Sha256: 0b92b6926638a86ffcaedba6bcf6afb9c5f9b48c5ca113108bfb9ba1124e008a
Contents?: true
Size: 1.82 KB
Versions: 3
Compression:
Stored size: 1.82 KB
Contents
require 'hybrid_platforms_conductor/test_only_remote_node'
module HybridPlatformsConductor
module HpcPlugins
module Test
# Test that the vulnerabilities Spectre and Meltdown are patched
class Spectre < TestOnlyRemoteNode
VULNERABILITIES_TO_CHECK = {
'CVE-2017-5753' => 'Spectre Variant 1',
'CVE-2017-5715' => 'Spectre Variant 2',
'CVE-2017-5754' => 'Meltdown'
}
# Check my_test_plugin.rb.sample documentation for signature details.
def test_on_node
spectre_cmd = <<~EOS
#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/bin/bash <<'EOAction'
#{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
EOAction
EOS
{
spectre_cmd => {
validator: proc do |stdout|
VULNERABILITIES_TO_CHECK.each do |id, name|
id_regexp = /#{Regexp.escape(id)}/
status_idx = stdout.index { |line| line =~ id_regexp }
if status_idx.nil?
error "Unable to find vulnerability section #{id}"
else
while !stdout[status_idx].nil? && !(stdout[status_idx] =~ /STATUS:[^A-Z]+([A-Z ]+)/)
status_idx += 1
end
if stdout[status_idx].nil?
error "Unable to find vulnerability status for #{id}"
else
status = $1.strip
error "Status for #{name}: #{status}" if status != 'NOT VULNERABLE'
end
end
end
end,
timeout: 30
}
}
end
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems