2017-01-13 07:08:52 +00:00
|
|
|
// Copyright 2017 clair authors
|
2016-01-19 20:16:45 +00:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
package pgsql
|
|
|
|
|
|
|
|
import (
|
2016-02-01 23:41:40 +00:00
|
|
|
"reflect"
|
2016-01-12 15:40:46 +00:00
|
|
|
"testing"
|
|
|
|
|
2016-05-02 22:33:03 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
"github.com/coreos/clair/database"
|
2016-12-28 01:45:11 +00:00
|
|
|
"github.com/coreos/clair/ext/versionfmt"
|
2017-01-03 21:00:20 +00:00
|
|
|
"github.com/coreos/clair/ext/versionfmt/dpkg"
|
2017-01-13 07:08:52 +00:00
|
|
|
"github.com/coreos/clair/pkg/commonerr"
|
2016-01-12 15:40:46 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestFindVulnerability(t *testing.T) {
|
2016-05-02 22:33:03 +00:00
|
|
|
datastore, err := openDatabaseForTest("FindVulnerability", true)
|
2016-01-12 15:40:46 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer datastore.Close()
|
|
|
|
|
|
|
|
// Find a vulnerability that does not exist.
|
|
|
|
_, err = datastore.FindVulnerability("", "")
|
2017-01-13 07:08:52 +00:00
|
|
|
assert.Equal(t, commonerr.ErrNotFound, err)
|
2016-01-12 15:40:46 +00:00
|
|
|
|
|
|
|
// Find a normal vulnerability.
|
|
|
|
v1 := database.Vulnerability{
|
|
|
|
Name: "CVE-OPENSSL-1-DEB7",
|
|
|
|
Description: "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0",
|
|
|
|
Link: "http://google.com/#q=CVE-OPENSSL-1-DEB7",
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.HighSeverity,
|
2016-12-28 01:45:11 +00:00
|
|
|
Namespace: database.Namespace{
|
|
|
|
Name: "debian:7",
|
2017-01-03 21:00:20 +00:00
|
|
|
VersionFormat: dpkg.ParserName,
|
2016-12-28 01:45:11 +00:00
|
|
|
},
|
2016-01-12 15:40:46 +00:00
|
|
|
FixedIn: []database.FeatureVersion{
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Feature: database.Feature{Name: "openssl"},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "2.0",
|
2016-01-12 15:40:46 +00:00
|
|
|
},
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Feature: database.Feature{Name: "libssl"},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "1.9-abc",
|
2016-01-12 15:40:46 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
v1f, err := datastore.FindVulnerability("debian:7", "CVE-OPENSSL-1-DEB7")
|
|
|
|
if assert.Nil(t, err) {
|
|
|
|
equalsVuln(t, &v1, &v1f)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Find a vulnerability that has no link, no severity and no FixedIn.
|
|
|
|
v2 := database.Vulnerability{
|
2016-01-13 20:30:58 +00:00
|
|
|
Name: "CVE-NOPE",
|
|
|
|
Description: "A vulnerability affecting nothing",
|
2016-12-28 01:45:11 +00:00
|
|
|
Namespace: database.Namespace{
|
|
|
|
Name: "debian:7",
|
2017-01-03 21:00:20 +00:00
|
|
|
VersionFormat: dpkg.ParserName,
|
2016-12-28 01:45:11 +00:00
|
|
|
},
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.UnknownSeverity,
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
v2f, err := datastore.FindVulnerability("debian:7", "CVE-NOPE")
|
|
|
|
if assert.Nil(t, err) {
|
|
|
|
equalsVuln(t, &v2, &v2f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-28 18:35:07 +00:00
|
|
|
func TestDeleteVulnerability(t *testing.T) {
|
2016-05-02 22:33:03 +00:00
|
|
|
datastore, err := openDatabaseForTest("InsertVulnerability", true)
|
2016-01-28 18:35:07 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer datastore.Close()
|
|
|
|
|
|
|
|
// Delete non-existing Vulnerability.
|
|
|
|
err = datastore.DeleteVulnerability("TestDeleteVulnerabilityNamespace1", "CVE-OPENSSL-1-DEB7")
|
2017-01-13 07:08:52 +00:00
|
|
|
assert.Equal(t, commonerr.ErrNotFound, err)
|
2016-01-28 18:35:07 +00:00
|
|
|
err = datastore.DeleteVulnerability("debian:7", "TestDeleteVulnerabilityVulnerability1")
|
2017-01-13 07:08:52 +00:00
|
|
|
assert.Equal(t, commonerr.ErrNotFound, err)
|
2016-01-28 18:35:07 +00:00
|
|
|
|
|
|
|
// Delete Vulnerability.
