gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

test: use a local registry for remote scanning (#7607)

Browse Source 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Teppei Fukuda
2024-09-27 14:32:46 +04:00
committed by GitHub
parent a8fbe46119
commit 9baf658935
3 changed files with 47 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
integration/registry_test.go
View File

@@ -10,7 +10,6 @@ import (
"crypto/x509"
"encoding/json"
"fmt"
"github.com/aquasecurity/trivy/pkg/types"
"io"
"net/http"
"net/url"
@@ -18,6 +17,8 @@ import (
"path/filepath"
"testing"
"github.com/aquasecurity/trivy/pkg/types"
dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat"
"github.com/google/go-containerregistry/pkg/authn"
@@ -152,32 +153,59 @@ func TestRegistry(t *testing.T) {
name string
imageName string
imageFile string
os string
option registryOption
golden string
wantErr string
}{
{
name: "happy path with username/password",
name: "authenticate with username/password",
imageName: "alpine:3.10",
imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
os: "alpine 3.10.2",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/alpine-310-registry.json.golden",
golden: "testdata/alpine-310.json.golden",
},
{
name: "happy path with registry token",
name: "authenticate with registry token",
imageName: "alpine:3.10",
imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
os: "alpine 3.10.2",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
RegistryToken: true,
},
golden: "testdata/alpine-310-registry.json.golden",
golden: "testdata/alpine-310.json.golden",
},
{
name: "amazonlinux 2",
imageName: "amazonlinux:2",
imageFile: "testdata/fixtures/images/amazon-2.tar.gz",
os: "amazon 2 (Karoo)",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/amazon-2.json.golden",
},
{
name: "debian buster",
imageName: "debian:buster",
imageFile: "testdata/fixtures/images/debian-buster.tar.gz",
os: "debian 10.1",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/debian-buster.json.golden",
},
{
name: "sad path",
@@ -187,25 +215,25 @@ func TestRegistry(t *testing.T) {
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
s := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := fmt.Sprintf("%s/%s", registryURL.Host, tt.imageName)
imageRef, err := name.ParseReference(s)
require.NoError(t, err)
// Load a test image from the tar file, tag it and push to the test registry.
err = replicateImage(imageRef, tc.imageFile, auth)
err = replicateImage(imageRef, tt.imageFile, auth)
require.NoError(t, err)
osArgs, err := scan(t, imageRef, baseDir, tc.golden, tc.option)
osArgs, err := scan(t, imageRef, baseDir, tt.option)
// Run Trivy
runTest(t, osArgs, tc.golden, "", types.FormatJSON, runOptions{
wantErr: tc.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, _, got *types.Report) {
got.ArtifactName = tc.imageName
for i := range got.Results {
got.Results[i].Target = fmt.Sprintf("%s (alpine 3.10.2)", tc.imageName)
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
wantErr: tt.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
want.ArtifactName = s
for i := range want.Results {
want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os)
}
}),
})
@@ -213,7 +241,7 @@ func TestRegistry(t *testing.T) {
}
}
func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) ([]string, error) {
func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOption) ([]string, error) {
// Set up testing DB
cacheDir := initDB(t)
@@ -232,6 +260,8 @@ func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt
"image",
"--format",
"json",
"--image-src",
"remote",
"--skip-update",
imageRef.Name(),
}

