Class: HybridPlatformsConductor::HpcPlugins::Test::Spectre

Inherits:
TestOnlyRemoteNode show all
Defined in:
lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb

Overview

Test that the vulnerabilities Spectre and Meltdown are patched

Constant Summary collapse

VULNERABILITIES_TO_CHECK = 
{
  'CVE-2017-5753' => 'Spectre Variant 1',
  'CVE-2017-5715' => 'Spectre Variant 2',
  'CVE-2017-5754' => 'Meltdown'
}

Constants included from LoggerHelpers

LoggerHelpers::LEVELS_MODIFIERS, LoggerHelpers::LEVELS_TO_STDERR

Instance Attribute Summary

Attributes inherited from Test

#errors, #expected_failure, #name, #node, #platform

Instance Method Summary collapse

Methods inherited from TestOnlyRemoteNode

only_on_nodes

Methods inherited from Test

#assert_equal, #assert_match, #error, #executed, #executed?, #initialize, only_on_nodes, only_on_platforms, #to_s

Methods inherited from Plugin

extend_config_dsl_with, #initialize, valid?

Methods included from LoggerHelpers

#err, #init_loggers, #log_component=, #log_debug?, #log_level=, #out, #section, #set_loggers_format, #stderr_device, #stderr_device=, #stderr_displayed?, #stdout_device, #stdout_device=, #stdout_displayed?, #stdouts_to_s, #with_progress_bar

Constructor Details

This class inherits a constructor from HybridPlatformsConductor::Test

Instance Method Details

#test_on_nodeObject

Check my_test_plugin.rb.sample documentation for signature details.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb', line 19

def test_on_node
  spectre_cmd = <<~EOS
    #{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/bin/bash <<'EOAction'
    #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
    EOAction
  EOS
  {
    spectre_cmd => {
      validator: proc do |stdout|
        VULNERABILITIES_TO_CHECK.each do |id, name|
          id_regexp = /#{Regexp.escape(id)}/
          status_idx = stdout.index { |line| line =~ id_regexp }
          if status_idx.nil?
            error "Unable to find vulnerability section #{id}"
          else
            while !stdout[status_idx].nil? && !(stdout[status_idx] =~ /STATUS:[^A-Z]+([A-Z ]+)/)
              status_idx += 1
            end
            if stdout[status_idx].nil?
              error "Unable to find vulnerability status for #{id}"
            else
              status = $1.strip
              error "Status for #{name}: #{status}" if status != 'NOT VULNERABLE'
            end
          end
        end
      end,
      timeout: 30
    }
  }
end