github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/amazon/amazon_test.go (about) 1 package amazon_test 2 3 import ( 4 "os" 5 "path/filepath" 6 "testing" 7 8 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 9 "github.com/khulnasoft-lab/tunnel-db/pkg/utils" 10 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/amazon" 11 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 12 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 13 ) 14 15 func TestMain(m *testing.M) { 16 utils.Quiet = true 17 os.Exit(m.Run()) 18 } 19 20 func TestVulnSrc_Update(t *testing.T) { 21 tests := []struct { 22 name string 23 dir string 24 wantValues []vulnsrctest.WantValues 25 wantErr string 26 }{ 27 { 28 name: "happy path", 29 dir: filepath.Join("testdata", "happy"), 30 wantValues: []vulnsrctest.WantValues{ 31 { 32 Key: []string{"data-source", "amazon linux 1"}, 33 Value: types.DataSource{ 34 ID: vulnerability.Amazon, 35 Name: "Amazon Linux Security Center", 36 URL: "https://alas.aws.amazon.com/", 37 }, 38 }, 39 { 40 Key: []string{"advisory-detail", "CVE-2018-17456", "amazon linux 1", "git"}, 41 Value: types.Advisory{ 42 FixedVersion: "2.14.5-1.59.amzn1", 43 }, 44 }, 45 { 46 Key: []string{"advisory-detail", "CVE-2018-17456", "amazon linux 1", "git-debuginfo"}, 47 Value: types.Advisory{ 48 FixedVersion: "1:2.14.5-1.59.amzn1", 49 }, 50 }, 51 { 52 Key: []string{"advisory-detail", "CVE-2021-22543", "amazon linux 2", "kernel"}, 53 Value: types.Advisory{ 54 FixedVersion: "4.14.243-185.433.amzn2", 55 }, 56 }, 57 { 58 Key: []string{"advisory-detail", "CVE-2021-22543", "amazon linux 2", "kernel-headers"}, 59 Value: types.Advisory{ 60 FixedVersion: "4.14.243-185.433.amzn2", 61 }, 62 }, 63 { 64 Key: []string{"vulnerability-detail", "CVE-2018-17456", "amazon"}, 65 Value: types.VulnerabilityDetail{ 66 Severity: 3, 67 Description: "Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:\nCVE-2018-17456:\n\tGit before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.\n1636619: \nCVE-2018-17456 git: arbitrary code execution via .gitmodules\n", 68 References: []string{"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456"}, 69 }, 70 }, 71 { 72 Key: []string{"vulnerability-detail", "CVE-2021-22543", "amazon"}, 73 Value: types.VulnerabilityDetail{ 74 Severity: 1, 75 Description: "Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:\nCVE-2021-22543:\n\tA flaw was found in the Linux kernel's KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.\n1965461: CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks\n", 76 References: []string{"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543"}, 77 }, 78 }, 79 { 80 Key: []string{"data-source", "amazon linux 2022"}, 81 Value: types.DataSource{ 82 ID: vulnerability.Amazon, 83 Name: "Amazon Linux Security Center", 84 URL: "https://alas.aws.amazon.com/", 85 }, 86 }, 87 { 88 Key: []string{"advisory-detail", "CVE-2021-44228", "amazon linux 2022", "log4j"}, 89 Value: types.Advisory{ 90 FixedVersion: "2.15.0-1.amzn2022.0.1", 91 }, 92 }, 93 }, 94 }, 95 { 96 name: "sad path", 97 dir: filepath.Join("testdata", "sad"), 98 wantErr: "failed to decode Amazon JSON", 99 }, 100 { 101 name: "no such directory", 102 dir: filepath.Join("testdata", "nosuch"), 103 wantErr: "no such file or directory", 104 }, 105 } 106 for _, tt := range tests { 107 t.Run(tt.name, func(t *testing.T) { 108 vs := amazon.NewVulnSrc() 109 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 110 Dir: tt.dir, 111 WantValues: tt.wantValues, 112 WantErr: tt.wantErr, 113 }) 114 }) 115 } 116 } 117 118 func TestVulnSrc_Get(t *testing.T) { 119 tests := []struct { 120 name string 121 fixtures []string 122 version string 123 pkgName string 124 want []types.Advisory 125 wantErr string 126 }{ 127 { 128 name: "happy path", 129 fixtures: []string{"testdata/fixtures/happy.yaml"}, 130 version: "1", 131 pkgName: "curl", 132 want: []types.Advisory{{VulnerabilityID: "CVE-2019-0001", FixedVersion: "0.1.2"}}, 133 }, 134 { 135 name: "no advisories are returned", 136 fixtures: []string{"testdata/fixtures/happy.yaml"}, 137 version: "2", 138 pkgName: "curl", 139 }, 140 { 141 name: "GetAdvisories returns an error", 142 version: "1", 143 pkgName: "curl", 144 fixtures: []string{"testdata/fixtures/sad.yaml"}, 145 wantErr: "failed to unmarshal advisory JSON", 146 }, 147 } 148 149 for _, tt := range tests { 150 t.Run(tt.name, func(t *testing.T) { 151 vs := amazon.NewVulnSrc() 152 vulnsrctest.TestGet(t, vs, vulnsrctest.TestGetArgs{ 153 Fixtures: tt.fixtures, 154 WantValues: tt.want, 155 Release: tt.version, 156 PkgName: tt.pkgName, 157 WantErr: tt.wantErr, 158 }) 159 }) 160 } 161 }