github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/oracle/oracle_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/oracle/oracle_test.go (about)

     1  package oracle
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  	"github.com/stretchr/testify/require"
     9  	"k8s.io/utils/clock"
    10  	clocktesting "k8s.io/utils/clock/testing"
    11  
    12  	"github.com/aquasecurity/trivy-db/pkg/db"
    13  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
    14  	oracleoval "github.com/aquasecurity/trivy-db/pkg/vulnsrc/oracle-oval"
    15  	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
    16  	"github.com/devseccon/trivy/pkg/dbtest"
    17  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
    18  	"github.com/devseccon/trivy/pkg/types"
    19  )
    20  
    21  func TestScanner_IsSupportedVersion(t *testing.T) {
    22  	vectors := map[string]struct {
    23  		clock     clock.Clock
    24  		osFamily  ftypes.OSType
    25  		osVersion string
    26  		expected  bool
    27  	}{
    28  		"oracle3": {
    29  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    30  			osFamily:  "oracle",
    31  			osVersion: "3",
    32  			expected:  false,
    33  		},
    34  		"oracle4": {
    35  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    36  			osFamily:  "oracle",
    37  			osVersion: "4",
    38  			expected:  false,
    39  		},
    40  		"oracle5": {
    41  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    42  			osFamily:  "oracle",
    43  			osVersion: "5",
    44  			expected:  false,
    45  		},
    46  		"oracle6": {
    47  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    48  			osFamily:  "oracle",
    49  			osVersion: "6",
    50  			expected:  true,
    51  		},
    52  		"oracle7": {
    53  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    54  			osFamily:  "oracle",
    55  			osVersion: "7",
    56  			expected:  true,
    57  		},
    58  		"oracle7.6": {
    59  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    60  			osFamily:  "oracle",
    61  			osVersion: "7.6",
    62  			expected:  true,
    63  		},
    64  		"oracle8": {
    65  			clock:     clocktesting.NewFakeClock(time.Date(2029, 7, 18, 23, 59, 58, 59, time.UTC)),
    66  			osFamily:  "oracle",
    67  			osVersion: "8",
    68  			expected:  true,
    69  		},
    70  		"oracle8-same-time": {
    71  			clock:     clocktesting.NewFakeClock(time.Date(2029, 7, 18, 23, 59, 59, 0, time.UTC)),
    72  			osFamily:  "oracle",
    73  			osVersion: "8",
    74  			expected:  false,
    75  		},
    76  		"latest": {
    77  			clock:     clocktesting.NewFakeClock(time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC)),
    78  			osFamily:  "oracle",
    79  			osVersion: "latest",
    80  			expected:  true,
    81  		},
    82  	}
    83  
    84  	for testName, v := range vectors {
    85  		s := &Scanner{
    86  			vs:    oracleoval.NewVulnSrc(),
    87  			clock: v.clock,
    88  		}
    89  		t.Run(testName, func(t *testing.T) {
    90  			actual := s.IsSupportedVersion(v.osFamily, v.osVersion)
    91  			if actual != v.expected {
    92  				t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
    93  			}
    94  		})
    95  	}
    96  
    97  }
    98  
    99  func TestScanner_Detect(t *testing.T) {
   100  	type args struct {
   101  		osVer string
   102  		pkgs  []ftypes.Package
   103  	}
   104  	tests := []struct {
   105  		name     string
   106  		args     args
   107  		fixtures []string
   108  		want     []types.DetectedVulnerability
   109  		wantErr  string
   110  	}{
   111  		{
   112  			name: "detected",
   113  			fixtures: []string{
   114  				"testdata/fixtures/oracle7.yaml",
   115  				"testdata/fixtures/data-source.yaml",
   116  			},
   117  			args: args{
   118  				osVer: "7",
   119  				pkgs: []ftypes.Package{
   120  					{
   121  						Name:       "curl",
   122  						Version:    "7.29.0",
   123  						Release:    "59.0.1.el7",
   124  						Arch:       "x86_64",
   125  						SrcName:    "curl",
   126  						SrcVersion: "7.29.0",
   127  						SrcRelease: "59.0.1.el7",
   128  					},
   129  				},
   130  			},
   131  			want: []types.DetectedVulnerability{
