github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/rocky/rocky_test.go (about) 1 package rocky_test 2 3 import ( 4 "path/filepath" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 10 "github.com/khulnasoft-lab/tunnel-db/pkg/db" 11 "github.com/khulnasoft-lab/tunnel-db/pkg/dbtest" 12 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 13 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/rocky" 14 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 15 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 16 ) 17 18 func TestVulnSrc_Update(t *testing.T) { 19 tests := []struct { 20 name string 21 dir string 22 wantValues []vulnsrctest.WantValues 23 wantErr string 24 }{ 25 { 26 name: "happy path", 27 dir: filepath.Join("testdata", "happy"), 28 wantValues: []vulnsrctest.WantValues{ 29 { 30 Key: []string{ 31 "data-source", 32 "rocky 8", 33 }, 34 Value: types.DataSource{ 35 ID: vulnerability.Rocky, 36 Name: "Rocky Linux updateinfo", 37 URL: "https://download.rockylinux.org/pub/rocky/", 38 }, 39 }, 40 { 41 Key: []string{ 42 "advisory-detail", 43 "CVE-2021-25215", 44 "rocky 8", 45 "bind-export-libs", 46 }, 47 Value: types.Advisories{ 48 FixedVersion: "32:9.11.26-4.el8_4", 49 Entries: []types.Advisory{ 50 { 51 FixedVersion: "32:9.11.26-4.el8_4", 52 Arches: []string{ 53 "aarch64", 54 "i686", 55 "x86_64", 56 }, 57 VendorIDs: []string{"RLSA-2021:1989"}, 58 }, 59 }, 60 }, 61 }, 62 { 63 Key: []string{ 64 "advisory-detail", 65 "CVE-2021-25215", 66 "rocky 8", 67 "bind-export-devel", 68 }, 69 Value: types.Advisories{ 70 FixedVersion: "32:9.11.26-4.el8_4", 71 Entries: []types.Advisory{ 72 { 73 FixedVersion: "32:9.11.26-4.el8_4", 74 Arches: []string{ 75 "aarch64", 76 "i686", 77 "x86_64", 78 }, 79 VendorIDs: []string{"RLSA-2021:1989"}, 80 }, 81 }, 82 }, 83 }, 84 { 85 Key: []string{ 86 "vulnerability-detail", 87 "CVE-2021-25215", 88 string(vulnerability.Rocky), 89 }, 90 Value: types.VulnerabilityDetail{ 91 Severity: types.SeverityHigh, 92 References: []string{ 93 "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json", 94 }, 95 Title: "Important: bind security update", 96 Description: "For more information visit https://errata.rockylinux.org/RLSA-2021:1989", 97 }, 98 }, 99 { 100 Key: []string{ 101 "vulnerability-id", 102 "CVE-2021-25215", 103 }, 104 Value: map[string]interface{}{}, 105 }, 106 }, 107 }, 108 { 109 name: "happy path. Different versions", 110 dir: filepath.Join("testdata", "different-versions"), 111 wantValues: []vulnsrctest.WantValues{ 112 { 113 Key: []string{ 114 "data-source", 115 "rocky 8", 116 }, 117 Value: types.DataSource{ 118 ID: vulnerability.Rocky, 119 Name: "Rocky Linux updateinfo", 120 URL: "https://download.rockylinux.org/pub/rocky/", 121 }, 122 }, 123 { 124 Key: []string{ 125 "advisory-detail", 126 "CVE-2021-25215", 127 "rocky 8", 128 "bind-export-devel", 129 }, 130 Value: types.Advisories{ 131 FixedVersion: "32:7.11.26-4.el8_4", 132 Entries: []types.Advisory{ 133 { 134 FixedVersion: "32:9.11.26-4.el8_4", 135 Arches: []string{ 136 "aarch64", 137 }, 138 VendorIDs: []string{"RLSA-2021:000"}, 139 }, 140 { 141 FixedVersion: "32:7.11.26-4.el8_4", 142 Arches: []string{ 143 "x86_64", 144 }, 145 VendorIDs: []string{"RLSA-2021:0000"}, 146 }, 147 { 148 FixedVersion: "32:8.11.26-4.el8_4", 149 Arches: []string{ 150 "i686", 151 }, 152 VendorIDs: []string{"RLSA-2021:0000"}, 153 }, 154 }, 155 }, 156 }, 157 { 158 Key: []string{ 159 "vulnerability-detail", 160 "CVE-2021-25215", 161 string(vulnerability.Rocky), 162 }, 163 Value: types.VulnerabilityDetail{ 164 Severity: types.SeverityHigh, 165 References: []string{ 166 "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json", 167 }, 168 Title: "Important: bind security update", 