clair/ext/vulnsrc/suse/suse_test.go

// Copyright 2017 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package suse

import (
	"fmt"
	"os"
	"path/filepath"
	"runtime"
	"testing"

	"github.com/coreos/clair/database"
	"github.com/coreos/clair/ext/versionfmt/rpm"
	"github.com/stretchr/testify/assert"
)

func TestOpenSUSEParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_opensuse_test.1.xml
	testFile, _ := os.Open(path + "/testdata/fetcher_opensuse_test.1.xml")
	defer testFile.Close()

	u := newUpdater(OpenSUSE)
	osVersion := "42.3"

	vulnerabilities, generationTime, err := parseOval(testFile, u.NamespaceName, osVersion)
	assert.Nil(t, err)
	assert.Equal(t, int64(1467000286), generationTime)

	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
		assert.Equal(t, "CVE-2012-2150", vulnerabilities[0].Name)
		assert.Equal(t, "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150", vulnerabilities[0].Link)
		assert.Equal(t, `xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.`, vulnerabilities[0].Description)

		expectedFeatures := []database.AffectedFeature{
			{
				Namespace: database.Namespace{
					Name:          fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xfsprogs",
				FixedInVersion:  "3.2.1-5.1",
				AffectedVersion: "3.2.1-5.1",
			},
			{
				Namespace: database.Namespace{
					Name:          fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xfsprogs-devel",
				FixedInVersion:  "3.2.1-5.1",
				AffectedVersion: "3.2.1-5.1",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}

}

func TestSUSEParser(t *testing.T) {
	_, filename, _, _ := runtime.Caller(0)
	path := filepath.Join(filepath.Dir(filename))

	// Test parsing testdata/fetcher_opensuse_test.1.xml
	testFile, _ := os.Open(path + "/testdata/fetcher_sle_test.1.xml")
	defer testFile.Close()

	u := newUpdater(SUSE)
	osVersion := "12"

	vulnerabilities, generationTime, err := parseOval(testFile, u.NamespaceName, osVersion)
	assert.Nil(t, err)
	assert.Equal(t, int64(1467000286), generationTime)

	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
		assert.Equal(t, "CVE-2012-2150", vulnerabilities[0].Name)
		assert.Equal(t, "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150", vulnerabilities[0].Link)
		assert.Equal(t, `xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.`, vulnerabilities[0].Description)

		expectedFeatures := []database.AffectedFeature{
			{
				Namespace: database.Namespace{
					Name:          fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xfsprogs",
				FixedInVersion:  "3.2.1-3.5",
				AffectedVersion: "3.2.1-3.5",
			},
			{
				Namespace: database.Namespace{
					Name:          "sles:12.1",
					VersionFormat: rpm.ParserName,
				},
				FeatureName:     "xfsprogs",
				FixedInVersion:  "3.2.1-3.5",
				AffectedVersion: "3.2.1-3.5",
			},
		}

		for _, expectedFeature := range expectedFeatures {
			assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
		}
	}
}

func TestPkgInstalledCommentRegexp(t *testing.T) {
	testData := map[string][]string{
		"krb5-1.12.1-19.1 is installed":                               {"krb5", "1.12.1-19.1"},
		"krb5-32bit-1.12.1-19.1 is installed":                         {"krb5-32bit", "1.12.1-19.1"},
		"krb5-client-1.12.1-19.1 is installed":                        {"krb5-client", "1.12.1-19.1"},
		"krb5-plugin-kdb-ldap-1.12.1-19.1 is installed":               {"krb5-plugin-kdb-ldap", "1.12.1-19.1"},
		"sysvinit-tools-2.88+-96.1 is installed":                      {"sysvinit-tools", "2.88+-96.1"},
		"ntp-4.2.8p10-63.3 is installed":                              {"ntp", "4.2.8p10-63.3"},
		"libid3tag0-0.15.1b-182.58 is installed":                      {"libid3tag0", "0.15.1b-182.58"},
		"libopenssl-devel-1.0.2j-55.1 is installed":                   {"libopenssl-devel", "1.0.2j-55.1"},
		"libMagickCore-6_Q16-1-6.8.8.1-5.8 is installed":              {"libMagickCore-6_Q16-1", "6.8.8.1-5.8"},
		"libGraphicsMagick++-Q16-12-1.3.25-11.44.1 is installed":      {"libGraphicsMagick++-Q16-12", "1.3.25-11.44.1"},
		"freerdp-2.0.0~git.1463131968.4e66df7-11.69 is installed":     {"freerdp", "2.0.0~git.1463131968.4e66df7-11.69"},
		"libfreerdp2-2.0.0~git.1463131968.4e66df7-11.69 is installed": {"libfreerdp2", "2.0.0~git.1463131968.4e66df7-11.69"},
		"ruby2.1-rubygem-sle2docker-0.2.3-5.1 is installed":           {"ruby2.1-rubygem-sle2docker", "0.2.3-5.1"},
		"xen-libs-4.4.1_06-2.2 is installed":                          {"xen-libs", "4.4.1_06-2.2"},
		"runc-0.1.1+gitr2816_02f8fa7 is installed":                    {"runc", "0.1.1+gitr2816_02f8fa7"},
	}

