forked from secureCodeBox/secureCodeBox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test-base.mk
223 lines (185 loc) · 8.32 KB
/
test-base.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#!/usr/bin/make -f
#
# SPDX-FileCopyrightText: the secureCodeBox authors
#
# SPDX-License-Identifier: Apache-2.0
#
#
# This include is a base test setup used for hooks, scanners, and SDKs.
#
# include must be two levels up because this file is included effectivity two levels deeper in the modules hierarchy.
include ../../prerequisites.mk
# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in
# errors on macOS/FreeBSD because the line wil be interpreted as command which must
# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353)
ifeq ($(include_guard),)
$(error you should never run this makefile directly!)
endif
# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in
# errors on macOS/FreeBSD because the line wil be interpreted as command which must
# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353)
ifeq ($(name),)
$(error name ENV is not set)
endif
# Variables you might want to override:
#
# IMG_NS: Defines the namespace under which the images are build.
# For `securecodebox/scanner-nmap` `securecodebox` is the namespace
# Defaults to `securecodebox`
#
# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook
#
# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortened commit hash
# prefixed with `sha-` e.g. `sha-ef8de4b7`
#
# KIND_CLUSTER_NAME: Defines the name of the kind cluster (created by kind create cluster --name cluster-name)
#
# Examples:
# make all IMG_TAG=main
# make deploy IMG_TAG=$(git rev-parse --short HEAD)
# make kind-import KIND_CLUSTER_NAME=your-cluster-name
# make integration-tests
#
SHELL = /bin/sh
IMG_NS ?= securecodebox
GIT_TAG ?= $$(git rev-parse --short HEAD)
BASE_IMG_TAG ?= sha-$(GIT_TAG)
IMG_TAG ?= "sha-$(GIT_TAG)"
KIND_CLUSTER_NAME ?= kind
parser-prefix = parser
scanner-prefix = scanner
hook-prefix = hook
all: help
.PHONY: test
test: | reset-integration-tests-namespace reset-demo-targets-namespace clean-operator clean-parser-sdk clean-hook-sdk unit-tests docker-build docker-export kind-import deploy deploy-test-deps integration-tests ## 🧪 Complete clean Test for this module.
.PHONY: install-deps-js
install-deps-js:
@echo ".: ⚙️ Installing all $(module) specific javascript dependencies."
cd .. && npm ci
cd ../.. && npm ci
cd ../../${module}-sdk/nodejs && npm ci
cd ${module}/ && npm ci
.PHONY: unit-test-js
unit-test-js: install-deps-js
@echo ".: 🧪 Starting unit-tests for '$(name)' $(module)."
npm run test:unit -- ${name}/${module}/
.PHONY: install-deps-py
install-deps-py:
@echo ".: ⚙️ Installing all $(module) specific python dependencies."
$(PYTHON) -m pip install --upgrade pip setuptools wheel pytest
cd $(module)/ && $(PYTHON) -m pip install -r requirements.txt
.PHONY: unit-test-py
unit-test-py: install-deps-py
cd $(module)/ && $(PYTHON) -m pytest --ignore-glob='*_local.py' --ignore=tests/docker
.PHONY: unit-test-java
unit-test-java:
cd $(module)/ && ./gradlew test
.PHONY: common-docker-build
common-docker-build:
@echo ".: ⚙️ Build '$(name)' $(module) with BASE_IMG_TAG: '$(BASE_IMG_TAG)'."
docker build \
--build-arg=scannerVersion=$(shell yq -e .appVersion ./Chart.yaml) \
--build-arg=baseImageTag=$(BASE_IMG_TAG) \
--build-arg=namespace=$(IMG_NS) \
-t $(IMG_NS)/$(module)-$(name):$(IMG_TAG) \
-f ./$(module)/Dockerfile \
./$(module)
.PHONY: common-docker-export
common-docker-export:
@echo ".: ⚙️ Saving new docker image archive to '$(module)-$(name).tar'."
docker save $(IMG_NS)/$(module)-$(name):$(IMG_TAG) -o $(module)-$(name).tar
.PHONY: common-kind-import
common-kind-import:
@echo ".: 💾 Importing the image archive '$(module)-$(name).tar' to local kind cluster."
