github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go (about) 1 package susecvrf 2 3 import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 11 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 12 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 13 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 14 ) 15 16 func TestMain(m *testing.M) { 17 os.Exit(m.Run()) 18 } 19 20 func TestVulnSrc_Update(t *testing.T) { 21 tests := []struct { 22 name string 23 dir string 24 dist Distribution 25 wantValues []vulnsrctest.WantValues 26 wantErr string 27 }{ 28 { 29 name: "happy path with openSUSE", 30 dir: filepath.Join("testdata", "happy", "openSUSE"), 31 dist: OpenSUSE, 32 wantValues: []vulnsrctest.WantValues{ 33 { 34 Key: []string{"data-source", "openSUSE Leap 15.1"}, 35 Value: types.DataSource{ 36 ID: vulnerability.SuseCVRF, 37 Name: "SUSE CVRF", 38 URL: "https://ftp.suse.com/pub/projects/security/cvrf/", 39 }, 40 }, 41 { 42 Key: []string{"advisory-detail", "openSUSE-SU-2019:2598-1", "openSUSE Leap 15.1", "strongswan"}, 43 Value: types.Advisory{ 44 FixedVersion: "5.6.0-lp151.4.3.1", 45 }, 46 }, 47 { 48 Key: []string{"advisory-detail", "openSUSE-SU-2019:2598-1", "openSUSE Leap 15.1", "strongswan-sqlite"}, 49 Value: types.Advisory{ 50 FixedVersion: "5.6.0-lp151.4.3.1", 51 }, 52 }, 53 { 54 Key: []string{"vulnerability-detail", "openSUSE-SU-2019:2598-1", "suse-cvrf"}, 55 Value: types.VulnerabilityDetail{ 56 Title: "Security update for strongswan", 57 Description: "This update for strongswan fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker \n with local user credentials to resource exhaustion and denial of service while \n reading from the socket (bsc#1094462).\n- CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if \n the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF \n (bsc#1093536).\n- CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which \n might lead to authorization bypass (bsc#1107874).\n- CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). \n\nThis update was imported from the SUSE:SLE-15:Update update project.", 58 References: []string{ 59 "https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html", 60 "https://www.suse.com/support/security/rating/", 61 }, 62 Severity: types.SeverityHigh, 63 }, 64 }, 65 { 66 Key: []string{"vulnerability-id", "openSUSE-SU-2019:2598-1"}, 67 Value: map[string]interface{}{}, 68 }, 69 }, 70 }, 71 { 72 name: "happy path with SUSE Enterprise Linux", 73 dir: filepath.Join("testdata", "happy", "SUSE Enterprise Linux"), 74 dist: SUSEEnterpriseLinux, 75 wantValues: []vulnsrctest.WantValues{ 76 { 77 Key: []string{"data-source", "SUSE Linux Enterprise 15.1"}, 78 Value: types.DataSource{ 79 ID: vulnerability.SuseCVRF, 80 Name: "SUSE CVRF", 81 URL: "https://ftp.suse.com/pub/projects/security/cvrf/", 82 }, 83 }, 84 { 85 Key: []string{"advisory-detail", "SUSE-SU-2019:0048-2", "SUSE Linux Enterprise 15.1", "helm-mirror"}, 86 Value: types.Advisory{ 87 FixedVersion: "0.2.1-1.7.1", 88 }, 89 }, 90 { 91 Key: []string{"vulnerability-detail", "SUSE-SU-2019:0048-2", "suse-cvrf"}, 92 Value: types.VulnerabilityDetail{ 93 Title: "Security update for helm-mirror", 94 Description: "This update for helm-mirror to version 0.2.1 fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)\n- CVE-2018-16874: Fixed a directory traversal in "go get" via curly braces in import path (bsc#1118898)\n- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)\n\nNon-security issue fixed:\n\n- Update to v0.2.1 (bsc#1120762)\n- Include helm-mirror into the containers module (bsc#1116182)\n", 95 