github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/amazon/amazon_test.go (about)

     1  package amazon_test
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  	"github.com/stretchr/testify/require"
     9  	fake "k8s.io/utils/clock/testing"
    10  
    11  	"github.com/aquasecurity/trivy-db/pkg/db"
    12  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
    13  	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
    14  	"github.com/devseccon/trivy/pkg/dbtest"
    15  	"github.com/devseccon/trivy/pkg/detector/ospkg/amazon"
    16  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
    17  	"github.com/devseccon/trivy/pkg/types"
    18  )
    19  
    20  func TestScanner_Detect(t *testing.T) {
    21  	type args struct {
    22  		osVer string
    23  		pkgs  []ftypes.Package
    24  	}
    25  	tests := []struct {
    26  		name     string
    27  		args     args
    28  		fixtures []string
    29  		want     []types.DetectedVulnerability
    30  		wantErr  string
    31  	}{
    32  		{
    33  			name: "amazon linux 1",
    34  			fixtures: []string{
    35  				"testdata/fixtures/amazon.yaml",
    36  				"testdata/fixtures/data-source.yaml",
    37  			},
    38  			args: args{
    39  				osVer: "1.2",
    40  				pkgs: []ftypes.Package{
    41  					{
    42  						Name:    "bind",
    43  						Epoch:   32,
    44  						Version: "9.8.2",
    45  						Release: "0.68.rc1.85.amzn1",
    46  						Layer: ftypes.Layer{
    47  							DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
    48  						},
    49  					},
    50  				},
    51  			},
    52  			want: []types.DetectedVulnerability{
    53  				{
    54  					PkgName:          "bind",
    55  					VulnerabilityID:  "CVE-2020-8625",
    56  					InstalledVersion: "32:9.8.2-0.68.rc1.85.amzn1",
    57  					FixedVersion:     "32:9.8.2-0.68.rc1.86.amzn1",
    58  					Layer: ftypes.Layer{
    59  						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
    60  					},
    61  					DataSource: &dbTypes.DataSource{
    62  						ID:   vulnerability.Amazon,
    63  						Name: "Amazon Linux Security Center",
    64  						URL:  "https://alas.aws.amazon.com/",
    65  					},
    66  				},
    67  			},
    68  		},
    69  		{
    70  			name: "amazon linux 2",
    71  			fixtures: []string{
    72  				"testdata/fixtures/amazon.yaml",
    73  				"testdata/fixtures/data-source.yaml",
    74  			},
    75  			args: args{
    76  				osVer: "2",
    77  				pkgs: []ftypes.Package{
    78  					{
    79  						Name:    "bash",
    80  						Version: "4.2.45",
    81  						Layer: ftypes.Layer{
    82  							DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
    83  						},
    84  					},
    85  				},
    86  			},
    87  			want: []types.DetectedVulnerability{
    88  				{
    89  					PkgName:          "bash",
    90  					VulnerabilityID:  "CVE-2019-9924",
    91  					InstalledVersion: "4.2.45",
    92  					FixedVersion:     "4.2.46-34.amzn2",
    93  					Layer: ftypes.Layer{
    94  						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
    95  					},
    96  					DataSource: &dbTypes.DataSource{
    97  						ID:   vulnerability.Amazon,
    98  						Name: "Amazon Linux Security Center",
    99  						URL:  "https://alas.aws.amazon.com/",
   100  					},
   101  				},
   102  			},
   103  		},
   104  		{
   105  			name: "amazon linux 2023",
   106  			fixtures: []string{
   107  				"testdata/fixtures/amazon.yaml",
   108  				"testdata/fixtures/data-source.yaml",
   109  			},
   110  			args: args{
   111  				osVer: "2023",
   112  				pkgs: []ftypes.Package{
   113  					{
   114  						Name:    "protobuf",
   115  						Version: "3.14.0-7.amzn2023.0.3",
   116  						Layer: ftypes.Layer{
   117  							DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
   118  						},
   119  					},
   120  				},
   121  			},
   122  			want: []types.DetectedVulnerability{
