clair/ext/vulnsrc/ubuntu/ubuntu_test.go

// Copyright 2017 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package ubuntu

import (
	"os"
	"path/filepath"
	"runtime"
	"testing"

	"github.com/stretchr/testify/assert"

	"github.com/coreos/clair/database"
	"github.com/coreos/clair/ext/versionfmt"
	"github.com/coreos/clair/ext/versionfmt/dpkg"
)

func TestUbuntuParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_
	testData, _ := os.Open(path + "/testdata/fetcher_ubuntu_test.txt")
	defer testData.Close()
	vulnerability, unknownReleases, err := parseUbuntuCVE(testData)
	if assert.Nil(t, err) {
		assert.Equal(t, "CVE-2015-4471", vulnerability.Name)
		assert.Equal(t, database.MediumSeverity, vulnerability.Severity)
		assert.Equal(t, "Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.", vulnerability.Description)

		// Unknown release (line 28)
		_, hasUnkownRelease := unknownReleases["unknown"]
		assert.True(t, hasUnkownRelease)

		expectedFeatures := []database.AffectedFeature{
			{
				Namespace: database.Namespace{
					Name:          "ubuntu:14.04",
					VersionFormat: dpkg.ParserName,
				},
				FeatureName:     "libmspack",
				AffectedVersion: versionfmt.MaxVersion,
			},
			{
				Namespace: database.Namespace{
					Name:          "ubuntu:15.04",
					VersionFormat: dpkg.ParserName,
				},
				FeatureName:     "libmspack",
				FixedInVersion:  "0.4-3",
				AffectedVersion: "0.4-3",
			},
			{
				Namespace: database.Namespace{
					Name:          "ubuntu:15.10",
					VersionFormat: dpkg.ParserName,
				},
				FeatureName:     "libmspack-anotherpkg",
				FixedInVersion:  "0.1",
				AffectedVersion: "0.1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerability.Affected, expectedFeature)
		}
	}
}
clair: remove `types` package This removes the `types` package instead moving the contents to the top-level clair package. This change also renames the `Priority` type to `Severity` in order to reduce confusion. This change also removes the IsValid method and replaces it with a safe constructor to avoid the creation of invalid values. Many docstrings were tweaked in the making of this commit. 2017-01-15 15:52:13 +00:00			`// Copyright 2017 clair authors`
Initial commit 2015-11-13 19:11:28 +00:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

updater: move each fetcher to its own package 2016-01-13 21:41:00 +00:00			`package ubuntu`
Initial commit 2015-11-13 19:11:28 +00:00
			`import (`
			`"os"`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`"path/filepath"`
Initial commit 2015-11-13 19:11:28 +00:00			`"runtime"`
			`"testing"`

add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`"github.com/stretchr/testify/assert"`

Initial commit 2015-11-13 19:11:28 +00:00			`"github.com/coreos/clair/database"`
add registerable version formats Since we only ever used dpkg, this change shims everything into using dpkg. 2016-12-28 01:45:11 +00:00			`"github.com/coreos/clair/ext/versionfmt"`
ext/vulnsrc/ubuntu: add missing version format 2017-02-28 17:55:54 +00:00			`"github.com/coreos/clair/ext/versionfmt/dpkg"`
Initial commit 2015-11-13 19:11:28 +00:00			`)`

			`func TestUbuntuParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
*: use `path/filepath` instead of `path` 2016-05-17 21:30:40 +00:00			`path := filepath.Join(filepath.Dir(filename))`
Initial commit 2015-11-13 19:11:28 +00:00
			`// Test parsing testdata/fetcher_`
			`testData, _ := os.Open(path + "/testdata/fetcher_ubuntu_test.txt")`
			`defer testData.Close()`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`vulnerability, unknownReleases, err := parseUbuntuCVE(testData)`
Initial commit 2015-11-13 19:11:28 +00:00			`if assert.Nil(t, err) {`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`assert.Equal(t, "CVE-2015-4471", vulnerability.Name)`
clair: mv updater clair and mv severity to db 2017-01-19 18:42:37 +00:00			`assert.Equal(t, database.MediumSeverity, vulnerability.Severity)`
Initial commit 2015-11-13 19:11:28 +00:00			`assert.Equal(t, "Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.", vulnerability.Description)`

			`// Unknown release (line 28)`
			`_, hasUnkownRelease := unknownReleases["unknown"]`
			`assert.True(t, hasUnkownRelease)`

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`expectedFeatures := []database.AffectedFeature{`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "ubuntu:14.04",`
			`VersionFormat: dpkg.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "libmspack",`
			`AffectedVersion: versionfmt.MaxVersion,`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "ubuntu:15.04",`
			`VersionFormat: dpkg.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "libmspack",`
			`FixedInVersion: "0.4-3",`
			`AffectedVersion: "0.4-3",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
various: gofmt -s 2016-02-25 00:29:36 +00:00			`{`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "ubuntu:15.10",`
			`VersionFormat: dpkg.ParserName,`
updater/worker: adapt several tests 2016-01-19 18:36:19 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "libmspack-anotherpkg",`
			`FixedInVersion: "0.1",`
			`AffectedVersion: "0.1",`
updater: Refactor and merge fetcher responses Fixes #17 and lays the groundwork for #19. 2015-12-01 19:58:17 +00:00			`},`
			`}`

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerability.Affected, expectedFeature)`
Initial commit 2015-11-13 19:11:28 +00:00			`}`
			`}`
			`}`