From 11254081a4d5a6a68b1bf89b5beee34b194b9e46 Mon Sep 17 00:00:00 2001 From: Aaron Meihm Date: Thu, 21 Jan 2016 13:39:25 -0600 Subject: [PATCH] add release test for amazon linux --- src/scribe/vulnpolicy/amazon.go | 51 +++++++++++++++++++++++++++++ src/scribe/vulnpolicy/os.go | 1 + src/scribe/vulnpolicy/vulnpolicy.go | 2 ++ 3 files changed, 54 insertions(+) create mode 100644 src/scribe/vulnpolicy/amazon.go diff --git a/src/scribe/vulnpolicy/amazon.go b/src/scribe/vulnpolicy/amazon.go new file mode 100644 index 0000000..1171e87 --- /dev/null +++ b/src/scribe/vulnpolicy/amazon.go @@ -0,0 +1,51 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +// +// Contributor: +// - Aaron Meihm ameihm@mozilla.com + +package vulnpolicy + +import ( + "fmt" + "scribe" +) + +const amazon_expression = "^(Amazon Linux AMI.*)$" + +func amazonGetReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) { + reltestname := fmt.Sprintf("test-release-%v-%v", vuln.OS, vuln.Release) + relobjname := "obj-release-amazonsystemrelease" + // See if we have a release definition for this already, if not + // add it + for _, x := range doc.Tests { + if x.TestID == reltestname { + return reltestname, nil + } + } + + found := false + for _, x := range doc.Objects { + if x.Object == relobjname { + found = true + break + } + } + if !found { + obj := scribe.Object{} + obj.Object = relobjname + obj.FileContent.Path = "/etc" + obj.FileContent.File = "^system-release$" + obj.FileContent.Expression = amazon_expression + doc.Objects = append(doc.Objects, obj) + } + + test := scribe.Test{} + test.TestID = reltestname + test.Object = relobjname + test.Regexp.Value = "Amazon Linux AMI release" + doc.Tests = append(doc.Tests, test) + + return test.TestID, nil +} diff --git a/src/scribe/vulnpolicy/os.go b/src/scribe/vulnpolicy/os.go index bdd6033..1f38536 100644 --- a/src/scribe/vulnpolicy/os.go +++ b/src/scribe/vulnpolicy/os.go @@ -16,4 +16,5 @@ var OSList = []OS{ {"redhat"}, {"centos"}, {"debian"}, + {"amazon"}, } diff --git a/src/scribe/vulnpolicy/vulnpolicy.go b/src/scribe/vulnpolicy/vulnpolicy.go index 5ba7341..5dd2435 100644 --- a/src/scribe/vulnpolicy/vulnpolicy.go +++ b/src/scribe/vulnpolicy/vulnpolicy.go @@ -47,6 +47,8 @@ func getReleaseTest(doc *scribe.Document, vuln Vulnerability) (string, error) { return ubuntuGetReleaseTest(doc, vuln) } else if (vuln.OS == "redhat") || (vuln.OS == "centos") { return redhatGetReleaseTest(doc, vuln) + } else if vuln.OS == "amazon" { + return amazonGetReleaseTest(doc, vuln) } return "", fmt.Errorf("unable to create release definition") }