github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/cache/key_test.go (about) 1 package cache 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 "github.com/stretchr/testify/require" 8 9 "github.com/devseccon/trivy/pkg/fanal/analyzer" 10 "github.com/devseccon/trivy/pkg/fanal/artifact" 11 "github.com/devseccon/trivy/pkg/misconf" 12 ) 13 14 func TestCalcKey(t *testing.T) { 15 type args struct { 16 key string 17 analyzerVersions analyzer.Versions 18 hookVersions map[string]int 19 skipFiles []string 20 skipDirs []string 21 patterns []string 22 policy []string 23 data []string 24 secretConfigPath string 25 } 26 tests := []struct { 27 name string 28 args args 29 want string 30 wantErr string 31 }{ 32 { 33 name: "happy path", 34 args: args{ 35 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 36 analyzerVersions: analyzer.Versions{ 37 Analyzers: map[string]int{ 38 "alpine": 1, 39 "debian": 1, 40 }, 41 }, 42 hookVersions: map[string]int{ 43 "python-pkg": 1, 44 }, 45 }, 46 want: "sha256:c720b502991465ea11929cfefc71cf4b5aeaa9a8c0ae59fdaf597f957f5cdb18", 47 }, 48 { 49 name: "with disabled analyzer", 50 args: args{ 51 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 52 analyzerVersions: analyzer.Versions{ 53 Analyzers: map[string]int{ 54 "alpine": 1, 55 "debian": 0, 56 "redhat": 2, 57 }, 58 }, 59 hookVersions: map[string]int{ 60 "python-pkg": 1, 61 }, 62 }, 63 want: "sha256:d63724cc72729edd3c81205739d64fcb414a4e6345dd4dde7f0fe6bdd56bedf9", 64 }, 65 { 66 name: "with empty slice file patterns", 67 args: args{ 68 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 69 analyzerVersions: analyzer.Versions{ 70 Analyzers: map[string]int{ 71 "alpine": 1, 72 "debian": 1, 73 }, 74 }, 75 patterns: []string{}, 76 }, 77 want: "sha256:9f7afa4d27c4c4f371dc6bb47bcc09e7a4a00b1d870e8156f126e35d8f6522e6", 78 }, 79 { 80 name: "with single empty string in file patterns", 81 args: args{ 82 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 83 analyzerVersions: analyzer.Versions{ 84 Analyzers: map[string]int{ 85 "alpine": 1, 86 "debian": 1, 87 }, 88 }, 89 patterns: []string{""}, 90 }, 91 want: "sha256:bcfc5da13ef9bf0b85e719584800a010063474546f1051a781b78bd83de01102", 92 }, 93 { 94 name: "with single non empty string in file patterns", 95 args: args{ 96 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 97 analyzerVersions: analyzer.Versions{ 98 Analyzers: map[string]int{ 99 "alpine": 1, 100 "debian": 1, 101 }, 102 }, 103 patterns: []string{"test"}, 104 }, 105 want: "sha256:8c9750b8eca507628417f21d7db707a7876d2e22c3e75b13f31a795af4051c57", 106 }, 107 { 108 name: "with non empty followed by empty string in file patterns", 109 args: args{ 110 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 111 analyzerVersions: analyzer.Versions{ 112 Analyzers: map[string]int{ 113 "alpine": 1, 114 "debian": 1, 115 }, 116 }, 117 patterns: []string{"test", ""}, 118 }, 119 want: "sha256:71abf09bf1422531e2838db692b80f9b9f48766f56b7d3d02aecdb36b019e103", 120 }, 121 { 122 name: "with non empty preceded by empty string in file patterns", 123 args: args{ 124 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 125 analyzerVersions: analyzer.Versions{ 126 Analyzers: map[string]int{ 127 "alpine": 1, 128 "debian": 1, 129 }, 130 }, 131 patterns: []string{"", "test"}, 132 }, 133 want: "sha256:71abf09bf1422531e2838db692b80f9b9f48766f56b7d3d02aecdb36b019e103", 134 }, 135 { 136 name: "with policy", 137 args: args{ 138 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 139 analyzerVersions: analyzer.Versions{ 140 Analyzers: map[string]int{ 141 "alpine": 1, 142 "debian": 1, 143 }, 144 }, 145 policy: []string{"testdata/policy"}, 146 }, 147 want: "sha256:9602d5ef5af086112cc9fae8310390ed3fb79f4b309d8881b9807e379c8dfa57", 148 }, 149 { 150 name: "with policy file", 151 args: args{ 152 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 153 analyzerVersions: analyzer.Versions{ 154 Analyzers: map[string]int{ 155 "alpine": 1, 156 "debian": 1, 157 }, 158 }, 159 policy: []string{"testdata/policy/test.rego"}, 160 }, 161 want: "sha256:9602d5ef5af086112cc9fae8310390ed3fb79f4b309d8881b9807e379c8dfa57", 162 }, 163 { 164 name: "skip files and dirs", 165 args: args{ 166 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 167 analyzerVersions: analyzer.Versions{ 168 Analyzers: map[string]int{ 169 "alpine": 1, 170 "debian": 1, 171 }, 172 }, 173 skipFiles: []string{"app/deployment.yaml"}, 174 skipDirs: []string{"usr/java"}, 175 policy: []string{"testdata/policy"}, 176 }, 177 want: "sha256:363f70f4ee795f250873caea11c2fc94ef12945444327e7e2f8a99e3884695e0", 178 }, 179 { 180 181 name: "secret config", 182 args: args{ 183 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 184 analyzerVersions: analyzer.Versions{ 185 Analyzers: map[string]int{ 186 "alpine": 1, 187 "debian": 1, 188 }, 189 }, 190 hookVersions: map[string]int{ 191 "python-pkg": 1, 192 }, 193 secretConfigPath: "testdata/trivy-secret.yaml", 194 }, 195 want: "sha256:d3fb9503f2851ae9bdb250b7ef55c00c0bfa1250b19d4d398a9219c2c0e20958", 196 }, 197 { 198 199 name: "secret config file doesn't exist", 200 args: args{ 201 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 202 analyzerVersions: analyzer.Versions{ 203 Analyzers: map[string]int{ 204 "alpine": 1, 205 "debian": 1, 206 }, 207 }, 208 hookVersions: map[string]int{ 209 "python-pkg": 1, 210 }, 211 secretConfigPath: "trivy-secret.yaml", 212 }, 213 want: "sha256:c720b502991465ea11929cfefc71cf4b5aeaa9a8c0ae59fdaf597f957f5cdb18", 214 }, 215 { 216 name: "with policy/non-existent dir", 217 args: args{ 218 key: "sha256:5c534be56eca62e756ef2ef51523feda0f19cd7c15bb0c015e3d6e3ae090bf6e", 219 analyzerVersions: analyzer.Versions{ 220 Analyzers: map[string]int{ 221 "alpine": 1, 222 "debian": 1, 223 }, 224 }, 225 policy: []string{"policydir"}, 226 }, 227 wantErr: "file \"policydir\" stat error", 228 }, 229 } 230 for _, tt := range tests { 231 t.Run(tt.name, func(t *testing.T) { 232 artifactOpt := artifact.Option{ 233 SkipFiles: tt.args.skipFiles, 234 SkipDirs: tt.args.skipDirs, 235 FilePatterns: tt.args.patterns, 236 237 MisconfScannerOption: misconf.ScannerOption{ 238 PolicyPaths: tt.args.policy, 239 DataPaths: tt.args.data, 240 }, 241 242 SecretScannerOption: analyzer.SecretScannerOption{ 243 ConfigPath: tt.args.secretConfigPath, 244 }, 245 } 246 got, err := CalcKey(tt.args.key, tt.args.analyzerVersions, tt.args.hookVersions, artifactOpt) 247 if tt.wantErr != "" { 248 require.Error(t, err) 249 assert.ErrorContains(t, err, tt.wantErr) 250 return 251 } 252 assert.NoError(t, err) 253 assert.Equal(t, tt.want, got) 254 }) 255 } 256 }