test: replace mock with memory cache in scanner tests (#8413)

2025-12-05 20:40:16 -08:00 · 2025-02-18 13:50:54 +09:00
parent 24d0e2bf2d
commit 5ed6fc67f5
4 changed files with 186 additions and 305 deletions
--- a/pkg/fanal/artifact/mock_artifact.go
+++ b/pkg/fanal/artifact/mock_artifact.go
@@ -1,74 +0,0 @@
-// Code generated by mockery v2.52.2. DO NOT EDIT.
-
-package artifact
-
-import (
-	context "context"
-
-	mock "github.com/stretchr/testify/mock"
-)
-
-// MockArtifact is an autogenerated mock type for the Artifact type
-type MockArtifact struct {
-	mock.Mock
-}
-
-// Clean provides a mock function with given fields: reference
-func (_m *MockArtifact) Clean(reference Reference) error {
-	ret := _m.Called(reference)
-
-	if len(ret) == 0 {
-		panic("no return value specified for Clean")
-	}
-
-	var r0 error
-	if rf, ok := ret.Get(0).(func(Reference) error); ok {
-		r0 = rf(reference)
-	} else {
-		r0 = ret.Error(0)
-	}
-
-	return r0
-}
-
-// Inspect provides a mock function with given fields: ctx
-func (_m *MockArtifact) Inspect(ctx context.Context) (Reference, error) {
-	ret := _m.Called(ctx)
-
-	if len(ret) == 0 {
-		panic("no return value specified for Inspect")
-	}
-
-	var r0 Reference
-	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context) (Reference, error)); ok {
-		return rf(ctx)
-	}
-	if rf, ok := ret.Get(0).(func(context.Context) Reference); ok {
-		r0 = rf(ctx)
-	} else {
-		r0 = ret.Get(0).(Reference)
-	}
-
-	if rf, ok := ret.Get(1).(func(context.Context) error); ok {
-		r1 = rf(ctx)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// NewMockArtifact creates a new instance of MockArtifact. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
-// The first argument is typically a *testing.T value.
-func NewMockArtifact(t interface {
-	mock.TestingT
-	Cleanup(func())
-}) *MockArtifact {
-	mock := &MockArtifact{}
-	mock.Mock.Test(t)
-
-	t.Cleanup(func() { mock.AssertExpectations(t) })
-
-	return mock
-}
--- a/pkg/fanal/artifact/mock_artifact_types.go
+++ b/pkg/fanal/artifact/mock_artifact_types.go
@@ -1,68 +0,0 @@
-package artifact
-
-import (
-	"context"
-
-	"github.com/stretchr/testify/mock"
-)
-
-type ArtifactCleanArgs struct {
-	Reference         Reference
-	ReferenceAnything bool
-}
-
-type ArtifactCleanReturns struct {
-	_a0 error
-}
-
-type ArtifactCleanExpectation struct {
-	Args    ArtifactCleanArgs
-	Returns ArtifactCleanReturns
-}
-
-func (_m *MockArtifact) ApplyCleanExpectation(e ArtifactCleanExpectation) {
-	var args []any
-	if e.Args.ReferenceAnything {
-		args = append(args, mock.Anything)
-	} else {
-		args = append(args, e.Args.Reference)
-	}
-	_m.On("Clean", args...).Return(e.Returns._a0).Maybe()
-}
-
-func (_m *MockArtifact) ApplyCleanExpectations(expectations []ArtifactCleanExpectation) {
-	for _, e := range expectations {
-		_m.ApplyCleanExpectation(e)
-	}
-}
-
-type ArtifactInspectArgs struct {
-	Ctx         context.Context
-	CtxAnything bool
-}
-
-type ArtifactInspectReturns struct {
-	Reference Reference
-	Err       error
-}
-
-type ArtifactInspectExpectation struct {
-	Args    ArtifactInspectArgs
-	Returns ArtifactInspectReturns
-}
-
-func (_m *MockArtifact) ApplyInspectExpectation(e ArtifactInspectExpectation) {
-	var args []any
-	if e.Args.CtxAnything {
-		args = append(args, mock.Anything)
-	} else {
-		args = append(args, e.Args.Ctx)
-	}
-	_m.On("Inspect", args...).Return(e.Returns.Reference, e.Returns.Err).Maybe()
-}
-
