mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
test(server): replace mock driver with memory cache in server tests (#8416)
This commit is contained in:
Teppei Fukuda
@@ -2,7 +2,6 @@ package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -11,14 +10,17 @@ import (
|
||||
"google.golang.org/protobuf/types/known/emptypb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
|
||||
"github.com/aquasecurity/trivy-db/pkg/utils"
|
||||
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy/internal/cachetest"
|
||||
"github.com/aquasecurity/trivy/internal/dbtest"
|
||||
"github.com/aquasecurity/trivy/pkg/cache"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/applier"
|
||||
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/scanner"
|
||||
"github.com/aquasecurity/trivy/pkg/scanner/langpkg"
|
||||
"github.com/aquasecurity/trivy/pkg/scanner/local"
|
||||
"github.com/aquasecurity/trivy/pkg/scanner/ospkg"
|
||||
"github.com/aquasecurity/trivy/pkg/types"
|
||||
"github.com/aquasecurity/trivy/pkg/vulnerability"
|
||||
rpcCache "github.com/aquasecurity/trivy/rpc/cache"
|
||||
"github.com/aquasecurity/trivy/rpc/common"
|
||||
rpcScanner "github.com/aquasecurity/trivy/rpc/scanner"
|
||||
@@ -29,11 +31,12 @@ func TestScanServer_Scan(t *testing.T) {
|
||||
in *rpcScanner.ScanRequest
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
scanExpectation scanner.DriverScanExpectation
|
||||
want *rpcScanner.ScanResponse
|
||||
wantErr string
|
||||
name string
|
||||
args args
|
||||
fixtures []string
|
||||
setUpCache func(t *testing.T) cache.Cache
|
||||
want *rpcScanner.ScanResponse
|
||||
wantErr string
|
||||
}{
|
||||
{
|
||||
name: "happy path",
|
||||
@@ -41,138 +44,167 @@ func TestScanServer_Scan(t *testing.T) {
|
||||
in: &rpcScanner.ScanRequest{
|
||||
Target: "alpine:3.11",
|
||||
ArtifactId: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
|
||||
BlobIds: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
|
||||
Options: &rpcScanner.ScanOptions{},
|
||||
BlobIds: []string{"sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203"},
|
||||
Options: &rpcScanner.ScanOptions{
|
||||
PkgTypes: []string{types.PkgTypeOS},
|
||||
Scanners: []string{string(types.VulnerabilityScanner)},
|
||||
PkgRelationships: []string{ftypes.RelationshipUnknown.String()},
|
||||
},
|
||||
},
|
||||
},
|
||||
scanExpectation: scanner.DriverScanExpectation{
|
||||
Args: scanner.DriverScanArgs{
|
||||
CtxAnything: true,
|
||||
Target: "alpine:3.11",
|
||||
ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
|
||||
LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
|
||||
OptionsAnything: true,
|
||||
},
|
||||
Returns: scanner.DriverScanReturns{
|
||||
Results: types.Results{
|
||||
fixtures: []string{"../..//scanner/local/testdata/fixtures/happy.yaml"},
|
||||
setUpCache: func(t *testing.T) cache.Cache {
|
||||
c := cache.NewMemoryCache()
|
||||
require.NoError(t, c.PutArtifact("sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", ftypes.ArtifactInfo{
|
||||
SchemaVersion: 1,
|
||||
}))
|
||||
|
||||
require.NoError(t, c.PutBlob("sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203", ftypes.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
DiffID: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
OS: ftypes.OS{
|
||||
Family: "alpine",
|
||||
Name: "3.11.5",
|
||||
},
|
||||
PackageInfos: []ftypes.PackageInfo{
|