374
integration/testdata/alpine-310-registry.json.golden vendored
View File

@@ -1,374 +0,0 @@
{
"SchemaVersion": 2,
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"ArtifactName": "alpine:3.10",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "alpine",
"Name": "3.10.2",
"EOSL": true
},
"ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4",
"DiffIDs": [
"sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
],
"RepoTags": [
"alpine:3.10"
],
"RepoDigests": [
"alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
],
"ImageConfig": {
"architecture": "amd64",
"container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6",
"created": "2019-08-20T20:19:55.211423266Z",
"docker_version": "18.06.1-ce",
"history": [
{
"created": "2019-08-20T20:19:55.062606894Z",
"created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / "
},
{
"created": "2019-08-20T20:19:55.211423266Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
]
},
"config": {
"Cmd": [
"/bin/sh"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5",
"ArgsEscaped": true
}
}
},
"Results": [
{
"Target": "alpine:3.10 (alpine 3.10.2)",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "libcrypto1.1@1.1.1c-r0",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549",
"DataSource": {
"ID": "alpine",
"Name": "Alpine Secdb",
"URL": "https://secdb.alpinelinux.org/"
},
"Title": "openssl: information disclosure in fork()",
"Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V2Score": 5,
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1549",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
"https://linux.oracle.com/cve/CVE-2019-1549.html",
"https://linux.oracle.com/errata/ELSA-2020-1840.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
"https://seclists.org/bugtraq/2019/Oct/1",
"https://security.netapp.com/advisory/ntap-20190919-0002/",
"https://support.f5.com/csp/article/K44070243",
"https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://ubuntu.com/security/notices/USN-4376-1",
"https://usn.ubuntu.com/4376-1/",
"https://www.debian.org/security/2019/dsa-4539",
"https://www.openssl.org/news/secadv/20190910.txt",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"PublishedDate": "2019-09-10T17:15:00Z",
"LastModifiedDate": "2020-10-20T22:15:00Z"
},
{
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "libcrypto1.1@1.1.1c-r0",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
"DataSource": {
"ID": "alpine",
"Name": "Alpine Secdb",
"URL": "https://secdb.alpinelinux.org/"
},
"Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
"Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V2Score": 5,
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
"http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
"https://access.redhat.com/security/cve/CVE-2019-1551",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98",
"https://github.com/openssl/openssl/pull/10575",
"https://linux.oracle.com/cve/CVE-2019-1551.html",
"https://linux.oracle.com/errata/ELSA-2020-4514.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/",
"https://seclists.org/bugtraq/2019/Dec/39",
"https://seclists.org/bugtraq/2019/Dec/46",
"https://security.gentoo.org/glsa/202004-10",
"https://security.netapp.com/advisory/ntap-20191210-0001/",
"https://ubuntu.com/security/notices/USN-4376-1",
"https://ubuntu.com/security/notices/USN-4504-1",
"https://usn.ubuntu.com/4376-1/",
"https://usn.ubuntu.com/4504-1/",
"https://www.debian.org/security/2019/dsa-4594",
"https://www.debian.org/security/2021/dsa-4855",
"https://www.openssl.org/news/secadv/20191206.txt",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.tenable.com/security/tns-2019-09",
"https://www.tenable.com/security/tns-2020-03",
"https://www.tenable.com/security/tns-2020-11",
"https://www.tenable.com/security/tns-2021-10"
],
"PublishedDate": "2019-12-06T18:15:00Z",
"LastModifiedDate": "2021-07-21T11:39:00Z"
},
{
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "libssl1.1@1.1.1c-r0",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/libssl1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549",
"DataSource": {
"ID": "alpine",
"Name": "Alpine Secdb",
"URL": "https://secdb.alpinelinux.org/"
},
"Title": "openssl: information disclosure in fork()",
"Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-330"
],
"VendorSeverity": {
"amazon": 2,
"nvd": 2,
"oracle-oval": 2,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V2Score": 5,
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2019-1549",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
"https://linux.oracle.com/cve/CVE-2019-1549.html",
"https://linux.oracle.com/errata/ELSA-2020-1840.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
"https://seclists.org/bugtraq/2019/Oct/1",
"https://security.netapp.com/advisory/ntap-20190919-0002/",
"https://support.f5.com/csp/article/K44070243",
"https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://ubuntu.com/security/notices/USN-4376-1",
"https://usn.ubuntu.com/4376-1/",
"https://www.debian.org/security/2019/dsa-4539",
"https://www.openssl.org/news/secadv/20190910.txt",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"PublishedDate": "2019-09-10T17:15:00Z",
"LastModifiedDate": "2020-10-20T22:15:00Z"
},
{
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "libssl1.1@1.1.1c-r0",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/libssl1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
"DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
"DataSource": {
"ID": "alpine",
"Name": "Alpine Secdb",
"URL": "https://secdb.alpinelinux.org/"
},
"Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
"Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-200"
],
"VendorSeverity": {
"amazon": 1,
"nvd": 2,
"oracle-oval": 1,
"photon": 2,
"redhat": 1,
"ubuntu": 1
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"V2Score": 5,
"V3Score": 5.3
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"V3Score": 4.8
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
"http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
"https://access.redhat.com/security/cve/CVE-2019-1551",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98",
"https://github.com/openssl/openssl/pull/10575",
"https://linux.oracle.com/cve/CVE-2019-1551.html",
"https://linux.oracle.com/errata/ELSA-2020-4514.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/",
"https://seclists.org/bugtraq/2019/Dec/39",
"https://seclists.org/bugtraq/2019/Dec/46",
"https://security.gentoo.org/glsa/202004-10",
"https://security.netapp.com/advisory/ntap-20191210-0001/",
"https://ubuntu.com/security/notices/USN-4376-1",
"https://ubuntu.com/security/notices/USN-4504-1",
"https://usn.ubuntu.com/4376-1/",
"https://usn.ubuntu.com/4504-1/",
"https://www.debian.org/security/2019/dsa-4594",
"https://www.debian.org/security/2021/dsa-4855",
"https://www.openssl.org/news/secadv/20191206.txt",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.tenable.com/security/tns-2019-09",
"https://www.tenable.com/security/tns-2020-03",
"https://www.tenable.com/security/tns-2020-11",
"https://www.tenable.com/security/tns-2021-10"
],
"PublishedDate": "2019-12-06T18:15:00Z",
"LastModifiedDate": "2021-07-21T11:39:00Z"
}
]
}
]
}

48
pkg/fanal/test/integration/library_test.go
View File

@@ -139,54 +139,6 @@ var tests = []testCase{
},
}
func TestFanal_Library_DockerLessMode(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
ctx := context.Background()
d := t.TempDir()
c, err := cache.NewFSCache(d)
require.NoError(t, err, tt.name)
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
require.NoError(t, err)
// remove existing Image if any
_, _ = cli.ImageRemove(ctx, tt.remoteImageName, dimage.RemoveOptions{
Force: true,
PruneChildren: true,
})
// Enable only registry scanning
img, cleanup, err := image.NewContainerImage(ctx, tt.remoteImageName, types.ImageOptions{
ImageSources: types.ImageSources{types.RemoteImageSource},
})
require.NoError(t, err)
defer cleanup()
// don't scan licenses in the test - in parallel it will fail
ar, err := aimage.NewArtifact(img, c, artifact.Option{
DisabledAnalyzers: []analyzer.Type{
analyzer.TypeExecutable,
analyzer.TypeLicenseFile,
},
})
require.NoError(t, err)
applier := applier.NewApplier(c)
// run tests twice, one without cache and with cache
for i := 1; i <= 2; i++ {
runChecks(t, ctx, ar, applier, tt)
}
// clear Cache
require.NoError(t, c.Clear())
})
}
}
func TestFanal_Library_DockerMode(t *testing.T) {
// Disable updating golden files because local images don't have compressed layer digests,
// and updating golden files in this function results in incomplete files.