|
|
|
@ -27,6 +27,7 @@ func TestFindVulnerability(t *testing.T) {
|
|
|
|
|
Description: "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0",
|
|
|
|
|
Link: "http://google.com/#q=CVE-OPENSSL-1-DEB7",
|
|
|
|
|
Severity: types.High,
|
|
|
|
|
Namespace: database.Namespace{Name: "debian:7"},
|
|
|
|
|
FixedIn: []database.FeatureVersion{
|
|
|
|
|
database.FeatureVersion{
|
|
|
|
|
Feature: database.Feature{Name: "openssl"},
|
|
|
|
@ -46,8 +47,10 @@ func TestFindVulnerability(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
// Find a vulnerability that has no link, no severity and no FixedIn.
|
|
|
|
|
v2 := database.Vulnerability{
|
|
|
|
|
Name: "CVE-OPENSSL-1-DEB7",
|
|
|
|
|
Description: "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0",
|
|
|
|
|
Name: "CVE-NOPE",
|
|
|
|
|
Description: "A vulnerability affecting nothing",
|
|
|
|
|
Namespace: database.Namespace{Name: "debian:7"},
|
|
|
|
|
Severity: types.Unknown,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v2f, err := datastore.FindVulnerability("debian:7", "CVE-NOPE")
|
|
|
|
@ -106,6 +109,18 @@ func TestInsertVulnerability(t *testing.T) {
|
|
|
|
|
},
|
|
|
|
|
Version: types.NewVersionUnsafe("0.1"),
|
|
|
|
|
}
|
|
|
|
|
f7 := database.FeatureVersion{
|
|
|
|
|
Feature: database.Feature{
|
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion5",
|
|
|
|
|
},
|
|
|
|
|
Version: types.MaxVersion,
|
|
|
|
|
}
|
|
|
|
|
f8 := database.FeatureVersion{
|
|
|
|
|
Feature: database.Feature{
|
|
|
|
|
Name: "TestInsertVulnerabilityFeatureVersion5",
|
|
|
|
|
},
|
|
|
|
|
Version: types.MinVersion,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Insert invalid vulnerabilities.
|
|
|
|
|
for _, vulnerability := range []database.Vulnerability{
|
|
|
|
@ -147,7 +162,7 @@ func TestInsertVulnerability(t *testing.T) {
|
|
|
|
|
v1 := database.Vulnerability{
|
|
|
|
|
Name: "TestInsertVulnerability1",
|
|
|
|
|
Namespace: n1,
|
|
|
|
|
FixedIn: []database.FeatureVersion{f1, f3, f6},
|
|
|
|
|
FixedIn: []database.FeatureVersion{f1, f3, f6, f7},
|
|
|
|
|
Severity: types.Low,
|
|
|
|
|
Description: "TestInsertVulnerabilityDescription1",
|
|
|
|
|
Link: "TestInsertVulnerabilityLink1",
|
|
|
|
@ -164,9 +179,9 @@ func TestInsertVulnerability(t *testing.T) {
|
|
|
|
|
v1.Description = "TestInsertVulnerabilityLink2"
|
|
|
|
|
v1.Link = "TestInsertVulnerabilityLink2"
|
|
|
|
|
v1.Severity = types.High
|
|
|
|
|
// Update f3 by f4, add fixed by f5, add fixed by f6 which already exists.
|
|
|
|
|
// TODO(Quentin-M): Remove FixedIn.
|
|
|
|
|
v1.FixedIn = []database.FeatureVersion{f4, f5, f6}
|
|
|
|
|
// Update f3 in f4, add fixed in f5, add fixed in f6 which already exists, removes fixed in f7 by
|
|
|
|
|
// adding f8 which is f7 but with MinVersion.
|
|
|
|
|
v1.FixedIn = []database.FeatureVersion{f4, f5, f6, f8}
|
|
|
|
|
|
|
|
|
|
err = datastore.InsertVulnerabilities([]database.Vulnerability{v1})
|
|
|
|
|
if assert.Nil(t, err) {
|
|
|
|
@ -175,6 +190,14 @@ func TestInsertVulnerability(t *testing.T) {
|
|
|
|
|
// We already had f1 before the update.
|
|
|
|
|
// Add it to the struct for comparison.