	for pkg, expectations := range testData {
		name, version, err := splitPackageNameAndVersion(pkg[:len(pkg)-len(" is installed")])
		assert.Nil(t, err)
		assert.Equal(t, expectations[0], name)
		assert.Equal(t, expectations[1], version)
	}

	name, version, err := splitPackageNameAndVersion("invalid-package is installed")
	assert.NotNil(t, err)
	assert.Empty(t, name)
	assert.Empty(t, version)
}
Reintroduce image scanning for openSUSE and SLE Handle scanning of openSUSE and SUSE Linux Enterprise images. Signed-off-by: Flavio Castelli <fcastelli@suse.com> 2017-09-25 22:32:16 +00:00			`// Copyright 2017 clair authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package suse`

			`import (`
			`"fmt"`
			`"os"`
			`"path/filepath"`
			`"runtime"`
			`"testing"`

			`"github.com/coreos/clair/database"`
			`"github.com/coreos/clair/ext/versionfmt/rpm"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestOpenSUSEParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
			`path := filepath.Join(filepath.Dir(filename))`

			`// Test parsing testdata/fetcher_opensuse_test.1.xml`
			`testFile, _ := os.Open(path + "/testdata/fetcher_opensuse_test.1.xml")`
			`defer testFile.Close()`

			`u := newUpdater(OpenSUSE)`
			`osVersion := "42.3"`

			`vulnerabilities, generationTime, err := parseOval(testFile, u.NamespaceName, osVersion)`
			`assert.Nil(t, err)`
			`assert.Equal(t, int64(1467000286), generationTime)`

			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {`
			`assert.Equal(t, "CVE-2012-2150", vulnerabilities[0].Name)`
			`assert.Equal(t, "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150", vulnerabilities[0].Link)`
			assert.Equal(t, `xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.`, vulnerabilities[0].Description)

			`expectedFeatures := []database.AffectedFeature{`
			`{`
			`Namespace: database.Namespace{`
			`Name: fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),`
			`VersionFormat: rpm.ParserName,`
			`},`
			`FeatureName: "xfsprogs",`
			`FixedInVersion: "3.2.1-5.1",`
			`AffectedVersion: "3.2.1-5.1",`
			`},`
			`{`
			`Namespace: database.Namespace{`
			`Name: fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),`
			`VersionFormat: rpm.ParserName,`
			`},`
			`FeatureName: "xfsprogs-devel",`
			`FixedInVersion: "3.2.1-5.1",`
			`AffectedVersion: "3.2.1-5.1",`
			`},`
			`}`

			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
			`}`
			`}`

			`}`

			`func TestSUSEParser(t *testing.T) {`
			`_, filename, _, _ := runtime.Caller(0)`
			`path := filepath.Join(filepath.Dir(filename))`

			`// Test parsing testdata/fetcher_opensuse_test.1.xml`
			`testFile, _ := os.Open(path + "/testdata/fetcher_sle_test.1.xml")`
			`defer testFile.Close()`

