6b0bdc5eeb
* bump gopkg.in/yaml.v3 * test: cannot remove local items with cscli * test dangling links * test: cannot install local item with cscli * pkg/cwhub: reorg (move) functions in files * allow hub upgrade with local items * data download: honor Last-Modified header * fatal -> warning when attempting to remove a local item (allows remove --all) * cscli...inspect -o yaml|human: rename remote_path -> path * Correct count of removed items Still no separate counter for the --purge option, but should be clear enough
384 lines
16 KiB
Bash
384 lines
16 KiB
Bash
#!/usr/bin/env bats
|
|
# vim: ft=bats:list:ts=8:sts=4:sw=4:et:ai:si:
|
|
|
|
set -u
|
|
|
|
setup_file() {
|
|
load "../lib/setup_file.sh"
|
|
./instance-data load
|
|
HUB_DIR=$(config_get '.config_paths.hub_dir')
|
|
export HUB_DIR
|
|
INDEX_PATH=$(config_get '.config_paths.index_path')
|
|
export INDEX_PATH
|
|
CONFIG_DIR=$(config_get '.config_paths.config_dir')
|
|
export CONFIG_DIR
|
|
}
|
|
|
|
teardown_file() {
|
|
load "../lib/teardown_file.sh"
|
|
}
|
|
|
|
setup() {
|
|
load "../lib/setup.sh"
|
|
load "../lib/bats-file/load.bash"
|
|
./instance-data load
|
|
hub_strip_index
|
|
}
|
|
|
|
teardown() {
|
|
./instance-crowdsec stop
|
|
}
|
|
|
|
#----------
|
|
|
|
@test "cscli postoverflows list" {
|
|
hub_purge_all
|
|
|
|
# no items
|
|
rune -0 cscli postoverflows list
|
|
assert_output --partial "POSTOVERFLOWS"
|
|
rune -0 cscli postoverflows list -o json
|
|
assert_json '{postoverflows:[]}'
|
|
rune -0 cscli postoverflows list -o raw
|
|
assert_output 'name,status,version,description'
|
|
|
|
# some items
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
|
|
rune -0 cscli postoverflows list
|
|
assert_output --partial crowdsecurity/rdns
|
|
assert_output --partial crowdsecurity/cdn-whitelist
|
|
rune -0 grep -c enabled <(output)
|
|
assert_output "2"
|
|
|
|
rune -0 cscli postoverflows list -o json
|
|
assert_output --partial crowdsecurity/rdns
|
|
assert_output --partial crowdsecurity/cdn-whitelist
|
|
rune -0 jq '.postoverflows | length' <(output)
|
|
assert_output "2"
|
|
|
|
rune -0 cscli postoverflows list -o raw
|
|
assert_output --partial crowdsecurity/rdns
|
|
assert_output --partial crowdsecurity/cdn-whitelist
|
|
rune -0 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "2"
|
|
}
|
|
|
|
@test "cscli postoverflows list -a" {
|
|
expected=$(jq <"$INDEX_PATH" -r '.postoverflows | length')
|
|
|
|
rune -0 cscli postoverflows list -a
|
|
rune -0 grep -c disabled <(output)
|
|
assert_output "$expected"
|
|
|
|
rune -0 cscli postoverflows list -o json -a
|
|
rune -0 jq '.postoverflows | length' <(output)
|
|
assert_output "$expected"
|
|
|
|
rune -0 cscli postoverflows list -o raw -a
|
|
rune -0 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "$expected"
|
|
|
|
# the list should be the same in all formats, and sorted (not case sensitive)
|
|
|
|
list_raw=$(cscli postoverflows list -o raw -a | tail -n +2 | cut -d, -f1)
|
|
list_human=$(cscli postoverflows list -o human -a | tail -n +6 | head -n -1 | cut -d' ' -f2)
|
|
list_json=$(cscli postoverflows list -o json -a | jq -r '.postoverflows[].name')
|
|
|
|
rune -0 sort -f <<<"$list_raw"
|
|
assert_output "$list_raw"
|
|
|
|
assert_equal "$list_raw" "$list_json"
|
|
assert_equal "$list_raw" "$list_human"
|
|
}
|
|
|
|
@test "cscli postoverflows list [postoverflow]..." {
|
|
# non-existent
|
|
rune -1 cscli postoverflows install foo/bar
|
|
assert_stderr --partial "can't find 'foo/bar' in postoverflows"
|
|
|
|
# not installed
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns
|
|
assert_output --regexp 'crowdsecurity/rdns.*disabled'
|
|
|
|
# install two items
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
|
|
# list an installed item
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns
|
|
assert_output --regexp "crowdsecurity/rdns.*enabled"
|
|
refute_output --partial "crowdsecurity/cdn-whitelist"
|
|
|
|
# list multiple installed and non installed items
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns crowdsecurity/cdn-whitelist crowdsecurity/ipv6_to_range
|
|
assert_output --partial "crowdsecurity/rdns"
|
|
assert_output --partial "crowdsecurity/cdn-whitelist"
