Add: Smoketest for the scanner API (#1480)

* Change: make scanning struct member Optional.
This solves an issue when deserializing host_info data into a HostInfo struct wich doesn't contains current scanning hosts, like when the scan finished

* Add: smoktestes

* Fix run-with-certs

* fix clyppy warnigns. Also dont return before deletting the scan

* Make target, user and pass for authenticated scan configurable via env variables

* Add readme

.github/workflows/helm-build-chart.yml

@@ -21,12 +21,27 @@ jobs:
           helm uninstall openvasd || true 
           helm install openvasd charts/openvasd/ --values charts/openvasd/values.yaml
           kubectl rollout status --watch --timeout 600s deployment/openvasd
-          helm test openvasd
+          sleep 5
+      - id: smoketest
+        run: echo "POD_NAME=$(kubectl get pods |grep openvasd | awk '{print $1;}')" >> $GITHUB_OUTPUT
+      - name: forward port
+        run: |
+          echo "POD_NAME: ${{ steps.smoketest.outputs.POD_NAME }}"
+          echo "$(kubectl get pods)"
+          kubectl --namespace default port-forward ${{ steps.smoketest.outputs.POD_NAME }} 8080:3000 &
+      - name: smoketest
+        working-directory: rust/smoketest
+        env:
+          API_KEY: changeme
+          OPENVASD: http://127.0.0.1:8080
+          SCAN_CONFIG: simple_scan_ssh_only.json
+        run: |
+          make build run
       - uses: greenbone/actions/helm-build-push@v3
         if: github.event_name == 'workflow_dispatch'
         with:
           chart-name: openvasd
           registry: ${{ vars.IMAGE_REGISTRY }}
           registry-subpath: helm-charts/
           registry-user: ${{ secrets.GREENBONE_BOT }}
-          registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}
+          registry-token: ${{ secrets.GREENBONE_BOT_PACKAGES_WRITE_TOKEN }}

.github/workflows/rustification.yaml

@@ -24,7 +24,8 @@ jobs:
       - uses: actions/checkout@v4
       - run: sudo apt update && sudo apt-get install -y libpcap-dev
       - run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} || rustup default ${{ matrix.toolchain }}
-      - run: cargo test
+      # Run unittests and integration test, but excludes the smoketest since it depends on a running openvasd server.
+      - run: cargo test --lib --tests --workspace --exclude smoketest
   clippy:
     runs-on: ubuntu-latest
     defaults:

rust/Cargo.toml

@@ -27,6 +27,7 @@ members = [
   "openvasd",
   "scanconfig",
   "infisto",
+  "smoketest",
 ]
 
 [workspace.package]

rust/models/src/host_info.rs

@@ -24,8 +24,8 @@ pub struct HostInfo {
     pub finished: u32,
     #[cfg_attr(
         feature = "serde_support",
-        serde(skip_serializing_if = "Vec::is_empty")
+        serde(skip_serializing_if = "Option::is_none")
     )]
     /// IPs of hosts, that are currently scanned.
-    pub scanning: Vec<String>,
+    pub scanning: Option<Vec<String>>,
 }

rust/osp/src/response.rs

@@ -613,7 +613,7 @@ impl From<Scan> for models::Status {
                     - i.count_alive.content.0
                     - i.host.len() as u32,
                 finished: i.count_alive.content.0,
-                scanning,
+                scanning: Some(scanning)
             }),
         }
     }

rust/smoketest/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "smoketest"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+models = {path = "../models"}
+clap = { version = "4.4.0", features = ["derive"] }
+reqwest = { version = "0.11.20", features = ["rustls-tls", "blocking", "json"], default-features=false }
+tokio = { version = "1.32.0", features = ["full"] }
+tracing = "0.1.37"
+tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
+serde = {version = "1", features = ["derive"], optional = true}
+serde_json = "1"
+
+[features]
+default = ["serde_support"]
+serde_support = ["serde"]
+
+[dev-dependencies]
+serde_json = "1"

