fix security test

docker · Jun 7, 2021 · 7637010 · 7637010
1 parent 9b808b5
commit 7637010
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 9 deletions.
diff --git a/tests/centos7-clair-whitelist.yaml b/tests/centos7-clair-whitelist.yaml
@@ -0,0 +1,2 @@
+generalwhitelist:
+  RHSA-2021:2147: glib2
diff --git a/tests/clairscan.sh b/tests/clairscan.sh
@@ -15,12 +15,12 @@ else
 fi
 
 #if needed, ensure whitelist file
-#if [ ! -s ./centos7-clair-whitelist.yaml ]; then
-#  echo 'downloading whitelist file...'
-#  curl -s -L -o ./centos7-clair-whitelist.yaml https://github.internet2.edu/raw/docker/shib-idp/3.4.4_20190801/tests/centos7-clair-whitelist.yaml
-#else
-#  echo 'using existing whitelist file...'
-#fi
+if [ ! -s ./centos7-clair-whitelist.yaml ]; then
+  echo 'downloading whitelist file...'
+  curl -s -L -o ./centos7-clair-whitelist.yaml https://github.internet2.edu/raw/docker/shib-idp/4.1.2_20210607/tests/centos7-clair-whitelist.yaml
+else
+  echo 'using existing whitelist file...'
+fi
 
 #ensure DB container
 echo 'ensuring a fresh clair-db container...'
@@ -49,13 +49,13 @@ fi
 sleep 30
 
 #get ip where clair-scanner will listen
-clairip=$(/sbin/ifconfig docker0 | grep 'inet ' | sed 's/^[[:space:]]*//g' | cut -f 2 -d ' ' | sed 's/^[[:space:]]*//g')
+clairip=$(/sbin/ifconfig docker0 | grep 'inet ' | sed 's/^[[:space:]]*//g' | cut -f 2 -d ' ' | cut -f 2 -d ':')
 echo 'sending ip addr' ${clairip} 'to clair-scan server...'
 
 #run scan
 echo 'running scan...'
-#./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
-./clair-scanner --ip ${clairip} $1
+./clair-scanner -w centos7-clair-whitelist.yaml --ip ${clairip} $1
+#./clair-scanner --ip ${clairip} $1
 retcode=$?
 
 #eval results