-func (_m *MockArtifact) ApplyInspectExpectations(expectations []ArtifactInspectExpectation) {
-	for _, e := range expectations {
-		_m.ApplyInspectExpectation(e)
-	}
-}
--- a/pkg/scanner/local/testdata/fixtures/sad.yaml
+++ b/pkg/scanner/local/testdata/fixtures/sad.yaml
@@ -1,3 +1,11 @@
+- bucket: alpine 3.11
+  pairs:
+    - bucket: musl
+      pairs:
+        - key: CVE-2020-9999
+          value:
+            FixedVersion:
+              - "invalid"
 - bucket: "rubygems::uby-advisory-db"
  pairs:
    - bucket: rails
--- a/pkg/scanner/scan_test.go
+++ b/pkg/scanner/scan_test.go
@@ -2,219 +2,234 @@ package scanner

 import (
 	"context"
-	"errors"
 	"testing"
 	"time"

+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/package-url/packageurl-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

+	"github.com/aquasecurity/trivy-db/pkg/db"
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/internal/dbtest"
+	"github.com/aquasecurity/trivy/pkg/cache"
 	"github.com/aquasecurity/trivy/pkg/clock"
+	"github.com/aquasecurity/trivy/pkg/fanal/applier"
 	"github.com/aquasecurity/trivy/pkg/fanal/artifact"
+	image2 "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
+	"github.com/aquasecurity/trivy/pkg/fanal/image"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
-	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/scanner/langpkg"
+	"github.com/aquasecurity/trivy/pkg/scanner/local"
+	"github.com/aquasecurity/trivy/pkg/scanner/ospkg"
+	tTypes "github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/vulnerability"
 )

 func TestScanner_ScanArtifact(t *testing.T) {
 	type args struct {
-		options types.ScanOptions
+		options tTypes.ScanOptions
 	}
 	tests := []struct {
-		name               string
-		args               args
-		inspectExpectation artifact.ArtifactInspectExpectation
-		scanExpectation    DriverScanExpectation
-		want               types.Report
-		wantErr            string
+		name      string
+		args      args
+		imagePath string
+		fixtures  []string
+		want      tTypes.Report
+		wantErr   string
 	}{
 		{
 			name: "happy path",
 			args: args{
-				options: types.ScanOptions{PkgTypes: []string{"os"}},
-			},
-			inspectExpectation: artifact.ArtifactInspectExpectation{
-				Args: artifact.ArtifactInspectArgs{
-					CtxAnything: true,
-				},
-				Returns: artifact.ArtifactInspectReturns{
-					Reference: artifact.Reference{
-						Name:    "alpine:3.11",
-						Type:    artifact.TypeContainerImage,
-						ID:      "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
-						BlobIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
-						ImageMetadata: artifact.ImageMetadata{
-							ID:          "sha256:e389ae58922402a7ded319e79f06ac428d05698d8e61ecbe88d2cf850e42651d",
-							DiffIDs:     []string{"sha256:9a5d14f9f5503e55088666beef7e85a8d9625d4fa7418e2fe269e9c54bcb853c"},
-							RepoTags:    []string{"alpine:3.11"},
-							RepoDigests: []string{"alpine@sha256:0bd0e9e03a022c3b0226667621da84fc9bf562a9056130424b5bfbd8bcb0397f"},
-						},
-					},
+				options: tTypes.ScanOptions{
+					PkgTypes:         []string{"os"},
+					Scanners:         tTypes.Scanners{tTypes.VulnerabilityScanner},
+					PkgRelationships: ftypes.Relationships,
 				},
 			},
-			scanExpectation: DriverScanExpectation{
-				Args: DriverScanArgs{
-					CtxAnything: true,
-					Target:      "alpine:3.11",
-					ImageID:     "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
-					LayerIDs:    []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
