gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 23:26:39 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
17b84f6c0902172938f8f83420dc432fa87f467e
trivy/pkg/rpc/server/library/server_test.go
Simarpreet Singh 17b84f6c09 Override with Vendor score if exists (#433) 
* wip: Add a failing test to demo severity override

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan.go: Return osFound for use in determining vendor.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* pkg: Fix ScanImage return in case an OSFound

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Include a package-lock.json for happy path

Signed-off-by: Simarpreet Singh <simar@linux.com>

* wip: Add a test to include various reportResult types

Signed-off-by: Simarpreet Singh <simar@linux.com>

* Makefile: Add a target to generate mocks.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Pass reportType as argument for FillInfo.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add other types of vulnerabilities.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Update golden files.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* ospkg: Fix FillInfo for ospkg/server

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Add os.Family type to Response.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability_test.go: Add case where no vendor severity exists.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Fallback to NVD if it exists.

Also add tests for other cases.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Fix a few sites with reportType info and tests.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Remove VendorSeverity from displayed results

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add vulnerability source information.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Add VendorSeverity logic for lightDB as well.

This commit also makes FillInfo logic common to both light and full DBs.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* remove some crufty TODOs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability_test: Add a case for light db for documentation purposes

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: update trivy-db to point to master

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Remove cruft and bring back test cases

Signed-off-by: Simarpreet Singh <simar@linux.com>

* scan_test: Add pkg Type to mock return

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: reorder err check after err

Signed-off-by: Simarpreet Singh <simar@linux.com>

* client_test: Fix import ordering

Signed-off-by: Simarpreet Singh <simar@linux.com>

* convert.go: Use result.Type

Signed-off-by: Simarpreet Singh <simar@linux.com>

* convert: Use result.Type and simplify ConvertFromRpcResults signature

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Refactor calls to getVendorSeverity

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Remove centos-7-critical.json.golden

There's no critical vulnerability in CentOS 7 anymore.
In addition this test was not adding any value that is already
not covered by existing tests cases.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* rpc: Include severity source in tests.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* integration: Update test db to include VendorSeverity.

Test DB is now a snapshot of full database from trivy-db.

Also update golden files to include SeveritySource.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnerability: Make centos7 use RHEL vendor severities

Signed-off-by: Simarpreet Singh <simar@linux.com>
2020-04-16 16:58:58 -07:00

173 lines
4.9 KiB
Go
Raw Blame History

package library
import (
"context"
"os"
"testing"
ftypes "github.com/aquasecurity/fanal/types"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/xerrors"
ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/detector/library"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/vulnerability"
"github.com/aquasecurity/trivy/rpc/common"
proto "github.com/aquasecurity/trivy/rpc/detector"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
code := m.Run()
os.Exit(code)
}
func TestServer_Detect(t *testing.T) {
type args struct {
req *proto.LibDetectRequest
}
tests := []struct {
name string
args args
detectExpectation library.OperationDetectExpectation
fillInfoExpectation vulnerability.FillInfoExpectation
wantRes *proto.DetectResponse
wantErr string
}{
{
name: "happy path",
args: args{
req: &proto.LibDetectRequest{
ImageName: "alpine:3.10",
FilePath: "app/Pipfile.lock",
Libraries: []*common.Library{
{Name: "django", Version: "3.0.0"},
},
},
},
detectExpectation: library.OperationDetectExpectation{
Args: library.OperationDetectArgs{
FilePath: "app/Pipfile.lock",
Pkgs: []ftypes.LibraryInfo{
{
Library: ptypes.Library{Name: "django", Version: "3.0.0"},
},
},
},
Returns: library.OperationDetectReturns{
Vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-0001",
PkgName: "test",
InstalledVersion: "1",
FixedVersion: "2",
Vulnerability: dbTypes.Vulnerability{
Title: "title",
Description: "description",
Severity: "MEDIUM",
References: []string{"http://example.com"},
},
Layer: ftypes.Layer{
Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
},
},
},
},
},
fillInfoExpectation: vulnerability.FillInfoExpectation{
Args: vulnerability.FillInfoArgs{
Vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-0001",
PkgName: "test",
InstalledVersion: "1",
FixedVersion: "2",
Vulnerability: dbTypes.Vulnerability{
Title: "title",
Description: "description",
Severity: "MEDIUM",
References: []string{"http://example.com"},
},
Layer: ftypes.Layer{
Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
},
},
},
},
},
wantRes: &proto.DetectResponse{
Vulnerabilities: []*common.Vulnerability{
{
VulnerabilityId: "CVE-2019-0001",
PkgName: "test",
InstalledVersion: "1",
FixedVersion: "2",
Title: "title",
Description: "description",
Severity: common.Severity_MEDIUM,
References: []string{"http://example.com"},
Layer: &common.Layer{
Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
},
},
},
},
},
{
name: "Detect returns an error",
args: args{
req: &proto.LibDetectRequest{
ImageName: "alpine:3.10",
FilePath: "app/Pipfile.lock",
Libraries: []*common.Library{
{Name: "django", Version: "3.0.0"},
},
},
},
detectExpectation: library.OperationDetectExpectation{
Args: library.OperationDetectArgs{
FilePath: "app/Pipfile.lock",
Pkgs: []ftypes.LibraryInfo{
{Library: ptypes.Library{Name: "django", Version: "3.0.0"}},
},
},
Returns: library.OperationDetectReturns{
Err: xerrors.New("error"),
},
},
wantErr: "failed to detect library vulnerabilities",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
mockDetector := new(library.MockOperation)
mockDetector.ApplyDetectExpectation(tt.detectExpectation)
mockVulnClient := new(vulnerability.MockOperation)
mockVulnClient.ApplyFillInfoExpectation(tt.fillInfoExpectation)
s := NewServer(mockDetector, mockVulnClient)
ctx := context.TODO()
gotRes, err := s.Detect(ctx, tt.args.req)
if tt.wantErr != "" {
require.NotNil(t, err, tt.name)
assert.Contains(t, err.Error(), tt.wantErr, tt.name)
return
} else {
assert.NoError(t, err, tt.name)
}
assert.Equal(t, tt.wantRes, gotRes, tt.name)
mockDetector.AssertExpectations(t)
mockVulnClient.AssertExpectations(t)
})
}
}
Reference in New Issue View Git Blame Copy Permalink