From 153b16271b504a32b9b2269cb93a99c7e82b7f9e Mon Sep 17 00:00:00 2001 From: PrimalPimmy Date: Fri, 28 Jun 2024 10:43:18 +0530 Subject: [PATCH] TLS checking logic change and removed tests Signed-off-by: PrimalPimmy --- .github/workflows/ci-test-ginkgo.yml | 61 ---------------------------- src/findings_tls | 5 ++- 2 files changed, 3 insertions(+), 63 deletions(-) delete mode 100644 .github/workflows/ci-test-ginkgo.yml diff --git a/.github/workflows/ci-test-ginkgo.yml b/.github/workflows/ci-test-ginkgo.yml deleted file mode 100644 index 12d3be0..0000000 --- a/.github/workflows/ci-test-ginkgo.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: ci-test-ginkgo - -on: - push: - branches: [main] - paths: - - "src/**" - - "tests/**" - - ".github/workflows/ci-test-ginkgo.yml" - - pull_request: - branches: [main] - paths: - - "src/**" - - "tests/**" - - ".github/workflows/ci-test-ginkgo.yml" - -jobs: - build: - name: Auto-testing Framework - runs-on: ubuntu-latest - env: - RUNTIME: containerd - steps: - - uses: actions/checkout@v3 - - - uses: actions/setup-go@v4 - with: - go-version: "v1.20" - - - name: Create k3s cluster - run: ./.github/workflows/scripts/install_k3s.sh - - - name: Test connectivity - run: kubectl get pods -A - - - name: Deploy wordpress-mysql - run: | - kubectl apply -f ./tests/res/wordpress-mysql-dep.yaml - kubectl wait --for=condition=ready --timeout=15m -n wordpress-mysql pod -l app=wordpress - - - name: Building k8tls - run: make build - - - name: Deploy k8tls - run: | - docker save kubearmor/k8tls:latest | sudo k3s ctr images import - - kubectl apply -f ./tests/res/test-k8tls.yaml - sleep 10 - - - name: Check k8tls is completed - run: kubectl get pods -A - - - name: Test k8tls using Ginkgo - run: | - # mkdir /tmp/k8tls - go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo - make - working-directory: ./tests - timeout-minutes: 30 - diff --git a/src/findings_tls b/src/findings_tls index 56e5567..c14f7b6 100644 --- a/src/findings_tls +++ b/src/findings_tls @@ -64,9 +64,9 @@ k8tls_tls_01checkversion() { do_openssl_scan [[ "$TLS_Status" != "TLS" ]] && return # no finding - if [ "$TLS_Protocol_version" != "TLSv1.2" ] || [ "$TLS_Protocol_version" != "TLSv1.3" ]; then + if [ "$TLS_Protocol_version" != "TLSv1.2" ] && [ "$TLS_Protocol_version" != "TLSv1.3" ]; then status="FAIL" - fi + cat << EOF >> $TMPJSONSEC { "plugin": "tls-version", @@ -81,6 +81,7 @@ k8tls_tls_01checkversion() "status": "$status" } EOF + fi } k8tls_tls_02certificateChecks()