From 0e44bbb29a3ac40923810a62f7ebe2d8fad0b825 Mon Sep 17 00:00:00 2001
From: Tomoya Amachi <tomoya.amachi@gmail.com>
Date: Tue, 31 Aug 2021 13:15:36 +0900
Subject: [PATCH] allow apt(-get) update && upgrade (#138)

---
 pkg/assessor/manifest/manifest.go             | 12 +--
 pkg/assessor/manifest/manifest_test.go        | 28 ++++++-
 .../manifest/testdata/apt_update_upgrade.json | 78 +++++++++++++++++++
 3 files changed, 111 insertions(+), 7 deletions(-)
 create mode 100644 pkg/assessor/manifest/testdata/apt_update_upgrade.json

diff --git a/pkg/assessor/manifest/manifest.go b/pkg/assessor/manifest/manifest.go
index 6c38264..56183ec 100644
--- a/pkg/assessor/manifest/manifest.go
+++ b/pkg/assessor/manifest/manifest.go
@@ -138,7 +138,7 @@ func assessHistory(index int, cmd types.History) []*types.Assessment {
 		assesses = append(assesses, &types.Assessment{
 			Code:     types.MinimizeAptGet,
 			Filename: ConfigFileName,
-			Desc:     fmt.Sprintf("Use 'rm -rf /var/lib/apt/lists' after 'apt-get install' : %s", cmd.CreatedBy),
+			Desc:     fmt.Sprintf("Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' : %s", cmd.CreatedBy),
 		})
 	}
 
@@ -146,7 +146,7 @@ func assessHistory(index int, cmd types.History) []*types.Assessment {
 		assesses = append(assesses, &types.Assessment{
 			Code:     types.UseAptGetUpdateNoCache,
 			Filename: ConfigFileName,
-			Desc:     fmt.Sprintf("Always combine 'apt-get update' with 'apt-get install' : %s", cmd.CreatedBy),
+			Desc:     fmt.Sprintf("Always combine 'apt-get update' with 'apt-get install|upgrade' : %s", cmd.CreatedBy),
 		})
 	}
 
@@ -208,17 +208,17 @@ func reducableAptGetUpdate(cmdSlices map[int][]string) bool {
 	var useAptUpdate bool
 	var useAptInstall bool
 	for _, cmdSlice := range cmdSlices {
-		if !useAptUpdate && containsAll(cmdSlice, []string{"apt-get", "update"}) {
+		if !useAptUpdate && containsThreshold(cmdSlice, []string{"apt-get", "apt", "update"}, 2) {
 			useAptUpdate = true
 		}
-
-		if !useAptInstall && containsAll(cmdSlice, []string{"apt-get", "install"}) {
+		if !useAptInstall && containsThreshold(cmdSlice, []string{"apt-get", "apt", "upgrade", "install"}, 2) {
 			useAptInstall = true
 		}
 		if useAptUpdate && useAptInstall {
 			return false
 		}
 	}
+
 	if useAptUpdate && !useAptInstall {
 		return true
 	}
@@ -229,7 +229,7 @@ func reducableAptGetInstall(cmdSlices map[int][]string) bool {
 	var useAptInstall bool
 	var useRmCache bool
 	for _, cmdSlice := range cmdSlices {
-		if !useAptInstall && containsAll(cmdSlice, []string{"apt-get", "install"}) {
+		if !useAptInstall && containsThreshold(cmdSlice, []string{"apt-get", "apt", "update", "install"}, 2) {
 			useAptInstall = true
 		}
 		if !useRmCache && containsThreshold(
diff --git a/pkg/assessor/manifest/manifest_test.go b/pkg/assessor/manifest/manifest_test.go
index 294dbb8..ce9d664 100644
--- a/pkg/assessor/manifest/manifest_test.go
+++ b/pkg/assessor/manifest/manifest_test.go
@@ -51,6 +51,24 @@ func TestAssess(t *testing.T) {
 				},
 			},
 		},
+		"AptUpdateUpgrade": {
+			path: "./testdata/apt_update_upgrade.json",
+
+			assesses: []*types.Assessment{
+				{
+					Code:     types.AvoidRootDefault,
+					Filename: ConfigFileName,
+				},
+				{
+					Code:     types.MinimizeAptGet,
+					Filename: ConfigFileName,
+				},
+				{
+					Code:     types.AddHealthcheck,
+					Filename: ConfigFileName,
+				},
+			},
+		},
 	}
 