References: []string{ 96 "https://www.suse.com/support/update/announcement/2019/suse-su-20190048-2/", 97 "http://lists.suse.com/pipermail/sle-security-updates/2019-July/005660.html", 98 "https://www.suse.com/support/security/rating/", 99 }, 100 Severity: types.SeverityHigh, 101 }, 102 }, 103 { 104 Key: []string{"vulnerability-id", "SUSE-SU-2019:0048-2"}, 105 Value: map[string]interface{}{}, 106 }, 107 }, 108 }, 109 { 110 name: "happy path with openSUSE CVRF including SUSE Linux Enterprise Linux", 111 dir: filepath.Join("testdata", "happy", "openSUSE CVRF including SUSE Linux Enterprise Linux"), 112 dist: OpenSUSE, 113 wantValues: []vulnsrctest.WantValues{ 114 { 115 Key: []string{"data-source", "SUSE Linux Enterprise 15"}, 116 Value: types.DataSource{ 117 ID: vulnerability.SuseCVRF, 118 Name: "SUSE CVRF", 119 URL: "https://ftp.suse.com/pub/projects/security/cvrf/", 120 }, 121 }, 122 { 123 Key: []string{"advisory-detail", "openSUSE-SU-2019:0003-1", "SUSE Linux Enterprise 15", "GraphicsMagick"}, 124 Value: types.Advisory{ 125 FixedVersion: "1.3.29-bp150.2.12.1", 126 }, 127 }, 128 { 129 Key: []string{"advisory-detail", "openSUSE-SU-2019:0003-1", "SUSE Linux Enterprise 15", "GraphicsMagick-devel"}, 130 Value: types.Advisory{ 131 FixedVersion: "1.3.29-bp150.2.12.1", 132 }, 133 }, 134 { 135 Key: []string{"vulnerability-detail", "openSUSE-SU-2019:0003-1", "suse-cvrf"}, 136 Value: types.VulnerabilityDetail{ 137 Title: "Security update for GraphicsMagick", 138 Description: "This update for GraphicsMagick fixes the following issues:\n\nSecurity vulnerabilities fixed:\n\n- CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822)\n- CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790)\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.", 139 References: []string{ 140 "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00001.html", 141 "https://www.suse.com/support/security/rating/", 142 }, 143 Severity: types.SeverityMedium, 144 }, 145 }, 146 { 147 Key: []string{"vulnerability-id", "openSUSE-SU-2019:0003-1"}, 148 Value: map[string]interface{}{}, 149 }, 150 }, 151 }, 152 { 153 name: "sad path (dir doesn't exist)", 154 dir: filepath.Join("testdata", "badPath"), 155 dist: OpenSUSE, 156 wantErr: "no such file or directory", 157 }, 158 { 159 name: "sad path (failed to decode)", 160 dir: filepath.Join("testdata", "sad"), 161 dist: OpenSUSE, 162 wantErr: "failed to decode SUSE CVRF JSON", 163 }, 164 } 165 for _, tt := range tests { 166 t.Run(tt.name, func(t *testing.T) { 167 vs := NewVulnSrc(tt.dist) 168 vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{ 169 Dir: tt.dir, 170 WantValues: tt.wantValues, 171 WantErr: tt.wantErr, 172 }) 173 }) 174 } 175 } 176 177 func TestVulnSrc_Get(t *testing.T) { 178 tests := []struct { 179 name string 180 fixtures []string 181 version string 182 pkgName string 183 dist Distribution 184 want []types.Advisory 185 wantErr string 186 }{ 187 { 188 name: "happy path", 189 fixtures: []string{"testdata/fixtures/happy.yaml"}, 190 version: "13.1", 191 pkgName: "bind", 192 dist: OpenSUSE, 193 want: []types.Advisory{ 194 { 195 VulnerabilityID: "openSUSE-SU-2019:0003-1", 196 FixedVersion: "1.3.29-bp150.2.12.1", 197 }, 198 }, 199 }, 200 { 201 name: "no advisories are returned", 202 fixtures: []string{"testdata/fixtures/happy.yaml"}, 203 version: "15.1", 204 pkgName: "bind", 205 dist: OpenSUSE, 206 want: nil, 207 }, 208 { 209 name: "GetAdvisories returns an error", 210 fixtures: []string{"testdata/fixtures/sad.yaml"}, 211 version: "13.1", 212 pkgName: "bind", 213 dist: OpenSUSE, 214 wantErr: "failed to unmarshal