github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/redhat-oval/redhat-oval_test.go (about) 1 package redhatoval_test 2 3 import ( 4 "os" 5 "path/filepath" 6 "sort" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 12 "github.com/khulnasoft-lab/tunnel-db/pkg/db" 13 "github.com/khulnasoft-lab/tunnel-db/pkg/dbtest" 14 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 15 "github.com/khulnasoft-lab/tunnel-db/pkg/utils" 16 redhat "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/redhat-oval" 17 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 18 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 19 ) 20 21 func TestMain(m *testing.M) { 22 utils.Quiet = true 23 os.Exit(m.Run()) 24 } 25 26 func TestVulnSrc_Update(t *testing.T) { 27 tests := []struct { 28 name string 29 dir string 30 wantValues []vulnsrctest.WantValues 31 wantErr string 32 }{ 33 { 34 name: "happy path", 35 dir: filepath.Join("testdata", "happy"), 36 wantValues: []vulnsrctest.WantValues{ 37 { 38 Key: []string{ 39 "data-source", 40 "Red Hat", 41 }, 42 Value: types.DataSource{ 43 ID: vulnerability.RedHatOVAL, 44 Name: "Red Hat OVAL v2", 45 URL: "https://www.redhat.com/security/data/oval/v2/", 46 }, 47 }, 48 { 49 Key: []string{ 50 "Red Hat CPE", 51 "cpe", 52 "0", 53 }, 54 Value: "cpe:/a:redhat:enterprise_linux:7", 55 }, 56 { 57 Key: []string{ 58 "Red Hat CPE", 59 "cpe", 60 "1", 61 }, 62 Value: "cpe:/a:redhat:enterprise_linux:8", 63 }, 64 { 65 Key: []string{ 66 "Red Hat CPE", 67 "cpe", 68 "2", 69 }, 70 Value: "cpe:/a:redhat:enterprise_linux:8::appstream", 71 }, 72 { 73 Key: []string{ 74 "Red Hat CPE", 75 "cpe", 76 "3", 77 }, 78 Value: "cpe:/a:redhat:enterprise_linux:8::crb", 79 }, 80 { 81 Key: []string{ 82 "Red Hat CPE", 83 "cpe", 84 "4", 85 }, 86 Value: "cpe:/a:redhat:rhel_eus:8.1", 87 }, 88 { 89 Key: []string{ 90 "Red Hat CPE", 91 "cpe", 92 "5", 93 }, 94 Value: "cpe:/o:redhat:enterprise_linux:7::server", 95 }, 96 { 97 Key: []string{ 98 "Red Hat CPE", 99 "cpe", 100 "6", 101 }, 102 Value: "cpe:/o:redhat:enterprise_linux:8::baseos", 103 }, 104 { 105 Key: []string{ 106 "Red Hat CPE", 107 "repository", 108 "rhel-8-for-x86_64-baseos-rpms", 109 }, 110 Value: []int{6}, 111 }, 112 { 113 Key: []string{ 114 "Red Hat CPE", 115 "nvr", 116 "3scale-amp-apicast-gateway-container-1.11-1-x86_64", 117 }, 118 Value: []int{5}, 119 }, 120 { 121 Key: []string{ 122 "advisory-detail", 123 "CVE-2020-11879", 124 "Red Hat", 125 "evolution", 126 }, 127 Value: redhat.Advisory{ 128 Entries: []redhat.Entry{ 129 { 130 Status: types.StatusWillNotFix, 131 FixedVersion: "", 132 AffectedCPEIndices: []int{1}, 133 Cves: []redhat.CveEntry{ 134 { 135 ID: "", 136 Severity: types.SeverityMedium, 137 }, 138 }, 139 }, 140 }, 141 }, 142 }, 143 { 144 Key: []string{ 145 "advisory-detail", 146 "RHSA-2020:5624", 147 "Red Hat", 148 "thunderbird", 149 }, 150 Value: redhat.Advisory{ 151 