github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/ubuntu/ubuntu_test.go (about) 1 package ubuntu_test 2 3 import ( 4 "sort" 5 "testing" 6 "time" 7 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10 fake "k8s.io/utils/clock/testing" 11 12 "github.com/aquasecurity/trivy-db/pkg/db" 13 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 14 "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" 15 "github.com/devseccon/trivy/pkg/dbtest" 16 "github.com/devseccon/trivy/pkg/detector/ospkg/ubuntu" 17 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 18 "github.com/devseccon/trivy/pkg/types" 19 ) 20 21 func TestScanner_Detect(t *testing.T) { 22 type args struct { 23 osVer string 24 now time.Time 25 pkgs []ftypes.Package 26 } 27 tests := []struct { 28 name string 29 args args 30 fixtures []string 31 want []types.DetectedVulnerability 32 wantErr string 33 }{ 34 { 35 name: "happy path", 36 fixtures: []string{ 37 "testdata/fixtures/ubuntu.yaml", 38 "testdata/fixtures/data-source.yaml", 39 }, 40 args: args{ 41 osVer: "20.04", 42 now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), 43 pkgs: []ftypes.Package{ 44 { 45 Name: "wpa", 46 Version: "2.9", 47 SrcName: "wpa", 48 SrcVersion: "2.9", 49 Layer: ftypes.Layer{ 50 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 51 }, 52 }, 53 }, 54 }, 55 want: []types.DetectedVulnerability{ 56 { 57 PkgName: "wpa", 58 VulnerabilityID: "CVE-2019-9243", 59 InstalledVersion: "2.9", 60 FixedVersion: "", 61 Layer: ftypes.Layer{ 62 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 63 }, 64 DataSource: &dbTypes.DataSource{ 65 ID: vulnerability.Ubuntu, 66 Name: "Ubuntu CVE Tracker", 67 URL: "https://git.launchpad.net/ubuntu-cve-tracker", 68 }, 69 }, 70 { 71 PkgName: "wpa", 72 VulnerabilityID: "CVE-2021-27803", 73 InstalledVersion: "2.9", 74 FixedVersion: "2:2.9-1ubuntu4.3", 75 Layer: ftypes.Layer{ 76 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 77 }, 78 DataSource: &dbTypes.DataSource{ 79 ID: vulnerability.Ubuntu, 80 Name: "Ubuntu CVE Tracker", 81 URL: "https://git.launchpad.net/ubuntu-cve-tracker", 82 }, 83 }, 84 }, 85 }, 86 { 87 name: "ubuntu 20.04-ESM. 20.04 is not outdated", 88 fixtures: []string{ 89 "testdata/fixtures/ubuntu.yaml", 90 "testdata/fixtures/data-source.yaml", 91 }, 92 args: args{ 93 osVer: "20.04-ESM", 94 now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), 95 pkgs: []ftypes.Package{ 96 { 97 Name: "wpa", 98 Version: "2.9", 99 SrcName: "wpa", 100 SrcVersion: "2.9", 101 Layer: ftypes.Layer{ 102 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 103 }, 104 }, 105 }, 106 }, 107 want: []types.DetectedVulnerability{ 108 { 109 PkgName: "wpa", 110 VulnerabilityID: "CVE-2019-9243", 111 InstalledVersion: "2.9", 112 FixedVersion: "", 113 Layer: ftypes.Layer{ 114 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 115 }, 116 DataSource: &dbTypes.DataSource{ 117 ID: vulnerability.Ubuntu, 118 Name: "Ubuntu CVE Tracker", 119 URL: "https://git.launchpad.net/ubuntu-cve-tracker", 120 }, 121 }, 122 { 123 PkgName: "wpa", 124 VulnerabilityID: "CVE-2021-27803", 125 InstalledVersion: "2.9", 126 FixedVersion: "2:2.9-1ubuntu4.3", 127 Layer: ftypes.Layer{ 128 