   132  				{
   133  					VulnerabilityID:  "CVE-2020-8177",
   134  					PkgName:          "curl",
   135  					InstalledVersion: "7.29.0-59.0.1.el7",
   136  					FixedVersion:     "7.29.0-59.0.1.el7_9.1",
   137  					DataSource: &dbTypes.DataSource{
   138  						ID:   vulnerability.OracleOVAL,
   139  						Name: "Oracle Linux OVAL definitions",
   140  						URL:  "https://linux.oracle.com/security/oval/",
   141  					},
   142  				},
   143  			},
   144  		},
   145  		{
   146  			name: "without ksplice",
   147  			fixtures: []string{
   148  				"testdata/fixtures/oracle7.yaml",
   149  				"testdata/fixtures/data-source.yaml",
   150  			},
   151  			args: args{
   152  				osVer: "7",
   153  				pkgs: []ftypes.Package{
   154  					{
   155  						Name:       "glibc",
   156  						Version:    "2.17",
   157  						Release:    "317.0.1.el7",
   158  						Arch:       "x86_64",
   159  						SrcName:    "glibc",
   160  						SrcVersion: "2.17",
   161  						SrcRelease: "317.0.1.el7",
   162  					},
   163  				},
   164  			},
   165  			want: nil,
   166  		},
   167  		{
   168  			name: "the installed version has ksplice2",
   169  			fixtures: []string{
   170  				"testdata/fixtures/oracle7.yaml",
   171  				"testdata/fixtures/data-source.yaml",
   172  			},
   173  			args: args{
   174  				osVer: "7",
   175  				pkgs: []ftypes.Package{
   176  					{
   177  						Name:       "glibc",
   178  						Epoch:      2,
   179  						Version:    "2.28",
   180  						Release:    "151.0.1.ksplice2.el8",
   181  						Arch:       "x86_64",
   182  						SrcEpoch:   2,
   183  						SrcName:    "glibc",
   184  						SrcVersion: "2.28",
   185  						SrcRelease: "151.0.1.ksplice2.el8",
   186  					},
   187  				},
   188  			},
   189  			want: nil,
   190  		},
   191  		{
   192  			name: "with ksplice",
   193  			fixtures: []string{
   194  				"testdata/fixtures/oracle7.yaml",
   195  				"testdata/fixtures/data-source.yaml",
   196  			},
   197  			args: args{
   198  				osVer: "7",
   199  				pkgs: []ftypes.Package{
   200  					{
   201  						Name:       "glibc",
   202  						Epoch:      2,
   203  						Version:    "2.17",
   204  						Release:    "156.ksplice1.el7",
   205  						Arch:       "x86_64",
   206  						SrcEpoch:   2,
   207  						SrcName:    "glibc",
   208  						SrcVersion: "2.17",
   209  						SrcRelease: "156.ksplice1.el7",
   210  					},
   211  				},
   212  			},
   213  			want: []types.DetectedVulnerability{
   214  				{
   215  					VulnerabilityID:  "CVE-2017-1000364",
   216  					PkgName:          "glibc",
   217  					InstalledVersion: "2:2.17-156.ksplice1.el7",
   218  					FixedVersion:     "2:2.17-157.ksplice1.el7_3.4",
   219  					DataSource: &dbTypes.DataSource{
   220  						ID:   vulnerability.OracleOVAL,
   221  						Name: "Oracle Linux OVAL definitions",
   222  						URL:  "https://linux.oracle.com/security/oval/",
   223  					},
   224  				},
   225  			},
   226  		},
   227  		{
   228  			name: "malformed",
   229  			fixtures: []string{
   230  				"testdata/fixtures/invalid-type.yaml",
   231  				"testdata/fixtures/data-source.yaml",
   232  			},
   233  			args: args{
   234  				osVer: "7",
   235  				pkgs: []ftypes.Package{
   236  					{
   237  						Name:       "curl",
   238  						Version:    "7.29.0",
   239  						Release:    "59.0.1.el7",
   240  						Arch:       "x86_64",
   241  						SrcName:    "curl",
   242  						SrcVersion: "7.29.0",
   243  						SrcRelease: "59.0.1.el7",
   244  					},
   245  				},
   246  			},
   247  			wantErr: "failed to unmarshal advisory JSON",
   248  		},
   249  	}
   250  
   251  	for _, tt := range tests {
   252  		t.Run(tt.name, func(t *testing.T) {
   253  			_ = dbtest.InitDB(t, tt.fixtures)
   254  			defer db.Close()
   255  
   256  			s := NewScanner()
   257  			got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs)
   258  			if tt.wantErr != "" {
   259  				require.NotNil(t, err)
   260  				assert.Contains(t, err.Error(), tt.wantErr)
   261  				return
   262  			} else {
   263  				assert.NoError(t, err)
   264  			}
   265  
   266  			assert.Equal(t, tt.want, got)
   267  		})
   268  	}
   269  }