github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/debian/debian_test.go (about) 1 package debian_test 2 3 import ( 4 "sort" 5 "testing" 6 "time" 7 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10 fake "k8s.io/utils/clock/testing" 11 12 "github.com/aquasecurity/trivy-db/pkg/db" 13 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 14 "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" 15 "github.com/devseccon/trivy/pkg/dbtest" 16 "github.com/devseccon/trivy/pkg/detector/ospkg/debian" 17 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 18 "github.com/devseccon/trivy/pkg/types" 19 ) 20 21 func TestScanner_Detect(t *testing.T) { 22 type args struct { 23 osVer string 24 pkgs []ftypes.Package 25 } 26 tests := []struct { 27 name string 28 args args 29 fixtures []string 30 want []types.DetectedVulnerability 31 wantErr string 32 }{ 33 { 34 name: "happy path", 35 fixtures: []string{ 36 "testdata/fixtures/debian.yaml", 37 "testdata/fixtures/data-source.yaml", 38 }, 39 args: args{ 40 osVer: "9.1", 41 pkgs: []ftypes.Package{ 42 { 43 Name: "htpasswd", 44 Version: "2.4.24", 45 SrcName: "apache2", 46 SrcVersion: "2.4.24", 47 Layer: ftypes.Layer{ 48 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 49 }, 50 }, 51 }, 52 }, 53 want: []types.DetectedVulnerability{ 54 { 55 PkgName: "htpasswd", 56 VulnerabilityID: "CVE-2020-11985", 57 VendorIDs: []string{"DSA-4884-1"}, 58 InstalledVersion: "2.4.24", 59 FixedVersion: "2.4.25-1", 60 Layer: ftypes.Layer{ 61 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 62 }, 63 DataSource: &dbTypes.DataSource{ 64 ID: vulnerability.Debian, 65 Name: "Debian Security Tracker", 66 URL: "https://salsa.debian.org/security-tracker-team/security-tracker", 67 }, 68 }, 69 { 70 PkgName: "htpasswd", 71 VulnerabilityID: "CVE-2021-31618", 72 InstalledVersion: "2.4.24", 73 Status: dbTypes.StatusWillNotFix, 74 SeveritySource: vulnerability.Debian, 75 Vulnerability: dbTypes.Vulnerability{ 76 Severity: dbTypes.SeverityMedium.String(), 77 }, 78 Layer: ftypes.Layer{ 79 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 80 }, 81 DataSource: &dbTypes.DataSource{ 82 ID: vulnerability.Debian, 83 Name: "Debian Security Tracker", 84 URL: "https://salsa.debian.org/security-tracker-team/security-tracker", 85 }, 86 }, 87 }, 88 }, 89 { 90 name: "invalid bucket", 91 fixtures: []string{ 92 "testdata/fixtures/invalid.yaml", 93 "testdata/fixtures/data-source.yaml", 94 }, 95 args: args{ 96 osVer: "9.1", 97 pkgs: []ftypes.Package{ 98 { 99 Name: "htpasswd", 100 Version: "2.4.24", 101 SrcName: "apache2", 102 SrcVersion: "2.4.24", 103 Layer: ftypes.Layer{ 104 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 105 }, 106 }, 107 }, 108 }, 109 wantErr: "failed to unmarshal advisory JSON", 110 }, 111 } 112 for _, tt := range tests { 113 t.Run(tt.name, func(t *testing.T) { 114 _ = dbtest.InitDB(t, tt.fixtures) 115 defer db.Close() 116 117 s := debian.NewScanner() 118 got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs) 119 if tt.wantErr != "" { 120 require.Error(t, err) 121 assert.Contains(t, err.Error(), tt.wantErr) 122 return 123 } 124 125 sort.Slice(got, func(i, j int) bool { 126 return got[i].VulnerabilityID < got[j].VulnerabilityID 127 }) 128 assert.NoError(t, err) 129 assert.Equal(t, tt.want, got) 130 }) 131 } 132 } 133 134 func TestScanner_IsSupportedVersion(t *testing.T) { 135 type args struct { 136 osFamily ftypes.OSType 137 osVer string 138 } 139 tests := []struct { 140 name string 141 now time.Time 142 args args 143 want bool 144 }{ 145 { 146 name: "debian 7", 147 now: time.Date(2018, 3, 31, 23, 59, 59, 0, time.UTC), 148 args: args{ 149 osFamily: "debian", 150 osVer: "7", 151 }, 152 want: true, 153 }, 154 { 155 name: "debian 8 EOL", 156 now: time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC), 157 args: args{ 158 osFamily: "debian", 159 osVer: "8.2", 160 }, 161 want: false, 162 }, 163 { 164 name: "latest", 165 now: time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC), 166 args: args{ 167 osFamily: "debian", 168 osVer: "999", 169 }, 170 want: true, 171 }, 172 } 173 for _, tt := range tests { 174 t.Run(tt.name, func(t *testing.T) { 175 s := debian.NewScanner(debian.WithClock(fake.NewFakeClock(tt.now))) 176 got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer) 177 assert.Equal(t, tt.want, got) 178 }) 179 } 180 }