github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/redhat/redhat_test.go (about) 1 package redhat 2 3 import ( 4 "os" 5 "path/filepath" 6 "testing" 7 8 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 9 "github.com/khulnasoft-lab/tunnel-db/pkg/utils" 10 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 11 ) 12 13 func TestMain(m *testing.M) { 14 utils.Quiet = true 15 os.Exit(m.Run()) 16 } 17 18 func TestVulnSrc_Update(t *testing.T) { 19 tests := []struct { 20 name string 21 dir string 22 wantValues []vulnsrctest.WantValues 23 wantErr string 24 }{ 25 { 26 name: "happy1: AffectedRelease is an array", 27 dir: filepath.Join("testdata", "happy1"), 28 wantValues: []vulnsrctest.WantValues{ 29 { 30 Key: []string{"vulnerability-detail", "CVE-2019-0160", "redhat"}, 31 Value: types.VulnerabilityDetail{ 32 CvssScoreV3: 5.9, 33 CvssVectorV3: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", 34 Severity: types.SeverityMedium, 35 References: []string{ 36 "https://access.redhat.com/security/cve/CVE-2019-0160", 37 }, 38 Title: "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media", 39 Description: "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.\n \nBuffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.", 40 }, 41 }, 42 { 43 Key: []string{"vulnerability-id", "CVE-2019-0160"}, 44 Value: map[string]interface{}{}, 45 }, 46 }, 47 }, 48 { 49 name: "happy2: AffectedRelease is an object", 50 dir: filepath.Join("testdata", "happy2"), 51 wantValues: []vulnsrctest.WantValues{ 52 { 53 Key: []string{"vulnerability-detail", "CVE-2018-6044", "redhat"}, 54 Value: types.VulnerabilityDetail{ 55 CvssScoreV3: 4.3, 56 CvssVectorV3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", 57 Severity: types.SeverityLow, 58 References: []string{ 59 "\nhttps://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html\n ", 60 "https://access.redhat.com/security/cve/CVE-2018-6044", 61 }, 62 Title: "chromium-browser: Request privilege escalation in Extensions", 63 Description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", 64 }, 65 }, 66 { 67 Key: []string{"vulnerability-id", "CVE-2018-6044"}, 68 Value: map[string]interface{}{}, 69 }, 70 }, 71 }, 72 { 73 name: "happy3: PackageState is an array", 74 dir: filepath.Join("testdata", "happy3"), 75 wantValues: []vulnsrctest.WantValues{ 76 { 77 Key: []string{"vulnerability-detail", "CVE-2019-8559", "redhat"}, 78 Value: types.VulnerabilityDetail{ 79 CvssScoreV3: 6.3, 80 CvssVectorV3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", 81 Severity: types.SeverityMedium, 82 References: []string{ 83 "https://access.redhat.com/security/cve/CVE-2019-8559", 84 }, 85 Title: "webkitgtk: malicious web content leads to arbitrary code execution", 86 Description: "No description is available for this CVE.", 87 }, 88 }, 89 { 90 Key: []string{"vulnerability-id", "CVE-2019-8559"}, 91 Value: map[string]interface{}{}, 92 }, 93 }, 94 }, 95 { 96 name: "happy4: PackageState is an object", 97 dir: filepath.Join("testdata", "happy4"), 98 wantValues: []vulnsrctest.WantValues{ 99 { 100 Key: []string{"vulnerability-detail", "CVE-2004-2680", "redhat"}, 101 Value: types.VulnerabilityDetail{ 102 Severity: types.SeverityLow, 103 References: []string{ 104 "https://access.redhat.com/security/cve/CVE-2004-2680", 105 }, 106 Title: "mod_python arbitrary data disclosure flaw", 107 Description: "mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.", 108 }, 109 }, 110 { 111 Key: []string{"vulnerability-id", "CVE-2004-2680"}, 112 Value: map[string]interface{}{}, 113 }, 114 }, 115 }, 116 { 117 name: "happy5: PackageName is empty", 118 dir: filepath.Join("testdata", "happy5"), 119 wantValues: []vulnsrctest.WantValues{ 120 { 121 Key: []string{"vulnerability-detail", "CVE-2019-0160", "redhat"}, 122 Value: types.VulnerabilityDetail{ 123 CvssScoreV3: 5.9, 124 CvssVectorV3: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", 125 Severity: types.SeverityCritical, 126 References: []string{ 127 "https://access.redhat.com/security/cve/CVE-2019-0160", 128 }, 129 Title: "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media", 130 Description: "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.