package pgsql import ( "testing" "github.com/coreos/clair/database" cerrors "github.com/coreos/clair/utils/errors" "github.com/coreos/clair/utils/types" "github.com/stretchr/testify/assert" ) func TestFindVulnerability(t *testing.T) { datastore, err := OpenForTest("FindVulnerability", true) if err != nil { t.Error(err) return } defer datastore.Close() // Find a vulnerability that does not exist. _, err = datastore.FindVulnerability("", "") assert.Equal(t, cerrors.ErrNotFound, err) // Find a normal vulnerability. v1 := database.Vulnerability{ Name: "CVE-OPENSSL-1-DEB7", Description: "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0", Link: "http://google.com/#q=CVE-OPENSSL-1-DEB7", Severity: types.High, Namespace: database.Namespace{Name: "debian:7"}, FixedIn: []database.FeatureVersion{ database.FeatureVersion{ Feature: database.Feature{Name: "openssl"}, Version: types.NewVersionUnsafe("2.0"), }, database.FeatureVersion{ Feature: database.Feature{Name: "libssl"}, Version: types.NewVersionUnsafe("1.9-abc"), }, }, } v1f, err := datastore.FindVulnerability("debian:7", "CVE-OPENSSL-1-DEB7") if assert.Nil(t, err) { equalsVuln(t, &v1, &v1f) } // Find a vulnerability that has no link, no severity and no FixedIn. v2 := database.Vulnerability{ Name: "CVE-NOPE", Description: "A vulnerability affecting nothing", Namespace: database.Namespace{Name: "debian:7"}, Severity: types.Unknown, } v2f, err := datastore.FindVulnerability("debian:7", "CVE-NOPE") if assert.Nil(t, err) { equalsVuln(t, &v2, &v2f) } } func TestInsertVulnerability(t *testing.T) { datastore, err := OpenForTest("InsertVulnerability", false) if err != nil { t.Error(err) return } defer datastore.Close() // Create some data. n1 := database.Namespace{Name: "TestInsertVulnerabilityNamespace1"} n2 := database.Namespace{Name: "TestInsertVulnerabilityNamespace2"} f1 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion1", Namespace: n1, }, Version: types.NewVersionUnsafe("1.0"), } f2 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion1", Namespace: n2, }, Version: types.NewVersionUnsafe("1.0"), } f3 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion2", }, Version: types.MaxVersion, } f4 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion2", }, Version: types.NewVersionUnsafe("1.4"), } f5 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion3", }, Version: types.NewVersionUnsafe("1.5"), } f6 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion4", }, Version: types.NewVersionUnsafe("0.1"), } f7 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion5", }, Version: types.MaxVersion, } f8 := database.FeatureVersion{ Feature: database.Feature{ Name: "TestInsertVulnerabilityFeatureVersion5", }, Version: types.MinVersion, } // Insert invalid vulnerabilities. for _, vulnerability := range []database.Vulnerability{ database.Vulnerability{ Name: "", Namespace: n1, FixedIn: []database.FeatureVersion{f1}, Severity: types.Unknown, }, database.Vulnerability{ Name: "TestInsertVulnerability0", Namespace: database.Namespace{}, FixedIn: []database.FeatureVersion{f1}, Severity: types.Unknown, }, database.Vulnerability{ Name: "TestInsertVulnerability0-", Namespace: database.Namespace{}, FixedIn: []database.FeatureVersion{f1}, }, database.Vulnerability{ Name: "TestInsertVulnerability0", Namespace: n1, FixedIn: []database.FeatureVersion{f1}, Severity: types.Priority(""), }, database.Vulnerability{ Name: "TestInsertVulnerability0", Namespace: n1, FixedIn: []database.FeatureVersion{f2}, Severity: types.Unknown, }, } { err := datastore.InsertVulnerabilities([]database.Vulnerability{vulnerability}) assert.Error(t, err) } // Insert a simple vulnerability and find it. v1 := database.Vulnerability{ Name: "TestInsertVulnerability1", Namespace: n1, FixedIn: []database.FeatureVersion{f1, f3, f6, f7}, Severity: types.Low, Description: "TestInsertVulnerabilityDescription1", Link: "TestInsertVulnerabilityLink1", } err = datastore.InsertVulnerabilities([]database.Vulnerability{v1}) if assert.Nil(t, err) { v1f, err := datastore.FindVulnerability(n1.Name, v1.Name) if assert.Nil(t, err) { equalsVuln(t, &v1, &v1f) } } // Update vulnerability. v1.Description = "TestInsertVulnerabilityLink2" v1.Link = "TestInsertVulnerabilityLink2" v1.Severity = types.High // Update f3 in f4, add fixed in f5, add fixed in f6 which already exists, removes fixed in f7 by // adding f8 which is f7 but with MinVersion. v1.FixedIn = []database.FeatureVersion{f4, f5, f6, f8} err = datastore.InsertVulnerabilities([]database.Vulnerability{v1}) if