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 129 }, 130 DataSource: &dbTypes.DataSource{ 131 ID: vulnerability.Ubuntu, 132 Name: "Ubuntu CVE Tracker", 133 URL: "https://git.launchpad.net/ubuntu-cve-tracker", 134 }, 135 }, 136 }, 137 }, 138 { 139 name: "ubuntu 20.04-ESM. 20.04 is outdated", 140 fixtures: []string{ 141 "testdata/fixtures/ubuntu.yaml", 142 "testdata/fixtures/data-source.yaml", 143 }, 144 args: args{ 145 osVer: "20.04-ESM", 146 now: time.Date(2031, 3, 31, 23, 59, 59, 0, time.UTC), 147 pkgs: []ftypes.Package{ 148 { 149 Name: "wpa", 150 Version: "2.9", 151 SrcName: "wpa", 152 SrcVersion: "2.9", 153 Layer: ftypes.Layer{ 154 DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", 155 }, 156 }, 157 }, 158 }, 159 }, 160 { 161 name: "broken bucket", 162 fixtures: []string{ 163 "testdata/fixtures/invalid.yaml", 164 "testdata/fixtures/data-source.yaml", 165 }, 166 args: args{ 167 osVer: "21.04", 168 now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), 169 pkgs: []ftypes.Package{ 170 { 171 Name: "jq", 172 Version: "1.6-r0", 173 SrcName: "jq", 174 SrcVersion: "1.6-r0", 175 }, 176 }, 177 }, 178 wantErr: "failed to get Ubuntu advisories", 179 }, 180 } 181 for _, tt := range tests { 182 t.Run(tt.name, func(t *testing.T) { 183 _ = dbtest.InitDB(t, tt.fixtures) 184 defer db.Close() 185 186 s := ubuntu.NewScanner(ubuntu.WithClock(fake.NewFakeClock(tt.args.now))) 187 got, err := s.Detect(tt.args.osVer, nil, tt.args.pkgs) 188 if tt.wantErr != "" { 189 require.Error(t, err) 190 assert.Contains(t, err.Error(), tt.wantErr) 191 return 192 } 193 sort.Slice(got, func(i, j int) bool { 194 return got[i].VulnerabilityID < got[j].VulnerabilityID 195 }) 196 assert.NoError(t, err) 197 assert.Equal(t, tt.want, got) 198 }) 199 } 200 } 201 202 func TestScanner_IsSupportedVersion(t *testing.T) { 203 type args struct { 204 osFamily ftypes.OSType 205 osVer string 206 } 207 tests := []struct { 208 name string 209 now time.Time 210 args args 211 want bool 212 }{ 213 { 214 name: "ubuntu 12.04 eol ends", 215 now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), 216 args: args{ 217 osFamily: "ubuntu", 218 osVer: "12.04", 219 }, 220 want: true, 221 }, 222 { 223 name: "ubuntu12.04", 224 now: time.Date(2019, 4, 31, 23, 59, 59, 0, time.UTC), 225 args: args{ 226 osFamily: "ubuntu", 227 osVer: "12.04", 228 }, 229 want: false, 230 }, 231 { 232 name: "ubuntu 18.04 ESM. 18.04 is not outdated", 233 now: time.Date(2022, 4, 31, 23, 59, 59, 0, time.UTC), 234 args: args{ 235 osFamily: "ubuntu", 236 osVer: "18.04-ESM", 237 }, 238 want: true, 239 }, 240 { 241 name: "ubuntu 18.04 ESM. 18.04 is outdated", 242 now: time.Date(2030, 4, 31, 23, 59, 59, 0, time.UTC), 243 args: args{ 244 osFamily: "ubuntu", 245 osVer: "18.04-ESM", 246 }, 247 want: false, 248 }, 249 { 250 name: "latest", 251 now: time.Date(2019, 5, 2, 23, 59, 59, 0, time.UTC), 252 args: args{ 253 osFamily: "ubuntu", 254 osVer: "99.04", 255 }, 256 want: true, 257 }, 258 } 259 for _, tt := range tests { 260 t.Run(tt.name, func(t *testing.T) { 261 s := ubuntu.NewScanner(ubuntu.WithClock(fake.NewFakeClock(tt.now))) 262 got := s.IsSupportedVersion(tt.args.osFamily, tt.args.osVer) 263 assert.Equal(t, tt.want, got) 264 }) 265 } 266 }