Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/canonical/edgex-checkbox-provider
This project contains the Checkbox tests of the Edgex Foundry snaps.
Upstream: https://github.com/canonical/edgex-checkbox-provider
Mirror: https://code.launchpad.net/checkbox-provider-edgex
The mirror and upstream are synced automatically every 5 hours. The import may be triggered manually.
When a snap is released to a $TRACK/beta
channel, the corresponding checkbox tests are triggered on Ubuntu certified hardware.
The checkbox-edgexfoundry allows the execution of tests on different platforms. Note that this doesn't provide full isolation as we need to install it in developer mode to have the necessary system access.
EdgeX 2.3 and older
For testing EdgeX 2.3 (Levski), 2.1 (Jakarta/LTS), and older, refer to the edgex-v2 branch.
This snap is built on launchpad from the mirror (see above) and published as checkbox-edgexfoundry.
Install the snap:
sudo snap install checkbox-edgexfoundry --devmode --edge
Run:
sudo DEFAULT_TEST_CHANNEL="latest/beta" checkbox-edgexfoundry.latest
checkbox-edgexfoundry.checkbox-cli
Then, scroll down and press SPACE to select the desired test plan:
Select test plan
┌─────────────────────────────────────────────────┐
│ ( ) Dock Hot Plug tests │
│ ( ) EdgeX Fuji │
│ ( ) EdgeX Geneva │
│ ( ) EdgeX Hanoi │
│ ( ) EdgeX Ireland │
│ ( ) EdgeX Jakarta │
│ (X) EdgeX Latest │
│ ( ) Firewire tests │
└─────────────────────────────────────────────────┘
Press <Enter> to continue (H) Help
core
instance with Multipass:multipass launch core --name=uc16
multipass transfer checkbox-edgexfoundry_2.0_amd64.snap uc16:
multipass shell uc16
The snap can be build locally using the snapcraft
command.
Install:
sudo snap install --devmode --dangerous ./checkbox-edgexfoundry_2.0_amd64.snap
If installed from scratch, manually connect the interfaces:
# sudo snap install checkbox20 # installed automatically as it is the default provider for a few plugs
sudo snap connect checkbox-edgexfoundry:checkbox-runtime checkbox20:checkbox-runtime
sudo snap connect checkbox-edgexfoundry:provider-resource checkbox20:provider-resource
sudo snap connect checkbox-edgexfoundry:provider-checkbox checkbox20:provider-checkbox
Then, run the tests as usual.
To modify those test files without rebuilding the snap, follow these steps:
snap download checkbox-edgexfoundry --edge
unsquashfs checkbox-edgexfoundry_99.snap
Update the test you are working on in ./squashfs-root/providers/checkbox-provider-edgex/data/
.
Optionally, to save time, modify latest.pxu to remove all tests other than the one you are testing.
Run the tests with:
mksquashfs ./squashfs-root checkbox-edgexfoundry.snap -noappend -comp xz -all-root -no-xattrs -no-fragments
sudo snap install ./checkbox-edgexfoundry.snap --devmode
sudo snap connect checkbox-edgexfoundry:checkbox-runtime checkbox20:checkbox-runtime
sudo snap connect checkbox-edgexfoundry:provider-resource checkbox20:provider-resource
sudo snap connect checkbox-edgexfoundry:provider-checkbox checkbox20:provider-checkbox
sudo DEFAULT_TEST_CHANNEL="latest/beta" checkbox-edgexfoundry.latest
The latest tests are written in Go, available here.
To check the used testing suites, refer to units/latest.pxu.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.