github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/oracle-oval/oracle-oval_test.go (about) 1 package oracleoval 2 3 import ( 4 "os" 5 "path/filepath" 6 "testing" 7 8 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 9 "github.com/khulnasoft-lab/tunnel-db/pkg/utils" 10 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 11 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 12 ) 13 14 func TestMain(m *testing.M) { 15 utils.Quiet = true 16 os.Exit(m.Run()) 17 } 18 19 func TestVulnSrc_Update(t *testing.T) { 20 tests := []struct { 21 name string 22 dir string 23 wantValues []vulnsrctest.WantValues 24 wantErr string 25 }{ 26 { 27 name: "happy path", 28 dir: filepath.Join("testdata", "happy"), 29 wantValues: []vulnsrctest.WantValues{ 30 { 31 Key: []string{"data-source", "Oracle Linux 5"}, 32 Value: types.DataSource{ 33 ID: vulnerability.OracleOVAL, 34 Name: "Oracle Linux OVAL definitions", 35 URL: "https://linux.oracle.com/security/oval/", 36 }, 37 }, 38 { 39 Key: []string{"advisory-detail", "CVE-2007-0493", "Oracle Linux 5", "bind-devel"}, 40 Value: types.Advisory{ 41 FixedVersion: "30:9.3.3-8.el5", 42 }, 43 }, 44 { 45 Key: []string{"advisory-detail", "CVE-2007-0494", "Oracle Linux 5", "bind-devel"}, 46 Value: types.Advisory{ 47 FixedVersion: "30:9.3.3-8.el5", 48 }, 49 }, 50 { 51 Key: []string{"advisory-detail", "CVE-2007-0493", "Oracle Linux 5", "bind-sdb"}, 52 Value: types.Advisory{ 53 FixedVersion: "30:9.3.3-8.el5", 54 }, 55 }, 56 { 57 Key: []string{"advisory-detail", "CVE-2007-0494", "Oracle Linux 5", "bind-sdb"}, 58 Value: types.Advisory{ 59 FixedVersion: "30:9.3.3-8.el5", 60 }, 61 }, 62 { 63 Key: []string{"vulnerability-detail", "CVE-2007-0493", "oracle-oval"}, 64 Value: types.VulnerabilityDetail{ 65 Title: "ELSA-2007-0057: Moderate: bind security update (MODERATE)", 66 Description: "[30:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229", 67 References: []string{ 68 "http://linux.oracle.com/cve/CVE-2007-0493.html", 69 "http://linux.oracle.com/errata/ELSA-2007-0057.html", 70 }, 71 Severity: types.SeverityMedium, 72 }, 73 }, 74 { 75 Key: []string{"vulnerability-detail", "CVE-2007-0494", "oracle-oval"}, 76 Value: types.VulnerabilityDetail{ 77 Title: "ELSA-2007-0057: Moderate: bind security update (MODERATE)", 78 Description: "[30:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229", 79 References: []string{ 80 "http://linux.oracle.com/cve/CVE-2007-0494.html", 81 "http://linux.oracle.com/errata/ELSA-2007-0057.html", 82 }, 83 Severity: types.SeverityMedium, 84 }, 85 }, 86 { 87 Key: []string{"vulnerability-id", "CVE-2007-0493"}, 88 Value: map[string]interface{}{}, 89 }, 90 { 91 Key: []string{"vulnerability-id", "CVE-2007-0494"}, 92 Value: map[string]interface{}{}, 93 }, 94 }, 95 }, 96 { 97 name: "happy path multi platform", 98 dir: filepath.Join("testdata", "multi-platform"), 99 wantValues: []vulnsrctest.WantValues{ 100 { 101 Key: []string{"data-source", "Oracle Linux 6"}, 102 Value: types.DataSource{ 103 ID: vulnerability.OracleOVAL, 104 Name: "Oracle Linux OVAL definitions", 105 URL: "https://linux.oracle.com/security/oval/", 106 }, 107 }, 108 { 109 Key: []string{"data-source", "Oracle Linux 7"}, 110 Value: types.DataSource{ 111 ID: vulnerability.OracleOVAL, 112 Name: "Oracle Linux OVAL definitions", 113 URL: "https://linux.oracle.com/security/oval/", 114 }, 115 }, 116 { 117 Key: []string{"advisory-detail", "CVE-2018-1094", "Oracle Linux 6", "kernel-uek-doc"}, 118 Value: types.Advisory{ 119 FixedVersion: "4.1.12-124.24.3.el6uek", 120 }, 121 }, 122 { 123 Key: []string{"advisory-detail", "CVE-2018-19824", "Oracle Linux 6", "kernel-uek-doc"}, 124 Value: types.Advisory{ 125 FixedVersion: "4.1.12-124.24.3.el6uek", 126 }, 127 }, 128 { 129 Key: []string{"advisory-detail", "CVE-2018-1094", "Oracle Linux 6", "kernel-uek-firmware"}, 130 Value: types.Advisory{ 131 FixedVersion: "4.1.12-124.24.3.el6uek", 132 }, 133 }, 134 { 135 Key: []string{"advisory-detail", "CVE-2018-19824", "Oracle Linux 6", "kernel-uek-firmware"}, 136 Value: types.Advisory{ 137 FixedVersion: "4.1.12-124.24.3.el6uek", 138 }, 139 }, 140 { 141 Key: []string{"advisory-detail", "CVE-2018-1094", "Oracle Linux 7", "kernel-uek-doc"}, 142 Value: types.Advisory{ 143 FixedVersion: "4.1.12-124.24.3.el7uek", 144 }, 145 }, 146 { 147 Key: []string{"advisory-detail", "CVE-2018-19824", "Oracle Linux 7", "kernel-uek-doc"}, 148 Value: types.Advisory{ 149 