||||
{
|
||||
Target: "alpine:3.11 (alpine 3.11)",
|
||||
Vulnerabilities: []types.DetectedVulnerability{
|
||||
FilePath: "lib/apk/db/installed",
|
||||
Packages: ftypes.Packages{
|
||||
{
|
||||
VulnerabilityID: "CVE-2019-0001",
|
||||
PkgName: "musl",
|
||||
InstalledVersion: "1.2.3",
|
||||
FixedVersion: "1.2.4",
|
||||
SeveritySource: "nvd",
|
||||
Vulnerability: dbTypes.Vulnerability{
|
||||
Title: "dos",
|
||||
Description: "dos vulnerability",
|
||||
Severity: "MEDIUM",
|
||||
VendorSeverity: map[dbTypes.SourceID]dbTypes.Severity{
|
||||
vulnerability.NVD: dbTypes.SeverityMedium,
|
||||
},
|
||||
References: []string{"http://example.com"},
|
||||
LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
|
||||
PublishedDate: utils.MustTimeParse("2001-01-01T01:01:00Z"),
|
||||
},
|
||||
PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0001",
|
||||
DataSource: &dbTypes.DataSource{
|
||||
Name: "DOS vulnerabilities",
|
||||
URL: "https://vuld-db-example.com/",
|
||||
},
|
||||
Name: "musl",
|
||||
Version: "1.1.24-r2",
|
||||
SrcName: "musl",
|
||||
SrcVersion: "1.1.24-r2",
|
||||
},
|
||||
},
|
||||
Type: "alpine",
|
||||
},
|
||||
},
|
||||
OsFound: ftypes.OS{
|
||||
Family: "alpine",
|
||||
Name: "3.11",
|
||||
Eosl: true,
|
||||
},
|
||||
},
|
||||
}))
|
||||
|
||||
return c
|
||||
},
|
||||
want: &rpcScanner.ScanResponse{
|
||||
Os: &common.OS{
|
||||
Family: "alpine",
|
||||
Name: "3.11",
|
||||
Name: "3.11.5",
|
||||
Eosl: true,
|
||||
},
|
||||
Results: []*rpcScanner.Result{
|
||||
{
|
||||
Target: "alpine:3.11 (alpine 3.11)",
|
||||
Target: "alpine:3.11 (alpine 3.11.5)",
|
||||
Vulnerabilities: []*common.Vulnerability{
|
||||
{
|
||||
VulnerabilityId: "CVE-2019-0001",
|
||||
VulnerabilityId: "CVE-2020-9999",
|
||||
PkgName: "musl",
|
||||
InstalledVersion: "1.2.3",
|
||||
InstalledVersion: "1.1.24-r2",
|
||||
FixedVersion: "1.2.4",
|
||||
Severity: common.Severity_MEDIUM,
|
||||
SeveritySource: "nvd",
|
||||
Layer: &common.Layer{},
|
||||
Cvss: make(map[string]*common.CVSS),
|
||||
VendorSeverity: map[string]common.Severity{
|
||||
string(vulnerability.NVD): common.Severity_MEDIUM,
|
||||
Severity: common.Severity_HIGH,
|
||||
Layer: &common.Layer{
|
||||
DiffId: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
},
|
||||
PrimaryUrl: "https://avd.aquasec.com/nvd/cve-2019-0001",
|
||||
PrimaryUrl: "https://avd.aquasec.com/nvd/cve-2020-9999",
|
||||
Title: "dos",
|
||||
Description: "dos vulnerability",
|
||||
References: []string{"http://example.com"},
|
||||
LastModifiedDate: ×tamppb.Timestamp{
|
||||
Seconds: 1577840460,
|
||||
Status: 3,
|
||||
PkgIdentifier: &common.PkgIdentifier{
|
||||
Purl: "pkg:apk/alpine/musl@1.1.24-r2?distro=3.11.5",
|
||||
Uid: "852936e86971b22e",
|
||||
},
|
||||
PublishedDate: ×tamppb.Timestamp{
|
||||
Seconds: 978310860,
|
||||
Cvss: make(map[string]*common.CVSS),
|
||||
VendorSeverity: make(map[string]common.Severity),
|
||||
},
|
||||
},
|
||||
Type: "alpine",
|
||||
Class: "os-pkgs",
|
||||
Packages: []*common.Package{
|
||||
{
|
||||
Name: "musl",
|
||||
Version: "1.1.24-r2",
|
||||
SrcName: "musl",
|
||||
SrcVersion: "1.1.24-r2",
|
||||
Layer: &common.Layer{
|
||||
DiffId: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
},
|
||||
DataSource: &common.DataSource{
|
||||
Name: "DOS vulnerabilities",
|
||||
Url: "https://vuld-db-example.com/",
|
||||
Identifier: &common.PkgIdentifier{