			`u := newUpdater(SUSE)`
			`osVersion := "12"`

			`vulnerabilities, generationTime, err := parseOval(testFile, u.NamespaceName, osVersion)`
			`assert.Nil(t, err)`
			`assert.Equal(t, int64(1467000286), generationTime)`

			`if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {`
			`assert.Equal(t, "CVE-2012-2150", vulnerabilities[0].Name)`
			`assert.Equal(t, "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150", vulnerabilities[0].Link)`
			assert.Equal(t, `xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.`, vulnerabilities[0].Description)

			`expectedFeatures := []database.AffectedFeature{`
			`{`
			`Namespace: database.Namespace{`
			`Name: fmt.Sprintf("%s:%s", u.NamespaceName, osVersion),`
			`VersionFormat: rpm.ParserName,`
			`},`
			`FeatureName: "xfsprogs",`
			`FixedInVersion: "3.2.1-3.5",`
			`AffectedVersion: "3.2.1-3.5",`
			`},`
			`{`
			`Namespace: database.Namespace{`
			`Name: "sles:12.1",`
			`VersionFormat: rpm.ParserName,`
			`},`
			`FeatureName: "xfsprogs",`
			`FixedInVersion: "3.2.1-3.5",`
			`AffectedVersion: "3.2.1-3.5",`
			`},`
			`}`

			`for _, expectedFeature := range expectedFeatures {`
			`assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)`
			`}`
			`}`
			`}`

			`func TestPkgInstalledCommentRegexp(t *testing.T) {`
			`testData := map[string][]string{`
			`"krb5-1.12.1-19.1 is installed": {"krb5", "1.12.1-19.1"},`
			`"krb5-32bit-1.12.1-19.1 is installed": {"krb5-32bit", "1.12.1-19.1"},`
			`"krb5-client-1.12.1-19.1 is installed": {"krb5-client", "1.12.1-19.1"},`
			`"krb5-plugin-kdb-ldap-1.12.1-19.1 is installed": {"krb5-plugin-kdb-ldap", "1.12.1-19.1"},`
			`"sysvinit-tools-2.88+-96.1 is installed": {"sysvinit-tools", "2.88+-96.1"},`
			`"ntp-4.2.8p10-63.3 is installed": {"ntp", "4.2.8p10-63.3"},`
			`"libid3tag0-0.15.1b-182.58 is installed": {"libid3tag0", "0.15.1b-182.58"},`
			`"libopenssl-devel-1.0.2j-55.1 is installed": {"libopenssl-devel", "1.0.2j-55.1"},`
			`"libMagickCore-6_Q16-1-6.8.8.1-5.8 is installed": {"libMagickCore-6_Q16-1", "6.8.8.1-5.8"},`
			`"libGraphicsMagick++-Q16-12-1.3.25-11.44.1 is installed": {"libGraphicsMagick++-Q16-12", "1.3.25-11.44.1"},`
			`"freerdp-2.0.0~git.1463131968.4e66df7-11.69 is installed": {"freerdp", "2.0.0~git.1463131968.4e66df7-11.69"},`
			`"libfreerdp2-2.0.0~git.1463131968.4e66df7-11.69 is installed": {"libfreerdp2", "2.0.0~git.1463131968.4e66df7-11.69"},`
			`"ruby2.1-rubygem-sle2docker-0.2.3-5.1 is installed": {"ruby2.1-rubygem-sle2docker", "0.2.3-5.1"},`
			`"xen-libs-4.4.1_06-2.2 is installed": {"xen-libs", "4.4.1_06-2.2"},`
			`"runc-0.1.1+gitr2816_02f8fa7 is installed": {"runc", "0.1.1+gitr2816_02f8fa7"},`
			`}`

			`for pkg, expectations := range testData {`
			`name, version, err := splitPackageNameAndVersion(pkg[:len(pkg)-len(" is installed")])`
			`assert.Nil(t, err)`
			`assert.Equal(t, expectations[0], name)`
			`assert.Equal(t, expectations[1], version)`
			`}`

			`name, version, err := splitPackageNameAndVersion("invalid-package is installed")`
			`assert.NotNil(t, err)`
			`assert.Empty(t, name)`
			`assert.Empty(t, version)`
			`}`