clair/ext/vulnsrc/rhel/rhel_test.go

// Copyright 2017 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package rhel

import (
	"os"
	"path/filepath"
	"runtime"
	"testing"

	"github.com/coreos/clair/database"
	"github.com/coreos/clair/ext/versionfmt/rpm"
	"github.com/stretchr/testify/assert"
)

func TestRHELParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_rhel_test.1.xml
	testFile, _ := os.Open(path + "/testdata/fetcher_rhel_test.1.xml")
	vulnerabilities, err := parseRHSA(testFile)
	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
		assert.Equal(t, "CVE-2015-0252", vulnerabilities[0].Name)
		assert.Equal(t, "https://access.redhat.com/security/cve/CVE-2015-0252", vulnerabilities[0].Link)
		assert.Equal(t, database.MediumSeverity, vulnerabilities[0].Severity)
		assert.Equal(t, `Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash.`, vulnerabilities[0].Description)

		expectedFeatures := []database.AffectedFeature{
			{
				Namespace: database.Namespace{
					Name:          "centos:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c",
				AffectedVersion: "0:3.1.1-7.el7_1",
				FixedInVersion:  "0:3.1.1-7.el7_1",
			},
			{
				Namespace: database.Namespace{
					Name:          "centos:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c-devel",
				AffectedVersion: "0:3.1.1-7.el7_1",
				FixedInVersion:  "0:3.1.1-7.el7_1",
			},
			{
				Namespace: database.Namespace{
					Name:          "centos:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c-doc",
				AffectedVersion: "0:3.1.1-7.el7_1",
				FixedInVersion:  "0:3.1.1-7.el7_1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}

	// Test parsing testdata/fetcher_rhel_test.2.xml
	testFile, _ = os.Open(path + "/testdata/fetcher_rhel_test.2.xml")
	vulnerabilities, err = parseRHSA(testFile)
	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 17) {
		assert.Equal(t, "CVE-2015-2722", vulnerabilities[0].Name)
		assert.Equal(t, "https://access.redhat.com/security/cve/CVE-2015-2722", vulnerabilities[0].Link)
		assert.Equal(t, database.CriticalSeverity, vulnerabilities[0].Severity)
		assert.Equal(t, `Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.`, vulnerabilities[0].Description)

		expectedFeatures := []database.AffectedFeature{
			{
				Namespace: database.Namespace{
					Name:          "centos:6",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "firefox",
				FixedInVersion:  "0:38.1.0-1.el6_6",
				AffectedVersion: "0:38.1.0-1.el6_6",
			},
			{
				Namespace: database.Namespace{
					Name:          "centos:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "firefox",
				FixedInVersion:  "0:38.1.0-1.el7_1",
				AffectedVersion: "0:38.1.0-1.el7_1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}
}
clair: remove `types` package This removes the `types` package instead moving the contents to the top-level clair package. This change also renames the `Priority` type to `Severity` in order to reduce confusion. This change also removes the IsValid method and replaces it with a safe constructor to avoid the creation of invalid values. Many docstrings were tweaked in the making of this commit. 2017-01-15 15:52:13 +00:00			`// Copyright 2017 clair authors`
Initial commit 2015-11-13 19:11:28 +00:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

updater: move each fetcher to its own package 2016-01-13 21:41:00 +00:00			`package rhel`
Initial commit 2015-11-13 19:11:28 +00:00
			`import (`
			`"os"`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`"path/filepath"`
Initial commit 2015-11-13 19:11:28 +00:00			`"runtime"`
			`"testing"`

