secureCodeBox · rfelber · Mar 21, 2022 · Mar 9, 2022 · Mar 9, 2022 · Mar 11, 2022
diff --git a/hooks.mk b/hooks.mk
@@ -26,20 +26,28 @@ include ../../common.mk
 
 module = $(hook-prefix)
 
+.PHONY: docker-build
 docker-build: | common-docker-build
+
+.PHONY: docker-export
 docker-export: | common-docker-export
+
+.PHONY: kind-import
 kind-import: | common-kind-import
 
+.PHONY: unit-tests
 unit-tests:
 	@$(MAKE) -s unit-test-js
 
+.PHONY: deploy
 deploy:
 	@echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'."
 	helm -n integration-tests upgrade --install $(name) . --wait \
 		--set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \
 		--set="hook.image.tag=$(IMG_TAG)"
 
+.PHONY: integration-tests
 integration-tests:
 	@echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'."
 	kubectl -n integration-tests delete scans --all
-	cd ../../tests/integration/ && npm ci &&	npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests ${hook-prefix}s/$(name).test.js
+	cd $(hook-prefix) && npm ci && npm run test --package jest@$(JEST_VERSION)
diff --git a/hooks/cascading-scans/Makefile b/hooks/cascading-scans/Makefile
@@ -8,10 +8,14 @@
 include_guard = set
 hook = cascading-scans
 
+test_files = [hook.test.js, kube.test.js]
+
 include ../../hooks.mk
 
+.PHONY: test-2
 test-2: | clean-integration-tests unit-tests docker-build docker-export kind-import deploy deploy-test-deps-2 integration-tests-2
 
+.PHONY: deploy-test-dep-nmap
 deploy-test-dep-nmap:
 	cd ../../scanners/nmap/ && $(MAKE) -s docker-build docker-export kind-import && \
 	helm -n integration-tests upgrade --install nmap . \
@@ -22,6 +26,7 @@ deploy-test-dep-nmap:
 		--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
 		--set-string="parser.env[0].value=true"
 
+.PHONY: deploy-test-dep-ncrack
 deploy-test-dep-ncrack:
 	printf "root\nadmin\n" > users.txt
 	printf "THEPASSWORDYOUCREATED\n123456\npassword\n" > passwords.txt
@@ -39,6 +44,7 @@ deploy-test-dep-ncrack:
 		--set="scanner.extraVolumeMounts[0].name=ncrack-lists" \
 		--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/"
 
+.PHONY: deploy-test-dep-sslyze
 deploy-test-dep-sslyze:
 	cd ../../scanners/sslyze/ && $(MAKE) -s docker-build docker-export kind-import && \
 	helm -n integration-tests upgrade --install sslyze . --wait \
@@ -47,22 +53,15 @@ deploy-test-dep-sslyze:
 		--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
 		--set-string="parser.env[0].value=true"
 
+.PHONY: deploy-test-deps
 deploy-test-deps: deploy-test-dep-dummy-ssh deploy-test-dep-nmap deploy-test-dep-ncrack
 
+.PHONY: deploy
 deploy:
 	@echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'cascading-scans'."
 	helm -n integration-tests upgrade --install dssh . --wait \
 		--set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \
 		--set="hook.image.tag=$(IMG_TAG)"
 
-integration-tests:
-	@echo ".: 🩺 Starting integration test in kind namespace 'cascading-scans'."
-	kubectl -n integration-tests delete scans --all
-	cd ../../tests/integration/ && npm ci &&	npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests scanner/cascade-nmap-ncrack.test.js
-
+.PHONY: deploy-test-deps-2		
 deploy-test-deps-2: deploy-test-dep-unsafe-https deploy-test-dep-nmap deploy-test-dep-sslyze
-
-integration-tests-2:
-	@echo ".: 🩺 Starting integration test in kind namespace 'cascading-scans'."
-	kubectl -n integration-tests delete scans --all
-	cd ../../tests/integration/ && npm ci &&	npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests scanner/cascade-nmap-sslyze.test.js
diff --git a/hooks/cascading-scans/hook/package.json b/hooks/cascading-scans/hook/package.json
@@ -9,8 +9,8 @@
   },
   "main": "hook.js",
   "scripts": {
-    "build": "npx tsc hook.ts scope-limiter.ts --sourceMap --esModuleInterop",
-    "test": "jest . --verbose false"
+    "build": "npx tsc hook.ts --sourceMap --esModuleInterop",
+    "test": "npm run build && jest --verbose --ci --colors --coverage --passWithNoTests"
   },
   "keywords": [
     "secureCodeBox",