|
|
|
|
err = datastore.DeleteVulnerability("debian:7", "CVE-OPENSSL-1-DEB7")
|
|
|
|
if assert.Nil(t, err) {
|
|
|
|
_, err := datastore.FindVulnerability("debian:7", "CVE-OPENSSL-1-DEB7")
|
2017-01-13 07:08:52 +00:00
|
|
|
assert.Equal(t, commonerr.ErrNotFound, err)
|
2016-01-28 18:35:07 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
func TestInsertVulnerability(t *testing.T) {
|
2016-05-02 22:33:03 +00:00
|
|
|
datastore, err := openDatabaseForTest("InsertVulnerability", false)
|
2016-01-12 15:40:46 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer datastore.Close()
|
|
|
|
|
|
|
|
// Create some data.
|
2016-12-28 01:45:11 +00:00
|
|
|
n1 := database.Namespace{
|
|
|
|
Name: "TestInsertVulnerabilityNamespace1",
|
2017-01-03 21:00:20 +00:00
|
|
|
VersionFormat: dpkg.ParserName,
|
2016-12-28 01:45:11 +00:00
|
|
|
}
|
|
|
|
n2 := database.Namespace{
|
|
|
|
Name: "TestInsertVulnerabilityNamespace2",
|
2017-01-03 21:00:20 +00:00
|
|
|
VersionFormat: dpkg.ParserName,
|
2016-12-28 01:45:11 +00:00
|
|
|
}
|
2016-01-12 15:40:46 +00:00
|
|
|
|
|
|
|
f1 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion1",
|
|
|
|
Namespace: n1,
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "1.0",
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
f2 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion1",
|
|
|
|
Namespace: n2,
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "1.0",
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
f3 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion2",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: versionfmt.MaxVersion,
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
f4 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion2",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "1.4",
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
f5 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion3",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "1.5",
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
|
|
|
f6 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion4",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: "0.1",
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
2016-01-13 20:30:58 +00:00
|
|
|
f7 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion5",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: versionfmt.MaxVersion,
|
2016-01-13 20:30:58 +00:00
|
|
|
}
|
|
|
|
f8 := database.FeatureVersion{
|
|
|
|
Feature: database.Feature{
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion5",
|
|
|
|
},
|
2016-12-28 01:45:11 +00:00
|
|
|
Version: versionfmt.MinVersion,
|
2016-01-13 20:30:58 +00:00
|
|
|
}
|
2016-01-12 15:40:46 +00:00
|
|
|
|
|
|
|
// Insert invalid vulnerabilities.
|
|
|
|
for _, vulnerability := range []database.Vulnerability{
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Name: "",
|
|
|
|
Namespace: n1,
|
|
|
|
FixedIn: []database.FeatureVersion{f1},
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.UnknownSeverity,
|
2016-01-12 15:40:46 +00:00
|
|
|
},
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Name: "TestInsertVulnerability0",
|
|
|
|
Namespace: database.Namespace{},
|
|
|
|
FixedIn: []database.FeatureVersion{f1},
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.UnknownSeverity,
|
2016-01-12 15:40:46 +00:00
|
|
|
},
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Name: "TestInsertVulnerability0-",
|
|
|
|
Namespace: database.Namespace{},
|
|
|
|
FixedIn: []database.FeatureVersion{f1},
|
|
|
|
},
|
2016-02-25 00:29:36 +00:00
|
|
|
{
|
2016-01-12 15:40:46 +00:00
|
|
|
Name: "TestInsertVulnerability0",
|
|
|
|
Namespace: n1,
|
|
|
|
FixedIn: []database.FeatureVersion{f2},
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.UnknownSeverity,
|
2016-01-12 15:40:46 +00:00
|
|
|
},
|
|
|
|
} {
|
2016-02-04 22:10:19 +00:00
|
|
|
err := datastore.InsertVulnerabilities([]database.Vulnerability{vulnerability}, true)
|
2016-01-12 15:40:46 +00:00
|
|
|
assert.Error(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Insert a simple vulnerability and find it.
|
2016-02-01 23:41:40 +00:00
|
|
|
v1meta := make(map[string]interface{})
|
|
|
|
v1meta["TestInsertVulnerabilityMetadata1"] = "TestInsertVulnerabilityMetadataValue1"
|
|
|
|
v1meta["TestInsertVulnerabilityMetadata2"] = struct {
|
|
|
|
Test string
|
|
|
|
}{
|
|
|
|
Test: "TestInsertVulnerabilityMetadataValue1",
|
|
|
|
}
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
v1 := database.Vulnerability{
|
|
|
|
Name: "TestInsertVulnerability1",
|
|
|
|
Namespace: n1,
|
2016-01-13 20:30:58 +00:00
|
|
|
FixedIn: []database.FeatureVersion{f1, f3, f6, f7},
|
2017-01-19 18:42:37 +00:00
|
|
|
Severity: database.LowSeverity,
|
2016-01-12 15:40:46 +00:00
|
|
|
Description: "TestInsertVulnerabilityDescription1",
|
|
|
|
Link: "TestInsertVulnerabilityLink1",
|
2016-02-01 23:41:40 +00:00
|
|
|
Metadata: v1meta,
|
2016-01-12 15:40:46 +00:00
|
|
|
}
|
2016-02-04 22:10:19 +00:00
|
|
|
err = datastore.InsertVulnerabilities([]database.Vulnerability{v1}, true)
|
2016-01-12 15:40:46 +00:00
|
|
|
if assert.Nil(t, err) {
|
|
|
|
v1f, err := datastore.FindVulnerability(n1.Name, v1.Name)
|
|
|
|
if assert.Nil(t, err) {
|
|
|
|
equalsVuln(t, &v1, &v1f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update vulnerability.