|
|
|
|
|
v1.FixedIn = append(v1.FixedIn, f1)
|
|
|
|
|
|
|
|
|
|
// Removes f8 from the struct for comparison as it was just here to cancel f7.
|
|
|
|
|
for i := 0; i < len(v1.FixedIn); i++ {
|
|
|
|
|
if v1.FixedIn[i].Feature.Name == f8.Feature.Name {
|
|
|
|
|
v1.FixedIn = append(v1.FixedIn[:i], v1.FixedIn[i+1:]...)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
equalsVuln(t, &v1, &v1f)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -206,126 +229,6 @@ func equalsVuln(t *testing.T, expected, actual *database.Vulnerability) {
|
|
|
|
|
|
|
|
|
|
// TODO Test Affects in Feature_Version and here.
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// // Some data
|
|
|
|
|
// vuln1 := &database.Vulnerability{ID: "test1", Link: "link1", Priority: types.Medium, Description: "testDescription1", FixedInNodes: []string{"pkg1"}}
|
|
|
|
|
// vuln2 := &database.Vulnerability{ID: "test2", Link: "link2", Priority: types.High, Description: "testDescription2", FixedInNodes: []string{"pkg1", "pkg2"}}
|
|
|
|
|
// vuln3 := &database.Vulnerability{ID: "test3", Link: "link3", Priority: types.High, FixedInNodes: []string{"pkg3"}} // Empty description
|
|
|
|
|
//
|
|
|
|
|
// // Insert some vulnerabilities
|
|
|
|
|
// _, err := InsertVulnerabilities([]*database.Vulnerability{vuln1, vuln2, vuln3})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// // Find one of the vulnerabilities we just inserted and verify its content
|
|
|
|
|
// v1, err := FindOnedatabase.Vulnerability(vuln1.ID, Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.NotNil(t, v1) {
|
|
|
|
|
// assert.Equal(t, vuln1.ID, v1.ID)
|
|
|
|
|
// assert.Equal(t, vuln1.Link, v1.Link)
|
|
|
|
|
// assert.Equal(t, vuln1.Priority, v1.Priority)
|
|
|
|
|
// assert.Equal(t, vuln1.Description, v1.Description)
|
|
|
|
|
// if assert.Len(t, v1.FixedInNodes, 1) {
|
|
|
|
|
// assert.Equal(t, vuln1.FixedInNodes[0], v1.FixedInNodes[0])
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // Update a database.Vulnerability and verify its new content
|
|
|
|
|
// pkg1 := &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.0")}
|
|
|
|
|
// InsertPackages([]*Package{pkg1})
|
|
|
|
|
// vuln5 := &database.Vulnerability{ID: "test5", Link: "link5", Priority: types.Medium, Description: "testDescription5", FixedInNodes: []string{pkg1.Node}}
|
|
|
|
|
//
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{vuln5})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// // Partial updates
|
|
|
|
|
// // # Just a field update
|
|
|
|
|
// vuln5b := &database.Vulnerability{ID: "test5", Priority: types.High}
|
|
|
|
|
// _, err := InsertVulnerabilities([]*database.Vulnerability{vuln5b})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// v5b, err := FindOnedatabase.Vulnerability(vuln5b.ID, Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.NotNil(t, v5b) {
|
|
|
|
|
// assert.Equal(t, vuln5b.ID, v5b.ID)
|
|
|
|
|
// assert.Equal(t, vuln5b.Priority, v5b.Priority)
|
|
|
|
|
//
|
|
|
|
|
// if assert.Len(t, v5b.FixedInNodes, 1) {
|
|
|
|
|
// assert.Contains(t, v5b.FixedInNodes, pkg1.Node)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // # Just a field update, twice in the same transaction
|
|
|
|
|
// vuln5b1 := &database.Vulnerability{ID: "test5", Link: "http://foo.bar"}
|
|
|
|
|
// vuln5b2 := &database.Vulnerability{ID: "test5", Link: "http://bar.foo"}
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{vuln5b1, vuln5b2})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// v5b2, err := FindOnedatabase.Vulnerability(vuln5b2.ID, Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.NotNil(t, v5b2) {
|
|
|
|
|
// assert.Equal(t, vuln5b2.Link, v5b2.Link)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // # All fields except fixedIn update
|
|
|
|
|
