gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
aca31dffb36328d17f6d3a3bd1184cfcd36ffc07
trivy/pkg/detector/ospkg/amazon/amazon_test.go
Teppei Fukuda aca31dffb3 detector: Add LayerID to detect vulns (#419) 
* detector/alpine: Add LayerID to detect vulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Add LayerID to DetectedVulns

Signed-off-by: Simarpreet Singh <simar@linux.com>

* debian: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* oracle: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* photon: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* redhat: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* suse: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* ubuntu: Add LayerID to DetectVulns + tests

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Fix integration tests to include LayerID

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fix(rpc): add layer_id

* fix(rpc): insert layer_id to the struct

* fix(extractor): add cleanup function

* fix(library): add layer ID to detected vulnerabilities

* test: update mocks

* chore(mod): point to the feature branch of fanal

* mod: Point to fanal/master

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Include LayerID as part of the assertion

Signed-off-by: Simarpreet Singh <simar@linux.com>

* docker_engine_test.go: Update an error message to conform with fanal/master.

Signed-off-by: Simarpreet Singh <simar@linux.com>

Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
2020-03-04 19:55:16 +02:00

171 lines
4.3 KiB
Go
Raw Blame History

package amazon
import (
"errors"
"testing"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"go.uber.org/zap/zaptest/observer"
ftypes "github.com/aquasecurity/fanal/types"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)
type MockAmazonConfig struct {
update func(string) error
get func(string, string) ([]dbTypes.Advisory, error)
}
func (mac MockAmazonConfig) Update(a string) error {
if mac.update != nil {
return mac.update(a)
}
return nil
}
func (mac MockAmazonConfig) Get(a string, b string) ([]dbTypes.Advisory, error) {
if mac.get != nil {
return mac.get(a, b)
}
return []dbTypes.Advisory{}, nil
}
func TestScanner_Detect(t *testing.T) {
t.Run("happy path", func(t *testing.T) {
zc, recorder := observer.New(zapcore.DebugLevel)
log.Logger = zap.New(zc).Sugar()
s := &Scanner{
l: log.Logger,
ac: MockAmazonConfig{
get: func(s string, s2 string) (advisories []dbTypes.Advisory, e error) {
return []dbTypes.Advisory{
{
VulnerabilityID: "123",
FixedVersion: "3.0.0",
},
}, nil
},
},
}
vuls, err := s.Detect("3.1.0", []ftypes.Package{
{
Name: "testpkg",
Version: "2.1.0",
Release: "hotfix",
SrcRelease: "test-hotfix",
SrcVersion: "2.1.0",
LayerID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
{
Name: "foopkg",
},
})
assert.NoError(t, err)
assert.Equal(t, []types.DetectedVulnerability{
{
VulnerabilityID: "123",
PkgName: "testpkg",
InstalledVersion: "2.1.0-hotfix",
FixedVersion: "3.0.0",
LayerID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
}, vuls)
loggedMessages := getAllLoggedLogs(recorder)
assert.Contains(t, loggedMessages, "amazon: os version: 1")
assert.Contains(t, loggedMessages, "amazon: the number of packages: 2")
})
t.Run("get vulnerabilities fails to fetch", func(t *testing.T) {
_ = log.InitLogger(true, false)
s := &Scanner{
l: log.Logger,
ac: MockAmazonConfig{
get: func(s string, s2 string) (advisories []dbTypes.Advisory, e error) {
return nil, errors.New("failed to fetch advisories")
},
},
}
vuls, err := s.Detect("foo", []ftypes.Package{
{
Name: "testpkg",
},
})
assert.Equal(t, "failed to get amazon advisories: failed to fetch advisories", err.Error())
assert.Empty(t, vuls)
})
t.Run("invalid installed package version", func(t *testing.T) {
zc, recorder := observer.New(zapcore.DebugLevel)
log.Logger = zap.New(zc).Sugar()
s := &Scanner{
l: log.Logger,
ac: MockAmazonConfig{
get: func(s string, s2 string) (advisories []dbTypes.Advisory, e error) {
return []dbTypes.Advisory{
{
VulnerabilityID: "123",
FixedVersion: "3.0.0",
},
}, nil
},
},
}
vuls, err := s.Detect("3.1.0", []ftypes.Package{
{
Name: "testpkg",
Version: "badsourceversion",
},
})
assert.NoError(t, err)
assert.Equal(t, []types.DetectedVulnerability(nil), vuls)
loggedMessages := getAllLoggedLogs(recorder)
assert.Contains(t, loggedMessages, "failed to parse Amazon Linux installed package version: upstream_version must start with digit")
})
t.Run("invalid fixed package version", func(t *testing.T) {
zc, recorder := observer.New(zapcore.DebugLevel)
log.Logger = zap.New(zc).Sugar()
s := &Scanner{
l: log.Logger,
ac: MockAmazonConfig{
get: func(s string, s2 string) (advisories []dbTypes.Advisory, e error) {
return []dbTypes.Advisory{
{
VulnerabilityID: "123",
FixedVersion: "thisisbadversioning",
},
}, nil
},
},
}
vuls, err := s.Detect("3.1.0", []ftypes.Package{
{
Name: "testpkg",
Version: "3.1.0",
},
})
assert.NoError(t, err)
assert.Equal(t, []types.DetectedVulnerability(nil), vuls)
loggedMessages := getAllLoggedLogs(recorder)
assert.Contains(t, loggedMessages, "failed to parse Amazon Linux package version: upstream_version must start with digit")
})
}
func getAllLoggedLogs(recorder *observer.ObservedLogs) []string {
allLogs := recorder.AllUntimed()
var loggedMessages []string
for _, l := range allLogs {
loggedMessages = append(loggedMessages, l.Message)
}
return loggedMessages
}
Reference in New Issue View Git Blame Copy Permalink