FixedVersion: "4.1.12-124.24.3.el7uek", 150 }, 151 }, 152 { 153 Key: []string{"advisory-detail", "CVE-2018-1094", "Oracle Linux 7", "kernel-uek-firmware"}, 154 Value: types.Advisory{ 155 FixedVersion: "4.1.12-124.24.3.el7uek", 156 }, 157 }, 158 { 159 Key: []string{"advisory-detail", "CVE-2018-19824", "Oracle Linux 7", "kernel-uek-firmware"}, 160 Value: types.Advisory{ 161 FixedVersion: "4.1.12-124.24.3.el7uek", 162 }, 163 }, 164 { 165 Key: []string{"vulnerability-detail", "CVE-2018-1094", "oracle-oval"}, 166 Value: types.VulnerabilityDetail{ 167 Title: "ELSA-2019-4510: Unbreakable Enterprise kernel security update (IMPORTANT)", 168 Description: "[4.1.12-124.24.3]\n- ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 28940828] \n- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28940828] \n- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828] \n- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042981] {CVE-2018-19824}\n- ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824}\n- ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824}\n- ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094}\n- ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly) [Orabug: 29114440] {CVE-2018-1094}\n- ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094} {CVE-2018-1094}\n- Revert 'bnxt_en: Reduce default rings on multi-port cards.' (Brian Maly) [Orabug: 28687746] \n- mlx4_core: Disable P_Key Violation Traps (Hakon Bugge) [Orabug: 27693633] \n- rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 28733324]\n\n[4.1.12-124.24.2]\n- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 28069548] \n- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas) [Orabug: 28069548] \n- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548] \n- KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548] \n- KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548] \n- KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548] \n- KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug: 28069548] \n- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Krcmar) [Orabug: 28069548] \n- ocfs2: dont clear bh uptodate for block read (Junxiao Bi) [Orabug: 28762940] \n- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 28924775] \n- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775] \n- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 28947481] \n- x86/speculation: Always disable IBRS in disable_ibrs_and_friends() (Alejandro Jimenez) [Orabug: 29139710]", 169 References: []string{ 170 "https://linux.oracle.com/cve/CVE-2018-1094.html", 171 "https://linux.oracle.com/errata/ELSA-2019-4510.html", 172 }, 173 Severity: types.SeverityHigh, 174 }, 175 }, 176 { 177 Key: []string{"vulnerability-detail", "CVE-2018-19824", "oracle-oval"}, 178 Value: types.VulnerabilityDetail{ 179 Title: "ELSA-2019-4510: Unbreakable Enterprise kernel security update (IMPORTANT)", 180 Description: "[4.1.12-124.24.3]\n- ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 28940828] \n- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28940828] \n- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828] \n- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042981] {CVE-2018-19824}\n- ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824}\n- ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 29042981] {CVE-2018-19824}\n- ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094}\n- ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly) [Orabug: 29114440] {CVE-2018-1094}\n- ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094} {CVE-2018-1094}\n- Revert 'bnxt_en: Reduce default rings on multi-port cards.' (Brian Maly) [Orabug: 28687746] \n- mlx4_core: Disable P_Key Violation Traps (Hakon Bugge) [Orabug: 27693633] \n- rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 28733324]\n\n[4.1.12-124.24.2]\n- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 28069548] \n- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas) [Orabug: 28069548] \n- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548] \n- KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548] \n- KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548] \n- KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548] \n- KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug: 28069548] \n- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Krcmar) [Orabug: 