lifecycle-configuration
error: ~
violations:
- message: S3 Bucket Lifecycle Configuration 'status' needs to be set to 'Enabled'
- message: S3 Bucket Lifecycle Configuration 'status' needs to be set to 'Enabled' (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: Disabled
Expand Down
4 changes: 2 additions & 2 deletions terraform/plan/eks-best-practices/check-control-plane-logging/test/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
name: check-control-plane-logging
error: ~
violations:
- message: EKS control plane logging must be enabled for all log types
- message: EKS control plane logging must be enabled for all log types (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down Expand Up @@ -86,7 +86,7 @@ spec:
name: check-control-plane-logging
error: ~
violations:
- message: EKS control plane logging must be enabled for all log types
- message: EKS control plane logging must be enabled for all log types (CHECK=spec.rules[0].assert.all[0])
errors:
- type: FieldValueInvalid
value: false
Expand Down
Loading

0 comments on commit 2a503c0

Please sign in to comment.