vulnsrc_rhel: add test
Add test for multiple CVE
This commit is contained in:
Grégoire Unbekandt
Grégoire Unbekandt
parent
8b3338ef56
commit
a90db713a2
@ -214,13 +214,16 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
|
||||
// Only RHSA is present
|
||||
if len(definition.References) == 1 {
|
||||
vulnerabilities = append(vulnerabilities, vulnerability)
|
||||
} else {
|
||||
for _, reference := range definition.References[1:] {
|
||||
vulnerability.Name = reference.ID
|
||||
vulnerability.Link = reference.URI
|
||||
vulnerabilities = append(vulnerabilities, vulnerability)
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
// Create one vulnerability by CVE
|
||||
for _, reference := range definition.References[1:] {
|
||||
vulnerability.Name = reference.ID
|
||||
vulnerability.Link = reference.URI
|
||||
vulnerabilities = append(vulnerabilities, vulnerability)
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
package rhel
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
@ -25,7 +26,55 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestRHELParser(t *testing.T) {
|
||||
func TestRHELParserMultipleCVE(t *testing.T) {
|
||||
_, filename, _, _ := runtime.Caller(0)
|
||||
path := filepath.Join(filepath.Dir(filename))
|
||||
|
||||
// Test parsing testdata/fetcher_rhel_test.2.xml
|
||||
testFile, _ := os.Open(path + "/testdata/fetcher_rhel_test.2.xml")
|
||||
vulnerabilities, err := parseRHSA(testFile)
|
||||
|
||||
// Expected
|
||||
expectedCve := []string{"CVE-2015-2722", "CVE-2015-2724", "CVE-2015-2725", "CVE-2015-2727", "CVE-2015-2728",
|
||||
"CVE-2015-2729", "CVE-2015-2731", "CVE-2015-2733", "CVE-2015-2734", "CVE-2015-2735", "CVE-2015-2736",
|
||||
"CVE-2015-2737", "CVE-2015-2738", "CVE-2015-2739", "CVE-2015-2740", "CVE-2015-2741", "CVE-2015-2743",
|
||||
}
|
||||
expectedFeatures := []database.AffectedFeature{
|
||||
{
|
||||
Namespace: database.Namespace{
|
||||
Name: "centos:6",
|
||||
VersionFormat: rpm.ParserName,
|
||||
},
|
||||
FeatureName: "firefox",
|
||||
FixedInVersion: "0:38.1.0-1.el6_6",
|
||||
AffectedVersion: "0:38.1.0-1.el6_6",
|
||||
},
|
||||
{
|
||||
Namespace: database.Namespace{
|
||||
Name: "centos:7",
|
||||
VersionFormat: rpm.ParserName,
|
||||
},
|
||||
FeatureName: "firefox",
|
||||
FixedInVersion: "0:38.1.0-1.el7_1",
|
||||
AffectedVersion: "0:38.1.0-1.el7_1",
|
||||
},
|
||||
}
|
||||
|
||||
if assert.Nil(t, err) && assert.Len(t, vulnerabilities, len(expectedCve)) {
|
||||
|
||||
for i, vulnerability := range vulnerabilities {
|
||||
assert.Equal(t, expectedCve[i], vulnerability.Name)
|
||||
assert.Equal(t, fmt.Sprintf("https://access.redhat.com/security/cve/%s", expectedCve[i]), vulnerability.Link)
|
||||
assert.Equal(t, database.CriticalSeverity, vulnerability.Severity)
|
||||
assert.Equal(t, `Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.`, vulnerability.Description)
|
||||
|
||||
for _, expectedFeature := range expectedFeatures {
|
||||
assert.Contains(t, vulnerability.Affected, expectedFeature)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
func TestRHELParserOneCVE(t *testing.T) {
|
||||
_, filename, _, _ := runtime.Caller(0)
|
||||
path := filepath.Join(filepath.Dir(filename))
|
||||
|
||||
@ -72,39 +121,4 @@ func TestRHELParser(t *testing.T) {
|
||||
assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
|
||||
}
|
||||
}
|
||||
|
||||
// Test parsing testdata/fetcher_rhel_test.2.xml
|
||||
testFile, _ = os.Open(path + "/testdata/fetcher_rhel_test.2.xml")
|
||||
vulnerabilities, err = parseRHSA(testFile)
|
||||
if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 17) {
|
||||
assert.Equal(t, "CVE-2015-2722", vulnerabilities[0].Name)
|
||||
assert.Equal(t, "https://access.redhat.com/security/cve/CVE-2015-2722", vulnerabilities[0].Link)
|
||||
assert.Equal(t, database.CriticalSeverity, vulnerabilities[0].Severity)
|
||||
assert.Equal(t, `Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.`, vulnerabilities[0].Description)
|
||||
|
||||
expectedFeatures := []database.AffectedFeature{
|
||||
{
|
||||
Namespace: database.Namespace{
|
||||
Name: "centos:6",
|
||||
VersionFormat: rpm.ParserName,
|
||||
},
|
||||
FeatureName: "firefox",
|
||||
FixedInVersion: "0:38.1.0-1.el6_6",
|
||||
AffectedVersion: "0:38.1.0-1.el6_6",
|
||||
},
|
||||
{
|
||||
Namespace: database.Namespace{
|
||||
Name: "centos:7",
|
||||
VersionFormat: rpm.ParserName,
|
||||
},
|
||||
FeatureName: "firefox",
|
||||
FixedInVersion: "0:38.1.0-1.el7_1",
|
||||
AffectedVersion: "0:38.1.0-1.el7_1",
|
||||
},
|
||||
}
|
||||
|
||||
for _, expectedFeature := range expectedFeatures {
|
||||
assert.Contains(t, vulnerabilities[0].Affected, expectedFeature)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user