 	for testname, v := range tests {
@@ -243,7 +261,7 @@ func TestReducableAptGetInstall(t *testing.T) {
 			},
 			expected: true,
 		},
-		"NoInstall": {
+		"OnlyUpdate": {
 			cmdSlices: map[int][]string{
 				0: {
 					"apt-get", "update",
@@ -252,6 +270,14 @@ func TestReducableAptGetInstall(t *testing.T) {
 					"apt-get", "purge",
 				},
 			},
+			expected: true,
+		},
+		"NoUpdateInstall": {
+			cmdSlices: map[int][]string{
+				0: {
+					"apt-get", "purge",
+				},
+			},
 			expected: false,
 		},
 		"UnReducable": {
diff --git a/pkg/assessor/manifest/testdata/apt_update_upgrade.json b/pkg/assessor/manifest/testdata/apt_update_upgrade.json
new file mode 100644
index 0000000..6371e17
--- /dev/null
+++ b/pkg/assessor/manifest/testdata/apt_update_upgrade.json
@@ -0,0 +1,78 @@
+{
+  "architecture": "arm64",
+  "config": {
+    "Hostname": "",
+    "Domainname": "",
+    "User": "",
+    "AttachStdin": false,
+    "AttachStdout": false,
+    "AttachStderr": false,
+    "Tty": false,
+    "OpenStdin": false,
+    "StdinOnce": false,
+    "Env": [
+      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    ],
+    "Cmd": [
+      "bash"
+    ],
+    "Image": "sha256:37fe96a532d30f99df9d33b2e5568f7340eb412679250731e1446cf429a6eb9e",
+    "Volumes": null,
+    "WorkingDir": "",
+    "Entrypoint": null,
+    "OnBuild": null,
+    "Labels": null
+  },
+  "container": "2f74aee84e66a15a4fd8938e8e77913dcb84e23fa401bb09fef1f6754199a036",
+  "container_config": {
+    "Hostname": "",
+    "Domainname": "",
+    "User": "",
+    "AttachStdin": false,
+    "AttachStdout": false,
+    "AttachStderr": false,
+    "Tty": false,
+    "OpenStdin": false,
+    "StdinOnce": false,
+    "Env": [
+      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    ],
+    "Cmd": [
+      "/bin/sh",
+      "-c",
+      "apt-get update -y && apt-get upgrade -y && echo \"hello\""
+    ],
+    "Image": "sha256:37fe96a532d30f99df9d33b2e5568f7340eb412679250731e1446cf429a6eb9e",
+    "Volumes": null,
+    "WorkingDir": "",
+    "Entrypoint": null,
+    "OnBuild": null,
+    "Labels": null
+  },
+  "created": "2021-08-31T01:39:59.963242465Z",
+  "docker_version": "20.10.8",
+  "history": [
+    {
+      "created": "2021-08-17T01:45:48.451416155Z",
+      "created_by": "/bin/sh -c #(nop) ADD file:1e52a0aa8f37622b3d0d73bddae98dd854cdd0b001fffe704eb833b2659413ec in / "
+    },
+    {
+      "created": "2021-08-17T01:45:49.041321963Z",
+      "created_by": "/bin/sh -c #(nop)  CMD [\"bash\"]",
+      "empty_layer": true
+    },
+    {
+      "created": "2021-08-31T01:39:59.963242465Z",
+      "created_by": "/bin/sh -c apt-get update -y && apt-get upgrade -y && echo \"hello\""
+    }
+  ],
+  "os": "linux",
+  "rootfs": {
+    "type": "layers",
+    "diff_ids": [
+      "sha256:9d93ee5b513b12ff60d69072e4ff0dbdca71652c489b9750a96a85bec726a17e",
+      "sha256:a50611151d42ef5da2ce47cc17e366b8214a937ee875573b99e11ab678c54cd2"
+    ]
+  },
+  "variant": "v8"
+}