// vuln5c := &database.Vulnerability{ID: "test5", Link: "link5c", Priority: types.Critical, Description: "testDescription5c"}
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{vuln5c})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// v5c, err := FindOnedatabase.Vulnerability(vuln5c.ID, Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.NotNil(t, v5c) {
|
|
|
|
|
// assert.Equal(t, vuln5c.ID, v5c.ID)
|
|
|
|
|
// assert.Equal(t, vuln5c.Link, v5c.Link)
|
|
|
|
|
// assert.Equal(t, vuln5c.Priority, v5c.Priority)
|
|
|
|
|
// assert.Equal(t, vuln5c.Description, v5c.Description)
|
|
|
|
|
//
|
|
|
|
|
// if assert.Len(t, v5c.FixedInNodes, 1) {
|
|
|
|
|
// assert.Contains(t, v5c.FixedInNodes, pkg1.Node)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // Complete update
|
|
|
|
|
// pkg2 := &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.1")}
|
|
|
|
|
// pkg3 := &Package{OS: "testOS", Name: "testpkg2", Version: types.NewVersionUnsafe("1.0")}
|
|
|
|
|
// InsertPackages([]*Package{pkg2, pkg3})
|
|
|
|
|
// vuln5d := &database.Vulnerability{ID: "test5", Link: "link5d", Priority: types.Low, Description: "testDescription5d", FixedInNodes: []string{pkg2.Node, pkg3.Node}}
|
|
|
|
|
//
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{vuln5d})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// v5d, err := FindOnedatabase.Vulnerability(vuln5d.ID, Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.NotNil(t, v5d) {
|
|
|
|
|
// assert.Equal(t, vuln5d.ID, v5d.ID)
|
|
|
|
|
// assert.Equal(t, vuln5d.Link, v5d.Link)
|
|
|
|
|
// assert.Equal(t, vuln5d.Priority, v5d.Priority)
|
|
|
|
|
// assert.Equal(t, vuln5d.Description, v5d.Description)
|
|
|
|
|
//
|
|
|
|
|
// // Here, we ensure that a database.Vulnerability can only be fixed by one package of a given branch at a given time
|
|
|
|
|
// // And that we can add new fixed packages as well
|
|
|
|
|
// if assert.Len(t, v5d.FixedInNodes, 2) {
|
|
|
|
|
// assert.NotContains(t, v5d.FixedInNodes, pkg1.Node)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
//
|
|
|
|
|
// // Create and update a database.Vulnerability's packages (and from the same branch) in the same batch
|
|
|
|
|
// pkg1 = &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.0")}
|
|
|
|
|
// pkg1b := &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.1")}
|
|
|
|
|
// InsertPackages([]*Package{pkg1, pkg1b})
|
|
|
|
|
//
|
|
|
|
|
// // # Two updates of the same database.Vulnerability in the same batch with packages of the same branch
|
|
|
|
|
// pkg0 := &Package{OS: "testOS", Name: "testpkg0", Version: types.NewVersionUnsafe("1.0")}
|
|
|
|
|
// InsertPackages([]*Package{pkg0})
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{&database.Vulnerability{ID: "test7", Link: "link7", Priority: types.Medium, Description: "testDescription7", FixedInNodes: []string{pkg0.Node}}})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// vuln7b := &database.Vulnerability{ID: "test7", FixedInNodes: []string{pkg1.Node}}
|
|
|
|
|
// vuln7c := &database.Vulnerability{ID: "test7", FixedInNodes: []string{pkg1b.Node}}
|
|
|
|
|
// _, err = InsertVulnerabilities([]*database.Vulnerability{vuln7b, vuln7c})
|
|
|
|
|
// if assert.Nil(t, err) {
|
|
|
|
|
// v7, err := FindOnedatabase.Vulnerability("test7", Fielddatabase.VulnerabilityAll)
|
|
|
|
|
// if assert.Nil(t, err) && assert.Len(t, v7.FixedInNodes, 2) {
|
|
|
|
|
// assert.Contains(t, v7.FixedInNodes, pkg0.Node)
|
|
|
|
|
// assert.NotContains(t, v7.FixedInNodes, pkg1.Node)
|
|
|
|
|
// assert.Contains(t, v7.FixedInNodes, pkg1b.Node)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// func TestInsertVulnerabilityNotifications(t *testing.T) {
|
|
|
|
|
// Open(&config.DatabaseConfig{Type: "memstore"})
|
|
|
|
|
// defer Close()
|
|
|
|
|