github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/amazon/amazon_test.go (about) 1 package amazon_test 2 3 import ( 4 "testing" 5 "time" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 fake "k8s.io/utils/clock/testing" 10 11 "github.com/aquasecurity/trivy-db/pkg/db" 12 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 13 "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" 14 "github.com/devseccon/trivy/pkg/dbtest" 15 "github.com/devseccon/trivy/pkg/detector/ospkg/amazon" 16 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 17 "github.com/devseccon/trivy/pkg/types" 18 ) 19 20 func TestScanner_Detect(t *testing.T) { 21 type args struct { 22 osVer string 23 pkgs []ftypes.Package 24 } 25 tests := []struct { 26 name string 27 args args 28 fixtures []string 29 want []types.DetectedVulnerability 30 wantErr string 31 }{ 32 { 33 name: "amazon linux 1", 34 fixtures: []string{ 35 "testdata/fixtures/amazon.yaml", 36 "testdata/fixtures/data-source.yaml", 37 }, 38 args: args{ 39 osVer: "1.2", 40 pkgs: []ftypes.Package{ 41 { 42 Name: "bind", 43 Epoch: 32, 44 Version: "9.8.2", 45 Release: "0.68.rc1.85.amzn1", 46 Layer: ftypes.Layer{ 47 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 48 }, 49 }, 50 }, 51 }, 52 want: []types.DetectedVulnerability{ 53 { 54 PkgName: "bind", 55 VulnerabilityID: "CVE-2020-8625", 56 InstalledVersion: "32:9.8.2-0.68.rc1.85.amzn1", 57 FixedVersion: "32:9.8.2-0.68.rc1.86.amzn1", 58 Layer: ftypes.Layer{ 59 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 60 }, 61 DataSource: &dbTypes.DataSource{ 62 ID: vulnerability.Amazon, 63 Name: "Amazon Linux Security Center", 64 URL: "https://alas.aws.amazon.com/", 65 }, 66 }, 67 }, 68 }, 69 { 70 name: "amazon linux 2", 71 fixtures: []string{ 72 "testdata/fixtures/amazon.yaml", 73 "testdata/fixtures/data-source.yaml", 74 }, 75 args: args{ 76 osVer: "2", 77 pkgs: []ftypes.Package{ 78 { 79 Name: "bash", 80 Version: "4.2.45", 81 Layer: ftypes.Layer{ 82 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 83 }, 84 }, 85 }, 86 }, 87 want: []types.DetectedVulnerability{ 88 { 89 PkgName: "bash", 90 VulnerabilityID: "CVE-2019-9924", 91 InstalledVersion: "4.2.45", 92 FixedVersion: "4.2.46-34.amzn2", 93 Layer: ftypes.Layer{ 94 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 95 }, 96 DataSource: &dbTypes.DataSource{ 97 ID: vulnerability.Amazon, 98 Name: "Amazon Linux Security Center", 99 URL: "https://alas.aws.amazon.com/", 100 }, 101 }, 102 }, 103 }, 104 { 105 name: "amazon linux 2023", 106 fixtures: []string{ 107 "testdata/fixtures/amazon.yaml", 108 "testdata/fixtures/data-source.yaml", 109 }, 110 args: args{ 111 osVer: "2023", 112 pkgs: []ftypes.Package{ 113 { 114 Name: "protobuf", 115 Version: "3.14.0-7.amzn2023.0.3", 116 Layer: ftypes.Layer{ 117 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 118 }, 119 }, 120 }, 121 }, 122 want: []types.DetectedVulnerability{ 123 { 124 PkgName: "protobuf", 125 VulnerabilityID: "CVE-2022-1941", 126 InstalledVersion: "3.14.0-7.amzn2023.0.3", 127 FixedVersion: "3.19.6-1.amzn2023.0.1", 128 Layer: ftypes.Layer{ 129 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 130 }, 131 DataSource: &dbTypes.DataSource{ 132 ID: vulnerability.Amazon, 133 Name: "Amazon Linux Security Center", 134 URL: "https://alas.aws.amazon.com/", 135 }, 136 }, 137 }, 138 }, 139 { 140 name: "empty version", 141 fixtures: []string{ 142 "testdata/fixtures/amazon.yaml", 143 "testdata/fixtures/data-source.yaml", 144 }, 145 args: args{ 146 osVer: "2", 147 pkgs: []ftypes.Package{ 148 { 149 Name: "bash", 150 }, 151 }, 152 }, 153 }, 154 { 155 name: "Get returns an error", 156 fixtures: []string{ 157 "testdata/fixtures/invalid.yaml", 158 "testdata/fixtures/data-source.yaml", 159 }, 160 args: args{ 161 osVer: "1", 162 pkgs: []ftypes.Package{ 163 { 164 Name: "jq", 165 Version: "1.6-r0", 166 SrcName: "jq", 167 SrcVersion: "1.6-r0", 168 }, 169 }, 170 }, 171 wantErr: "failed to get amazon advisories", 172 }, 173 } 174 for _, tt := range tests { 175 t.Run(tt.name, func(t *testing.T) { 176 _ = dbtest.InitDB(t, tt.fixtures) 177 defer db.Close() 178 179 s := amazon.NewScanner() 180 got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs) 181 if tt.wantErr != "" { 182 require.Error(t, err) 183 assert.Contains(t, err.Error(), tt.wantErr) 184 return 185 } 186 assert.NoError(t, err) 187 assert.Equal(t, tt.want, got) 188 }) 189 } 190 } 191 192 func TestScanner_IsSupportedVersion(t *testing.T) { 193 type args struct { 194 osFamily ftypes.OSType 195 osVer string 196 } 197 tests := []struct { 198 name string 199 now time.Time 200 args args 201 want bool 202 }{ 203 { 204 name: "amazon linux 1", 205 now: time.Date(2022, 5, 31, 23, 59, 59, 0, time.UTC), 206 args: args{ 207 osFamily: "amazon", 208 osVer: "1", 209 }, 210 want: true, 211 }, 212 { 213 name: "amazon linux 1 EOL", 214 now: time.Date(2024, 5, 31, 23, 59, 59, 0, time.UTC), 215 args: args{ 216 osFamily: "amazon", 217 osVer: "1", 218 }, 219 want: false, 220 }, 221 { 222 name: "amazon linux 2", 223 now: time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC), 224 args: args{ 225 osFamily: "amazon", 226 osVer: "2", 227 }, 228 want: true, 229 }, 230 { 231 name: "amazon linux 2022", 232 now: time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC), 233 args: args{ 234 osFamily: "amazon", 235 osVer: "2022", 236 }, 237 want: true, 238 }, 239 { 240 name: "amazon linux 2023", 241 now: time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC), 242 args: args{ 243 osFamily: "amazon", 244 osVer: "2023", 245 }, 246 want: true, 247 }, 248 } 249 for _, tt := range tests { 250 t.Run(tt.name, func(t *testing.T) { 251 s := amazon.NewScanner(amazon.WithClock(fake.NewFakeClock(tt.now))) 252 got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer) 253 assert.Equal(t, tt.want, got) 254 }) 255 } 256 }