clair/ext/vulnsrc/oracle/oracle_test.go

// Copyright 2017 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package oracle

import (
	"os"
	"path/filepath"
	"runtime"
	"testing"

	"github.com/coreos/clair/database"
	"github.com/coreos/clair/ext/versionfmt/rpm"
	"github.com/stretchr/testify/assert"
)

func TestOracleParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_oracle_test.1.xml
	testFile, _ := os.Open(path + "/testdata/fetcher_oracle_test.1.xml")
	defer testFile.Close()

	vulnerabilities, err := parseELSA(testFile)
	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
		assert.Equal(t, "ELSA-2015-1193", vulnerabilities[0].Name)
		assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1193.html", vulnerabilities[0].Link)
		assert.Equal(t, database.MediumSeverity, vulnerabilities[0].Severity)
		assert.Equal(t, ` [3.1.1-7] Resolves: rhbz#1217104 CVE-2015-0252 `, vulnerabilities[0].Description)

		expectedFeatures := []database.AffectedFeature{
			{
				AffectedType: affectedType,
				Namespace: database.Namespace{
					Name:          "oracle:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c",
				FixedInVersion:  "0:3.1.1-7.el7_1",
				AffectedVersion: "0:3.1.1-7.el7_1",
			},
			{
				AffectedType: affectedType,
				Namespace: database.Namespace{
					Name:          "oracle:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c-devel",
				FixedInVersion:  "0:3.1.1-7.el7_1",
				AffectedVersion: "0:3.1.1-7.el7_1",
			},
			{
				AffectedType: affectedType,
				Namespace: database.Namespace{
					Name:          "oracle:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xerces-c-doc",
				FixedInVersion:  "0:3.1.1-7.el7_1",
				AffectedVersion: "0:3.1.1-7.el7_1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}

	testFile2, _ := os.Open(path + "/testdata/fetcher_oracle_test.2.xml")
	defer testFile2.Close()

	vulnerabilities, err = parseELSA(testFile2)
	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
		assert.Equal(t, "ELSA-2015-1207", vulnerabilities[0].Name)
		assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1207.html", vulnerabilities[0].Link)
		assert.Equal(t, database.CriticalSeverity, vulnerabilities[0].Severity)
		assert.Equal(t, ` [38.1.0-1.0.1.el7_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section `, vulnerabilities[0].Description)
		expectedFeatures := []database.AffectedFeature{
			{
				AffectedType: affectedType,
				Namespace: database.Namespace{
					Name:          "oracle:6",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "firefox",
				FixedInVersion:  "0:38.1.0-1.0.1.el6_6",
				AffectedVersion: "0:38.1.0-1.0.1.el6_6",
			},
			{
				AffectedType: affectedType,
				Namespace: database.Namespace{
					Name:          "oracle:7",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "firefox",
				FixedInVersion:  "0:38.1.0-1.0.1.el7_1",
				AffectedVersion: "0:38.1.0-1.0.1.el7_1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}
}

func TestELSAComparison(t *testing.T) {
	var table = []struct {
		left     int
		right    int
		expected int
	}{
		{20170935, 20170935, 0},
		{20170934, 20170935, -1},
		{20170936, 20170935, 1},

		{20170935, 201709331, 1},
		{201709351, 20170935, 1},
		{201709331, 20170935, -1},
	}

	for _, tt := range table {
		assert.Equal(t, tt.expected, compareELSA(tt.left, tt.right))
	}
}
clair: remove `types` package This removes the `types` package instead moving the contents to the top-level clair package. This change also renames the `Priority` type to `Severity` in order to reduce confusion. This change also removes the IsValid method and replaces it with a safe constructor to avoid the creation of invalid values. Many docstrings were tweaked in the making of this commit. 2017-01-15 15:52:13 +00:00			`// Copyright 2017 clair authors`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package oracle`

			`import (`
			`"os"`
			`"path/filepath"`
			`"runtime"`
			`"testing"`

			`"github.com/coreos/clair/database"`
versionfmt: convert to using constant over literal 2017-01-03 21:00:20 +00:00			`"github.com/coreos/clair/ext/versionfmt/rpm"`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestOracleParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
			`path := filepath.Join(filepath.Dir(filename))`