|
|
assert_output --partial "crowdsecurity/ipv6_to_range"
|
|
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns -o json
|
|
rune -0 jq '.postoverflows | length' <(output)
|
|
assert_output "1"
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns crowdsecurity/cdn-whitelist crowdsecurity/ipv6_to_range -o json
|
|
rune -0 jq '.postoverflows | length' <(output)
|
|
assert_output "3"
|
|
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns -o raw
|
|
rune -0 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "1"
|
|
rune -0 cscli postoverflows list crowdsecurity/rdns crowdsecurity/cdn-whitelist crowdsecurity/ipv6_to_range -o raw
|
|
rune -0 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "3"
|
|
}
|
|
|
|
@test "cscli postoverflows install" {
|
|
rune -1 cscli postoverflows install
|
|
assert_stderr --partial 'requires at least 1 arg(s), only received 0'
|
|
|
|
# not in hub
|
|
rune -1 cscli postoverflows install crowdsecurity/blahblah
|
|
assert_stderr --partial "can't find 'crowdsecurity/blahblah' in postoverflows"
|
|
|
|
# simple install
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns --no-metrics
|
|
assert_output --partial 'crowdsecurity/rdns'
|
|
assert_output --partial 'installed: true'
|
|
|
|
# autocorrect
|
|
rune -1 cscli postoverflows install crowdsecurity/rdnf
|
|
assert_stderr --partial "can't find 'crowdsecurity/rdnf' in postoverflows, did you mean 'crowdsecurity/rdns'?"
|
|
|
|
# install multiple
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns --no-metrics
|
|
assert_output --partial 'crowdsecurity/rdns'
|
|
assert_output --partial 'installed: true'
|
|
rune -0 cscli postoverflows inspect crowdsecurity/cdn-whitelist --no-metrics
|
|
assert_output --partial 'crowdsecurity/cdn-whitelist'
|
|
assert_output --partial 'installed: true'
|
|
}
|
|
|
|
@test "cscli postoverflows install (file location and download-only)" {
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns --download-only
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns --no-metrics
|
|
assert_output --partial 'crowdsecurity/rdns'
|
|
assert_output --partial 'installed: false'
|
|
assert_file_exists "$HUB_DIR/postoverflows/s00-enrich/crowdsecurity/rdns.yaml"
|
|
assert_file_not_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns --no-metrics
|
|
assert_output --partial 'installed: true'
|
|
assert_file_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
}
|
|
|
|
@test "cscli postoverflows install --force (tainted)" {
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
echo "dirty" >"$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
|
|
rune -1 cscli postoverflows install crowdsecurity/rdns
|
|
assert_stderr --partial "error while installing 'crowdsecurity/rdns': while enabling crowdsecurity/rdns: crowdsecurity/rdns is tainted, won't enable unless --force"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns --force
|
|
assert_stderr --partial "crowdsecurity/rdns: overwrite"
|
|
assert_stderr --partial "Enabled crowdsecurity/rdns"
|
|
}
|
|
|
|
@test "cscli postoverflow install --ignore (skip on errors)" {
|
|
rune -1 cscli postoverflows install foo/bar crowdsecurity/rdns
|
|
assert_stderr --partial "can't find 'foo/bar' in postoverflows"
|
|
refute_stderr --partial "Enabled postoverflows: crowdsecurity/rdns"
|
|
|
|
rune -0 cscli postoverflows install foo/bar crowdsecurity/rdns --ignore
|
|
assert_stderr --partial "can't find 'foo/bar' in postoverflows"
|
|
assert_stderr --partial "Enabled postoverflows: crowdsecurity/rdns"
|
|
}
|
|
|
|
@test "cscli postoverflows inspect" {
|
|
rune -1 cscli postoverflows inspect
|
|
assert_stderr --partial 'requires at least 1 arg(s), only received 0'
|
|
# required for metrics
|
|
./instance-crowdsec start
|
|
|
|
rune -1 cscli postoverflows inspect blahblah/blahblah
|
|
assert_stderr --partial "can't find 'blahblah/blahblah' in postoverflows"
|
|
|
|
# one item
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns --no-metrics
|
|
assert_line 'type: postoverflows'
|
|
assert_line 'stage: s00-enrich'
|
|
assert_line 'name: crowdsecurity/rdns'
|
|
assert_line 'author: crowdsecurity'
|
|
