secureCodeBox · rfelber · Apr 23, 2021 · Apr 23, 2021 · Apr 23, 2021 · Apr 23, 2021
diff --git a/tests/integration/hooks/finding-post-processing.test.js b/tests/integration/hooks/finding-post-processing.test.js
@@ -1,7 +1,10 @@
-const { scan } = require('../helpers')
+const retry = require("../retry");
 
-test(
+const { scan } = require("../helpers");
+
+retry(
   "Finding Post Processing after test-scan",
+  3,
   async () => {
     const { severities, count } = await scan(
       "finding-post-processing",
@@ -11,7 +14,7 @@ test(
     );
 
     expect(count).toBe(2);
-    expect(severities.high).toBe(1)
+    expect(severities.high).toBe(1);
   },
   3 * 60 * 1000
 );
diff --git a/tests/integration/hooks/notification-hook.test.js b/tests/integration/hooks/notification-hook.test.js
@@ -1,15 +1,13 @@
+const retry = require("../retry");
+
 const { scan } = require("../helpers");
-const k8s = require('@kubernetes/client-node');
+const k8s = require("@kubernetes/client-node");
 
-test(
+retry(
   "should trigger notification",
+  3,
   async () => {
-    await scan(
-      "test-scan-notification-web-hook",
-      "test-scan",
-      [],
-      90
-    );
+    await scan("test-scan-notification-web-hook", "test-scan", [], 90);
 
     const WEBHOOK = "http-webhook";
     const NAMESPACE = "integration-tests";
@@ -20,12 +18,12 @@ test(
     const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
 
     function containsPod(item) {
-      return item.metadata.name.includes(WEBHOOK)
+      return item.metadata.name.includes(WEBHOOK);
     }
 
     let podName;
-    await k8sApi.listNamespacedPod(NAMESPACE, 'true').then((res) => {
-      let podArray = res.body.items.filter((containsPod));
+    await k8sApi.listNamespacedPod(NAMESPACE, "true").then((res) => {
+      let podArray = res.body.items.filter(containsPod);
       if (podArray.length === 0) {
         throw new Error(`Did not find Pod for "${WEBHOOK}" Hook`);
       }
@@ -39,26 +37,35 @@ test(
       k8sApi,
       podName,
       namespace: NAMESPACE,
-      containerName
-    }
+      containerName,
+    };
     const result = await delayedRepeat(isHookTriggered, params, 1000, 10);
 
-    expect(result).toBe(true)
+    expect(result).toBe(true);
   },
   3 * 60 * 1000
 );
 
 async function isHookTriggered(params) {
-  console.log("Fetch Container Logs...")
-  let containerLog = await params.k8sApi.readNamespacedPodLog(params.podName, params.namespace, params.containerName, false);
+  console.log("Fetch Container Logs...");
+  let containerLog = await params.k8sApi.readNamespacedPodLog(
+    params.podName,
+    params.namespace,
+    params.containerName,
+    false
+  );
   return containerLog.body.includes("/slack-notification");
 }
 
+const sleep = (durationInMs) =>
+  new Promise((resolve) => setTimeout(resolve, durationInMs));
 
-const sleep = durationInMs =>
-  new Promise(resolve => setTimeout(resolve, durationInMs));
-
-async function delayedRepeat(fun, functionParamObject, intervalInMs, maxRetries,) {
+async function delayedRepeat(
+  fun,
+  functionParamObject,
+  intervalInMs,
+  maxRetries
+) {
   for (let i = 0; i < maxRetries; i++) {
     const condition = await fun(functionParamObject);
     if (condition) {
@@ -68,5 +75,5 @@ async function delayedRepeat(fun, functionParamObject, intervalInMs, maxRetries,
     await sleep(intervalInMs);
   }
 
