GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-31 22:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

external test configuration can be specified in 0_config file; it's regular bash file (ignored by git), see '0_config.example'

Browse source
This commit is contained in:
Alexei Ledenev 2016-05-18 12:25:26 +03:00
parent 7ae92494d1
commit f6cdaa3d3d
3 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
*.log *.log
bats_tests/0_config

4
bats_tests/0_config.example Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
# trusted users that can control Docker daemon
config_trusted_users=(vagrant docker ubuntu)

4
bats_tests/1_host_configuration.bats
View file

@ -1,5 +1,6 @@
#!/usr/bin/env bats #!/usr/bin/env bats
load "0_config"
load "test_helper/bats-support/load" load "test_helper/bats-support/load"
load "test_helper/bats-assert/load" load "test_helper/bats-assert/load"
load "$BATS_TEST_DIRNAME/../helper_lib.sh" load "$BATS_TEST_DIRNAME/../helper_lib.sh"
@ -45,12 +46,11 @@ load "$BATS_TEST_DIRNAME/../helper_lib.sh"
# 1.6 # 1.6
@test "1.6 - Only allow trusted users to control Docker daemon" { @test "1.6 - Only allow trusted users to control Docker daemon" {
declare -a trusted_users=("vagrant" "docker" "ubuntu")
users_string=$(awk -F':' '/^docker/{print $4}' /etc/group) users_string=$(awk -F':' '/^docker/{print $4}' /etc/group)
docker_users=(${users_string//,/ }) docker_users=(${users_string//,/ })
for u in "${docker_users[@]}"; do for u in "${docker_users[@]}"; do
local found=1 local found=1
for tu in "${trusted_users[@]}"; do for tu in "${config_trusted_users[@]}"; do
if [ "$u" = "$tu" ]; then if [ "$u" = "$tu" ]; then
found=0 found=0
fi fi