Enhance pkg support on FreeBSD

2025-07-23 22:04:39 +02:00 · 2016-10-15 16:38:33 +02:00 · 2016-10-15 16:38:33 +02:00 · 22d27434c9
commit 22d27434c9
parent f1c3c23cae
2 changed files with 29 additions and 23 deletions
--- a/include/binaries
+++ b/include/binaries
@ -184,6 +184,10 @@
                            pacman)                 PACMANFOUND=1;         PACMANBINARY="${BINARY}";                                                      LogText "  Found known binary: pacman (package manager) - ${BINARY}"                                      ;;
                            perl)                   PERLFOUND=1;           PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; LogText "Found ${BINARY} (version ${PERLVERSION})"                               ;;
                            php)                    PHPFOUND=1;            PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; LogText "Found known binary: php (programming language intrepreter) - ${BINARY} (version ${PHPVERSION})" ;;
                            pkg)
                                                    PKG_BINARY="${BINARY}"
                                                    LogText "  Found known binary: pkg (software package administration) - ${BINARY}"
                            ;;
                            pkg_admin)              PKGADMINBINARY="${BINARY}";                                                                           LogText "  Found known binary: pkg_admin (software package administration) - ${BINARY}"                   ;;
                            postconf)               POSTCONFFOUND=1;       POSTCONFBINARY="${BINARY}";                                                    LogText "  Found known binary: postconf (postfix configuration) - ${BINARY}"                              ;;
                            postfix)                POSTFIXFOUND=1;        POSTFIXBINARY="${BINARY}";                                                     LogText "  Found known binary: postfix (postfix binary) - ${BINARY}"                                      ;;
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@ -652,37 +652,39 @@
    # Description : Check for vulnerable FreeBSD packages (with pkg)
    # Notes       : Related vulnerability file is /var/db/pkg/vuln.xml
    # TODO        : Run this in any jail
-    if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
+    if [ ! -z "${PKG_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
    Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
    if [ ${SKIPTEST} -eq 0 ]; then
        COUNT=0
        PACKAGE_AUDIT_TOOL_FOUND=1
        PACKAGE_AUDIT_TOOL="pkg audit"
-        FIND=$(/usr/sbin/pkg audit > /dev/null 2>&1)
+        if [ -f ${ROOTDIR}var/db/pkg/vuln.xml ]; then
-        if [ $? -eq 0 ]; then
+            FIND=$(${PKG_BINARY} audit 2> /dev/null)
-            LogText "Result: pkg audit results are clean"
+            if [ $? -eq 0 ]; then
-            Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
+                LogText "Result: pkg audit results are clean"
-            AddHP 10 10
+                Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
-        elif [ $? -eq 1 ]; then
+                AddHP 10 10
-            if [ ! -z "${FIND}" ]; then
+            elif [ $? -eq 1 ]; then
-                VULNERABLE_PACKAGES_FOUND=1
+                if [ ! -z "${FIND}" ]; then
-                Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
+                    VULNERABLE_PACKAGES_FOUND=1
-                for ITEM in ${FIND}; do
+                    Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
-                    COUNT=$((COUNT + 1))
+                    for ITEM in ${FIND}; do
-                    Report "vulnerable_package[]=${ITEM}"
+                        COUNT=$((COUNT + 1))
-                    LogText "Vulnerable package: ${ITEM}"
+                        Report "vulnerable_package[]=${ITEM}"
-                    AddHP 1 2
+                        LogText "Vulnerable package: ${ITEM}"
-                done
+                        AddHP 1 2
-                ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages"
+                    done
                    ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages"
                else
                    LogText "Result: found an exit code greater than zero, yet no output"
                fi
            else
-                LogText "Result: found an exit code greater than zero, yet no output"
+                LogText "Result: exited with code $?"
                ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
            fi
        elif [ $? -eq 65 ]; then
            LogText "Result: exited with code 65, meaning there is no vulnerability database"
            ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
        else
-            LogText "Result: exited with code $?"
+            LogText "Result: could not find vulnerability database"
-            ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
+            ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
        fi
    fi
 #