			`"github.com/coreos/clair/database"`
versionfmt: convert to using constant over literal 2017-01-03 21:00:20 +00:00			`"github.com/coreos/clair/ext/versionfmt/rpm"`
Initial commit 2015-11-13 19:11:28 +00:00			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestRHELParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`path := filepath.Join(filepath.Dir(filename))`
Initial commit 2015-11-13 19:11:28 +00:00
			`// Test parsing testdata/fetcher_rhel_test.1.xml`
			`testFile, _ := os.Open(path + "/testdata/fetcher_rhel_test.1.xml")`
Revert "Merge pull request #199 from openSUSE/feature/opensuse" This reverts commit 97347ec44d927c854b93d6722964aa459e42a106, reversing changes made to 051564facd852ef5bbb62db9625631a21f2199d5. 2016-12-19 22:03:39 +00:00			`vulnerabilities, err := parseRHSA(testFile)`
Initial commit 2015-11-13 19:11:28 +00:00			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {`
vulnsrc_rhel: one vulnerability by CVE Get one vulnerability by CVE_ID for RHEL instead of one by RHSA_ID so we can have NVD metadata added to the vulnerabilities. Fixes #495 2017-12-15 16:17:15 +00:00			`assert.Equal(t, "CVE-2015-0252", vulnerabilities[0].Name)`
			`assert.Equal(t, "https://access.redhat.com/security/cve/CVE-2015-0252", vulnerabilities[0].Link)`
clair: mv updater clair and mv severity to db 2017-01-19 18:42:37 +00:00			`assert.Equal(t, database.MediumSeverity, vulnerabilities[0].Severity)`
Initial commit 2015-11-13 19:11:28 +00:00			assert.Equal(t, `Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash.`, vulnerabilities[0].Description)

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`expectedFeatures := []database.AffectedFeature{`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "centos:7",`
			`VersionFormat: rpm.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "centos:7",`
			`VersionFormat: rpm.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c-devel",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "centos:7",`
			`VersionFormat: rpm.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c-doc",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
Initial commit 2015-11-13 19:11:28 +00:00			`}`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
updater: move each fetcher to its own package 2016-01-13 21:41:00 +00:00			`}`
Initial commit 2015-11-13 19:11:28 +00:00			`}`

			`// Test parsing testdata/fetcher_rhel_test.2.xml`
			`testFile, _ = os.Open(path + "/testdata/fetcher_rhel_test.2.xml")`
Revert "Merge pull request #199 from openSUSE/feature/opensuse" This reverts commit 97347ec44d927c854b93d6722964aa459e42a106, reversing changes made to 051564facd852ef5bbb62db9625631a21f2199d5. 2016-12-19 22:03:39 +00:00			`vulnerabilities, err = parseRHSA(testFile)`
vulnsrc_rhel: one vulnerability by CVE Get one vulnerability by CVE_ID for RHEL instead of one by RHSA_ID so we can have NVD metadata added to the vulnerabilities. Fixes #495 2017-12-15 16:17:15 +00:00			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 17) {`
			`assert.Equal(t, "CVE-2015-2722", vulnerabilities[0].Name)`
			`assert.Equal(t, "https://access.redhat.com/security/cve/CVE-2015-2722", vulnerabilities[0].Link)`
clair: mv updater clair and mv severity to db 2017-01-19 18:42:37 +00:00			`assert.Equal(t, database.CriticalSeverity, vulnerabilities[0].Severity)`
Initial commit 2015-11-13 19:11:28 +00:00			assert.Equal(t, `Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.`, vulnerabilities[0].Description)

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`expectedFeatures := []database.AffectedFeature{`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "centos:6",`
			`VersionFormat: rpm.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "firefox",`
			`FixedInVersion: "0:38.1.0-1.el6_6",`
			`AffectedVersion: "0:38.1.0-1.el6_6",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "centos:7",`
			`VersionFormat: rpm.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "firefox",`
			`FixedInVersion: "0:38.1.0-1.el7_1",`
			`AffectedVersion: "0:38.1.0-1.el7_1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
Initial commit 2015-11-13 19:11:28 +00:00			`}`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
updater: move each fetcher to its own package 2016-01-13 21:41:00 +00:00			`}`
Initial commit 2015-11-13 19:11:28 +00:00			`}`
			`}`