assert_line 'path: postoverflows/s00-enrich/crowdsecurity/rdns.yaml'
|
|
assert_line 'installed: false'
|
|
refute_line --partial 'Current metrics:'
|
|
|
|
# one item, with metrics
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns
|
|
assert_line --partial 'Current metrics:'
|
|
|
|
# one item, json
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o json
|
|
rune -0 jq -c '[.type, .stage, .name, .author, .path, .installed]' <(output)
|
|
assert_json '["postoverflows","s00-enrich","crowdsecurity/rdns","crowdsecurity","postoverflows/s00-enrich/crowdsecurity/rdns.yaml",false]'
|
|
|
|
# one item, raw
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o raw
|
|
assert_line 'type: postoverflows'
|
|
assert_line 'name: crowdsecurity/rdns'
|
|
assert_line 'stage: s00-enrich'
|
|
assert_line 'author: crowdsecurity'
|
|
assert_line 'path: postoverflows/s00-enrich/crowdsecurity/rdns.yaml'
|
|
assert_line 'installed: false'
|
|
refute_line --partial 'Current metrics:'
|
|
|
|
# multiple items
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns crowdsecurity/cdn-whitelist --no-metrics
|
|
assert_output --partial 'crowdsecurity/rdns'
|
|
assert_output --partial 'crowdsecurity/cdn-whitelist'
|
|
rune -1 grep -c 'Current metrics:' <(output)
|
|
assert_output "0"
|
|
|
|
# multiple items, with metrics
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
rune -0 grep -c 'Current metrics:' <(output)
|
|
assert_output "2"
|
|
|
|
# multiple items, json
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns crowdsecurity/cdn-whitelist -o json
|
|
rune -0 jq -sc '[.[] | [.type, .stage, .name, .author, .path, .installed]]' <(output)
|
|
assert_json '[["postoverflows","s00-enrich","crowdsecurity/rdns","crowdsecurity","postoverflows/s00-enrich/crowdsecurity/rdns.yaml",false],["postoverflows","s01-whitelist","crowdsecurity/cdn-whitelist","crowdsecurity","postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml",false]]'
|
|
|
|
# multiple items, raw
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns crowdsecurity/cdn-whitelist -o raw
|
|
assert_output --partial 'crowdsecurity/rdns'
|
|
assert_output --partial 'crowdsecurity/cdn-whitelist'
|
|
run -1 grep -c 'Current metrics:' <(output)
|
|
assert_output "0"
|
|
}
|
|
|
|
@test "cscli postoverflows remove" {
|
|
rune -1 cscli postoverflows remove
|
|
assert_stderr --partial "specify at least one postoverflow to remove or '--all'"
|
|
rune -1 cscli postoverflows remove blahblah/blahblah
|
|
assert_stderr --partial "can't find 'blahblah/blahblah' in postoverflows"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns --download-only
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns
|
|
assert_stderr --partial "removing crowdsecurity/rdns: not installed -- no need to remove"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns
|
|
assert_stderr --partial 'Removed crowdsecurity/rdns'
|
|
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns --purge
|
|
assert_stderr --partial 'Removed source file [crowdsecurity/rdns]'
|
|
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns
|
|
assert_stderr --partial 'removing crowdsecurity/rdns: not installed -- no need to remove'
|
|
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns --purge --debug
|
|
assert_stderr --partial 'removing crowdsecurity/rdns: not downloaded -- no need to remove'
|
|
refute_stderr --partial 'Removed source file [crowdsecurity/rdns]'
|
|
|
|
# install, then remove, check files
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
assert_file_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns
|
|
assert_file_not_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
|
|
# delete is an alias for remove
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
assert_file_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
rune -0 cscli postoverflows delete crowdsecurity/rdns
|
|
assert_file_not_exists "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
|
|
# purge
|
|
assert_file_exists "$HUB_DIR/postoverflows/s00-enrich/crowdsecurity/rdns.yaml"
|
|
rune -0 cscli postoverflows remove crowdsecurity/rdns --purge
|
|
