Skip to content

Commit c8f9b6b

Browse files
zhijie-yangzhijie-yang
committed
test: add e2e os/chisel test
1 parent 8b9aa1d commit c8f9b6b

2 files changed

Lines changed: 45 additions & 0 deletions

File tree

cmd/osv-scanner/scan/image/command_test.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -363,6 +363,14 @@ func TestCommand_OCIImage(t *testing.T) {
363363
},
364364
Exit: 1,
365365
},
366+
{
367+
Name: "scanning_insecure_chiseled_ubuntu_image",
368+
Args: []string{
369+
"", "image",
370+
"--archive", "./testdata/test-chisel.tar",
371+
},
372+
Exit: 1,
373+
},
366374
}
367375
for _, tt := range tests {
368376
t.Run(tt.Name, func(t *testing.T) {
@@ -499,6 +507,20 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
499507
testutility.AnyDiffID,
500508
},
501509
},
510+
{
511+
Name: "scanning_insecure_chiseled_ubuntu_image",
512+
Args: []string{
513+
"", "image", "--format=json",
514+
"--archive", "./testdata/test-chisel.tar",
515+
},
516+
Exit: 1,
517+
ReplaceRules: []testutility.JSONReplaceRule{
518+
testutility.GroupsAsArrayLen,
519+
testutility.OnlyIDVulnsRule,
520+
testutility.OnlyFirstBaseImage,
521+
testutility.AnyDiffID,
522+
},
523+
},
502524
}
503525
for _, tt := range tests {
504526
t.Run(tt.Name, func(t *testing.T) {

cmd/osv-scanner/scan/image/testdata/test-chisel.Dockerfile

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
FROM ubuntu:26.04@sha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64 AS builder
2+
3+
RUN apt install --update -y curl wget
4+
5+
# Deb arch to GOARCH
6+
RUN arch="$(dpkg --print-architecture | sed -e 's/armhf/arm/g' -e 's/ppc64el/ppc64le/g')" && \
7+
curl -s https://api.github.com/repos/canonical/chisel/releases/latest \
8+
| awk "/browser_download_url/ && /chisel_v/ && /_$arch\./" \
9+
| cut -d : -f 2,3 \
10+
| tr -d \" \
11+
| xargs wget
12+
13+
RUN sha384sum -c chisel_v*sha384
14+
RUN tar -xf chisel_v*tar.gz -C /usr/local/bin
15+
RUN mkdir /rootfs && \
16+
chisel cut --root /rootfs \
17+
base-files_base \
18+
base-files_chisel \
19+
base-files_release-info \
20+
golang_core
21+
22+
FROM scratch
23+
COPY --from=builder /rootfs/ /

0 commit comments

Comments
 (0)