-  throw new Error("Reached max retries")
+  throw new Error("Reached max retries");
 }
diff --git a/tests/integration/retry.js b/tests/integration/retry.js
@@ -0,0 +1,49 @@
+// Vendored from https://www.npmjs.com/package/jest-retries MIT License
+// Includes adjustments to pass in timeout values to the underlying jest test function
+
+function runTest(handler) {
+  return new Promise((resolve, reject) => {
+    const result = handler((err) => (err ? reject(err) : resolve()));
+
+    if (result && result.then) {
+      result.catch(reject).then(resolve);
+    } else {
+      resolve();
+    }
+  });
+}
+
+async function retry(description, retries, handler, ...args) {
+  if (!description || typeof description !== "string") {
+    throw new Error("Invalid argument, description must be a string");
+  }
+
+  if (typeof retries === "function" && !handler) {
+    handler = retries;
+    retries = 1;
+  }
+
+  if (!retries || typeof retries !== "number" || retries < 1) {
+    throw new Error("Invalid argument, retries must be a greather than 0");
+  }
+
+  test(
+    description,
+    async () => {
+      let latestError;
+      for (let tries = 0; tries < retries; tries++) {
+        try {
+          await runTest(handler);
+          return;
+        } catch (error) {
+          latestError = error;
+        }
+      }
+
+      throw latestError;
+    },
+    ...args
+  );
+}
+
+module.exports = retry;
diff --git a/tests/integration/scanner/amass.test.js b/tests/integration/scanner/amass.test.js
@@ -1,12 +1,15 @@
-const {scan} = require('../helpers');
+const retry = require("../retry");
 
-test(
-  'amass should find at least 20 subdomains',
+const { scan } = require("../helpers");
+
+retry(
+  "amass should find at least 20 subdomains",
+  3,
   async () => {
-    const {count} = await scan(
-      'amass-scanner-dummy-scan',
-      'amass',
-      ['-passive', '-noalts', '-norecursive', '-d', 'owasp.org'],
+    const { count } = await scan(
+      "amass-scanner-dummy-scan",
+      "amass",
+      ["-passive", "-noalts", "-norecursive", "-d", "owasp.org"],
       90
     );
     expect(count).toBeGreaterThanOrEqual(20);

diff --git a/tests/integration/scanner/cascade-nmap-ncrack.test.js b/tests/integration/scanner/cascade-nmap-ncrack.test.js
@@ -1,7 +1,10 @@
-const { cascadingScan } = require('../helpers')
+const retry = require("../retry");
 
-test(
+const { cascadingScan } = require("../helpers");
+
+retry(
   "Cascading Scan nmap -> ncrack on dummy-ssh",
+  3,
   async () => {
     const { categories, severities, count } = await cascadingScan(
       "nmap-dummy-ssh",
@@ -11,23 +14,19 @@ test(
         nameCascade: "ncrack-ssh",
         matchLabels: {
           "securecodebox.io/invasive": "invasive",
-          "securecodebox.io/intensive": "high"
-        }
+          "securecodebox.io/intensive": "high",
+        },
       },
       120
     );
 
     expect(count).toBe(1);
-    expect(categories).toEqual(
-      {
-        "Discovered Credentials": 1,
-      }
-    );
-    expect(severities).toEqual(
-      {
-        "high": 1,
-      }
-    );
+    expect(categories).toEqual({
+      "Discovered Credentials": 1,
+    });
+    expect(severities).toEqual({
+      high: 1,
+    });
   },
   3 * 60 * 1000
 );
diff --git a/tests/integration/scanner/cascade-nmap-sslyze.test.js b/tests/integration/scanner/cascade-nmap-sslyze.test.js
@@ -1,7 +1,10 @@
-const { cascadingScan } = require('../helpers')
+const retry = require("../retry");
 