-					Options:     types.ScanOptions{PkgTypes: []string{"os"}},
-				},
-				Returns: DriverScanReturns{
-					Results: types.Results{
-						{
-							Target: "alpine:3.11",
-							Vulnerabilities: []types.DetectedVulnerability{
-								{
-									VulnerabilityID:  "CVE-2019-9999",
-									PkgName:          "vim",
-									InstalledVersion: "1.2.3",
-									FixedVersion:     "1.2.4",
-									Layer: ftypes.Layer{
-										Digest: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
-										DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
-									},
-								},
-							},
-						},
-						{
-							Target: "node-app/package-lock.json",
-							Vulnerabilities: []types.DetectedVulnerability{
-								{
-									VulnerabilityID:  "CVE-2019-11358",
-									PkgName:          "jquery",
-									InstalledVersion: "3.3.9",
-									FixedVersion:     ">=3.4.0",
-								},
-							},
-							Type: "npm",
-						},
-					},
-					OsFound: ftypes.OS{
-						Family: "alpine",
-						Name:   "3.10",
-						Eosl:   true,
-					},
-				},
-			},
-			want: types.Report{
+			imagePath: "../fanal/test/testdata/alpine-311.tar.gz",
+			fixtures:  []string{"local/testdata/fixtures/happy.yaml"},
+			want: tTypes.Report{
 				SchemaVersion: 2,
 				CreatedAt:     time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC),
-				ArtifactName:  "alpine:3.11",
+				ArtifactName:  "../fanal/test/testdata/alpine-311.tar.gz",
 				ArtifactType:  artifact.TypeContainerImage,
-				Metadata: types.Metadata{
+				Metadata: tTypes.Metadata{
 					OS: &ftypes.OS{
-						Family: "alpine",
-						Name:   "3.10",
-						Eosl:   true,
+						Family:   "alpine",
+						Name:     "3.11.5",
+						Eosl:     false,
+						Extended: false,
 					},
-					ImageID:     "sha256:e389ae58922402a7ded319e79f06ac428d05698d8e61ecbe88d2cf850e42651d",
-					DiffIDs:     []string{"sha256:9a5d14f9f5503e55088666beef7e85a8d9625d4fa7418e2fe269e9c54bcb853c"},
-					RepoTags:    []string{"alpine:3.11"},
-					RepoDigests: []string{"alpine@sha256:0bd0e9e03a022c3b0226667621da84fc9bf562a9056130424b5bfbd8bcb0397f"},
-				},
-				Results: types.Results{
-					{
-						Target: "alpine:3.11",
-						Vulnerabilities: []types.DetectedVulnerability{
+					ImageID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72",
+					DiffIDs: []string{
+						"sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
+					},
+					ImageConfig: v1.ConfigFile{
+						Architecture:  "amd64",
+						Container:     "fb71ddde5f6411a82eb056a9190f0cc1c80d7f77a8509ee90a2054428edb0024",
+						Created:       v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)},
+						DockerVersion: "18.09.7",
+						History: []v1.History{
 							{
-								VulnerabilityID:  "CVE-2019-9999",
-								PkgName:          "vim",
-								InstalledVersion: "1.2.3",
+								Created:    v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 27725872, time.UTC)},
+								CreatedBy:  "/bin/sh -c #(nop) ADD file:0c4555f363c2672e350001f1293e689875a3760afe7b3f9146886afe67121cba in / ",
+								EmptyLayer: false,
+							},
+							{
+								Created:    v1.Time{Time: time.Date(2020, 3, 23, 21, 19, 34, 196162891, time.UTC)},
+								CreatedBy:  "/bin/sh -c #(nop)  CMD [\"/bin/sh\"]",
+								EmptyLayer: true,
+							},
+						},
+						OS: "linux",
+						RootFS: v1.RootFS{
+							Type: "layers",
+							DiffIDs: []v1.Hash{
+								{
+									Algorithm: "sha256",