Entries: []redhat.Entry{ 152 { 153 FixedVersion: "0:78.6.0-1.el8_3", 154 AffectedCPEIndices: []int{ 155 1, 156 2, 157 6, 158 }, 159 Arches: []string{ 160 "aarch64", 161 "ppc64le", 162 "x86_64", 163 }, 164 Cves: []redhat.CveEntry{ 165 { 166 ID: "CVE-2020-16042", 167 Severity: types.SeverityHigh, 168 }, 169 { 170 ID: "CVE-2020-26971", 171 Severity: types.SeverityHigh, 172 }, 173 }, 174 }, 175 }, 176 }, 177 }, 178 { 179 Key: []string{ 180 "advisory-detail", 181 "RHSA-2020:5624", 182 "Red Hat", 183 "thunderbird-debugsource", 184 }, 185 Value: redhat.Advisory{ 186 Entries: []redhat.Entry{ 187 { 188 FixedVersion: "0:78.6.0-1.el8_3", 189 AffectedCPEIndices: []int{ 190 1, 191 2, 192 6, 193 }, 194 Arches: []string{ 195 "aarch64", 196 "ppc64le", 197 "x86_64", 198 }, 199 Cves: []redhat.CveEntry{ 200 { 201 ID: "CVE-2020-16042", 202 Severity: types.SeverityHigh, 203 }, 204 { 205 ID: "CVE-2020-26971", 206 Severity: types.SeverityHigh, 207 }, 208 }, 209 }, 210 }, 211 }, 212 }, 213 { 214 Key: []string{ 215 "advisory-detail", 216 "RHSA-2020:4751", 217 "Red Hat", 218 "httpd:2.4::httpd", 219 }, 220 Value: redhat.Advisory{ 221 Entries: []redhat.Entry{ 222 { 223 FixedVersion: "0:2.4.37-30.module+el7.3.0+7001+0766b9e7", 224 AffectedCPEIndices: []int{ 225 0, 226 5, 227 }, 228 Arches: []string{ 229 "aarch64", 230 "ppc64le", 231 "s390x", 232 "x86_64", 233 }, 234 Cves: []redhat.CveEntry{ 235 { 236 ID: "CVE-2018-17189", 237 Severity: types.SeverityCritical, 238 }, 239 }, 240 }, 241 { 242 FixedVersion: "0:2.4.37-30.module+el8.3.0+7001+0766b9e7", 243 AffectedCPEIndices: []int{ 244 1, 245 2, 246 }, 247 Arches: []string{ 248 "aarch64", 249 "ppc64le", 250 "s390x", 251 "x86_64", 252 }, 253 Cves: []redhat.CveEntry{ 254 { 255 ID: "CVE-2018-17189", 256 Severity: types.SeverityLow, 257 }, 258 }, 259 }, 260 }, 261 }, 262 }, 263 { 264 Key: []string{ 265 "advisory-detail", 266 "CVE-2020-14342", 267 "Red Hat", 268 "cifs-utils", 269 }, 270 Value: redhat.Advisory{ 271 Entries: []redhat.Entry{ 272 { 273 Status: types.StatusAffected, 274 FixedVersion: "", 275 AffectedCPEIndices: []int{ 276 3, 277 5, 278 }, 279 Cves: []redhat.CveEntry{ 280 { 281 Severity: types.SeverityLow, 282 }, 283 }, 284 }, 285 }, 286 }, 287 }, 288 { 289 Key: []string{ 290 "advisory-detail", 291 "RHSA-2020:9999", 292 "Red Hat", 293 "thunderbird", 294 }, 295 Value: redhat.Advisory{ 296 Entries: []redhat.Entry{ 297 { 298 FixedVersion: "0:999.el8_3", 299 AffectedCPEIndices: []int{4}, 300 Arches: []string{ 301 "aarch64", 302 "ppc64le", 303 "x86_64", 304 }, 305 Cves: []redhat.CveEntry{ 306 { 307 ID: "CVE-2020-26971", 308 Severity: types.SeverityCritical, 309 }, 310 { 311 ID: "CVE-2020-26972", 312 Severity: types.SeverityMedium, 313 }, 314 }, 315 }, 316 }, 317 }, 318 }, 319 }, 320 }, 321 { 322 name: "happy path with different severity for different platforms", 323 dir: filepath.Join("testdata", "different-severity"), 