github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/alma/alma_test.go (about) 1 package alma_test 2 3 import ( 4 "testing" 5 "time" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 fake "k8s.io/utils/clock/testing" 10 11 "github.com/aquasecurity/trivy-db/pkg/db" 12 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 13 "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" 14 "github.com/devseccon/trivy/pkg/dbtest" 15 "github.com/devseccon/trivy/pkg/detector/ospkg/alma" 16 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 17 "github.com/devseccon/trivy/pkg/types" 18 ) 19 20 func TestScanner_Detect(t *testing.T) { 21 type args struct { 22 osVer string 23 pkgs []ftypes.Package 24 } 25 tests := []struct { 26 name string 27 args args 28 fixtures []string 29 want []types.DetectedVulnerability 30 wantErr string 31 }{ 32 { 33 name: "happy path", 34 fixtures: []string{ 35 "testdata/fixtures/alma.yaml", 36 "testdata/fixtures/data-source.yaml", 37 }, 38 args: args{ 39 osVer: "8.4", 40 pkgs: []ftypes.Package{ 41 { 42 Name: "python3-libs", 43 Epoch: 0, 44 Version: "3.6.8", 45 Release: "36.el8.alma", 46 Arch: "x86_64", 47 SrcName: "python3", 48 SrcEpoch: 0, 49 SrcVersion: "3.6.8", 50 SrcRelease: "36.el8.alma", 51 Modularitylabel: "", 52 Licenses: []string{"Python"}, 53 Layer: ftypes.Layer{}, 54 }, 55 }, 56 }, 57 want: []types.DetectedVulnerability{ 58 { 59 PkgName: "python3-libs", 60 VulnerabilityID: "CVE-2020-26116", 61 InstalledVersion: "3.6.8-36.el8.alma", 62 FixedVersion: "3.6.8-37.el8.alma", 63 Layer: ftypes.Layer{}, 64 DataSource: &dbTypes.DataSource{ 65 ID: vulnerability.Alma, 66 Name: "AlmaLinux Product Errata", 67 URL: "https://errata.almalinux.org/", 68 }, 69 }, 70 }, 71 }, 72 { 73 name: "skip modular package", 74 fixtures: []string{ 75 "testdata/fixtures/modular.yaml", 76 "testdata/fixtures/data-source.yaml", 77 }, 78 args: args{ 79 osVer: "8.4", 80 pkgs: []ftypes.Package{ 81 { 82 Name: "nginx", 83 Epoch: 1, 84 Version: "1.14.1", 85 Release: "8.module_el8.3.0+2165+af250afe.alma", 86 Arch: "x86_64", 87 SrcName: "nginx", 88 SrcEpoch: 1, 89 SrcVersion: "1.14.1", 90 SrcRelease: "8.module_el8.3.0+2165+af250afe.alma", 91 Modularitylabel: "", // ref: https://bugs.almalinux.org/view.php?id=173 , https://github.com/devseccon/trivy/issues/2342#issuecomment-1158459628 92 Licenses: []string{"BSD"}, 93 Layer: ftypes.Layer{}, 94 }, 95 }, 96 }, 97 want: nil, 98 }, 99 { 100 name: "modular package", 101 fixtures: []string{ 102 "testdata/fixtures/modular.yaml", 103 "testdata/fixtures/data-source.yaml", 104 }, 105 args: args{ 106 osVer: "8.6", 107 pkgs: []ftypes.Package{ 108 { 109 Name: "httpd", 110 Epoch: 0, 111 Version: "2.4.37", 112 Release: "46.module_el8.6.0+2872+fe0ff7aa.1.alma", 113 Arch: "x86_64", 114 SrcName: "httpd", 115 SrcEpoch: 0, 116 SrcVersion: "2.4.37", 117 SrcRelease: "46.module_el8.6.0+2872+fe0ff7aa.1.alma", 118 Modularitylabel: "httpd:2.4:8060020220510105858:9edba152", 119 Licenses: []string{"ASL 2.0"}, 120 Layer: ftypes.Layer{}, 121 }, 122 }, 123 }, 124 want: []types.DetectedVulnerability{ 125 { 126 PkgName: "httpd", 127 VulnerabilityID: "CVE-2020-35452", 128 InstalledVersion: "2.4.37-46.module_el8.6.0+2872+fe0ff7aa.1.alma", 129 FixedVersion: "2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma", 130 Layer: ftypes.Layer{}, 131 DataSource: &dbTypes.DataSource{ 132 ID: vulnerability.Alma, 133 Name: "AlmaLinux Product Errata", 134 URL: "https://errata.almalinux.org/", 135 }, 136 }, 137 }, 138 }, 139 { 140 name: "Get returns an error", 141 fixtures: []string{ 142 "testdata/fixtures/invalid.yaml", 143 "testdata/fixtures/data-source.yaml", 144 }, 145 args: args{ 146 osVer: "8.4", 147 pkgs: []ftypes.Package{ 148 { 149 Name: "jq", 150 Version: "1.5-12", 151 SrcName: "jq", 152 SrcVersion: "1.5-12", 153 }, 154 }, 155 }, 156 wantErr: "failed to get AlmaLinux advisories", 157 }, 158 } 159 for _, tt := range tests { 160 t.Run(tt.name, func(t *testing.T) { 161 _ = dbtest.InitDB(t, tt.fixtures) 162 defer db.Close() 163 164 s := alma.NewScanner() 165 got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs) 166 if tt.wantErr != "" { 167 require.Error(t, err) 168 assert.Contains(t, err.Error(), tt.wantErr) 169 return 170 } 171 assert.NoError(t, err) 172 assert.Equal(t, tt.want, got) 173 }) 174 } 175 } 176 177 func TestScanner_IsSupportedVersion(t *testing.T) { 178 type args struct { 179 osFamily ftypes.OSType 180 osVer string 181 } 182 tests := []struct { 183 name string 184 now time.Time 185 args args 186 want bool 187 }{ 188 { 189 name: "alma 8.4", 190 now: time.Date(2019, 3, 2, 23, 59, 59, 0, time.UTC), 191 args: args{ 192 osFamily: "alma", 193 osVer: "8.4", 194 }, 195 want: true, 196 }, 197 { 198 name: "alma 8.4 with EOL", 199 now: time.Date(2030, 1, 1, 0, 0, 0, 0, time.UTC), 200 args: args{ 201 osFamily: "alma", 202 osVer: "8.4", 203 }, 204 want: false, 205 }, 206 { 207 name: "latest", 208 now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC), 209 args: args{ 210 osFamily: "alma", 211 osVer: "999", 212 }, 213 want: true, 214 }, 215 } 216 for _, tt := range tests { 217 t.Run(tt.name, func(t *testing.T) { 218 s := alma.NewScanner(alma.WithClock(fake.NewFakeClock(tt.now))) 219 got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer) 220 assert.Equal(t, tt.want, got) 221 }) 222 } 223 }