|
||||
Purl: "pkg:apk/alpine/musl@1.1.24-r2?distro=3.11.5",
|
||||
Uid: "852936e86971b22e",
|
||||
},
|
||||
},
|
||||
},
|
||||
Type: "alpine",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "sad path: Scan returns an error",
|
||||
name: "sad path: broken database",
|
||||
args: args{
|
||||
in: &rpcScanner.ScanRequest{
|
||||
Target: "alpine:3.11",
|
||||
ArtifactId: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
|
||||
BlobIds: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
|
||||
Options: &rpcScanner.ScanOptions{},
|
||||
BlobIds: []string{"sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203"},
|
||||
Options: &rpcScanner.ScanOptions{
|
||||
PkgTypes: []string{types.PkgTypeOS},
|
||||
Scanners: []string{string(types.VulnerabilityScanner)},
|
||||
PkgRelationships: []string{ftypes.RelationshipUnknown.String()},
|
||||
},
|
||||
},
|
||||
},
|
||||
scanExpectation: scanner.DriverScanExpectation{
|
||||
Args: scanner.DriverScanArgs{
|
||||
CtxAnything: true,
|
||||
Target: "alpine:3.11",
|
||||
ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
|
||||
LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
|
||||
OptionsAnything: true,
|
||||
},
|
||||
Returns: scanner.DriverScanReturns{
|
||||
Err: errors.New("error"),
|
||||
},
|
||||
fixtures: []string{"../../scanner/local/testdata/fixtures/sad.yaml"},
|
||||
setUpCache: func(t *testing.T) cache.Cache {
|
||||
c := cache.NewMemoryCache()
|
||||
require.NoError(t, c.PutArtifact("sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", ftypes.ArtifactInfo{
|
||||
SchemaVersion: 1,
|
||||
}))
|
||||
|
||||
require.NoError(t, c.PutBlob("sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203", ftypes.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
DiffID: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
OS: ftypes.OS{
|
||||
Family: "alpine",
|
||||
Name: "3.11.5",
|
||||
},
|
||||
PackageInfos: []ftypes.PackageInfo{
|
||||
{
|
||||
FilePath: "lib/apk/db/installed",
|
||||
Packages: ftypes.Packages{
|
||||
{
|
||||
Name: "musl",
|
||||
Version: "1.1.24-r2",
|
||||
SrcName: "musl",
|
||||
SrcVersion: "1.1.24-r2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}))
|
||||
|
||||
return c
|
||||
},
|
||||
wantErr: "failed scan, alpine:3.11",
|
||||
wantErr: "failed to detect vulnerabilities",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
mockDriver := scanner.NewMockDriver(t)
|
||||
mockDriver.ApplyScanExpectation(tt.scanExpectation)
|
||||
// Initialize DB
|
||||
_ = dbtest.InitDB(t, tt.fixtures)
|
||||
defer db.Close()
|
||||
|
||||
// Create artifact
|
||||
c := cachetest.NewCache(t, tt.setUpCache)
|
||||
|
||||
// Create scanner
|
||||
applier := applier.NewApplier(c)
|
||||
scanner := local.NewScanner(applier, ospkg.NewScanner(), langpkg.NewScanner(), vulnerability.NewClient(db.Config{}))
|
||||
s := NewScanServer(scanner)
|
||||
|
||||
s := NewScanServer(mockDriver)
|
||||
got, err := s.Scan(context.Background(), tt.args.in)
|
||||
if tt.wantErr != "" {
|
||||
require.ErrorContains(t, err, tt.wantErr, tt.name)
|
||||
require.ErrorContains(t, err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
require.NoError(t, err, tt.name)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, tt.want, got)
|
||||
})
|
||||
}
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
// Code generated by mockery v2.52.2. DO NOT EDIT.