+									Hex:       "beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
+								},
+							},
+						},
+						Config: v1.Config{
+							Cmd:         []string{"/bin/sh"},
+							Env:         []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
+							Image:       "sha256:74df73bb19fbfc7fb5ab9a8234b3d98ee2fb92df5b824496679802685205ab8c",
+							ArgsEscaped: true,
+						},
+					},
+				},
+				Results: tTypes.Results{
+					{
+						Target: "../fanal/test/testdata/alpine-311.tar.gz (alpine 3.11.5)",
+						Class:  tTypes.ClassOSPkg,
+						Type:   "alpine",
+						Vulnerabilities: []tTypes.DetectedVulnerability{
+							{
+								VulnerabilityID:  "CVE-2020-9999",
+								PkgName:          "musl",
+								PkgID:            "musl@1.1.24-r2",
+								InstalledVersion: "1.1.24-r2",
 								FixedVersion:     "1.2.4",
+								Status:           dbTypes.StatusFixed,
 								Layer: ftypes.Layer{
-									Digest: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
-									DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
+									DiffID: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
+								},
+								PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-9999",
+								PkgIdentifier: ftypes.PkgIdentifier{
+									UID: "7503855b66ad3a67",
+									PURL: &packageurl.PackageURL{
+										Type:      "apk",
+										Namespace: "alpine",
+										Name:      "musl",
+										Version:   "1.1.24-r2",
+										Qualifiers: packageurl.Qualifiers{
+											{
+												Key:   "arch",
+												Value: "x86_64",
+											},
+											{
+												Key:   "distro",
+												Value: "3.11.5",
+											},
+										},
+									},
+								},
+								Vulnerability: dbTypes.Vulnerability{
+									Title:       "dos",
+									Description: "dos vulnerability",
+									Severity:    "HIGH",
+								},
+							},
+							{
+								VulnerabilityID:  "CVE-2020-9999",
+								PkgName:          "musl-utils",
+								PkgID:            "musl-utils@1.1.24-r2",
+								InstalledVersion: "1.1.24-r2",
+								FixedVersion:     "1.2.4",
+								Status:           dbTypes.StatusFixed,
+								Layer: ftypes.Layer{
+									DiffID: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
+								},
+								PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-9999",
+								PkgIdentifier: ftypes.PkgIdentifier{
+									UID: "69fdae5fbcfe9992",
+									PURL: &packageurl.PackageURL{
+										Type:      "apk",
+										Namespace: "alpine",
+										Name:      "musl-utils",
+										Version:   "1.1.24-r2",
+										Qualifiers: packageurl.Qualifiers{
+											{
+												Key:   "arch",
+												Value: "x86_64",
+											},
+											{
+												Key:   "distro",
+												Value: "3.11.5",
+											},
+										},
+									},
+								},
+								Vulnerability: dbTypes.Vulnerability{
+									Title:       "dos",
+									Description: "dos vulnerability",
+									Severity:    "HIGH",
 								},
 							},
 						},
 					},
-					{
-						Target: "node-app/package-lock.json",
-						Vulnerabilities: []types.DetectedVulnerability{
-							{
-								VulnerabilityID:  "CVE-2019-11358",
-								PkgName:          "jquery",
-								InstalledVersion: "3.3.9",
-								FixedVersion:     ">=3.4.0",
-							},
-						},
-						Type: "npm",
-					},
 				},
 			},
 		},
 		{
-			name: "sad path: AnalyzerAnalyze returns an error",
