Skip to content

Commit

Permalink
Add: Smoketest for the scanner API (greenbone#1480)
Browse files Browse the repository at this point in the history
* Change: make scanning struct member Optional.
This solves an issue when deserializing host_info data into a HostInfo struct wich doesn't contains current scanning hosts, like when the scan finished

* Add: smoktestes

* Fix run-with-certs

* fix clyppy warnigns. Also dont return before deletting the scan

* Make target, user and pass for authenticated scan configurable via env variables

* Add readme
  • Loading branch information
jjnicola authored Sep 11, 2023
1 parent 4ed0fc1 commit 4640a51
Show file tree
Hide file tree
Showing 13 changed files with 587 additions and 6 deletions.
19 changes: 17 additions & 2 deletions .github/workflows/helm-build-chart.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,27 @@ jobs:
helm uninstall openvasd || true
helm install openvasd charts/openvasd/ --values charts/openvasd/values.yaml
kubectl rollout status --watch --timeout 600s deployment/openvasd
helm test openvasd
sleep 5
- id: smoketest
run: echo "POD_NAME=$(kubectl get pods |grep openvasd | awk '{print $1;}')" >> $GITHUB_OUTPUT
- name: forward port
run: |
echo "POD_NAME: ${{ steps.smoketest.outputs.POD_NAME }}"
echo "$(kubectl get pods)"
kubectl --namespace default port-forward ${{ steps.smoketest.outputs.POD_NAME }} 8080:3000 &
- name: smoketest
working-directory: rust/smoketest
env:
API_KEY: changeme
OPENVASD: http://127.0.0.1:8080
SCAN_CONFIG: simple_scan_ssh_only.json
run: |
make build run
- uses: greenbone/actions/helm-build-push@v3
if: github.event_name == 'workflow_dispatch'
with:
chart-name: openvasd
registry: ${{ vars.IMAGE_REGISTRY }}
registry-subpath: helm-charts/
registry-user: ${{ secrets.GREENBONE_BOT }}
registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}
registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}
3 changes: 2 additions & 1 deletion .github/workflows/rustification.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ jobs:
- uses: actions/checkout@v4
- run: sudo apt update && sudo apt-get install -y libpcap-dev
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} || rustup default ${{ matrix.toolchain }}
- run: cargo test
# Run unittests and integration test, but excludes the smoketest since it depends on a running openvasd server.
- run: cargo test --lib --tests --workspace --exclude smoketest
clippy:
runs-on: ubuntu-latest
defaults:
Expand Down
114 changes: 114 additions & 0 deletions rust/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions rust/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ members = [
"openvasd",
"scanconfig",
"infisto",
"smoketest",
]

[workspace.package]
Expand Down
4 changes: 2 additions & 2 deletions rust/models/src/host_info.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ pub struct HostInfo {
pub finished: u32,
#[cfg_attr(
feature = "serde_support",
serde(skip_serializing_if = "Vec::is_empty")
serde(skip_serializing_if = "Option::is_none")
)]
/// IPs of hosts, that are currently scanned.
pub scanning: Vec<String>,
pub scanning: Option<Vec<String>>,
}
2 changes: 1 addition & 1 deletion rust/osp/src/response.rs
Original file line number Diff line number Diff line change
Expand Up @@ -613,7 +613,7 @@ impl From<Scan> for models::Status {
- i.count_alive.content.0
- i.host.len() as u32,
finished: i.count_alive.content.0,
scanning,
scanning: Some(scanning)
}),
}
}
Expand Down
23 changes: 23 additions & 0 deletions rust/smoketest/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[package]
name = "smoketest"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
models = {path = "../models"}
clap = { version = "4.4.0", features = ["derive"] }
reqwest = { version = "0.11.20", features = ["rustls-tls", "blocking", "json"], default-features=false }
tokio = { version = "1.32.0", features = ["full"] }
tracing = "0.1.37"
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
serde = {version = "1", features = ["derive"], optional = true}
serde_json = "1"

[features]
default = ["serde_support"]
serde_support = ["serde"]