advisory JSON", 215 }, 216 } 217 for _, tt := range tests { 218 t.Run(tt.name, func(t *testing.T) { 219 vs := NewVulnSrc(tt.dist) 220 vulnsrctest.TestGet(t, vs, vulnsrctest.TestGetArgs{ 221 Fixtures: tt.fixtures, 222 WantValues: tt.want, 223 Release: tt.version, 224 PkgName: tt.pkgName, 225 WantErr: tt.wantErr, 226 }) 227 }) 228 } 229 } 230 231 func TestSeverityFromThreat(t *testing.T) { 232 testCases := map[string]types.Severity{ 233 "low": types.SeverityLow, 234 "moderate": types.SeverityMedium, 235 "important": types.SeverityHigh, 236 "critical": types.SeverityCritical, 237 "": types.SeverityUnknown, 238 "invalid": types.SeverityUnknown, 239 } 240 for k, v := range testCases { 241 assert.Equal(t, v, severityFromThreat(k)) 242 } 243 } 244 245 func TestGetOSVersion(t *testing.T) { 246 testCases := []struct { 247 inputPlatformName string 248 expectedPlatformName string 249 }{ 250 { 251 inputPlatformName: "SUSE Linux Enterprise Workstation Extension 12 SP4", 252 expectedPlatformName: "SUSE Linux Enterprise 12.4", 253 }, 254 { 255 inputPlatformName: "SUSE Linux Enterprise Module for Basesystem 15 SP1", 256 expectedPlatformName: "SUSE Linux Enterprise 15.1", 257 }, 258 { 259 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 12 SP3-LTSS", 260 expectedPlatformName: "SUSE Linux Enterprise 12.3", 261 }, 262 { 263 inputPlatformName: "SUSE Linux Enterprise Module for Containers 12", 264 expectedPlatformName: "SUSE Linux Enterprise 12", 265 }, 266 { 267 inputPlatformName: "SUSE Linux Enterprise High Availability 12 SP1", 268 expectedPlatformName: "SUSE Linux Enterprise 12.1", 269 }, 270 { 271 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 12 SP1-LTSS", 272 expectedPlatformName: "SUSE Linux Enterprise 12.1", 273 }, 274 { 275 inputPlatformName: "SUSE Linux Enterprise Module for High Performance Computing 12", 276 expectedPlatformName: "SUSE Linux Enterprise 12", 277 }, 278 { 279 inputPlatformName: "SUSE Linux Enterprise Module for Live Patching 15", 280 expectedPlatformName: "SUSE Linux Enterprise 15", 281 }, 282 { 283 inputPlatformName: "SUSE Linux Enterprise Module for Development Tools 15 SP1", 284 expectedPlatformName: "SUSE Linux Enterprise 15.1", 285 }, 286 { 287 inputPlatformName: "SUSE Linux Enterprise Live Patching 12 SP5", 288 expectedPlatformName: "SUSE Linux Enterprise 12.5", 289 }, 290 { 291 inputPlatformName: "SUSE Linux Enterprise Desktop 11 SP3", 292 expectedPlatformName: "SUSE Linux Enterprise 11.3", 293 }, 294 { 295 inputPlatformName: "SUSE Linux Enterprise Module for Public Cloud 15 SP1", 296 expectedPlatformName: "SUSE Linux Enterprise 15.1", 297 }, 298 { 299 inputPlatformName: "SUSE Linux Enterprise Server 11-SECURITY", 300 expectedPlatformName: "SUSE Linux Enterprise 11", 301 }, 302 { 303 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 11 SP4-CLIENT-TOOLS", 304 expectedPlatformName: "SUSE Linux Enterprise 11.4", 305 }, 306 { 307 inputPlatformName: "SUSE Package Hub for SUSE Linux Enterprise 12", 308 expectedPlatformName: "SUSE Linux Enterprise 12", 309 }, 310 { 311 inputPlatformName: "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15", 312 expectedPlatformName: "SUSE Linux Enterprise 15", 313 }, 314 { 315 inputPlatformName: "SUSE Linux Enterprise Desktop 11 SP4", 316 expectedPlatformName: "SUSE Linux Enterprise 11.4", 317 }, 318 { 319 inputPlatformName: "SUSE Linux Enterprise Module for CAP 15 SP1", 320 expectedPlatformName: "SUSE Linux Enterprise 15.1", 321 }, 322 { 323 inputPlatformName: "SUSE Linux Enterprise Server 12 SP5", 324 expectedPlatformName: "SUSE Linux Enterprise 12.5", 325 }, 326 { 327 