github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/chainguard/chainguard_test.go (about) 1 package chainguard_test 2 3 import ( 4 "sort" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 10 "github.com/aquasecurity/trivy-db/pkg/db" 11 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 12 "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" 13 "github.com/devseccon/trivy/pkg/dbtest" 14 "github.com/devseccon/trivy/pkg/detector/ospkg/chainguard" 15 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 16 "github.com/devseccon/trivy/pkg/types" 17 ) 18 19 func TestScanner_Detect(t *testing.T) { 20 type args struct { 21 repo *ftypes.Repository 22 pkgs []ftypes.Package 23 } 24 tests := []struct { 25 name string 26 args args 27 fixtures []string 28 want []types.DetectedVulnerability 29 wantErr string 30 }{ 31 { 32 name: "happy path", 33 fixtures: []string{ 34 "testdata/fixtures/chainguard.yaml", 35 "testdata/fixtures/data-source.yaml", 36 }, 37 args: args{ 38 pkgs: []ftypes.Package{ 39 { 40 Name: "ansible", 41 Version: "2.6.4", 42 SrcName: "ansible", 43 SrcVersion: "2.6.4", 44 Layer: ftypes.Layer{ 45 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 46 }, 47 }, 48 { 49 Name: "invalid", 50 Version: "invalid", // skipped 51 SrcName: "invalid", 52 SrcVersion: "invalid", 53 }, 54 }, 55 }, 56 want: []types.DetectedVulnerability{ 57 { 58 PkgName: "ansible", 59 VulnerabilityID: "CVE-2019-10217", 60 InstalledVersion: "2.6.4", 61 FixedVersion: "2.8.4-r0", 62 Layer: ftypes.Layer{ 63 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 64 }, 65 DataSource: &dbTypes.DataSource{ 66 ID: vulnerability.Chainguard, 67 Name: "Chainguard Secdb", 68 URL: "https://packages.cgr.dev/chainguard/security.json", 69 }, 70 }, 71 }, 72 }, 73 { 74 name: "contain rc", 75 fixtures: []string{ 76 "testdata/fixtures/chainguard.yaml", 77 "testdata/fixtures/data-source.yaml", 78 }, 79 args: args{ 80 pkgs: []ftypes.Package{ 81 { 82 Name: "jq", 83 Version: "1.6-r0", 84 SrcName: "jq", 85 SrcVersion: "1.6-r0", 86 }, 87 }, 88 }, 89 want: []types.DetectedVulnerability{ 90 { 91 PkgName: "jq", 92 VulnerabilityID: "CVE-2020-1234", 93 InstalledVersion: "1.6-r0", 94 FixedVersion: "1.6-r1", 95 DataSource: &dbTypes.DataSource{ 96 ID: vulnerability.Chainguard, 97 Name: "Chainguard Secdb", 98 URL: "https://packages.cgr.dev/chainguard/security.json", 99 }, 100 }, 101 }, 102 }, 103 { 104 name: "contain pre", 105 fixtures: []string{ 106 "testdata/fixtures/chainguard.yaml", 107 "testdata/fixtures/data-source.yaml", 108 }, 109 args: args{ 110 pkgs: []ftypes.Package{ 111 { 112 Name: "test", 113 Version: "0.1.0_alpha", 114 SrcName: "test-src", 115 SrcVersion: "0.1.0_alpha", 116 Layer: ftypes.Layer{ 117 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 118 }, 119 }, 120 }, 121 }, 122 want: []types.DetectedVulnerability{ 123 { 124 VulnerabilityID: "CVE-2030-0002", 125 PkgName: "test", 126 InstalledVersion: "0.1.0_alpha", 127 FixedVersion: "0.1.0_alpha2", 128 Layer: ftypes.Layer{ 129 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 130 }, 131 DataSource: &dbTypes.DataSource{ 132 ID: vulnerability.Chainguard, 133 Name: "Chainguard Secdb", 134 URL: "https://packages.cgr.dev/chainguard/security.json", 135 }, 136 }, 137 }, 138 }, 139 { 140 name: "Get returns an error", 141 fixtures: []string{ 142 "testdata/fixtures/invalid.yaml", 143 "testdata/fixtures/data-source.yaml", 144 }, 145 args: args{ 146 pkgs: []ftypes.Package{ 147 { 148 Name: "jq", 149 Version: "1.6-r0", 150 SrcName: "jq", 151 SrcVersion: "1.6-r0", 152 }, 153 }, 154 }, 155 wantErr: "failed to get Chainguard advisories", 156 }, 157 { 158 name: "No src name", 159 fixtures: []string{ 160 "testdata/fixtures/chainguard.yaml", 161 "testdata/fixtures/data-source.yaml", 162 }, 163 args: args{ 164 repo: &ftypes.Repository{ 165 Family: ftypes.Chainguard, 166 Release: "3.10", 167 }, 168 pkgs: []ftypes.Package{ 169 { 170 Name: "jq", 171 Version: "1.6-r0", 172 SrcVersion: "1.6-r0", 173 }, 174 }, 175 }, 176 want: []types.DetectedVulnerability{ 177 { 178 PkgName: "jq", 179 VulnerabilityID: "CVE-2020-1234", 180 InstalledVersion: "1.6-r0", 181 FixedVersion: "1.6-r1", 182 DataSource: &dbTypes.DataSource{ 183 ID: vulnerability.Chainguard, 184 Name: "Chainguard Secdb", 185 URL: "https://packages.cgr.dev/chainguard/security.json", 186 }, 187 }, 188 }, 189 }, 190 } 191 for _, tt := range tests { 192 t.Run(tt.name, func(t *testing.T) { 193 _ = dbtest.InitDB(t, tt.fixtures) 194 defer db.Close() 195 196 s := chainguard.NewScanner() 197 got, err := s.Detect("", tt.args.repo, tt.args.pkgs) 198 if tt.wantErr != "" { 199 require.Error(t, err) 200 assert.Contains(t, err.Error(), tt.wantErr) 201 return 202 } 203 204 sort.Slice(got, func(i, j int) bool { 205 return got[i].VulnerabilityID < got[j].VulnerabilityID 206 }) 207 assert.NoError(t, err) 208 assert.Equal(t, tt.want, got) 209 }) 210 } 211 }