324 wantValues: []vulnsrctest.WantValues{ 325 { 326 Key: []string{ 327 "data-source", 328 "Red Hat", 329 }, 330 Value: types.DataSource{ 331 ID: vulnerability.RedHatOVAL, 332 Name: "Red Hat OVAL v2", 333 URL: "https://www.redhat.com/security/data/oval/v2/", 334 }, 335 }, 336 { 337 Key: []string{ 338 "Red Hat CPE", 339 "cpe", 340 "0", 341 }, 342 Value: "cpe:/a:redhat:enterprise_linux:8", 343 }, 344 { 345 Key: []string{ 346 "Red Hat CPE", 347 "cpe", 348 "1", 349 }, 350 Value: "cpe:/a:redhat:enterprise_linux:8::appstream", 351 }, 352 { 353 Key: []string{ 354 "Red Hat CPE", 355 "cpe", 356 "2", 357 }, 358 Value: "cpe:/a:redhat:enterprise_linux:8::crb", 359 }, 360 { 361 Key: []string{ 362 "Red Hat CPE", 363 "cpe", 364 "3", 365 }, 366 Value: "cpe:/a:redhat:enterprise_linux:8::highavailability", 367 }, 368 { 369 Key: []string{ 370 "Red Hat CPE", 371 "cpe", 372 "4", 373 }, 374 Value: "cpe:/a:redhat:enterprise_linux:8::nfv", 375 }, 376 { 377 Key: []string{ 378 "Red Hat CPE", 379 "cpe", 380 "5", 381 }, 382 Value: "cpe:/a:redhat:enterprise_linux:8::realtime", 383 }, 384 { 385 Key: []string{ 386 "Red Hat CPE", 387 "cpe", 388 "6", 389 }, 390 Value: "cpe:/a:redhat:enterprise_linux:8::resilientstorage", 391 }, 392 { 393 Key: []string{ 394 "Red Hat CPE", 395 "cpe", 396 "7", 397 }, 398 Value: "cpe:/a:redhat:enterprise_linux:8::sap", 399 }, 400 { 401 Key: []string{ 402 "Red Hat CPE", 403 "cpe", 404 "8", 405 }, 406 Value: "cpe:/a:redhat:enterprise_linux:8::sap_hana", 407 }, 408 { 409 Key: []string{ 410 "Red Hat CPE", 411 "cpe", 412 "9", 413 }, 414 Value: "cpe:/a:redhat:enterprise_linux:8::supplementary", 415 }, 416 { 417 Key: []string{ 418 "Red Hat CPE", 419 "cpe", 420 "10", 421 }, 422 Value: "cpe:/a:redhat:rhel_extras:7", 423 }, 424 { 425 Key: []string{ 426 "Red Hat CPE", 427 "cpe", 428 "11", 429 }, 430 Value: "cpe:/a:redhat:rhel_extras_oracle_java:7", 431 }, 432 { 433 Key: []string{ 434 "Red Hat CPE", 435 "cpe", 436 "12", 437 }, 438 Value: "cpe:/a:redhat:rhel_extras_rt:7", 439 }, 440 { 441 Key: []string{ 442 "Red Hat CPE", 443 "cpe", 444 "13", 445 }, 446 Value: "cpe:/a:redhat:rhel_extras_sap:7", 447 }, 448 { 449 Key: []string{ 450 "Red Hat CPE", 451 "cpe", 452 "14", 453 }, 454 Value: "cpe:/a:redhat:rhel_extras_sap_hana:7", 455 }, 456 { 457 Key: []string{ 458 "Red Hat CPE", 459 "cpe", 460 "15", 461 }, 462 Value: "cpe:/o:redhat:enterprise_linux:7", 463 }, 464 { 465 Key: []string{ 466 "Red Hat CPE", 467 "cpe", 468 "16", 469 }, 470 Value: "cpe:/o:redhat:enterprise_linux:7::client", 471 }, 472 { 473 Key: []string{ 474 "Red Hat CPE", 475 "cpe", 476 "17", 477 }, 478 Value: "cpe:/o:redhat:enterprise_linux:7::computenode", 479 }, 480 { 481 Key: []string{ 482 "Red Hat CPE", 483 "cpe", 484 "18", 485 }, 486 Value: "cpe:/o:redhat:enterprise_linux:7::container", 487 }, 488 { 489 Key: []string{ 490 "Red Hat CPE", 491 "cpe", 492 "19", 493 }, 494 Value: "cpe:/o:redhat:enterprise_linux:7::containers", 495 }, 496 { 497 Key: []string{ 498 "Red Hat CPE", 499 "cpe", 500 "20", 501 }, 502 Value: "cpe:/o:redhat:enterprise_linux:7::server", 503 }, 504 { 505 Key: []string{ 506 "Red Hat CPE", 507 "cpe", 508 "21", 509 }, 510 Value: "cpe:/o:redhat:enterprise_linux:7::workstation", 511 }, 512 { 513 Key: []string{ 514 "Red Hat CPE", 515 "repository", 516 "rhel-8-for-x86_64-baseos-rpms", 517 }, 518 Value: []int{23}, 519 }, 520 { 521 Key: []string{ 522 "Red Hat CPE", 523 "nvr", 524 "3scale-amp-apicast-gateway-container-1.11-1-x86_64", 525 }, 526 Value: []int{20}, 527 }, 528 { 529 Key: []string{ 530 "advisory-detail", 531 "CVE-2020-21674", 532 "Red Hat", 533 "bsdcpio", 534 }, 535 Value: redhat.Advisory{ 536 Entries: []redhat.Entry{ 537 { 538 FixedVersion: "", 539 AffectedCPEIndices: []int{ 540 10, 541 11, 542 12, 543 13, 544 14, 545 15, 546 16, 547 17, 548 18, 549 19, 550 20, 551 21, 552 }, 553 Cves: []redhat.CveEntry{ 554 { 555 ID: "", 556 Severity: types.SeverityMedium, 557 }, 558 }, 559 }, 560 }, 561 }, 562 }, 563 { 564 Key: []string{ 565 "advisory-detail", 566 "CVE-2020-21674", 567 "Red Hat", 568 "bsdtar", 569 }, 570 Value: redhat.Advisory{ 571 Entries: []redhat.Entry{ 572 { 573 FixedVersion: "", 574 AffectedCPEIndices: []int{ 575 10, 576 11, 577 12, 578 13, 579 14, 580 15, 581 16, 582 17, 583 18, 584 19, 585 20, 586 21, 587 }, 588 Cves: []redhat.CveEntry{ 589 { 590 ID: "", 591 Severity: types.SeverityMedium, 592 }, 593 }, 594 }, 595 { 596 FixedVersion: "", 597 AffectedCPEIndices: []int{ 598 0, 599 1, 600 2, 601 3, 602 4, 603 5, 604 6, 605 7, 606 8, 607 9, 608 22, 609 23, 610 }, 611 Cves: []redhat.CveEntry{ 612 { 613 ID: "", 614 Severity: types.SeverityLow, 615 }, 616 }, 617 }, 618 }, 619 }, 620 }, 621 { 622 Key: []string{ 623 "advisory-detail", 624 "CVE-2020-21674", 625 "Red Hat", 626 "libarchive", 627 }, 628 Value: redhat.Advisory{ 629 Entries: []redhat.Entry{ 630 { 631 FixedVersion: "", 632 AffectedCPEIndices: []int{ 633 10, 634 11, 635 12, 636 13, 637 14, 638 15, 639 16, 640 17, 641 18, 642 19, 643 20, 644 21, 645 }, 646 Cves: []redhat.CveEntry{ 647 { 648 ID: "", 649 Severity: types.SeverityMedium, 650 }, 651 }, 652 }, 653 { 654 FixedVersion: "", 655 AffectedCPEIndices: []int{ 656 0, 657 1, 658 2, 659 3, 660 4, 661 5, 662 6, 663 7, 664 8, 665 9, 666 22, 667 23, 668 }, 669 Cves: []redhat.CveEntry{ 670 { 671 ID: "", 672 Severity: types.SeverityLow, 673 }, 674 }, 675 }, 676 }, 677 }, 678 }, 679 { 680 Key: []string{ 681 "advisory-detail", 682 "CVE-2020-21674", 683 "Red Hat", 684 "libarchive-debugsource", 685 }, 686 Value: redhat.Advisory{ 687 Entries: []redhat.Entry{ 688 { 689 FixedVersion: "", 690 AffectedCPEIndices: []int{ 691 0, 692 1, 693 2, 694 3, 695 4, 696 5, 697 6, 698 7, 699 8, 700 9, 701 22, 702 23, 703 }, 704 Cves: []redhat.CveEntry{ 705 { 706 ID: "", 707 Severity: types.SeverityLow, 708 }, 709 }, 710 }, 711 }, 712 }, 713 }, 714 { 715 Key: []string{ 716 "advisory-detail", 717 "CVE-2020-21674", 718 "Red Hat", 719 "libarchive-devel", 720 }, 721 Value: redhat.Advisory{ 722 Entries: []redhat.Entry{ 723 { 724 FixedVersion: "", 725 AffectedCPEIndices: []int{ 726 10, 727 11, 728 12, 729 13, 730 14, 731 15, 732 16, 733 17, 734 18, 735 19, 736 20, 737 21, 738 }, 739 Cves: []redhat.CveEntry{ 740 { 741 ID: "", 742 Severity: types.SeverityMedium, 743 }, 744 }, 745 }, 746 { 747 FixedVersion: "", 748 AffectedCPEIndices: []int{ 749 0, 750 1, 751 2, 752 3, 753 4, 754 5, 755 6, 756 7, 757 8, 758 9, 759 22, 760 23, 761 }, 762 Cves: []redhat.CveEntry{ 763 { 764 ID: "", 765 Severity: types.SeverityLow, 766 }, 767 }, 768 }, 769 }, 770 }, 771 }, 772 }, 773 }, 774 { 775 name: "no definitions dir", 776 dir: filepath.Join("testdata", "no-definitions"), 777 }, 778 { 779 name: "repository-to-cpe is unavailable", 780 dir: filepath.Join("testdata", "no-repo-to-cpe"), 781 wantErr: "no such file or directory", 782 }, 783 { 784 name: "broken repo-to-cpe", 785 dir: filepath.Join("testdata", "broken-repo-to-cpe"), 786 wantErr: "JSON parse error", 787 }, 788 { 789 name: "broken JSON", 790 dir: filepath.Join("testdata", "sad"), 791 wantErr: "failed to decode", 792 }, 793 } 794 795 for _, tt := range tests { 796 t.Run(tt.name, func(t *testing.T) { 797 vs := redhat.NewVulnSrc() 798 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 799 Dir: tt.dir, 800 WantValues: tt.wantValues, 801 WantErr: tt.wantErr, 802 }) 803 }) 804 } 805 } 806 807 func TestVulnSrc_Get(t *testing.T) { 808 type args struct { 809 pkgName string 810 repositories []string 811 nvrs []string 812 } 813 tests := []struct { 814 name string 815 args args 816 fixtures []string 817 want []types.Advisory 818 wantErr string 819 }{ 820 { 821 name: "repository", 822 args: args{ 823 pkgName: "bind", 824 repositories: []string{"rhel-8-for-x86_64-baseos-rpms"}, 825 }, 826 fixtures: []string{ 827 "testdata/fixtures/happy.yaml", 828 "testdata/fixtures/cpe.yaml", 829 "testdata/fixtures/data-source.yaml", 830 }, 831 want: []types.Advisory{ 832 { 833 VulnerabilityID: "CVE-2017-3145", 834 VendorIDs: []string{"RHSA-2018:0488"}, 835 Severity: types.SeverityHigh, 836 FixedVersion: "32:9.9.4-29.el7_2.8", 837 Arches: []string{ 838 "i386", 839 "ppc64", 840 "x86_64", 841 }, 842 DataSource: &types.DataSource{ 843 ID: vulnerability.RedHatOVAL, 844 Name: "Red Hat OVAL v2", 845 URL: "https://www.redhat.com/security/data/oval/v2/", 846 }, 847 }, 848 { 849 VulnerabilityID: "CVE-2020-8625", 850 Severity: types.SeverityLow, 851 DataSource: &types.DataSource{ 852 ID: vulnerability.RedHatOVAL, 853 Name: "Red Hat OVAL v2", 854 URL: "https://www.redhat.com/security/data/oval/v2/", 855 }, 856 }, 857 }, 858 }, 859 { 860 name: "nvr", 861 args: args{ 862 pkgName: "bind", 