clair/ext/vulnsrc/ubuntu/ubuntu_test.go

// Copyright 2016 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package ubuntu

import (
	"os"
	"path/filepath"
	"runtime"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/coreos/clair/database"
	"github.com/coreos/clair/ext/versionfmt"
	"github.com/coreos/clair/utils/types"
)

func TestUbuntuParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_
	testData, _ := os.Open(path + "/testdata/fetcher_ubuntu_test.txt")
	defer testData.Close()
	vulnerability, unknownReleases, err := parseUbuntuCVE(testData)
	if assert.Nil(t, err) {
		assert.Equal(t, "CVE-2015-4471", vulnerability.Name)
		assert.Equal(t, types.Medium, vulnerability.Severity)
		assert.Equal(t, "Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.", vulnerability.Description)

		// Unknown release (line 28)
		_, hasUnkownRelease := unknownReleases["unknown"]
		assert.True(t, hasUnkownRelease)

		expectedFeatureVersions := []database.FeatureVersion{
			{
				Feature: database.Feature{
					Namespace: database.Namespace{Name: "ubuntu:14.04"},
					Name:      "libmspack",
				},
				Version: versionfmt.MaxVersion,
			},
			{
				Feature: database.Feature{
					Namespace: database.Namespace{Name: "ubuntu:15.04"},
					Name:      "libmspack",
				},
				Version: "0.4-3",
			},
			{
				Feature: database.Feature{
					Namespace: database.Namespace{Name: "ubuntu:15.10"},
					Name:      "libmspack-anotherpkg",
				},
				Version: "0.1",
			},
		}

		for _, expectedFeatureVersion := range expectedFeatureVersions {
			assert.Contains(t, vulnerability.FixedIn, expectedFeatureVersion)
		}
	}
}
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`// Copyright 2016 clair authors`
Initial commit 2015-11-13 19:11:28 +00:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

updater: move each fetcher to its own package 2016-01-13 21:41:00 +00:00			`package ubuntu`
Initial commit 2015-11-13 19:11:28 +00:00
			`import (`
			`"os"`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`"path/filepath"`
Initial commit 2015-11-13 19:11:28 +00:00			`"runtime"`
			`"testing"`

add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`"github.com/stretchr/testify/assert"`

Initial commit 2015-11-13 19:11:28 +00:00			`"github.com/coreos/clair/database"`
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`"github.com/coreos/clair/ext/versionfmt"`
Initial commit 2015-11-13 19:11:28 +00:00			`"github.com/coreos/clair/utils/types"`
			`)`

			`func TestUbuntuParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`path := filepath.Join(filepath.Dir(filename))`
Initial commit 2015-11-13 19:11:28 +00:00
			`// Test parsing testdata/fetcher_`
			`testData, _ := os.Open(path + "/testdata/fetcher_ubuntu_test.txt")`
			`defer testData.Close()`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`vulnerability, unknownReleases, err := parseUbuntuCVE(testData)`
Initial commit 2015-11-13 19:11:28 +00:00			`if assert.Nil(t, err) {`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`assert.Equal(t, "CVE-2015-4471", vulnerability.Name)`
updater: port updater and its fetchers 2016-01-20 00:17:08 +00:00			`assert.Equal(t, types.Medium, vulnerability.Severity)`
Initial commit 2015-11-13 19:11:28 +00:00			`assert.Equal(t, "Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.", vulnerability.Description)`

			`// Unknown release (line 28)`
			`_, hasUnkownRelease := unknownReleases["unknown"]`
			`assert.True(t, hasUnkownRelease)`

updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`expectedFeatureVersions := []database.FeatureVersion{`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`Feature: database.Feature{`
			`Namespace: database.Namespace{Name: "ubuntu:14.04"},`
			`Name: "libmspack",`
			`},`
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`Version: versionfmt.MaxVersion,`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`Feature: database.Feature{`
			`Namespace: database.Namespace{Name: "ubuntu:15.04"},`
			`Name: "libmspack",`
			`},`
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`Version: "0.4-3",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`Feature: database.Feature{`
			`Namespace: database.Namespace{Name: "ubuntu:15.10"},`
			`Name: "libmspack-anotherpkg",`
			`},`
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`Version: "0.1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
			`}`

updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`for _, expectedFeatureVersion := range expectedFeatureVersions {`
			`assert.Contains(t, vulnerability.FixedIn, expectedFeatureVersion)`
Initial commit 2015-11-13 19:11:28 +00:00			`}`
			`}`
			`}`