rust/smoketest/Makefile

@@ -0,0 +1,45 @@
+# SPDX-FileCopyrightText: 2023 Greenbone AG
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+.PHONY: build run-with-certs
+
+MAKEFILE_PATH := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
+
+ifdef TARGET_HOSTNAME
+TARGET := $(TARGET_HOSTNAME)
+else
+TARGET := 127.0.0.1
+endif
+
+ifdef OPENVASD
+SERVER := $(OPENVASD)
+else
+SERVER := http://127.0.0.1:8080
+endif
+
+ifndef SCAN_CONFIG
+SCAN_CONFIG := ./simple_scan_ssh_only.json
+endif
+
+ifndef CARGO
+	CARGO := cargo
+endif
+
+ifndef TARGET_USERNAME
+	TARGET_USERNAME := noname
+	TARGET_PASSWORD := nopass
+endif
+
+all: build run-with-certs
+
+build: prepare-scan
+	${CARGO} build
+
+run:
+	cargo test
+
+prepare-scan:
+	sed -i 's|<username>|'$(TARGET_USERNAME)'|' simple_scan_ssh_only.json
+	sed -i 's|<password>|'$(TARGET_PASSWORD)'|' simple_scan_ssh_only.json
+	sed -i 's|<hostname>|'$(TARGET)'|' simple_scan_ssh_only.json

rust/smoketest/README.md

@@ -0,0 +1,49 @@
+# smoke-test
+
+Contains a small subset of functionality tests for openvasd within a controlled environment.
+
+To build and run the tests a Makefile is provided:
+- make build - builds the smoketest binary
+- make run - runs a scan against an scanner API listening on http://127.0.0.1:3000 using the API KEY authentication method
+- make run-with-certs - runs a scan against an scanner API listening on https://127.0.0.1:3000 using the mTLS authentication method plus API KEY
+
+## Configuration
+Independent of the usage of the certificates, the api-key is required. Therefore, `openvasd` must have an api-key set. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).
+
+In case of running the test against a mTLS enabled `openvasd`, you need to configure the client key and cert as well in the smoke test environment. For details on how to configure it, see the [openvasd documentation](../openvasd/README.md).
+
+For creation of the key/cert pair for mTLS authentication, see the tls section in the [openvasd documentation](../openvasd/README.md). Also, you find certificate generators in the [examples](../examples/tls)
+
+For authenticated scans, you can set a custom target (default is 127.0.0.1), username and password.
+
+All settings for running the smoke-tests are set via environmental variables. The next table summarize the settings availables:
+
+|Variable|Description|Default|Mandatory|Comment|
+|--------|-----------|-------|---------|-------|
+|TARGET_HOSTNAME|Custom target|127.0.0.1|no|Necessary for authenticated scans|
+|TARGET_USERNAME|Username for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans|
+|TARGET_PASSWORD|Password for login in the target during the authenticated scan|empty string|no|Necessary for authenticated scans|
+|API_KEY|API Key for authenticated communication with `openvasd`|mtls_is_preferred|yes||
+|OPENVASD|Socket where openvasd listen on|http://127.0.0.1:3000|no|Must be specified with port|
+|CLIENT_CERT|PEM file combinating public certificate and any 3rd party intermediate certificates ||yes for mTLS|Necessary for mTLS enabled|
+|CLIENT_KEY|Client private key||yes for mTLS|Necessary for mTLS enabled|
+|SCAN_CONFIG|Scan config in json file format to be run against the target|simple_scan_ssh_only.json|yes||
+
+
+## Usage
+
+``` bash
+# set env variables
+export CLIENT_CERT=/tmp/cert.pem
+export CLIENT_KEY=/tmp/key.pem
+export OPENVASD=192.168.0.1:3000
+export TARGET_HOSTNAME=192.168.10.10
+export TARGET_USERNAME=user
+export TARGET_PASSWORD=pass
+export API_KEY=mtls_is_preferred
+
+#build and run
+make build 
+make run-with-certs
+```
+

rust/smoketest/simple_scan_ssh_only.json

@@ -0,0 +1,29 @@
+{"target": {"hosts": ["<hostname>"],
+    "ports": [
+      {
+        "protocol": "tcp",
+        "range": [
+          {
+            "start": 22,
+            "end": 22
+          }
+        ]
+      }
+    ],
+    "credentials": [
+      {
+        "service": "ssh",
+        "port": 22,
+        "up": {
+          "username": "<username>",
+          "password": "<password>"
+        }
+      }
+    ]
+  },
+  "vts": [
+    {
+      "oid": "1.3.6.1.4.1.25623.1.0.90022"
+    }
+  ]
+}