kind load image-archive ./$(module)-$(name).tar --name $(KIND_CLUSTER_NAME)
.PHONY: deploy-test-deps
deploy-test-deps: deploy-test-dep-namespace
.PHONY: deploy-test-dep-namespace
deploy-test-dep-namespace:
# If not exists create namespace where the tests will be executed
kubectl create namespace demo-targets --dry-run=client -o yaml | kubectl apply -f -
.PHONY: deploy-test-dep-dummy-ssh
deploy-test-dep-dummy-ssh:
helm -n demo-targets upgrade --install dummy-ssh ../../demo-targets/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait
.PHONY: deploy-test-dep-unsafe-https
deploy-test-dep-unsafe-https:
helm -n demo-targets upgrade --install unsafe-https ../../demo-targets/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait
.PHONY: deploy-test-dep-bodgeit
deploy-test-dep-bodgeit:
helm -n demo-targets upgrade --install bodgeit ../../demo-targets/bodgeit/ --set="fullnameOverride=bodgeit" --wait
.PHONY: deploy-test-dep-petstore
deploy-test-dep-petstore:
helm -n demo-targets upgrade --install petstore ../../demo-targets/swagger-petstore/ --set="fullnameOverride=petstore" --wait
.PHONY: deploy-test-dep-old-wordpress
deploy-test-dep-old-wordpress:
helm -n demo-targets upgrade --install old-wordpress ../../demo-targets/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait
.PHONY: deploy-test-dep-old-typo3
deploy-test-dep-old-typo3:
helm -n demo-targets upgrade --install old-typo3 ../../demo-targets/old-typo3/ --set="fullnameOverride=old-typo3" --wait
.PHONY: deploy-test-dep-juiceshop
deploy-test-dep-juiceshop:
helm -n demo-targets upgrade --install juiceshop ../../demo-targets/juice-shop/ --set="fullnameOverride=juiceshop" --wait
.PHONY: deploy-test-dep-vulnerable-log4j
deploy-test-dep-vulnerable-log4j:
helm -n demo-targets upgrade --install vulnerable-log4j ../../demo-targets/vulnerable-log4j/ --set="fullnameOverride=vulnerable-log4j" --wait
.PHONY: deploy-test-dep-nginx
deploy-test-dep-nginx:
# Delete leftover nginx's. Unfortunately can't create deployment only if not exists (like namespaces)
kubectl delete deployment nginx --namespace demo-targets --ignore-not-found --wait
kubectl delete svc nginx --namespace demo-targets --ignore-not-found --wait
# Install plain nginx server
kubectl create deployment --image nginx:alpine nginx --namespace demo-targets
kubectl expose deployment nginx --port 80 --namespace demo-targets
.PHONY: deploy-test-dep-http-webhook
deploy-test-dep-http-webhook:
helm -n integration-tests upgrade --install http-webhook ../../demo-targets/http-webhook/
.PHONY: deploy-test-dep-test-scan
deploy-test-dep-test-scan:
cd ../../scanners/test-scan/ && $(MAKE) docker-build docker-export kind-import && \
helm -n integration-tests upgrade --install test-scan . \
--set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-test-scan" \
--set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-test-scan" \
--set="parser.image.tag=$(IMG_TAG)" \
--set="scanner.image.tag=$(IMG_TAG)" \
--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
--set-string="parser.env[0].value=true"
.PHONY: deploy-test-dep-old-joomla
deploy-test-dep-old-joomla:
helm -n demo-targets install old-joomla ../../demo-targets/old-joomla/ --set="fullnameOverride=old-joomla" --wait
.PHONY: reset
reset: ## 🧹 removing all generated files for this module.
@echo ".: 🧹 removing all generated files."
rm -f ./$(module)-$(name).tar
rm -rf ./$(module)/node_modules
rm -rf ./$(module)/coverage
rm -rf ./integration-tests/node_modules
rm -rf ./integration-tests/coverage
rm -rf ../node_modules
rm -rf ../coverage
.PHONY: reset-integration-tests-namespace
reset-integration-tests-namespace:
@echo ".: 🧹 Resetting 'integration-tests' namespace"
kubectl delete namespace integration-tests --wait || true
kubectl create namespace integration-tests
.PHONY: reset-demo-targets-namespace
reset-demo-targets-namespace:
@echo ".: 🧹 Resetting 'demo-targets' namespace"
kubectl delete namespace demo-targets --wait || true
kubectl create namespace demo-targets
.PHONY: clean-operator
clean-operator:
make -C $(OPERATOR_DIR) docker-build
make -C $(OPERATOR_DIR) docker-export
make -C $(OPERATOR_DIR) kind-import
rm $(OPERATOR_DIR)/operator.tar $(OPERATOR_DIR)/lurker.tar
make -C $(OPERATOR_DIR) helm-deploy
.PHONY: clean-parser-sdk
clean-parser-sdk:
make -C $(PARSER_SDK_DIR) docker-build-sdk
.PHONY: clean-hook-sdk
clean-hook-sdk:
make -C $(HOOK_SDK_DIR) docker-build-sdk
.PHONY: help
help: ## 🔮 Display this help screen.
@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'