[PKGS-7381] Collect FreeBSD details for vulnerable packages

include/tests_ports_packages

@@ -611,36 +611,32 @@
 #
     # Test        : PKGS-7381
     # Description : Check for vulnerable FreeBSD packages (with pkg)
-    if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    # TODO        : Update the repository first
-    Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
+    if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available, or missing vulnerability database"; fi
+    Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
     if [ ${SKIPTEST} -eq 0 ]; then
-        if [ -x /usr/sbin/pkg ]; then
+        COUNT=0
-            FIND=`/usr/sbin/pkg audit 2> /dev/null | ${GREPBINARY} 'problem(s) in your installed packages found' | ${GREPBINARY} -v '0 problem(s) in your installed packages found'`
+        PACKAGE_AUDIT_TOOL_FOUND=1
-            PACKAGE_AUDIT_TOOL_FOUND=1
+        PACKAGE_AUDIT_TOOL="pkg audit"
-            PACKAGE_AUDIT_TOOL="pkg audit"
+        FIND=$(/usr/sbin/pkg audit -q 2> /dev/null)
-            if [ "${FIND}" = "" ]; then
+        if [ $? -eq 0 ]; then
-                LogText "Result: pkg audit results are clean"
+            LogText "Result: pkg audit results are clean"
-                Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
+            Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
-              else
+        else
-                LogText "Result: ${FIND}"
+            LogText "Result: ${FIND}"
+            if [ ! -z "${FIND}" ]; then
                 VULNERABLE_PACKAGES_FOUND=1
                 Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
-                ReportSuggestion ${TEST_NO} "Check output of pkg audit"
+                for ITEM in ${FIND}; do
-                #Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_WARNING}" --color RED
+                    COUNT=$((COUNT + 1))
-                #LogText "Result: pkg audit found one or more installed packages which are vulnerable."
+                    Report "vulnerable_package[]=${ITEM}"
-                #ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
+                    LogText "Vulnerable package: ${ITEM}"
-                #ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
+                    AddHP 1 2
-                #LogText "List of vulnerable packages/version:"
+                done
-                #for I in `/usr/sbin/pkg audit -F | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do
+                ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages}"
-                #    Report "vulnerable_package[]=${I}"
+            else
-                #    LogText "Vulnerable package: ${I}"
+                LogText "Result: found an exit code greater than zero, yet no output"
-                #    # Decrease hardening points for every found vulnerable package
-                #    AddHP 1 2
-                #done
             fi
-          else
-            Display --indent 2 --text "- pkg audit not installed" --result "${STATUS_NOT_FOUND}" --color WHITE
-            LogText "Result: pkg audit not installed, skipping this vulnerability test."
         fi
     fi
 #