[dev-dependencies]
serde_json = "1"
45 changes: 45 additions & 0 deletions rust/smoketest/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# SPDX-FileCopyrightText: 2023 Greenbone AG
#
# SPDX-License-Identifier: AGPL-3.0-or-later

.PHONY: build run-with-certs

MAKEFILE_PATH := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))

ifdef TARGET_HOSTNAME
TARGET := $(TARGET_HOSTNAME)
else
TARGET := 127.0.0.1
endif

ifdef OPENVASD
SERVER := $(OPENVASD)
else
SERVER := http://127.0.0.1:8080
endif

ifndef SCAN_CONFIG
SCAN_CONFIG := ./simple_scan_ssh_only.json
endif

ifndef CARGO
CARGO := cargo
endif

ifndef TARGET_USERNAME
TARGET_USERNAME := noname
TARGET_PASSWORD := nopass
endif

all: build run-with-certs

build: prepare-scan
${CARGO} build

run:
cargo test

prepare-scan:
sed -i 's|<username>|'$(TARGET_USERNAME)'|' simple_scan_ssh_only.json
sed -i 's|<password>|'$(TARGET_PASSWORD)'|' simple_scan_ssh_only.json
sed -i 's|<hostname>|'$(TARGET)'|' simple_scan_ssh_only.json
49 changes: 49 additions & 0 deletions rust/smoketest/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# smoke-test

Contains a small subset of functionality tests for openvasd within a controlled environment.

To build and run the tests a Makefile is provided:
- make build - builds the smoketest binary
- make run - runs a scan against an scanner API listening on http://127.0.0.1:3000 using the API KEY authentication method
- make run-with-certs - runs a scan against an scanner API listening on https://127.0.0.1:3000 using the mTLS authentication method plus API KEY

## Configuration
Independent of the usage of the certificates, the api-key is required. Therefore, `openvasd` must have an api-key set. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).

In case of running the test against a mTLS enabled `openvasd`, you need to configure the client key and cert as well in the smoke test environment. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).

For creation of the key/cert pair for mTLS authentication, see the tls section in the [openvasd documentation](../openvasd/README.md). Also, you find certificate generators in the [examples](../examples/tls)

For authenticated scans, you can set a custom target (default is 127.0.0.1), username and password.

All settings for running the smoke-tests are set via environmental variables. The next table summarize the settings availables:

|Variable|Description|Default|Mandatory|Comment|
|--------|-----------|-------|---------|-------|
|TARGET_HOSTNAME|Custom target|127.0.0.1|no|Necessary for authenticated scans|
|TARGET_USERNAME|Username for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans|
|TARGET_PASSWORD|Password for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans|
|API_KEY|API Key for authenticated communication with `openvasd`|mtls_is_preferred|yes||
|OPENVASD|Socket where openvasd listen on|http://127.0.0.1:3000|no|Must be specified with port|
|CLIENT_CERT|PEM file combinating public certificate and any 3rd party intermediate certificates ||yes for mTLS|Necessary for mTLS enabled|
|CLIENT_KEY|Client private key||yes for mTLS|Necessary for mTLS enabled|
|SCAN_CONFIG|Scan config in json file format to be run against the target|simple_scan_ssh_only.json|yes||


## Usage

``` bash
# set env variables
export CLIENT_CERT=/tmp/cert.pem
export CLIENT_KEY=/tmp/key.pem
export OPENVASD=192.168.0.1:3000
export TARGET_HOSTNAME=192.168.10.10
export TARGET_USERNAME=user
export TARGET_PASSWORD=pass
export API_KEY=mtls_is_preferred

#build and run
make build
make run-with-certs
```

29 changes: 29 additions & 0 deletions rust/smoketest/simple_scan_ssh_only.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{"target": {"hosts": ["<hostname>"],
"ports": [
{
"protocol": "tcp",
"range": [
{
"start": 22,
"end": 22
}
]
}
],
"credentials": [
{
"service": "ssh",
"port": 22,
"up": {
"username": "<username>",
"password": "<password>"
}
}
]
},
"vts": [
{
"oid": "1.3.6.1.4.1.25623.1.0.90022"
}
]
}
Loading

0 comments on commit 4640a51

Please sign in to comment.