github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/k8svulndb/k8svulndb_test.go

github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/k8svulndb/k8svulndb_test.go (about)

     1  package k8svulndb_test
     2  
     3  import (
     4  	"path/filepath"
     5  	"testing"
     6  
     7  	"github.com/khulnasoft-lab/tunnel-db/pkg/types"
     8  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/k8svulndb"
     9  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability"
    10  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest"
    11  )
    12  
    13  func TestVulnSrc_Update(t *testing.T) {
    14  	tests := []struct {
    15  		name    string
    16  		dir     string
    17  		want    []vulnsrctest.WantValues
    18  		wantErr string
    19  	}{
    20  		{
    21  			name: "happy path fixed version",
    22  			dir:  "testdata/happy-fixed",
    23  			want: []vulnsrctest.WantValues{
    24  				{
    25  					Key: []string{
    26  						"advisory-detail",
    27  						"CVE-2023-2727",
    28  						"k8s::Official Kubernetes CVE Feed",
    29  						"k8s.io/apiserver",
    30  					},
    31  					Value: types.Advisory{
    32  						PatchedVersions:    []string{"1.24.14"},
    33  						VulnerableVersions: []string{">=1.24.0, <1.24.14"},
    34  					},
    35  				},
    36  				{
    37  					Key: []string{
    38  						"vulnerability-detail",
    39  						"CVE-2023-2727",
    40  						string(vulnerability.Kubernetes),
    41  					},
    42  					Value: types.VulnerabilityDetail{
    43  						Title:        "Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin",
    44  						Description:  "Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.",
    45  						References:   []string{"https: //www.cve.org/cverecord?id=CVE-2023-2727"},
    46  						CvssVectorV3: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
    47  						CvssScoreV3:  6.5,
    48  					},
    49  				},
    50  			},
    51  		},
    52  		{
    53  			name: "happy path affected version",
    54  			dir:  "testdata/happy",
    55  			want: []vulnsrctest.WantValues{
    56  				{
    57  					Key: []string{
    58  						"advisory-detail",
    59  						"CVE-2023-2727",
    60  						"k8s::Official Kubernetes CVE Feed",
    61  						"k8s.io/apiserver",
    62  					},
    63  					Value: types.Advisory{
    64  						VulnerableVersions: []string{">=1.24.0, <=1.24.14"},
    65  					},
    66  				},
    67  			},
    68  		},
    69  		{
    70  			name:    "sad path",
    71  			dir:     filepath.Join("testdata", "broken"),
    72  			wantErr: "JSON decode error",
    73  		},
    74  	}
    75  	for _, tt := range tests {
    76  		t.Run(tt.name, func(t *testing.T) {
    77  			vs := k8svulndb.NewVulnSrc()
    78  			vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{
    79  				Dir:        tt.dir,
    80  				WantValues: tt.want,
    81  				WantErr:    tt.wantErr,
    82  			})
    83  		})
    84  	}
    85  }