			`// Test parsing testdata/fetcher_oracle_test.1.xml`
			`testFile, _ := os.Open(path + "/testdata/fetcher_oracle_test.1.xml")`
Updated fetcher and tests to close the file handles and HTTP response. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 01:14:10 +00:00			`defer testFile.Close()`

Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`vulnerabilities, err := parseELSA(testFile)`
			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {`
			`assert.Equal(t, "ELSA-2015-1193", vulnerabilities[0].Name)`
			`assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1193.html", vulnerabilities[0].Link)`
clair: mv updater clair and mv severity to db 2017-01-19 18:42:37 +00:00			`assert.Equal(t, database.MediumSeverity, vulnerabilities[0].Severity)`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			assert.Equal(t, ` [3.1.1-7] Resolves: rhbz#1217104 CVE-2015-0252 `, vulnerabilities[0].Description)

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`expectedFeatures := []database.AffectedFeature{`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`{`
updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package 2018-10-18 18:52:50 +00:00			`AffectedType: affectedType,`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "oracle:7",`
			`VersionFormat: rpm.ParserName,`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
			`{`
updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package 2018-10-18 18:52:50 +00:00			`AffectedType: affectedType,`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "oracle:7",`
			`VersionFormat: rpm.ParserName,`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c-devel",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
			`{`
updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package 2018-10-18 18:52:50 +00:00			`AffectedType: affectedType,`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "oracle:7",`
			`VersionFormat: rpm.ParserName,`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "xerces-c-doc",`
			`FixedInVersion: "0:3.1.1-7.el7_1",`
			`AffectedVersion: "0:3.1.1-7.el7_1",`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
			`}`

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`}`
			`}`

Updated fetcher and tests to close the file handles and HTTP response. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 01:14:10 +00:00			`testFile2, _ := os.Open(path + "/testdata/fetcher_oracle_test.2.xml")`
			`defer testFile2.Close()`

			`vulnerabilities, err = parseELSA(testFile2)`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {`
			`assert.Equal(t, "ELSA-2015-1207", vulnerabilities[0].Name)`
			`assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1207.html", vulnerabilities[0].Link)`
clair: mv updater clair and mv severity to db 2017-01-19 18:42:37 +00:00			`assert.Equal(t, database.CriticalSeverity, vulnerabilities[0].Severity)`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			assert.Equal(t, ` [38.1.0-1.0.1.el7_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section `, vulnerabilities[0].Description)
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`expectedFeatures := []database.AffectedFeature{`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`{`
updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package 2018-10-18 18:52:50 +00:00			`AffectedType: affectedType,`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "oracle:6",`
			`VersionFormat: rpm.ParserName,`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "firefox",`
			`FixedInVersion: "0:38.1.0-1.0.1.el6_6",`
			`AffectedVersion: "0:38.1.0-1.0.1.el6_6",`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
			`{`
updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package 2018-10-18 18:52:50 +00:00			`AffectedType: affectedType,`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`Namespace: database.Namespace{`
			`Name: "oracle:7",`
			`VersionFormat: rpm.ParserName,`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`FeatureName: "firefox",`
			`FixedInVersion: "0:38.1.0-1.0.1.el7_1",`
			`AffectedVersion: "0:38.1.0-1.0.1.el7_1",`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`},`
			`}`

Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed. 2017-07-26 23:22:29 +00:00			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
Add Oracle Linux fetcher to grab and parse OVAL data. Signed-off-by: Avi Miller <avi.miller@oracle.com> 2016-12-20 00:25:07 +00:00			`}`
			`}`
			`}`
ext/vulnsrc/oracle: fix ELSA version comparison Previously we naively compared integers. However, not all versions have the same length. 2017-04-19 17:13:46 +00:00
			`func TestELSAComparison(t *testing.T) {`
			`var table = []struct {`
			`left int`
			`right int`
			`expected int`
			`}{`
			`{20170935, 20170935, 0},`
			`{20170934, 20170935, -1},`
			`{20170936, 20170935, 1},`

			`{20170935, 201709331, 1},`
			`{201709351, 20170935, 1},`
			`{201709331, 20170935, -1},`
			`}`

			`for _, tt := range table {`
			`assert.Equal(t, tt.expected, compareELSA(tt.left, tt.right))`
			`}`
			`}`