|
||||
|
||||
package scanner
|
||||
|
||||
import (
|
||||
context "context"
|
||||
|
||||
fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
mock "github.com/stretchr/testify/mock"
|
||||
|
||||
types "github.com/aquasecurity/trivy/pkg/types"
|
||||
)
|
||||
|
||||
// MockDriver is an autogenerated mock type for the Driver type
|
||||
type MockDriver struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
// Scan provides a mock function with given fields: ctx, target, artifactKey, blobKeys, options
|
||||
func (_m *MockDriver) Scan(ctx context.Context, target string, artifactKey string, blobKeys []string, options types.ScanOptions) (types.Results, fanaltypes.OS, error) {
|
||||
ret := _m.Called(ctx, target, artifactKey, blobKeys, options)
|
||||
|
||||
if len(ret) == 0 {
|
||||
panic("no return value specified for Scan")
|
||||
}
|
||||
|
||||
var r0 types.Results
|
||||
var r1 fanaltypes.OS
|
||||
var r2 error
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, string, []string, types.ScanOptions) (types.Results, fanaltypes.OS, error)); ok {
|
||||
return rf(ctx, target, artifactKey, blobKeys, options)
|
||||
}
|
||||
if rf, ok := ret.Get(0).(func(context.Context, string, string, []string, types.ScanOptions) types.Results); ok {
|
||||
r0 = rf(ctx, target, artifactKey, blobKeys, options)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).(types.Results)
|
||||
}
|
||||
}
|
||||
|
||||
if rf, ok := ret.Get(1).(func(context.Context, string, string, []string, types.ScanOptions) fanaltypes.OS); ok {
|
||||
r1 = rf(ctx, target, artifactKey, blobKeys, options)
|
||||
} else {
|
||||
r1 = ret.Get(1).(fanaltypes.OS)
|
||||
}
|
||||
|
||||
if rf, ok := ret.Get(2).(func(context.Context, string, string, []string, types.ScanOptions) error); ok {
|
||||
r2 = rf(ctx, target, artifactKey, blobKeys, options)
|
||||
} else {
|
||||
r2 = ret.Error(2)
|
||||
}
|
||||
|
||||
return r0, r1, r2
|
||||
}
|
||||
|
||||
// NewMockDriver creates a new instance of MockDriver. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
|
||||
// The first argument is typically a *testing.T value.
|
||||
func NewMockDriver(t interface {
|
||||
mock.TestingT
|
||||
Cleanup(func())
|
||||
}) *MockDriver {
|
||||
mock := &MockDriver{}
|
||||
mock.Mock.Test(t)
|
||||
|
||||
t.Cleanup(func() { mock.AssertExpectations(t) })
|
||||
|
||||
return mock
|
||||
}
|
||||
@@ -1,70 +0,0 @@
|
||||
package scanner
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/stretchr/testify/mock"
|
||||
|
||||
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/types"
|
||||
)
|
||||
|
||||
type DriverScanArgs struct {
|
||||
Ctx context.Context
|
||||
CtxAnything bool
|
||||
Target string
|
||||
TargetAnything bool
|
||||
ImageID string
|
||||
ImageIDAnything bool
|
||||
LayerIDs []string
|
||||
LayerIDsAnything bool
|
||||
Options types.ScanOptions
|
||||
OptionsAnything bool
|
||||
}
|
||||
|
||||
type DriverScanReturns struct {
|
||||
Results types.Results
|
||||
OsFound ftypes.OS
|
||||
Err error
|
||||
}
|
||||
|
||||
type DriverScanExpectation struct {
|
||||
Args DriverScanArgs
|
||||
Returns DriverScanReturns
|
||||
}
|
||||
|
||||
func (_m *MockDriver) ApplyScanExpectation(e DriverScanExpectation) {
|
||||
var args []any
|
||||
if e.Args.CtxAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.Ctx)
|
||||
}
|
||||
if e.Args.TargetAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.Target)
|
||||
}
|
||||
if e.Args.ImageIDAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.ImageID)
|
||||
}
|
||||
if e.Args.LayerIDsAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.LayerIDs)
|
||||
}
|
||||
if e.Args.OptionsAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.Options)
|
||||
}
|
||||
_m.On("Scan", args...).Return(e.Returns.Results, e.Returns.OsFound, e.Returns.Err).Maybe()
|
||||
}
|
||||
|
||||
func (_m *MockDriver) ApplyScanExpectations(expectations []DriverScanExpectation) {
|
||||
for _, e := range expectations {
|
||||
_m.ApplyScanExpectation(e)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user