def testGatherCpuVulnerabilitiesNonLinux(self):
# Windows VMs do not currently have code to detect CPU vulnerabilities
vuln = linux_virtual_machine.CpuVulnerabilities()
vuln.mitigations['a'] = 'b'
vm = self._MockVmWithVuln('vm1', vuln)
vm.OS_TYPE = 'windows'
self.assertLen(pkb._CreateCpuVulnerabilitySamples([vm]), 0)
def testGatherCpuVulnerabilitiesEmpty(self):
# Even if CpuVulnerabilities is empty a sample is created
vm = self._MockVmWithVuln('vm1',
linux_virtual_machine.CpuVulnerabilities())
samples = pkb._CreateCpuVulnerabilitySamples([vm])
self.assertEqual({'vm_name': 'vm1'}, samples[0].metadata)
self.assertLen(samples, 1)
def testGatherCpuVulnerabilities(self):
prefix = '/sys/devices/system/cpu/vulnerabilities'
vm0 = self._MockVm('vm0', f"""{prefix}/itlb_multihit:KVM: Vulnerable""")
vm1 = self._MockVm('vm1', f"""{prefix}/l1tf:Mitigation: PTE Inversion""")
samples = pkb._CreateCpuVulnerabilitySamples([vm0, vm1])
self.assertEqual('cpu_vuln', samples[0].metric)
expected_metadata0 = {
'vm_name': 'vm0',
'vulnerabilities': 'itlb_multihit',
'vulnerability_itlb_multihit': 'KVM',
}
expected_metadata1 = {
'vm_name': 'vm1',
'mitigations': 'l1tf',
'mitigation_l1tf': 'PTE Inversion',
}
self.assertEqual(expected_metadata0, samples[0].metadata)
self.assertEqual(expected_metadata1, samples[1].metadata)
self.assertLen(samples, 2)