28069548] \n- ocfs2: dont clear bh uptodate for block read (Junxiao Bi) [Orabug: 28762940] \n- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 28924775] \n- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775] \n- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 28947481] \n- x86/speculation: Always disable IBRS in disable_ibrs_and_friends() (Alejandro Jimenez) [Orabug: 29139710]", 181 References: []string{ 182 "https://linux.oracle.com/cve/CVE-2018-19824.html", 183 "https://linux.oracle.com/errata/ELSA-2019-4510.html", 184 }, 185 Severity: types.SeverityHigh, 186 }, 187 }, 188 { 189 Key: []string{"vulnerability-id", "CVE-2018-1094"}, 190 Value: map[string]interface{}{}, 191 }, 192 { 193 Key: []string{"vulnerability-id", "CVE-2018-19824"}, 194 Value: map[string]interface{}{}, 195 }, 196 }, 197 }, 198 { 199 name: "happy path ELSA-ID", 200 dir: filepath.Join("testdata", "elsa-id"), 201 wantValues: []vulnsrctest.WantValues{ 202 { 203 Key: []string{"data-source", "Oracle Linux 5"}, 204 Value: types.DataSource{ 205 ID: vulnerability.OracleOVAL, 206 Name: "Oracle Linux OVAL definitions", 207 URL: "https://linux.oracle.com/security/oval/", 208 }, 209 }, 210 { 211 Key: []string{"advisory-detail", "ELSA-2007-0057", "Oracle Linux 5", "bind-devel"}, 212 Value: types.Advisory{ 213 FixedVersion: "9.3.3-8.el5", 214 }, 215 }, 216 { 217 Key: []string{"vulnerability-detail", "ELSA-2007-0057", "oracle-oval"}, 218 Value: types.VulnerabilityDetail{ 219 Title: "ELSA-2007-0057: Moderate: bind security update (MODERATE)", 220 Description: "[0:9.3.3-8]\n - added fix for #224445 - CVE-2007-0493 BIND might crash after\n attempting to read free()-ed memory\n - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service\n - Resolves: rhbz#224445\n - Resolves: rhbz#225229", 221 References: []string{ 222 "http://linux.oracle.com/errata/ELSA-2007-0057.html", 223 }, 224 Severity: types.SeverityMedium, 225 }, 226 }, 227 { 228 Key: []string{"vulnerability-id", "ELSA-2007-0057"}, 229 Value: map[string]interface{}{}, 230 }, 231 }, 232 }, 233 { 234 name: "unknown platform", 235 dir: filepath.Join("testdata", "unknown-platform"), 236 wantValues: []vulnsrctest.WantValues{ 237 { 238 Key: []string{"vulnerability-detail", "CVE-0001-0001", "oracle-oval"}, 239 Value: types.VulnerabilityDetail{ 240 Title: "ELSA-0001-0001: Moderate: empty security update (N/A)", 241 Description: "empty description", 242 References: []string{ 243 "http://linux.oracle.com/cve/CVE-0001-0001.html", 244 "http://linux.oracle.com/errata/ELSA-0001-0001.html", 245 }, 246 Severity: types.SeverityUnknown, 247 }, 248 }, 249 { 250 Key: []string{"vulnerability-id", "CVE-0001-0001"}, 251 Value: map[string]interface{}{}, 252 }, 253 }, 254 }, 255 { 256 name: "sad path (dir doesn't exist)", 257 dir: filepath.Join("testdata", "badPath"), 258 wantErr: "no such file or directory", 259 }, 260 { 261 name: "sad path (failed to decode)", 262 dir: filepath.Join("testdata", "sad"), 263 wantErr: "failed to decode Oracle Linux OVAL JSON", 264 }, 265 } 266 for _, tt := range tests { 267 t.Run(tt.name, func(t *testing.T) { 268 vs := NewVulnSrc() 269 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 270 Dir: tt.dir, 271 WantValues: tt.wantValues, 272 WantErr: tt.wantErr, 273 }) 274 }) 275 } 276 } 277 278 func TestVulnSrc_Get(t *testing.T) { 279 tests := []struct { 280 name string 281 fixtures []string 282 version string 283 pkgName string 284 want []types.Advisory 285 wantErr string 286 }{ 287 { 288 name: "happy path", 289 fixtures: []string{"testdata/fixtures/happy.yaml"}, 290 version: "8", 291 pkgName: "bind", 292 want: []types.Advisory{ 293 { 294 VulnerabilityID: "ELSA-2019-1145", 295 FixedVersion: "32:9.11.4-17.P2.el8_0", 296 }, 297 }, 298 }, 299 { 300 name: "no advisories are returned", 301 fixtures: []string{"testdata/fixtures/happy.yaml"}, 302 version: "8", 303 pkgName: "no-package", 304 want: nil, 305 }, 306 { 307 name: "GetAdvisories returns an error", 308 fixtures: []string{"testdata/fixtures/sad.yaml"}, 309 version: "8", 310 pkgName: "bind", 311 wantErr: "failed to unmarshal advisory JSON", 312 }, 313 } 314 for _, tt := range tests { 315 t.Run(tt.name, func(t *testing.T) { 316 vs := NewVulnSrc() 317 vulnsrctest.TestGet(t, vs, vulnsrctest.TestGetArgs{ 318 Fixtures: tt.fixtures, 319 WantValues: tt.want, 320 Release: tt.version, 321 PkgName: tt.pkgName, 322 WantErr: tt.wantErr, 323 }) 324 }) 325 } 326 }