From ea28d3b6f3232f5908f010e3a7e0e6c5514be030 Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Tue, 25 Aug 2020 12:21:15 +0300 Subject: [PATCH] test(vulnerability): fix usages of new trivy-db refactor changes (#611) * mod: Update trivy-db Signed-off-by: Simarpreet Singh * vulnerability_test: Fix usages of new trivy-db refactor changes Signed-off-by: Simarpreet Singh * chore(mod): update trivy-db Co-authored-by: Simarpreet Singh --- go.mod | 4 +- go.sum | 23 +++++++-- pkg/vulnerability/vulnerability_test.go | 66 ++++++++++++------------- 3 files changed, 53 insertions(+), 40 deletions(-) diff --git a/go.mod b/go.mod index 618469d2cd..4dc4f3579e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/semver/v3 v3.1.0 github.com/aquasecurity/fanal v0.0.0-20200528202907-79693bf4a058 github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b - github.com/aquasecurity/trivy-db v0.0.0-20200715174849-fa5a3ca24b16 + github.com/aquasecurity/trivy-db v0.0.0-20200816184446-3853f69c6e2f github.com/caarlos0/env/v6 v6.0.0 github.com/cenkalti/backoff v2.2.1+incompatible github.com/cheggaaa/pb/v3 v3.0.3 @@ -32,6 +32,6 @@ require ( go.uber.org/multierr v1.4.0 // indirect go.uber.org/zap v1.13.0 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f ) diff --git a/go.sum b/go.sum index 88d2d5f7a7..9048ef5654 100644 --- a/go.sum +++ b/go.sum @@ -56,8 +56,8 @@ github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b h1:55Ul github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ= github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a h1:hsw7PpiymXP64evn/K7gsj3hWzMqLrdoeE6JkqDocVg= github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs= -github.com/aquasecurity/trivy-db v0.0.0-20200715174849-fa5a3ca24b16 h1:Hh9MOUaJGI+PS9ZULxYqYQmsFfvtktt8jD7gMt43BA8= -github.com/aquasecurity/trivy-db v0.0.0-20200715174849-fa5a3ca24b16/go.mod h1:EiFA908RL0ACrbYo/9HfT7f9QcdC2bZoIO5XAAcvz9A= +github.com/aquasecurity/trivy-db v0.0.0-20200816184446-3853f69c6e2f h1:JGfRqWKDVAOiHXnoNMpLnipYi2sV527ML+ACLceNu+4= +github.com/aquasecurity/trivy-db v0.0.0-20200816184446-3853f69c6e2f/go.mod h1:e6VoIYR4u3gsi1aPxgvuuhqj+BCyAa1ytmhGHcw+TuA= github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2 h1:xbdUfr2KE4THsFx9CFWtWpU91lF+YhgP46moV94nYTA= github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2/go.mod h1:6NhOP0CjZJL27bZZcaHECtzWdwDDm2g6yCY0QgXEGQQ= github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI= @@ -444,6 +444,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.3.0 h1:NGXK3lHquSN08v5vWalVI/L8XU9hdzE/G6xsrze47As= +github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -502,6 +504,9 @@ golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -535,9 +540,10 @@ golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= @@ -549,6 +555,8 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -574,8 +582,11 @@ golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE= golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed h1:WBkVNH1zd9jg/dK4HCM4lNANnmd12EHC9z+LmcCG4ns= +golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -616,6 +627,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= @@ -672,8 +685,12 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v0.0.0-20181223230014-1083505acf35/go.mod h1:R//lfYlUuTOTfblYI3lGoAAAebUdzjvbmQsuB7Ykd90= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= diff --git a/pkg/vulnerability/vulnerability_test.go b/pkg/vulnerability/vulnerability_test.go index a5ef4f64a9..3b22451b13 100644 --- a/pkg/vulnerability/vulnerability_test.go +++ b/pkg/vulnerability/vulnerability_test.go @@ -5,19 +5,15 @@ import ( "os" "testing" - "golang.org/x/xerrors" - - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - - "github.com/aquasecurity/trivy/pkg/log" - "github.com/aquasecurity/trivy/pkg/types" - - "github.com/aquasecurity/trivy-db/pkg/db" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "golang.org/x/xerrors" + "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" + "github.com/aquasecurity/trivy/pkg/log" + "github.com/aquasecurity/trivy/pkg/types" ) func TestMain(m *testing.M) { @@ -36,19 +32,19 @@ func TestClient_FillInfo(t *testing.T) { } tests := []struct { name string - getSeverity []db.GetSeverityExpectation - getVulnerability []db.GetVulnerabilityExpectation + getSeverity []db.OperationGetSeverityExpectation + getVulnerability []db.OperationGetVulnerabilityExpectation args args expectedVulnerabilities []types.DetectedVulnerability }{ { name: "happy path, with only OS vulnerability but no vendor severity, no NVD", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -78,12 +74,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path, with only OS vulnerability but no vendor severity, yes NVD", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -116,12 +112,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path, with only OS vulnerability but no severity, no vendor severity, no NVD", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -149,12 +145,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path, with only OS vulnerability, yes vendor severity, with both NVD and CVSS info", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -218,12 +214,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path, with only OS vulnerability, yes vendor severity, with both NVD and deprecated vendor vectors", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "dos", Description: "dos vulnerability", @@ -277,12 +273,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path light db, with only OS vulnerability, yes vendor severity", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Severity: dbTypes.SeverityMedium.String(), VendorSeverity: dbTypes.VendorSeverity{ @@ -310,12 +306,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "happy path, with only library vulnerability", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2020-0001", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Vulnerability: dbTypes.Vulnerability{ Title: "COVID-19", Description: "a nasty virus vulnerability for humans", @@ -349,12 +345,12 @@ func TestClient_FillInfo(t *testing.T) { }, { name: "GetVulnerability returns an error", - getVulnerability: []db.GetVulnerabilityExpectation{ + getVulnerability: []db.OperationGetVulnerabilityExpectation{ { - Args: db.GetVulnerabilityArgs{ + Args: db.OperationGetVulnerabilityArgs{ VulnerabilityID: "CVE-2019-0004", }, - Returns: db.GetVulnerabilityReturns{ + Returns: db.OperationGetVulnerabilityReturns{ Err: xerrors.New("failed"), }, },