inputPlatformName: "SUSE Linux Enterprise Workstation Extension 15", 328 expectedPlatformName: "SUSE Linux Enterprise 15", 329 }, 330 { 331 inputPlatformName: "SUSE Linux Enterprise Module for additional PackageHub packages 15", 332 expectedPlatformName: "SUSE Linux Enterprise 15", 333 }, 334 { 335 inputPlatformName: "SUSE Linux Enterprise High Availability 15 SP1", 336 expectedPlatformName: "SUSE Linux Enterprise 15.1", 337 }, 338 { 339 inputPlatformName: "SUSE Linux Enterprise Server 12 SP2-LTSS", 340 expectedPlatformName: "SUSE Linux Enterprise 12.2", 341 }, 342 { 343 inputPlatformName: "SUSE Linux Enterprise High Availability 12", 344 expectedPlatformName: "SUSE Linux Enterprise 12", 345 }, 346 { 347 inputPlatformName: "SUSE Linux Enterprise Real Time Extension 12 SP1", 348 expectedPlatformName: "SUSE Linux Enterprise 12.1", 349 }, 350 { 351 inputPlatformName: "SUSE Linux Enterprise Module for Advanced Systems Management 12", 352 expectedPlatformName: "SUSE Linux Enterprise 12", 353 }, 354 { 355 inputPlatformName: "SUSE Linux Enterprise Server 11 SP2-LTSS", 356 expectedPlatformName: "SUSE Linux Enterprise 11.2", 357 }, 358 { 359 inputPlatformName: "SUSE Linux Enterprise Server 11-LTSS", 360 expectedPlatformName: "SUSE Linux Enterprise 11", 361 }, 362 { 363 inputPlatformName: "SUSE Linux Enterprise Server 11-TERADATA", 364 expectedPlatformName: "SUSE Linux Enterprise 11", 365 }, 366 { 367 inputPlatformName: "SUSE Linux Enterprise Module for Web Scripting 12", 368 expectedPlatformName: "SUSE Linux Enterprise 12", 369 }, 370 { 371 inputPlatformName: "SUSE Linux Enterprise Server 12 SP1-LTSS", 372 expectedPlatformName: "SUSE Linux Enterprise 12.1", 373 }, 374 { 375 inputPlatformName: "SUSE Linux Enterprise Live Patching 12 SP3", 376 expectedPlatformName: "SUSE Linux Enterprise 12.3", 377 }, 378 { 379 inputPlatformName: "SUSE Linux Enterprise Server 12 SP3-LTSS", 380 expectedPlatformName: "SUSE Linux Enterprise 12.3", 381 }, 382 { 383 inputPlatformName: "SUSE Linux Enterprise Server 11 SP4", 384 expectedPlatformName: "SUSE Linux Enterprise 11.4", 385 }, 386 { 387 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 12 SP2-BCL", 388 expectedPlatformName: "SUSE Linux Enterprise 12.2", 389 }, 390 { 391 inputPlatformName: "SUSE Linux Enterprise Module for Python2 packages 15 SP1", 392 expectedPlatformName: "SUSE Linux Enterprise 15.1", 393 }, 394 { 395 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA", 396 expectedPlatformName: "SUSE Linux Enterprise 11.1", 397 }, 398 { 399 inputPlatformName: "SUSE Linux Enterprise Server for SAP Applications 11 SP3-CLIENT-TOOLS", 400 expectedPlatformName: "SUSE Linux Enterprise 11.3", 401 }, 402 { 403 inputPlatformName: "SUSE Linux Enterprise Module for Web Scripting 15", 404 expectedPlatformName: "SUSE Linux Enterprise 15", 405 }, 406 { 407 inputPlatformName: "SUSE Linux Enterprise Server 11 SP3-TERADATA", 408 expectedPlatformName: "SUSE Linux Enterprise 11.3", 409 }, 410 { 411 inputPlatformName: "SUSE Linux Enterprise Desktop 12 SP5", 412 expectedPlatformName: "SUSE Linux Enterprise 12.5", 413 }, 414 { 415 inputPlatformName: "SUSE Linux Enterprise Server 12 SP2-BCL", 416 expectedPlatformName: "SUSE Linux Enterprise 12.2", 417 }, 418 { 419 inputPlatformName: "SUSE Linux Enterprise Workstation Extension 15 SP1", 420 expectedPlatformName: "SUSE Linux Enterprise 15.1", 421 }, 422 { 423 inputPlatformName: "SUSE Linux Enterprise Software Development Kit 12 SP5", 424 expectedPlatformName: "SUSE Linux Enterprise 12.5", 425 }, 426 { 427 inputPlatformName: "SUSE Linux Enterprise Server 12", 428 