|
|
|
|
v1.Description = "TestInsertVulnerabilityLink2"
|
|
|
|
v1.Link = "TestInsertVulnerabilityLink2"
|
2017-01-19 18:42:37 +00:00
|
|
|
v1.Severity = database.HighSeverity
|
2016-11-11 18:16:40 +00:00
|
|
|
// Update f3 in f4, add fixed in f5, add fixed in f6 which already exists,
|
|
|
|
// removes fixed in f7 by adding f8 which is f7 but with MinVersion, and
|
|
|
|
// add fixed by f5 a second time (duplicated).
|
|
|
|
v1.FixedIn = []database.FeatureVersion{f4, f5, f6, f8, f5}
|
2016-01-12 15:40:46 +00:00
|
|
|
|
2016-02-04 22:10:19 +00:00
|
|
|
err = datastore.InsertVulnerabilities([]database.Vulnerability{v1}, true)
|
2016-01-12 15:40:46 +00:00
|
|
|
if assert.Nil(t, err) {
|
|
|
|
v1f, err := datastore.FindVulnerability(n1.Name, v1.Name)
|
|
|
|
if assert.Nil(t, err) {
|
2016-11-11 18:16:40 +00:00
|
|
|
// Remove f8 from the struct for comparison as it was just here to cancel f7.
|
|
|
|
// Remove one of the f5 too as it was twice in the struct but the database
|
|
|
|
// implementation should have dedup'd it.
|
|
|
|
v1.FixedIn = v1.FixedIn[:len(v1.FixedIn)-2]
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
// We already had f1 before the update.
|
|
|
|
// Add it to the struct for comparison.
|
|
|
|
v1.FixedIn = append(v1.FixedIn, f1)
|
2016-01-13 20:30:58 +00:00
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
equalsVuln(t, &v1, &v1f)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func equalsVuln(t *testing.T, expected, actual *database.Vulnerability) {
|
|
|
|
assert.Equal(t, expected.Name, actual.Name)
|
|
|
|
assert.Equal(t, expected.Namespace.Name, actual.Namespace.Name)
|
|
|
|
assert.Equal(t, expected.Description, actual.Description)
|
|
|
|
assert.Equal(t, expected.Link, actual.Link)
|
|
|
|
assert.Equal(t, expected.Severity, actual.Severity)
|
2016-02-01 23:41:40 +00:00
|
|
|
assert.True(t, reflect.DeepEqual(castMetadata(expected.Metadata), actual.Metadata), "Got metadata %#v, expected %#v", actual.Metadata, castMetadata(expected.Metadata))
|
|
|
|
|
2016-01-12 15:40:46 +00:00
|
|
|
if assert.Len(t, actual.FixedIn, len(expected.FixedIn)) {
|
|
|
|
for _, actualFeatureVersion := range actual.FixedIn {
|
|
|
|
found := false
|
|
|
|
for _, expectedFeatureVersion := range expected.FixedIn {
|
|
|
|
if expectedFeatureVersion.Feature.Name == actualFeatureVersion.Feature.Name {
|
|
|
|
found = true
|
|
|
|
|
|
|
|
assert.Equal(t, expected.Namespace.Name, actualFeatureVersion.Feature.Namespace.Name)
|
|
|
|
assert.Equal(t, expectedFeatureVersion.Version, actualFeatureVersion.Version)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
|
|
|
t.Errorf("unexpected package %s in %s", actualFeatureVersion.Feature.Name, expected.Name)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-01-18 02:40:59 +00:00
|
|
|
|
|
|
|
func TestStringComparison(t *testing.T) {
|
|
|
|
cmp := compareStringLists([]string{"a", "b", "b", "a"}, []string{"a", "c"})
|
|
|
|
assert.Len(t, cmp, 1)
|
|
|
|
assert.NotContains(t, cmp, "a")
|
|
|
|
assert.Contains(t, cmp, "b")
|
|
|
|
|
|
|
|
cmp = compareStringListsInBoth([]string{"a", "a", "b", "c"}, []string{"a", "c", "c"})
|
|
|
|
assert.Len(t, cmp, 2)
|
|
|
|
assert.NotContains(t, cmp, "b")
|
|
|
|
assert.Contains(t, cmp, "a")
|
|
|
|
assert.Contains(t, cmp, "c")
|
|
|
|
}
|