2018-10-16 22:52:27 +00:00
|
|
|
// Copyright 2018 clair authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package nvd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"runtime"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestNVDParser(t *testing.T) {
|
|
|
|
_, filename, _, _ := runtime.Caller(0)
|
|
|
|
path := filepath.Join(filepath.Dir(filename))
|
|
|
|
|
|
|
|
dataFilePath := filepath.Join(path, "/testdata/nvd_test.json")
|
|
|
|
testData, err := os.Open(dataFilePath)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error opening %q: %v", dataFilePath, err)
|
|
|
|
}
|
|
|
|
defer testData.Close()
|
|
|
|
|
|
|
|
a := &appender{}
|
|
|
|
a.metadata = make(map[string]NVDMetadata)
|
|
|
|
|
|
|
|
err = a.parseDataFeed(testData)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error parsing %q: %v", dataFilePath, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var gotMetadata, wantMetadata NVDMetadata
|
|
|
|
|
|
|
|
// Items without CVSSv2 aren't returned.
|
|
|
|
assert.Len(t, a.metadata, 2)
|
|
|
|
gotMetadata, ok := a.metadata["CVE-2002-0001"]
|
|
|
|
assert.False(t, ok)
|
|
|
|
|
|
|
|
// Item with only CVSSv2.
|
|
|
|
gotMetadata, ok = a.metadata["CVE-2012-0001"]
|
|
|
|
assert.True(t, ok)
|
|
|
|
wantMetadata = NVDMetadata{
|
|
|
|
CVSSv2: NVDmetadataCVSSv2{
|
|
|
|
Vectors: "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
|
|
Score: 4.0,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
assert.Equal(t, wantMetadata, gotMetadata)
|
|
|
|
|
|
|
|
// Item with both CVSSv2 and CVSSv3 has CVSSv2 information returned.
|
|
|
|
gotMetadata, ok = a.metadata["CVE-2018-0001"]
|
|
|
|
assert.True(t, ok)
|
|
|
|
wantMetadata = NVDMetadata{
|
|
|
|
CVSSv2: NVDmetadataCVSSv2{
|
|
|
|
Vectors: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
|
|
Score: 7.5,
|
|
|
|
},
|
2018-10-16 23:08:17 +00:00
|
|
|
CVSSv3: NVDmetadataCVSSv3{
|
|
|
|
Vectors: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
|
|
Score: 9.8,
|
|
|
|
},
|
2018-10-16 22:52:27 +00:00
|
|
|
}
|
|
|
|
assert.Equal(t, wantMetadata, gotMetadata)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNVDParserErrors(t *testing.T) {
|
|
|
|
_, filename, _, _ := runtime.Caller(0)
|
|
|
|
path := filepath.Join(filepath.Dir(filename))
|
|
|
|
|
|
|
|
dataFilePath := filepath.Join(path, "/testdata/nvd_test_incorrect_format.json")
|
|
|
|
testData, err := os.Open(dataFilePath)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error opening %q: %v", dataFilePath, err)
|
|
|
|
}
|
|
|
|
defer testData.Close()
|
|
|
|
|
|
|
|
a := &appender{}
|
|
|
|
a.metadata = make(map[string]NVDMetadata)
|
|
|
|
|
|
|
|
err = a.parseDataFeed(testData)
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("Expected error parsing NVD data file: %q", dataFilePath)
|
|
|
|
}
|
|
|
|
}
|