expectedPlatformName: "SUSE Linux Enterprise 12", 429 }, 430 { 431 inputPlatformName: "SUSE Linux Enterprise Server 11 SP3-LTSS", 432 expectedPlatformName: "SUSE Linux Enterprise 11.3", 433 }, 434 { 435 inputPlatformName: "SUSE Linux Enterprise High Availability 12 SP5", 436 expectedPlatformName: "SUSE Linux Enterprise 12.5", 437 }, 438 { 439 inputPlatformName: "SUSE Linux Enterprise Build System Kit 12", 440 expectedPlatformName: "SUSE Linux Enterprise 12", 441 }, 442 { 443 inputPlatformName: "SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5", 444 expectedPlatformName: "SUSE Linux Enterprise 12.5", 445 }, 446 { 447 inputPlatformName: "SUSE Linux Enterprise Server 11-PUBCLOUD", 448 expectedPlatformName: "SUSE Linux Enterprise 11", 449 }, 450 { 451 inputPlatformName: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", 452 expectedPlatformName: "SUSE Linux Enterprise 15", 453 }, 454 { 455 inputPlatformName: "openSUSE Leap 42.3", 456 expectedPlatformName: "openSUSE Leap 42.3", 457 }, 458 { 459 inputPlatformName: "openSUSE Leap 42.3 NonFree", 460 expectedPlatformName: "openSUSE Leap 42.3", 461 }, 462 { 463 inputPlatformName: "openSUSE Leap 15.1", 464 expectedPlatformName: "openSUSE Leap 15.1", 465 }, 466 { 467 inputPlatformName: "openSUSE Leap 15.1 NonFree", 468 expectedPlatformName: "openSUSE Leap 15.1", 469 }, 470 // Below tests exclude platformNames 471 { 472 inputPlatformName: "openSUSE Leap NonFree 15.1", 473 expectedPlatformName: "", 474 }, 475 { 476 inputPlatformName: "SUSE Linux Enterprise Module for SUSE Manager Server 4.0", 477 expectedPlatformName: "", 478 }, 479 { 480 inputPlatformName: "HPE Helion Openstack 8", 481 expectedPlatformName: "", 482 }, 483 { 484 inputPlatformName: "Openstack Cloud Magnum Orchestration 7", 485 expectedPlatformName: "", 486 }, 487 { 488 inputPlatformName: "SUSE CaaS Platform ALL", 489 expectedPlatformName: "", 490 }, 491 { 492 inputPlatformName: "SUSE Enterprise Storage 2.1", 493 expectedPlatformName: "", 494 }, 495 { 496 inputPlatformName: "SUSE Enterprise Storage 6", 497 expectedPlatformName: "", 498 }, 499 { 500 inputPlatformName: "SUSE Lifecycle Management Server 1.3", 501 expectedPlatformName: "", 502 }, 503 { 504 inputPlatformName: "SUSE OpenStack Cloud 6-LTSS", 505 expectedPlatformName: "", 506 }, 507 { 508 inputPlatformName: "SUSE OpenStack Cloud 9", 509 expectedPlatformName: "", 510 }, 511 { 512 inputPlatformName: "SUSE OpenStack Cloud Crowbar 9", 513 expectedPlatformName: "", 514 }, 515 { 516 inputPlatformName: "SUSE Studio Onsite 1.3", 517 expectedPlatformName: "", 518 }, 519 { 520 inputPlatformName: "SUSE Studio Onsite Runner 1.3", 521 expectedPlatformName: "", 522 }, 523 { 524 inputPlatformName: "SUSE WebYast 1.3", 525 expectedPlatformName: "", 526 }, 527 { 528 inputPlatformName: "Subscription Management Tool 11 SP3", 529 expectedPlatformName: "", 530 }, 531 { 532 inputPlatformName: "openSUSE 13.2", 533 expectedPlatformName: "", 534 }, 535 { 536 inputPlatformName: "openSUSE 13.2 NonFree", 537 expectedPlatformName: "", 538 }, 539 { 540 inputPlatformName: "openSUSE Evergreen 11.4", 541 expectedPlatformName: "", 542 }, 543 { 544 inputPlatformName: "SUSE Linux Enterprise Storage 7", 545 expectedPlatformName: "", 546 }, 547 { 548 inputPlatformName: "SUSE Linux Enterprise Micro 5.1", 549 expectedPlatformName: "", 550 }, 551 } 552 for _, tc := range testCases { 553 t.Run(tc.inputPlatformName, func(t *testing.T) { 554 actual := getOSVersion(tc.inputPlatformName) 555 assert.Equal(t, tc.expectedPlatformName, actual, fmt.Sprintf("input data: %s", tc.inputPlatformName)) 556 }) 557 } 558 }