github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/mariner/mariner_test.go (about) 1 package mariner_test 2 3 import ( 4 "path/filepath" 5 "testing" 6 7 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 8 cbl "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/mariner" 9 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 10 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 11 ) 12 13 func TestVulnSrc_Update(t *testing.T) { 14 tests := []struct { 15 name string 16 dir string 17 wantValues []vulnsrctest.WantValues 18 wantErr string 19 noBuckets [][]string 20 }{ 21 { 22 name: "happy path", 23 dir: filepath.Join("testdata", "happy"), 24 wantValues: []vulnsrctest.WantValues{ 25 { 26 Key: []string{"data-source", "CBL-Mariner 1.0"}, 27 Value: types.DataSource{ 28 ID: vulnerability.CBLMariner, 29 Name: "CBL-Mariner Vulnerability Data", 30 URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData", 31 }, 32 }, 33 { 34 Key: []string{"data-source", "CBL-Mariner 2.0"}, 35 Value: types.DataSource{ 36 ID: vulnerability.CBLMariner, 37 Name: "CBL-Mariner Vulnerability Data", 38 URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData", 39 }, 40 }, 41 { 42 Key: []string{"advisory-detail", "CVE-2008-3914", "CBL-Mariner 1.0", "clamav"}, 43 Value: types.Advisory{ 44 FixedVersion: "0:0.103.2-1.cm1", 45 }, 46 }, 47 { 48 Key: []string{"advisory-detail", "CVE-2021-39924", "CBL-Mariner 2.0", "wireshark"}, 49 Value: types.Advisory{ 50 FixedVersion: "", 51 }, 52 }, 53 { 54 Key: []string{"vulnerability-detail", "CVE-2008-3914", "cbl-mariner"}, 55 Value: types.VulnerabilityDetail{ 56 Severity: types.SeverityCritical, 57 Title: "CVE-2008-3914 affecting package clamav 0.101.2", 58 Description: "CVE-2008-3914 affecting package clamav 0.101.2. An upgraded version of the package is available that resolves this issue.", 59 References: []string{"https://nvd.nist.gov/vuln/detail/CVE-2008-3914"}, 60 }, 61 }, 62 { 63 Key: []string{"vulnerability-detail", "CVE-2021-39924", "cbl-mariner"}, 64 Value: types.VulnerabilityDetail{ 65 Severity: types.SeverityHigh, 66 Title: "CVE-2021-39924 affecting package wireshark 3.4.4", 67 Description: "CVE-2021-39924 affecting package wireshark 3.4.4. No patch is available currently.", 68 References: []string{"https://nvd.nist.gov/vuln/detail/CVE-2021-39924"}, 69 }, 70 }, 71 { 72 Key: []string{"vulnerability-id", "CVE-2008-3914"}, 73 Value: map[string]interface{}{}, 74 }, 75 { 76 Key: []string{"vulnerability-id", "CVE-2021-39924"}, 77 Value: map[string]interface{}{}, 78 }, 79 }, 80 }, 81 { 82 name: "happy path not applicable", 83 dir: filepath.Join("testdata", "not-applicable-definition"), 84 noBuckets: [][]string{ 85 {"advisory-detail"}, 86 {"vulnerability-id"}, 87 {"vulnerability-detail"}, 88 }, 89 }, 90 { 91 name: "sad path invalid objects", 92 dir: filepath.Join("testdata", "sad", "invalid-objects"), 93 wantErr: "failed to parse objects", 94 }, 95 { 96 name: "sad path invalid states", 97 dir: filepath.Join("testdata", "sad", "invalid-states"), 98 wantErr: "failed to parse states", 99 }, 100 { 101 name: "sad path invalid tests", 102 dir: filepath.Join("testdata", "sad", "invalid-tests"), 103 wantErr: "failed to parse tests", 104 }, 105 { 106 name: "sad path empty test ref definition", 107 dir: filepath.Join("testdata", "sad", "empty-testref-definition"), 108 wantErr: "", 109 }, 110 { 111 name: "sad path empty state ref tests", 112 dir: filepath.Join("testdata", "sad", "empty-stateref-tests"), 113 wantErr: "unable to follow test refs: invalid test, no state ref", 114 }, 115 } 116 for _, tt := range tests { 117 t.Run(tt.name, func(t *testing.T) { 118 vs := cbl.NewVulnSrc() 119 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 120 Dir: tt.dir, 121 WantValues: tt.wantValues, 122 WantErr: tt.wantErr, 123 NoBuckets: tt.noBuckets, 124 }) 125 }) 126 } 127 } 128 129 func TestVulnSrc_Get(t *testing.T) { 130 tests := []struct { 131 name string 132 release string 133 pkgName string 134 fixtures []string 135 want []types.Advisory 136 wantErr string 137 }{ 138 { 139 name: "happy path", 140 release: "1.0", 141 pkgName: "clamav", 142 fixtures: []string{"testdata/fixtures/happy.yaml"}, 143 want: []types.Advisory{ 144 { 145 VulnerabilityID: "CVE-2008-3914", 146 FixedVersion: "0:0.103.2-1.cm1", 147 }, 148 }, 149 }, 150 { 151 name: "happy path non fixed version", 152 release: "2.0", 153 pkgName: "bind", 154 fixtures: []string{"testdata/fixtures/happy.yaml"}, 155 want: []types.Advisory{ 156 { 157 VulnerabilityID: "CVE-2019-6470", 158 }, 159 }, 160 }, 161 { 162 name: "unknown package", 163 release: "2.0", 164 pkgName: "unknown-package", 165 fixtures: []string{"testdata/fixtures/happy.yaml"}, 166 want: []types.Advisory(nil), 167 }, 168 { 169 name: "broken bucket", 170 release: "1.0", 171 pkgName: "clamav", 172 fixtures: []string{"testdata/fixtures/broken.yaml"}, 173 wantErr: "failed to unmarshal advisory JSON", 174 }, 175 } 176 for _, tt := range tests { 177 t.Run(tt.name, func(t *testing.T) { 178 vs := cbl.NewVulnSrc() 179 vulnsrctest.TestGet(t, vs, vulnsrctest.TestGetArgs{ 180 Fixtures: tt.fixtures, 181 WantValues: tt.want, 182 Release: tt.release, 183 PkgName: tt.pkgName, 184 WantErr: tt.wantErr, 185 }) 186 }) 187 } 188 }