rdkcentral / dobby-security-tool Goto Github PK
View Code? Open in Web Editor NEWScript based utility for security vulnerability scanning of Dobby containers
License: Apache License 2.0
Script based utility for security vulnerability scanning of Dobby containers
License: Apache License 2.0
In file tests/5_dobby_container_runtime_test.sh
there is test test_5_3
In which there is same line copy-pasted 4 times:
if [ "${input[$j]}" == "${ouputarr[$i]}" ]; then
fail "$check"
return
elif [ "${input[$j]}" == "${ouputarr[$i]}" ]; then
fail "$check"
return
elif [ "${input[$j]}" == "${ouputarr[$i]}" ]; then
fail "$check"
return
elif [ "${input[$j]}" == "${ouputarr[$i]}" ]; then
fail "$check"
return
fi
All those copies doesn't make sense. We could probably delete them, but as there was some if/else I think that author had something in mind just forgot to implement it.
The command capsh
is not available on some platforms. We should think about different way of testing if capabilities are correct. Also we should check if output
isn't empty, as when platform doesn't support capsh
it will have empty output, and it will PASS
the test instead of failing it. If there is no other way to test it I am fine with using WARN
to say that this command is required for this test.
Current implementation of DobbyInit_PID
does return empty string on Vagrant. This also shows that we should move current implementation into functions.sh and call just:
DobbyInit_PID=get_DobbyInit_PID
instead of copy pasting every time whole thing:
DobbyInit_PID=$(ps -fe | grep DobbyInit | grep $containername | awk '{print $2}')
Because when we will need to modify it will need to change it in every occurrence of that code (currently 17 cases but it will grow with time). If we move implementation somewhere and just call it we will only need to change it once.
If it comes to why DobbyInit_PID
isn't working it is because in vagrant output looks like:
ps -fe | grep DobbyInit
vagrant 33138 28831 0 11:42 pts/0 00:00:00 /usr/libexec/DobbyInit sleep 600
vagrant 33195 20516 0 11:42 pts/0 00:00:00 grep --color=auto DobbyInit
as one can see there is no container name there.
The command brctl
is not supported in some platforms. We should think about different way to test if bridge is in use. Is ifconfig
enough in this case? If it is then it should be available on every platform.
Indentation space is not maintained uniformly all over the code
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.