\n \nBuffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.", 131 }, 132 }, 133 { 134 Key: []string{"vulnerability-id", "CVE-2019-0160"}, 135 Value: map[string]interface{}{}, 136 }, 137 }, 138 }, 139 { 140 name: "happy6: unknown platform", 141 dir: filepath.Join("testdata", "happy6"), 142 wantValues: []vulnsrctest.WantValues{ 143 { 144 Key: []string{"vulnerability-detail", "CVE-2019-8559", "redhat"}, 145 Value: types.VulnerabilityDetail{ 146 CvssScoreV3: 6.3, 147 CvssVectorV3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", 148 Severity: types.SeverityHigh, 149 References: []string{ 150 "https://access.redhat.com/security/cve/CVE-2019-8559", 151 }, 152 Title: "webkitgtk: malicious web content leads to arbitrary code execution", 153 Description: "No description is available for this CVE.", 154 }, 155 }, 156 { 157 Key: []string{"vulnerability-id", "CVE-2019-8559"}, 158 Value: map[string]interface{}{}, 159 }, 160 }, 161 }, 162 { 163 name: "happy7: unknown status", 164 dir: filepath.Join("testdata", "happy7"), 165 wantValues: []vulnsrctest.WantValues{ 166 { 167 Key: []string{"vulnerability-detail", "CVE-2019-8559", "redhat"}, 168 Value: types.VulnerabilityDetail{ 169 CvssScoreV3: 6.3, 170 CvssVectorV3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", 171 Severity: types.SeverityUnknown, 172 References: []string{ 173 "https://access.redhat.com/security/cve/CVE-2019-8559", 174 }, 175 Title: "webkitgtk: malicious web content leads to arbitrary code execution", 176 Description: "No description is available for this CVE.", 177 }, 178 }, 179 { 180 Key: []string{"vulnerability-id", "CVE-2019-8559"}, 181 Value: map[string]interface{}{}, 182 }, 183 }, 184 }, 185 { 186 name: "sad1: AffectedRelease is an invalid array", 187 dir: filepath.Join("testdata", "sad1"), 188 wantErr: "json: cannot unmarshal string into Go struct field RedhatCVEAffectedReleaseArray.affected_release of type redhat.RedhatAffectedRelease", 189 }, 190 { 191 name: "sad2: AffectedRelease is an invalid object", 192 dir: filepath.Join("testdata", "sad2"), 193 wantErr: "json: cannot unmarshal number into Go struct field RedhatAffectedRelease.affected_release.product_name of type string", 194 }, 195 { 196 name: "sad3: PackageState is an invalid array", 197 dir: filepath.Join("testdata", "sad3"), 198 wantErr: "json: cannot unmarshal string into Go struct field RedhatCVEPackageStateArray.package_state of type redhat.RedhatPackageState", 199 }, 200 { 201 name: "sad4: PackageState is an invalid object", 202 dir: filepath.Join("testdata", "sad4"), 203 wantErr: "json: cannot unmarshal number into Go struct field RedhatPackageState.package_state.product_name of type string", 204 }, 205 { 206 name: "sad5: invalid JSON", 207 dir: filepath.Join("testdata", "sad5"), 208 wantErr: "json: cannot unmarshal string into Go value of type redhat.RedhatCVE", 209 }, 210 { 211 name: "sad6: AffectedRelease is an unknown type", 212 dir: filepath.Join("testdata", "sad6"), 213 wantErr: "unknown affected_release type", 214 }, 215 { 216 name: "sad7: PackageState is an unknown type", 217 dir: filepath.Join("testdata", "sad7"), 218 wantErr: "unknown package_state type", 219 }, 220 { 221 name: "sad8: failed to decode", 222 dir: filepath.Join("testdata", "sad8"), 223 wantErr: "failed to decode RedHat JSON", 224 }, 225 { 226 name: "sad9: dir doesn't exist", 227 dir: filepath.Join("testdata", "badPath"), 228 wantErr: "no such file or directory", 229 }, 230 } 231 for _, tt := range tests { 232 t.Run(tt.name, func(t *testing.T) { 233 vs := NewVulnSrc() 234 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 235 Dir: tt.dir, 236 WantValues: tt.wantValues, 237 WantErr: tt.wantErr, 238 }) 239 }) 240 } 241 }