   123  				{
   124  					PkgName:          "protobuf",
   125  					VulnerabilityID:  "CVE-2022-1941",
   126  					InstalledVersion: "3.14.0-7.amzn2023.0.3",
   127  					FixedVersion:     "3.19.6-1.amzn2023.0.1",
   128  					Layer: ftypes.Layer{
   129  						DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
   130  					},
   131  					DataSource: &dbTypes.DataSource{
   132  						ID:   vulnerability.Amazon,
   133  						Name: "Amazon Linux Security Center",
   134  						URL:  "https://alas.aws.amazon.com/",
   135  					},
   136  				},
   137  			},
   138  		},
   139  		{
   140  			name: "empty version",
   141  			fixtures: []string{
   142  				"testdata/fixtures/amazon.yaml",
   143  				"testdata/fixtures/data-source.yaml",
   144  			},
   145  			args: args{
   146  				osVer: "2",
   147  				pkgs: []ftypes.Package{
   148  					{
   149  						Name: "bash",
   150  					},
   151  				},
   152  			},
   153  		},
   154  		{
   155  			name: "Get returns an error",
   156  			fixtures: []string{
   157  				"testdata/fixtures/invalid.yaml",
   158  				"testdata/fixtures/data-source.yaml",
   159  			},
   160  			args: args{
   161  				osVer: "1",
   162  				pkgs: []ftypes.Package{
   163  					{
   164  						Name:       "jq",
   165  						Version:    "1.6-r0",
   166  						SrcName:    "jq",
   167  						SrcVersion: "1.6-r0",
   168  					},
   169  				},
   170  			},
   171  			wantErr: "failed to get amazon advisories",
   172  		},
   173  	}
   174  	for _, tt := range tests {
   175  		t.Run(tt.name, func(t *testing.T) {
   176  			_ = dbtest.InitDB(t, tt.fixtures)
   177  			defer db.Close()
   178  
   179  			s := amazon.NewScanner()
   180  			got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs)
   181  			if tt.wantErr != "" {
   182  				require.Error(t, err)
   183  				assert.Contains(t, err.Error(), tt.wantErr)
   184  				return
   185  			}
   186  			assert.NoError(t, err)
   187  			assert.Equal(t, tt.want, got)
   188  		})
   189  	}
   190  }
   191  
   192  func TestScanner_IsSupportedVersion(t *testing.T) {
   193  	type args struct {
   194  		osFamily ftypes.OSType
   195  		osVer    string
   196  	}
   197  	tests := []struct {
   198  		name string
   199  		now  time.Time
   200  		args args
   201  		want bool
   202  	}{
   203  		{
   204  			name: "amazon linux 1",
   205  			now:  time.Date(2022, 5, 31, 23, 59, 59, 0, time.UTC),
   206  			args: args{
   207  				osFamily: "amazon",
   208  				osVer:    "1",
   209  			},
   210  			want: true,
   211  		},
   212  		{
   213  			name: "amazon linux 1 EOL",
   214  			now:  time.Date(2024, 5, 31, 23, 59, 59, 0, time.UTC),
   215  			args: args{
   216  				osFamily: "amazon",
   217  				osVer:    "1",
   218  			},
   219  			want: false,
   220  		},
   221  		{
   222  			name: "amazon linux 2",
   223  			now:  time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC),
   224  			args: args{
   225  				osFamily: "amazon",
   226  				osVer:    "2",
   227  			},
   228  			want: true,
   229  		},
   230  		{
   231  			name: "amazon linux 2022",
   232  			now:  time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC),
   233  			args: args{
   234  				osFamily: "amazon",
   235  				osVer:    "2022",
   236  			},
   237  			want: true,
   238  		},
   239  		{
   240  			name: "amazon linux 2023",
   241  			now:  time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC),
   242  			args: args{
   243  				osFamily: "amazon",
   244  				osVer:    "2023",
   245  			},
   246  			want: true,
   247  		},
   248  	}
   249  	for _, tt := range tests {
   250  		t.Run(tt.name, func(t *testing.T) {
   251  			s := amazon.NewScanner(amazon.WithClock(fake.NewFakeClock(tt.now)))
   252  			got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer)
   253  			assert.Equal(t, tt.want, got)
   254  		})
   255  	}
   256  }