169 Description: "For more information visit https://errata.rockylinux.org/RLSA-2021:1989", 170 }, 171 }, 172 { 173 Key: []string{ 174 "vulnerability-id", 175 "CVE-2021-25215", 176 }, 177 Value: map[string]interface{}{}, 178 }, 179 }, 180 }, 181 { 182 name: "happy path. `noarch` package", 183 dir: filepath.Join("testdata", "noarch"), 184 wantValues: []vulnsrctest.WantValues{ 185 { 186 Key: []string{ 187 "data-source", 188 "rocky 9", 189 }, 190 Value: types.DataSource{ 191 ID: vulnerability.Rocky, 192 Name: "Rocky Linux updateinfo", 193 URL: "https://download.rockylinux.org/pub/rocky/", 194 }, 195 }, 196 { 197 Key: []string{ 198 "advisory-detail", 199 "CVE-2022-42010", 200 "rocky 9", 201 "dbus-common", 202 }, 203 Value: types.Advisories{ 204 FixedVersion: "1:1.12.20-7.el9_1", 205 Entries: []types.Advisory{ 206 { 207 FixedVersion: "1:1.12.20-7.el9_1", 208 Arches: []string{ 209 "noarch", 210 }, 211 VendorIDs: []string{"RLSA-2023:0335"}, 212 }, 213 }, 214 }, 215 }, 216 { 217 Key: []string{ 218 "vulnerability-detail", 219 "CVE-2022-42010", 220 string(vulnerability.Rocky), 221 }, 222 Value: types.VulnerabilityDetail{ 223 Severity: types.SeverityMedium, 224 References: []string{ 225 "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010", 226 "https://errata.rockylinux.org/RLSA-2023:0335", 227 }, 228 Title: "Moderate: dbus security update", 229 Description: "D-Bus is a system for sending messages between applications...", 230 }, 231 }, 232 { 233 Key: []string{ 234 "vulnerability-id", 235 "CVE-2022-42010", 236 }, 237 Value: map[string]interface{}{}, 238 }, 239 }, 240 }, 241 { 242 name: "happy path. `aarch64` only", 243 dir: filepath.Join("testdata", "aarch64-only"), 244 wantValues: []vulnsrctest.WantValues{ 245 { 246 Key: []string{ 247 "data-source", 248 "rocky 8", 249 }, 250 Value: types.DataSource{ 251 ID: vulnerability.Rocky, 252 Name: "Rocky Linux updateinfo", 253 URL: "https://download.rockylinux.org/pub/rocky/", 254 }, 255 }, 256 { 257 Key: []string{ 258 "advisory-detail", 259 "CVE-2021-25215", 260 "rocky 8", 261 "bind-export-devel", 262 }, 263 Value: types.Advisories{ 264 FixedVersion: "0.0.0", 265 Entries: []types.Advisory{ 266 { 267 FixedVersion: "32:9.11.26-4.el8_4", 268 Arches: []string{ 269 "aarch64", 270 }, 271 VendorIDs: []string{"RLSA-2021:1989"}, 272 }, 273 }, 274 }, 275 }, 276 { 277 Key: []string{ 278 "vulnerability-detail", 279 "CVE-2021-25215", 280 string(vulnerability.Rocky), 281 }, 282 Value: types.VulnerabilityDetail{ 283 Severity: types.SeverityHigh, 284 References: []string{ 285 "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json", 286 }, 287 Title: "Important: bind security update", 288 Description: "For more information visit https://errata.rockylinux.org/RLSA-2021:1989", 289 }, 290 }, 291 { 292 Key: []string{ 293 "vulnerability-id", 294 "CVE-2021-25215", 295 }, 296 Value: map[string]interface{}{}, 297 }, 298 }, 299 }, 300 { 301 name: "happy path with duplicates", 302 dir: filepath.Join("testdata", "duplicates"), 303 wantValues: []vulnsrctest.WantValues{ 304 { 305 Key: []string{ 306 "data-source", 307 "rocky 8", 308 }, 309 Value: types.DataSource{ 310 ID: vulnerability.Rocky, 311 Name: "Rocky Linux updateinfo", 312 URL: "https://download.rockylinux.org/pub/rocky/", 313 }, 314 }, 315 { 316 Key: []string{ 317 "advisory-detail", 318 "CVE-2022-29117", 319 "rocky 8", 320 "aspnetcore-runtime-6.0", 321 }, 322 Value: types.Advisories{ 323 FixedVersion: "6.0.5-1.el8_6", 324 Entries: []types.Advisory{ 325 { 326 FixedVersion: "6.0.5-1.el8_6", 327 Arches: []string{ 328 "aarch64", 329 "x86_64", 330 }, 331 VendorIDs: []string{ 332 "RLSA-2022:0000", 333 "RLSA-2022:2200", 334 }, 335 }, 336 }, 337 }, 338 }, 339 { 340 Key: []string{ 341 "vulnerability-detail", 342 "CVE-2022-29117", 343 string(vulnerability.Rocky), 344 }, 345 Value: types.VulnerabilityDetail{ 346 Severity: types.SeverityHigh, 347 References: []string{ 348 "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json", 349 }, 350 Title: "Important: .NET 5.0 security, bug fix, and enhancement update", 351 Description: "For more information visit https://errata.rockylinux.org/RLSA-2022:2200", 352 }, 353 }, 354 { 355 Key: []string{ 356 "vulnerability-id", 357 "CVE-2022-29117", 358 }, 359 Value: map[string]interface{}{}, 360 }, 361 }, 362 }, 363 { 364 name: "skip advisories for modular package", 365 dir: filepath.Join("testdata", "modular"), 366 wantValues: []vulnsrctest.WantValues{}, 367 }, 368 { 369 name: "sad path", 370 dir: filepath.Join("testdata", "sad"), 371 wantErr: "failed to decode Rocky erratum", 372 }, 373 } 374 for _, tt := range tests { 375 t.Run(tt.name, func(t *testing.T) { 376 vs := rocky.NewVulnSrc() 377 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 378 Dir: tt.dir, 379 WantValues: tt.wantValues, 380 WantErr: tt.wantErr, 381 }) 382 }) 383 } 384 } 385 386 func TestRocky_Get(t *testing.T) { 387 type args struct { 388 release string 389 pkgName string 390 arch string 391 } 392 tests := []struct { 393 name string 394 args args 395 fixtures []string 396 want []types.Advisory 397 wantErr require.ErrorAssertionFunc 398 }{ 399 { 400 name: "the same fixed version", 401 fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/data-source.yaml"}, 402 args: args{ 403 release: "9", 404 pkgName: "bind", 405 arch: "x86_64", 406 }, 407 want: []types.Advisory{ 408 { 409 VulnerabilityID: "CVE-2022-0396", 410 FixedVersion: "32:9.16.23-0.9.el8.1", 411 Arches: []string{ 412 "aarch64", 413 "x86_64", 414 }, 415 VendorIDs: []string{"RLSA-2022:7643"}, 416 DataSource: &types.DataSource{ 417 ID: "rocky", 418 Name: "Rocky Linux updateinfo", 419 URL: "https://download.rockylinux.org/pub/rocky/", 420 }, 421 }, 422 }, 423 wantErr: require.NoError, 424 }, 425 { 426 name: "different fixed versions for different arches", 427 fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/data-source.yaml"}, 428 args: args{ 429 release: "9", 430 pkgName: "rsyslog", 431 arch: "aarch64", 432 }, 433 want: []types.Advisory{ 434 { 435 VulnerabilityID: "CVE-2022-24903", 436 FixedVersion: "8.2102.0-7.el8_6.2", 437 Arches: []string{ 438 "aarch64", 439 }, 440 VendorIDs: []string{"RLSA-2022:4799"}, 441 DataSource: &types.DataSource{ 442 ID: "rocky", 443 Name: "Rocky Linux updateinfo", 444 URL: "https://download.rockylinux.org/pub/rocky/", 445 }, 446 }, 447 }, 448 wantErr: require.NoError, 449 }, 450 { 451 name: "old schema, no entries", 452 fixtures: []string{"testdata/fixtures/old.yaml", "testdata/fixtures/data-source.yaml"}, 453 args: args{ 454 release: "9", 455 pkgName: "bind", 456 arch: "aarch64", 457 }, 458 want: []types.Advisory{ 459 { 460 VulnerabilityID: "CVE-2022-0396", 461 FixedVersion: "32:9.16.23-0.9.el8.1", 462 DataSource: &types.DataSource{ 463 ID: "rocky", 464 Name: "Rocky Linux updateinfo", 465 URL: "https://download.rockylinux.org/pub/rocky/", 466 }, 467 }, 468 }, 469 wantErr: require.NoError, 470 }, 471 { 472 name: "broken JSON", 473 fixtures: []string{"testdata/fixtures/broken.yaml"}, 474 args: args{ 475 release: "9", 476 pkgName: "bind", 477 arch: "aarch64", 478 }, 479 wantErr: require.Error, 480 }, 481 } 482 for _, tt := range tests { 483 t.Run(tt.name, func(t *testing.T) { 484 _ = dbtest.InitDB(t, tt.fixtures) 485 defer db.Close() 486 487 vs := rocky.NewVulnSrc() 488 got, err := vs.Get(tt.args.release, tt.args.pkgName, tt.args.arch) 489 490 tt.wantErr(t, err) 491 assert.Equal(t, tt.want, got) 492 }) 493 } 494 }