github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/rocky/rocky_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/rocky/rocky_test.go (about)

     1  package rocky_test
     2  
     3  import (
     4  	"testing"
     5  	"time"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  	"github.com/stretchr/testify/require"
     9  	fake "k8s.io/utils/clock/testing"
    10  
    11  	"github.com/aquasecurity/trivy-db/pkg/db"
    12  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
    13  	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
    14  	"github.com/devseccon/trivy/pkg/dbtest"
    15  	"github.com/devseccon/trivy/pkg/detector/ospkg/rocky"
    16  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
    17  	"github.com/devseccon/trivy/pkg/types"
    18  )
    19  
    20  func TestScanner_Detect(t *testing.T) {
    21  	type args struct {
    22  		osVer string
    23  		pkgs  []ftypes.Package
    24  	}
    25  	tests := []struct {
    26  		name     string
    27  		args     args
    28  		fixtures []string
    29  		want     []types.DetectedVulnerability
    30  		wantErr  string
    31  	}{
    32  		{
    33  			name: "happy path",
    34  			fixtures: []string{
    35  				"testdata/fixtures/rocky.yaml",
    36  				"testdata/fixtures/data-source.yaml",
    37  			},
    38  			args: args{
    39  				osVer: "8.5",
    40  				pkgs: []ftypes.Package{
    41  					{
    42  						Name:            "bpftool",
    43  						Epoch:           0,
    44  						Version:         "4.18.0",
    45  						Release:         "348.el8.0.3",
    46  						Arch:            "aarch64",
    47  						SrcName:         "kernel",
    48  						SrcEpoch:        0,
    49  						SrcVersion:      "4.18.0",
    50  						SrcRelease:      "348.el8.0.3",
    51  						Modularitylabel: "",
    52  						Licenses:        []string{"GPLv2"},
    53  						Layer:           ftypes.Layer{},
    54  					},
    55  				},
    56  			},
    57  			want: []types.DetectedVulnerability{
    58  				{
    59  					PkgName:          "bpftool",
    60  					VulnerabilityID:  "CVE-2021-20317",
    61  					InstalledVersion: "4.18.0-348.el8.0.3",
    62  					FixedVersion:     "5.18.0-348.2.1.el8_5",
    63  					Layer:            ftypes.Layer{},
    64  					DataSource: &dbTypes.DataSource{
    65  						ID:   vulnerability.Rocky,
    66  						Name: "Rocky Linux updateinfo",
    67  						URL:  "https://download.rockylinux.org/pub/rocky/",
    68  					},
    69  				},
    70  			},
    71  		},
    72  		{
    73  			name: "skip modular package",
    74  			fixtures: []string{
    75  				"testdata/fixtures/modular.yaml",
    76  				"testdata/fixtures/data-source.yaml",
    77  			},
    78  			args: args{
    79  				osVer: "8.5",
    80  				pkgs: []ftypes.Package{
    81  					{
    82  						Name:            "nginx",
    83  						Epoch:           1,
    84  						Version:         "1.16.1",
    85  						Release:         "2.module+el8.4.0+543+efbf198b.0",
    86  						Arch:            "x86_64",
    87  						SrcName:         "nginx",
    88  						SrcEpoch:        1,
    89  						SrcVersion:      "1.16.1",
    90  						SrcRelease:      "2.module+el8.4.0+543+efbf198b.0",
    91  						Modularitylabel: "nginx:1.16:8040020210610090125:9f9e2e7e",
    92  						Licenses:        []string{"BSD"},
    93  						Layer:           ftypes.Layer{},
    94  					},
    95  				},
    96  			},
    97  			want: nil,
    98  		},
    99  		{
   100  			name: "Get returns an error",
   101  			fixtures: []string{
   102  				"testdata/fixtures/invalid.yaml",
   103  				"testdata/fixtures/data-source.yaml",
   104  			},
   105  			args: args{
   106  				osVer: "8.5",
   107  				pkgs: []ftypes.Package{
   108  					{
   109  						Name:       "jq",
   110  						Version:    "1.5-12",
   111  						SrcName:    "jq",
   112  						SrcVersion: "1.5-12",
   113  					},
   114  				},
   115  			},
   116  			wantErr: "failed to get Rocky Linux advisories",
   117  		},
   118  	}
   119  	for _, tt := range tests {
   120  		t.Run(tt.name, func(t *testing.T) {
   121  			_ = dbtest.InitDB(t, tt.fixtures)
   122  			defer db.Close()
   123  
   124  			s := rocky.NewScanner()
   125  			got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs)
   126  			if tt.wantErr != "" {
   127  				require.Error(t, err)
   128  				assert.Contains(t, err.Error(), tt.wantErr)
   129  				return
   130  			}
   131  			assert.NoError(t, err)
   132  			assert.Equal(t, tt.want, got)
   133  		})
   134  	}
   135  }
   136  
   137  func TestScanner_IsSupportedVersion(t *testing.T) {
   138  	type args struct {
   139  		osFamily ftypes.OSType
   140  		osVer    string
   141  	}
   142  	tests := []struct {
   143  		name string
   144  		now  time.Time
   145  		args args
   146  		want bool
   147  	}{
   148  		{
   149  			name: "rocky 8.5",
   150  			now:  time.Date(2019, 3, 2, 23, 59, 59, 0, time.UTC),
   151  			args: args{
   152  				osFamily: "rocky",
   153  				osVer:    "8.5",
   154  			},
   155  			want: true,
   156  		},
   157  		{
   158  			name: "rocky 8.5 with EOL",
   159  			now:  time.Date(2029, 6, 1, 0, 0, 0, 0, time.UTC),
   160  			args: args{
   161  				osFamily: "rocky",
   162  				osVer:    "8.5",
   163  			},
   164  			want: false,
   165  		},
   166  		{
   167  			name: "latest",
   168  			now:  time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC),
   169  			args: args{
   170  				osFamily: "rocky",
   171  				osVer:    "999.0",
   172  			},
   173  			want: true,
   174  		},
   175  	}
   176  	for _, tt := range tests {
   177  		t.Run(tt.name, func(t *testing.T) {
   178  			s := rocky.NewScanner(rocky.WithClock(fake.NewFakeClock(tt.now)))
   179  			got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer)
   180  			assert.Equal(t, tt.want, got)
   181  		})
   182  	}
   183  }