diff --git a/hooks/cascading-scans/integration-tests/cascade-nmap-ncrack.test.js b/hooks/cascading-scans/integration-tests/cascade-nmap-ncrack.test.js
@@ -0,0 +1,35 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+const { cascadingScan } = require("../../../tests/integration/helpers");
+
+jest.retryTimes(3);
+
+test(
+  "Cascading Scan nmap -> ncrack on dummy-ssh",
+  async () => {
+    const { categories, severities, count } = await cascadingScan(
+      "nmap-dummy-ssh",
+      "nmap",
+      ["-Pn", "-sV", "dummy-ssh.demo-targets.svc"],
+      {
+        nameCascade: "ncrack-ssh",
+        matchLabels: {
+          "securecodebox.io/invasive": "invasive",
+          "securecodebox.io/intensive": "high",
+        },
+      },
+      120
+    );
+
+    expect(count).toBe(1);
+    expect(categories).toEqual({
+      "Discovered Credentials": 1,
+    });
+    expect(severities).toEqual({
+      high: 1,
+    });
+  },
+  3 * 60 * 1000
+);
diff --git a/hooks/cascading-scans/integration-tests/cascade-nmap-sslyze.test.js b/hooks/cascading-scans/integration-tests/cascade-nmap-sslyze.test.js
@@ -0,0 +1,42 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+const { cascadingScan } = require("../../../tests/integration/helpers");
+
+jest.retryTimes(3);
+
+test(
+  "Cascading Scan nmap -> sslyze on unsafe-https",
+  async () => {
+    const { categories, severities, count } = await cascadingScan(
+      "nmap-unsafe-https-sslyze",
+      "nmap",
+      ["-Pn", "-sV", "unsafe-https.demo-targets.svc", "-p", "443"],
+      {
+        nameCascade: "https-tls-scan",
+        matchLabels: {
+          "securecodebox.io/invasive": "non-invasive",
+          "securecodebox.io/intensive": "light",
+        },
+      },
+      4 * 60
+    );
+
+    expect(count).toBe(4);
+    expect(categories).toMatchInlineSnapshot(`
+      Object {
+        "Invalid Certificate": 1,
+        "Outdated TLS Version": 2,
+        "TLS Service Info": 1,
+      }
+    `);
+    expect(severities).toMatchInlineSnapshot(`
+      Object {
+        "informational": 1,
+        "medium": 3,
+      }
+    `);
+  },
+  5 * 60 * 1000
+);
diff --git a/hooks/finding-post-processing/hook/package.json b/hooks/finding-post-processing/hook/package.json
@@ -4,7 +4,7 @@
   "description": "secureCodeBox Finding Post Processing Hook",
   "main": "hook.js",
   "scripts": {
-    "test": "jest ."
+    "test": "jest --verbose --ci --colors --coverage --passWithNoTests"
   },
   "repository": {
     "type": "git",

diff --git a/hooks/generic-webhook/Makefile b/hooks/generic-webhook/Makefile
@@ -10,17 +10,13 @@ hook = generic-webhook
 
 include ../../hooks.mk
 
-
+.PHONY: deploy-test-deps
 deploy-test-deps: deploy-test-dep-http-webhook deploy-test-dep-test-scan
 
+.PHONY: deploy
 deploy:
 	@echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'."
 	helm -n integration-tests upgrade --install ro-hook . \
 		--set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \
 		--set="hook.image.tag=$(IMG_TAG)" \
-		--set="webhookUrl=http://http-webhook/hallo-welt"
-
-integration-tests:
-	@echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'."
-	kubectl -n integration-tests delete scans --all
-	cd ../../tests/integration/ && npm ci &&	npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests generic/read-only-write-hook.test.js
+		--set="webhookUrl=http://http-webhook/hallo-welt"
diff --git a/hooks/generic-webhook/hook/package.json b/hooks/generic-webhook/hook/package.json
@@ -9,7 +9,7 @@
   },
   "main": "hook.js",
   "scripts": {
-    "test": "jest ."
+    "test": "jest --verbose --ci --colors --coverage --passWithNoTests"
   },
   "keywords": [
     "secureCodeBox",

diff --git a/hooks/notification/Makefile b/hooks/notification/Makefile
@@ -10,17 +10,14 @@ hook = notification
 
 include ../../hooks.mk
 
+.PHONY: deploy-test-deps
 deploy-test-deps: deploy-test-dep-test-scan deploy-test-dep-http-webhook
 
+.PHONY: deploy
 deploy:
 	@echo ".: 💾 Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'."
 	helm -n integration-tests upgrade --install notification-hook . \
 		--values ../../tests/integration/hooks/__testFiles__/notification-values.yaml \
 		--set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \
 		--set="hook.image.tag=$(IMG_TAG)" \
 		--set="hook.image.pullPolicy=IfNotPresent"
-
-integration-tests:
-	@echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'."
-	kubectl -n integration-tests delete scans --all
-	cd ../../tests/integration/ && npm ci &&	npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests hooks/notification.test.js
diff --git a/hooks/notification/hook/package.json b/hooks/notification/hook/package.json
@@ -4,8 +4,8 @@
   "description": "secureCodeBox Hook for Notification",
   "main": "hook.js",
   "scripts": {
-    "test": "jest",
-    "build": "npx tsc hook.ts --sourceMap --esModuleInterop"
+    "build": "npx tsc hook.ts --sourceMap --esModuleInterop",
+    "test": "npm run build && npx ts-jest config:init && jest --verbose --ci --colors --coverage --passWithNoTests"
   },
   "repository": {
     "type": "git",