863 nvrs: []string{"ubi8-init-container-8.0-7-x86_64"}, 864 }, 865 fixtures: []string{ 866 "testdata/fixtures/happy.yaml", 867 "testdata/fixtures/cpe.yaml", 868 "testdata/fixtures/data-source.yaml", 869 }, 870 want: []types.Advisory{ 871 { 872 VulnerabilityID: "CVE-2017-3145", 873 VendorIDs: []string{"RHSA-2018:0488"}, 874 Severity: types.SeverityHigh, 875 FixedVersion: "32:9.9.4-29.el7_2.8", 876 Arches: []string{ 877 "i386", 878 "ppc64", 879 "x86_64", 880 }, 881 DataSource: &types.DataSource{ 882 ID: vulnerability.RedHatOVAL, 883 Name: "Red Hat OVAL v2", 884 URL: "https://www.redhat.com/security/data/oval/v2/", 885 }, 886 }, 887 { 888 VulnerabilityID: "CVE-2020-8625", 889 Severity: types.SeverityLow, 890 DataSource: &types.DataSource{ 891 ID: vulnerability.RedHatOVAL, 892 Name: "Red Hat OVAL v2", 893 URL: "https://www.redhat.com/security/data/oval/v2/", 894 }, 895 }, 896 }, 897 }, 898 { 899 name: "no CPE match", 900 args: args{ 901 pkgName: "bind", 902 repositories: []string{"3scale-amp-2-rpms-for-rhel-8-x86_64-debug-rpms"}, 903 }, 904 fixtures: []string{ 905 "testdata/fixtures/happy.yaml", 906 "testdata/fixtures/cpe.yaml", 907 }, 908 want: []types.Advisory(nil), 909 }, 910 { 911 // This case should not be happened 912 name: "unknown repository", 913 args: args{ 914 pkgName: "bind", 915 repositories: []string{"unknown"}, 916 }, 917 fixtures: []string{ 918 "testdata/fixtures/happy.yaml", 919 "testdata/fixtures/cpe.yaml", 920 }, 921 want: []types.Advisory(nil), 922 }, 923 { 924 name: "no advisory bucket", 925 args: args{ 926 pkgName: "bind", 927 repositories: []string{"rhel-8-for-x86_64-baseos-rpms"}, 928 }, 929 fixtures: []string{"testdata/fixtures/cpe.yaml"}, 930 want: []types.Advisory(nil), 931 }, 932 { 933 name: "no CPE bucket", 934 args: args{ 935 pkgName: "bind", 936 repositories: []string{"rhel-8-for-x86_64-baseos-rpms"}, 937 }, 938 fixtures: []string{"testdata/fixtures/happy.yaml"}, 939 want: []types.Advisory(nil), 940 }, 941 { 942 name: "broken JSON", 943 args: args{ 944 pkgName: "bind", 945 repositories: []string{"rhel-8-for-x86_64-baseos-rpms"}, 946 }, 947 fixtures: []string{ 948 "testdata/fixtures/broken.yaml", 949 "testdata/fixtures/cpe.yaml", 950 }, 951 want: []types.Advisory(nil), 952 wantErr: "failed to unmarshal advisory JSON", 953 }, 954 } 955 for _, tt := range tests { 956 t.Run(tt.name, func(t *testing.T) { 957 _ = dbtest.InitDB(t, tt.fixtures) 958 defer db.Close() 959 960 vs := redhat.NewVulnSrc() 961 got, err := vs.Get(tt.args.pkgName, tt.args.repositories, tt.args.nvrs) 962 963 if tt.wantErr != "" { 964 require.NotNil(t, err) 965 assert.Contains(t, err.Error(), tt.wantErr) 966 return 967 } 968 969 sort.Slice(got, func(i, j int) bool { 970 return got[i].VulnerabilityID < got[j].VulnerabilityID 971 }) 972 973 // Compare 974 assert.NoError(t, err) 975 assert.Equal(t, tt.want, got) 976 }) 977 } 978 }