Test that downloaded binary works

It seems that Aqua is serving an empty binary sometimes. Because the status code is 200, and the resulting file is executable, there is no error until the scanner is invoked. The code change prevents this by testing if the output of the version command is empty. It's a very basic check but should catch the weird behaviour we have now observed a few times. See #638.
opendevstack · Feb 15, 2023 · e29ae4d · e29ae4d
1 parent 5f4c074
commit e29ae4d
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 11 deletions.
diff --git a/build/package/scripts/download-aqua-scanner.sh b/build/package/scripts/download-aqua-scanner.sh
@@ -35,6 +35,11 @@ if [ -n "${aqua_scanner_url}" ] && [ "${aqua_scanner_url}" != "none" ]; then
         chmod +x "${aqua_scanner_path}"
         echo "${md5_aqua_scanner_url}" > "${md5_aqua_scanner_url_path}"
         echo 'Installed Aqua scanner version:'
-        "${aqua_scanner_path}" version
+        version_output=$("${aqua_scanner_path}" version)
+        if [ "${version_output}" = "" ]; then
+            echo "Downloaded binary is broken. Re-run the task."
+            rm -rf "${bin_dir}"
+            exit 1
+        fi
     fi
 fi
diff --git a/test/scripts/download-aqua-scanner_test.go b/test/scripts/download-aqua-scanner_test.go
@@ -31,21 +31,21 @@ func TestCachedDownload(t *testing.T) {
 	defer cleanupDir()
 
 	t.Log("Fresh run -> download")
-	runScript(t, dir, fmt.Sprintf("%s/foo", ts.URL))
+	runScriptOrFatal(t, dir, fmt.Sprintf("%s/foo", ts.URL))
 	if hits != 1 {
 		t.Error("Wanted hit, got none")
 	}
 	fileExistsInDir(t, dir, "aquasec", ".md5-aquasec")
 
 	t.Log("Second run for same URL -> no download")
-	runScript(t, dir, fmt.Sprintf("%s/foo", ts.URL))
+	runScriptOrFatal(t, dir, fmt.Sprintf("%s/foo", ts.URL))
 	if hits > 1 {
 		t.Error("Wanted no further hit, got more")
 	}
 	fileExistsInDir(t, dir, "aquasec", ".md5-aquasec")
 
 	t.Log("Third run for different URL -> download")
-	runScript(t, dir, fmt.Sprintf("%s/bar", ts.URL))
+	runScriptOrFatal(t, dir, fmt.Sprintf("%s/bar", ts.URL))
 	if hits != 2 {
 		t.Error("Wanted further hit, got none")
 	}
@@ -57,18 +57,42 @@ func TestSkipDownload(t *testing.T) {
 	defer cleanupDir()
 
 	t.Log("No URL")
-	runScript(t, dir, "")
+	runScriptOrFatal(t, dir, "")
 	fileDoesNotExistInDir(t, dir, "aquasec", ".md5-aquasec")
 
 	t.Log("URL set to 'none'")
-	runScript(t, dir, "none")
+	runScriptOrFatal(t, dir, "none")
 	fileDoesNotExistInDir(t, dir, "aquasec", ".md5-aquasec")
 }
 
+func TestBrokenDownload(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, "")
+	}))
+	defer ts.Close()
+	dir, cleanupDir := tmpDir(t)
+	defer cleanupDir()
+
+	t.Log("Download")
+	err := runScript(t, dir, fmt.Sprintf("%s/foo", ts.URL))
+	if err == nil {
+		t.Fatal("script should error on broken download")
+	}
+	fileDoesNotExistInDir(t, dir, "aquasec", ".md5-aquasec")
+}
+
+// runScriptOrFatal calls runScript, then t.Fatal on error.
+func runScriptOrFatal(t *testing.T, dir, url string) {
+	err := runScript(t, dir, url)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
 // runScript runs the download script against given url
 // and places the downloaded file into dir.
-func runScript(t *testing.T, dir, url string) {
-	err := command.Run(
+func runScript(t *testing.T, dir, url string) error {
+	return command.Run(
 		downloadAquaScannerScript,
 		[]string{
 			fmt.Sprintf("--bin-dir=%s", dir),
@@ -77,9 +101,6 @@ func runScript(t *testing.T, dir, url string) {
 		&testingLogWriter{t},
 		&testingLogWriter{t},
 	)
-	if err != nil {
-		t.Fatal(err)
-	}
 }
 
 // fileExistsInDir checks if file(s) exist in dir or errors.