assert_file_not_exists "$HUB_DIR/postoverflows/s00-enrich/crowdsecurity/rdns.yaml"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
|
|
# --all
|
|
rune -0 cscli postoverflows list -o raw
|
|
rune -0 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "2"
|
|
|
|
rune -0 cscli postoverflows remove --all
|
|
|
|
rune -0 cscli postoverflows list -o raw
|
|
rune -1 grep -vc 'name,status,version,description' <(output)
|
|
assert_output "0"
|
|
}
|
|
|
|
@test "cscli postoverflows remove --force" {
|
|
# remove a postoverflow that belongs to a collection
|
|
rune -0 cscli collections install crowdsecurity/auditd
|
|
rune -0 cscli postoverflows remove crowdsecurity/auditd-whitelisted-process
|
|
assert_stderr --partial "crowdsecurity/auditd-whitelisted-process belongs to collections: [crowdsecurity/auditd]"
|
|
assert_stderr --partial "Run 'sudo cscli postoverflows remove crowdsecurity/auditd-whitelisted-process --force' if you want to force remove this postoverflow"
|
|
}
|
|
|
|
@test "cscli postoverflows upgrade" {
|
|
rune -1 cscli postoverflows upgrade
|
|
assert_stderr --partial "specify at least one postoverflow to upgrade or '--all'"
|
|
rune -1 cscli postoverflows upgrade blahblah/blahblah
|
|
assert_stderr --partial "can't find 'blahblah/blahblah' in postoverflows"
|
|
rune -0 cscli postoverflows remove crowdsecurity/discord-crawler-whitelist --purge
|
|
rune -1 cscli postoverflows upgrade crowdsecurity/discord-crawler-whitelist
|
|
assert_stderr --partial "can't upgrade crowdsecurity/discord-crawler-whitelist: not installed"
|
|
rune -0 cscli postoverflows install crowdsecurity/discord-crawler-whitelist --download-only
|
|
rune -1 cscli postoverflows upgrade crowdsecurity/discord-crawler-whitelist
|
|
assert_stderr --partial "can't upgrade crowdsecurity/discord-crawler-whitelist: downloaded but not installed"
|
|
|
|
# hash of the string "v0.0"
|
|
sha256_0_0="dfebecf42784a31aa3d009dbcec0c657154a034b45f49cf22a895373f6dbf63d"
|
|
|
|
# add version 0.0 to all postoverflows
|
|
new_hub=$(jq --arg DIGEST "$sha256_0_0" <"$INDEX_PATH" '.postoverflows |= with_entries(.value.versions["0.0"] = {"digest": $DIGEST, "deprecated": false})')
|
|
echo "$new_hub" >"$INDEX_PATH"
|
|
|
|
rune -0 cscli postoverflows install crowdsecurity/rdns
|
|
|
|
echo "v0.0" > "$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o json
|
|
rune -0 jq -e '.local_version=="0.0"' <(output)
|
|
|
|
# upgrade
|
|
rune -0 cscli postoverflows upgrade crowdsecurity/rdns
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o json
|
|
rune -0 jq -e '.local_version==.version' <(output)
|
|
|
|
# taint
|
|
echo "dirty" >"$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
# XXX: should return error
|
|
rune -0 cscli postoverflows upgrade crowdsecurity/rdns
|
|
assert_stderr --partial "crowdsecurity/rdns is tainted, --force to overwrite"
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o json
|
|
rune -0 jq -e '.local_version=="?"' <(output)
|
|
|
|
# force upgrade with taint
|
|
rune -0 cscli postoverflows upgrade crowdsecurity/rdns --force
|
|
rune -0 cscli postoverflows inspect crowdsecurity/rdns -o json
|
|
rune -0 jq -e '.local_version==.version' <(output)
|
|
|
|
# multiple items
|
|
rune -0 cscli postoverflows install crowdsecurity/cdn-whitelist
|
|
echo "v0.0" >"$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
echo "v0.0" >"$CONFIG_DIR/postoverflows/s01-whitelist/cdn-whitelist.yaml"
|
|
rune -0 cscli postoverflows list -o json
|
|
rune -0 jq -e '[.postoverflows[].local_version]==["0.0","0.0"]' <(output)
|
|
rune -0 cscli postoverflows upgrade crowdsecurity/rdns crowdsecurity/cdn-whitelist
|
|
rune -0 cscli postoverflows list -o json
|
|
rune -0 jq -e 'any(.postoverflows[].local_version; .=="0.0") | not' <(output)
|
|
|
|
# upgrade all
|
|
echo "v0.0" >"$CONFIG_DIR/postoverflows/s00-enrich/rdns.yaml"
|
|
echo "v0.0" >"$CONFIG_DIR/postoverflows/s01-whitelist/cdn-whitelist.yaml"
|
|
rune -0 cscli postoverflows list -o json
|
|
rune -0 jq -e '[.postoverflows[].local_version]==["0.0","0.0"]' <(output)
|
|
rune -0 cscli postoverflows upgrade --all
|
|
rune -0 cscli postoverflows list -o json
|
|
rune -0 jq -e 'any(.postoverflows[].local_version; .=="0.0") | not' <(output)
|
|
}
|