Sha256: 05e06b270363f085af0d0906f8db388aee66fdf86499c9aacb6608d6acff917a
Contents?: true
Size: 1.79 KB
Versions: 14
Compression:
Stored size: 1.79 KB
Contents
require 'hybrid_platforms_conductor/test_only_remote_node'
module HybridPlatformsConductor
module HpcPlugins
module Test
# Test that the vulnerabilities Spectre and Meltdown are patched
class Spectre < TestOnlyRemoteNode
VULNERABILITIES_TO_CHECK = {
'CVE-2017-5753' => 'Spectre Variant 1',
'CVE-2017-5715' => 'Spectre Variant 2',
'CVE-2017-5754' => 'Meltdown'
}
# Check my_test_plugin.rb.sample documentation for signature details.
def test_on_node
spectre_cmd = <<~EO_BASH
#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/bin/bash <<'EOAction'
#{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
EOAction
EO_BASH
{
spectre_cmd => {
validator: proc do |stdout|
VULNERABILITIES_TO_CHECK.each do |id, name|
id_regexp = /#{Regexp.escape(id)}/
status_idx = stdout.index { |line| line =~ id_regexp }
if status_idx.nil?
error "Unable to find vulnerability section #{id}"
else
status_idx += 1 while !stdout[status_idx].nil? && stdout[status_idx] !~ /STATUS:[^A-Z]+([A-Z ]+)/
if stdout[status_idx].nil?
error "Unable to find vulnerability status for #{id}"
else
status = Regexp.last_match(1).strip
error "Status for #{name}: #{status}" if status != 'NOT VULNERABLE'
end
end
end
end,
timeout: 30
}
}
end
end
end
end
end
Version data entries
14 entries across 14 versions & 1 rubygems