+			name: "sad path: broken database",
 			args: args{
-				options: types.ScanOptions{PkgTypes: []string{"os"}},
-			},
-			inspectExpectation: artifact.ArtifactInspectExpectation{
-				Args: artifact.ArtifactInspectArgs{
-					CtxAnything: true,
-				},
-				Returns: artifact.ArtifactInspectReturns{
-					Err: errors.New("error"),
+				options: tTypes.ScanOptions{
+					PkgTypes:         []string{"os"},
+					Scanners:         tTypes.Scanners{tTypes.VulnerabilityScanner},
+					PkgRelationships: ftypes.Relationships,
 				},
 			},
-			wantErr: "failed analysis",
-		},
-		{
-			name: "sad path: Scan returns an error",
-			args: args{
-				options: types.ScanOptions{PkgTypes: []string{"os"}},
-			},
-			inspectExpectation: artifact.ArtifactInspectExpectation{
-				Args: artifact.ArtifactInspectArgs{
-					CtxAnything: true,
-				},
-				Returns: artifact.ArtifactInspectReturns{
-					Reference: artifact.Reference{
-						Name:    "alpine:3.11",
-						ID:      "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
-						BlobIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
-					},
-				},
-			},
-			scanExpectation: DriverScanExpectation{
-				Args: DriverScanArgs{
-					CtxAnything: true,
-					Target:      "alpine:3.11",
-					ImageID:     "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
-					LayerIDs:    []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
-					Options:     types.ScanOptions{PkgTypes: []string{"os"}},
-				},
-				Returns: DriverScanReturns{
-					Err: errors.New("error"),
-				},
-			},
-			wantErr: "scan failed",
+			imagePath: "../fanal/test/testdata/alpine-311.tar.gz",
+			fixtures:  []string{"local/testdata/fixtures/sad.yaml"},
+			wantErr:   "failed to detect vulnerabilities",
 		},
 	}
+
 	for _, tt := range tests {
-		ctx := clock.With(context.Background(), time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 		t.Run(tt.name, func(t *testing.T) {
-			d := NewMockDriver(t)
-			d.ApplyScanExpectation(tt.scanExpectation)
+			// Initialize DB
+			_ = dbtest.InitDB(t, tt.fixtures)
+			defer db.Close()

-			mockArtifact := artifact.NewMockArtifact(t)
-			mockArtifact.ApplyInspectExpectation(tt.inspectExpectation)
-			mockArtifact.ApplyCleanExpectation(artifact.ArtifactCleanExpectation{
-				Args: artifact.ArtifactCleanArgs{
-					ReferenceAnything: true,
-				},
-			})
+			// Load test image
+			img, err := image.NewArchiveImage(tt.imagePath)
+			require.NoError(t, err)

-			s := NewScanner(d, mockArtifact)
+			// Create artifact
+			c := cache.NewMemoryCache()
+			artifact, err := image2.NewArtifact(img, c, artifact.Option{})
+			require.NoError(t, err)
+
+			// Create scanner
+			applier := applier.NewApplier(c)
+			scanner := local.NewScanner(applier, ospkg.NewScanner(), langpkg.NewScanner(), vulnerability.NewClient(db.Config{}))
+			s := NewScanner(scanner, artifact)
+
+			ctx := clock.With(context.Background(), time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC))
 			got, err := s.ScanArtifact(ctx, tt.args.options)
 			if tt.wantErr != "" {
-				require.Error(t, err, tt.name)
-				require.Contains(t, err.Error(), tt.wantErr, tt.name)
+				require.ErrorContains(t, err, tt.wantErr)
 				return
-			} else {
-				require.NoError(t, err, tt.name)
 			}
-
-			assert.Equal(t, tt.want, got, tt.name)
+			require.NoError(t, err)
+			for i := range got.Results {
+				got.Results[i].Packages = nil
+			}
+			assert.Equal(t, tt.want, got)
 		})
 	}
 }