-test(
+const { cascadingScan } = require("../helpers");
+
+retry(
   "Cascading Scan nmap -> sslyze on unsafe-https",
+  3,
   async () => {
     const { categories, severities, count } = await cascadingScan(
       "nmap-unsafe-https-sslyze",
@@ -11,8 +14,8 @@ test(
         nameCascade: "https-tls-scan",
         matchLabels: {
           "securecodebox.io/invasive": "non-invasive",
-          "securecodebox.io/intensive": "light"
-        }
+          "securecodebox.io/intensive": "light",
+        },
       },
       4 * 60
     );

diff --git a/tests/integration/scanner/git-repo-scanner.test.js b/tests/integration/scanner/git-repo-scanner.test.js
@@ -1,19 +1,21 @@
-const {scan} = require('../helpers');
+const retry = require("../retry");
 
-test(
-  'gitleaks should find at least 1 repository in the GitHub secureCodeBox organisation',
+const { scan } = require("../helpers");
+
+retry(
+  "gitleaks should find at least 1 repository in the GitHub secureCodeBox organisation",
+  3,
   async () => {
     // This integration tests runs about 30min because of the GitHub Public API call rate limit.
     // If you want to speed up you need to add an valid access token like: ['--git-type', 'github', '--organization', 'secureCodeBox', '--access-token', '23476VALID2345TOKEN'],
-    const {count} = await scan(
-      'git-repo-scanner-dummy-scan',
-      'git-repo-scanner',
-      ['--git-type', 'github', '--organization', 'secureCodeBox'],
+    const { count } = await scan(
+      "git-repo-scanner-dummy-scan",
+      "git-repo-scanner",
+      ["--git-type", "github", "--organization", "secureCodeBox"],
       90
     );
     // There must be >= 28 Repositories found in the GitHub secureCodeBox organisation.
     expect(count).toBeGreaterThanOrEqual(28);
   },
   3 * 60 * 1000
 );
-
diff --git a/tests/integration/scanner/gitleaks.test.js b/tests/integration/scanner/gitleaks.test.js
@@ -1,27 +1,31 @@
-const {scan} = require('../helpers');
+const retry = require("../retry");
 
-test(
-  'gitleaks should find 1 credential in the testfiles',
+const { scan } = require("../helpers");
+
+retry(
+  "gitleaks should find 1 credential in the testfiles",
+  3,
   async () => {
-    const {categories, severities, count} = await scan(
-      'gitleaks-dummy-scan',
-      'gitleaks',
-      ['-r', 'https://github.com/secureCodeBox/secureCodeBox', '--commit=ec0fe179ccf178b56fcd51d1730448bc64bb9ab5', '--config-path', '/home/config_all.toml'],
+    const { categories, severities, count } = await scan(
+      "gitleaks-dummy-scan",
+      "gitleaks",
+      [
+        "-r",
+        "https://github.com/secureCodeBox/secureCodeBox",
+        "--commit=ec0fe179ccf178b56fcd51d1730448bc64bb9ab5",
+        "--config-path",
+        "/home/config_all.toml",
+      ],
       90
     );
 
     expect(count).toBe(1);
-    expect(categories).toEqual(
-      {
-        'Potential Secret': 1
-      }
-    );
-    expect(severities).toEqual(
-      {
-        'high': 1
-      }
-    );
+    expect(categories).toEqual({
+      "Potential Secret": 1,
+    });
+    expect(severities).toEqual({
+      high: 1,
+    });
   },
   3 * 60 * 1000
 );
-
diff --git a/tests/integration/scanner/kube-hunter.test.js b/tests/integration/scanner/kube-hunter.test.js
@@ -1,7 +1,10 @@
+const retry = require("../retry");
+
 const { scan } = require("../helpers");
 
-test(
+retry(
   "kube-hunter should find a fixed number of findings for the kind cluster",
+  3,
   async () => {
     await scan(
       "kube-hunter-in-cluster",

diff --git a/tests/integration/scanner/kubeaudit.test.js b/tests/integration/scanner/kubeaudit.test.js
@@ -1,7 +1,10 @@
+const retry = require("../retry");
+
 const { scan } = require("../helpers");
 
-test(
+retry(
   "kubeaudit should run and check the jshop in kubeaudit-tests namespace",
+  3,
   async () => {
     const { categories, severities } = await scan(
       "kubeaudit-tests",