assert.Nil(t, err) { v1f, err := datastore.FindVulnerability(n1.Name, v1.Name) if assert.Nil(t, err) { // We already had f1 before the update. // Add it to the struct for comparison. v1.FixedIn = append(v1.FixedIn, f1) // Removes f8 from the struct for comparison as it was just here to cancel f7. for i := 0; i < len(v1.FixedIn); i++ { if v1.FixedIn[i].Feature.Name == f8.Feature.Name { v1.FixedIn = append(v1.FixedIn[:i], v1.FixedIn[i+1:]...) } } equalsVuln(t, &v1, &v1f) } } } func equalsVuln(t *testing.T, expected, actual *database.Vulnerability) { assert.Equal(t, expected.Name, actual.Name) assert.Equal(t, expected.Namespace.Name, actual.Namespace.Name) assert.Equal(t, expected.Description, actual.Description) assert.Equal(t, expected.Link, actual.Link) assert.Equal(t, expected.Severity, actual.Severity) if assert.Len(t, actual.FixedIn, len(expected.FixedIn)) { for _, actualFeatureVersion := range actual.FixedIn { found := false for _, expectedFeatureVersion := range expected.FixedIn { if expectedFeatureVersion.Feature.Name == actualFeatureVersion.Feature.Name { found = true assert.Equal(t, expected.Namespace.Name, actualFeatureVersion.Feature.Namespace.Name) assert.Equal(t, expectedFeatureVersion.Version, actualFeatureVersion.Version) } } if !found { t.Errorf("unexpected package %s in %s", actualFeatureVersion.Feature.Name, expected.Name) } } } } // TODO Test Affects in Feature_Version and here. // func TestInsertVulnerabilityNotifications(t *testing.T) { // Open(&config.DatabaseConfig{Type: "memstore"}) // defer Close() // // pkg1 := &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.0")} // pkg1b := &Package{OS: "testOS", Name: "testpkg1", Version: types.NewVersionUnsafe("1.2")} // pkg2 := &Package{OS: "testOS", Name: "testpkg2", Version: types.NewVersionUnsafe("1.0")} // InsertPackages([]*Package{pkg1, pkg1b, pkg2}) // // // Newdatabase.VulnerabilityNotification // vuln1 := &database.Vulnerability{ID: "test1", Link: "link1", Priority: types.Medium, Description: "testDescription1", FixedInNodes: []string{pkg1.Node}} // vuln2 := &database.Vulnerability{ID: "test2", Link: "link2", Priority: types.High, Description: "testDescription2", FixedInNodes: []string{pkg1.Node, pkg2.Node}} // vuln1b := &database.Vulnerability{ID: "test1", Priority: types.High, FixedInNodes: []string{"pkg3"}} // notifications, err := InsertVulnerabilities([]*database.Vulnerability{vuln1, vuln2, vuln1b}) // if assert.Nil(t, err) { // // We should only have two Newdatabase.VulnerabilityNotification notifications: one for test1 and one for test2 // // We should not have a database.VulnerabilityPriorityIncreasedNotification or a database.VulnerabilityPackageChangedNotification // // for test1 because it is in the same batch // if assert.Len(t, notifications, 2) { // for _, n := range notifications { // _, ok := n.(*Newdatabase.VulnerabilityNotification) // assert.True(t, ok) // } // } // } // // // database.VulnerabilityPriorityIncreasedNotification // vuln1c := &database.Vulnerability{ID: "test1", Priority: types.Critical} // notifications, err = InsertVulnerabilities([]*database.Vulnerability{vuln1c}) // if assert.Nil(t, err) { // if assert.Len(t, notifications, 1) { // if nn, ok := notifications[0].(*database.VulnerabilityPriorityIncreasedNotification); assert.True(t, ok) { // assert.Equal(t, vuln1b.Priority, nn.OldPriority) // assert.Equal(t, vuln1c.Priority, nn.NewPriority) // } // } // } // // notifications, err = InsertVulnerabilities([]*database.Vulnerability{&database.Vulnerability{ID: "test1", Priority: types.Low}}) // assert.Nil(t, err) // assert.Len(t, notifications, 0) // // // database.VulnerabilityPackageChangedNotification // vuln1e := &database.Vulnerability{ID: "test1", FixedInNodes: []string{pkg1b.Node}} // vuln1f := &database.Vulnerability{ID: "test1", FixedInNodes: []string{pkg2.Node}} // notifications, err = InsertVulnerabilities([]*database.Vulnerability{vuln1e, vuln1f}) // if assert.Nil(t, err) { // if assert.Len(t, notifications, 1) { // if nn, ok := notifications[0].(*database.VulnerabilityPackageChangedNotification); assert.True(t, ok) { // // Here, we say that pkg1b fixes the database.Vulnerability, but as pkg1b is in // // the same branch as pkg1, pkg1 should be removed and pkg1b added // // We also add pkg2 as fixed // assert.Contains(t, nn.AddedFixedInNodes, pkg1b.Node) // assert.Contains(t, nn.RemovedFixedInNodes, pkg1.Node) // // assert.Contains(t, nn.AddedFixedInNodes, pkg2.Node) // } // } // }