test(mariner): update tests after changing filenames in vuln-list (#…

…382)
aquasecurity · May 16, 2024 · b8fe137 · b8fe137
1 parent dece64c
commit b8fe137
Show file tree

Hide file tree

Showing 11 changed files with 135 additions and 2 deletions.
diff --git a/pkg/vulnsrc/mariner/mariner_test.go b/pkg/vulnsrc/mariner/mariner_test.go
@@ -50,6 +50,18 @@ func TestVulnSrc_Update(t *testing.T) {
 						FixedVersion: "",
 					},
 				},
+				{
+					Key: []string{"advisory-detail", "CVE-2023-5678", "CBL-Mariner 2.0", "openssl"},
+					Value: types.Advisory{
+						FixedVersion: "0:1.1.1k-28.cm2",
+					},
+				},
+				{
+					Key: []string{"advisory-detail", "CVE-2023-5678", "CBL-Mariner 2.0", "edk2"},
+					Value: types.Advisory{
+						FixedVersion: "0:20230301gitf80f052277c8-38.cm2",
+					},
+				},
 				{
 					Key: []string{"vulnerability-detail", "CVE-2008-3914", "cbl-mariner"},
 					Value: types.VulnerabilityDetail{
@@ -68,6 +80,15 @@ func TestVulnSrc_Update(t *testing.T) {
 						References:  []string{"https://nvd.nist.gov/vuln/detail/CVE-2021-39924"},
 					},
 				},
+				{
+					Key: []string{"vulnerability-detail", "CVE-2023-5678", "cbl-mariner"},
+					Value: types.VulnerabilityDetail{
+						Severity:    types.SeverityMedium,
+						Title:       "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28",
+						Description: "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28. A patched version of the package is available.",
+						References:  []string{"https://nvd.nist.gov/vuln/detail/CVE-2023-5678"},
+					},
+				},
 				{
 					Key:   []string{"vulnerability-id", "CVE-2008-3914"},
 					Value: map[string]interface{}{},
@@ -76,6 +97,10 @@ func TestVulnSrc_Update(t *testing.T) {
 					Key:   []string{"vulnerability-id", "CVE-2021-39924"},
 					Value: map[string]interface{}{},
 				},
+				{
+					Key:   []string{"vulnerability-id", "CVE-2023-5678"},
+					Value: map[string]interface{}{},
+				},
 			},
 		},
 		{

diff --git a/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json b/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json
diff --git a/.../2.0/definitions/2021/CVE-2021-39924.json → ...st/mariner/2.0/definitions/2021/7412.json b/.../2.0/definitions/2021/CVE-2021-39924.json → ...st/mariner/2.0/definitions/2021/7412.json
diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31872-1.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31872-1.json
@@ -0,0 +1,28 @@
+{
+  "Class": "vulnerability",
+  "ID": "oval:com.microsoft.cbl-mariner:def:31872",
+  "Version": "1",
+  "Metadata": {
+    "Title": "CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38",
+    "Affected": {
+      "Family": "unix",
+      "Platform": "CBL-Mariner"
+    },
+    "Reference": {
+      "RefID": "CVE-2023-5678",
+      "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678",
+      "Source": "CVE"
+    },
+    "Patchable": "true",
+    "AdvisoryID": "31872-1",
+    "Severity": "Medium",
+    "Description": "CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is available."
+  },
+  "Criteria": {
+    "Operator": "AND",
+    "Criterion": {
+      "Comment": "Package edk2 is earlier than 20230301gitf80f052277c8-38, affected by CVE-2023-5678",
+      "TestRef": "oval:com.microsoft.cbl-mariner:tst:31872000"
+    }
+  }
+}
diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31880-1.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31880-1.json
@@ -0,0 +1,28 @@
+{
+  "Class": "vulnerability",
+  "ID": "oval:com.microsoft.cbl-mariner:def:31880",
+  "Version": "1",
+  "Metadata": {
+    "Title": "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28",
+    "Affected": {
+      "Family": "unix",
+      "Platform": "CBL-Mariner"
+    },
+    "Reference": {
+      "RefID": "CVE-2023-5678",
+      "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678",
+      "Source": "CVE"
+    },
+    "Patchable": "true",
+    "AdvisoryID": "31880-1",
+    "Severity": "Medium",
+    "Description": "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28. A patched version of the package is available."
+  },
+  "Criteria": {
+    "Operator": "AND",
+    "Criterion": {
+      "Comment": "Package openssl is earlier than 1.1.1k-28, affected by CVE-2023-5678",
+      "TestRef": "oval:com.microsoft.cbl-mariner:tst:31880000"
+    }
+  }
+}
diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json
@@ -4,6 +4,16 @@
       "ID": "oval:com.microsoft.cbl-mariner:obj:1643374850000429",
       "Version": "1643374850",
       "Name": "wireshark"
+    },
+    {
+      "ID": "oval:com.microsoft.cbl-mariner:obj:31880001",
+      "Version": "0",
+      "Name": "openssl"
+    },
+    {
+      "ID": "oval:com.microsoft.cbl-mariner:obj:31872001",
+      "Version": "0",
+      "Name": "edk2"
     }
   ]
 }
diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json
@@ -8,6 +8,24 @@
         "Datatype": "evr_string",
         "Operation": "less than or equal"
       }
+    },
+    {
+      "ID": "oval:com.microsoft.cbl-mariner:ste:31880002",
+      "Version": "0",
+      "Evr": {
+        "Text": "0:1.1.1k-28.cm2",
+        "Datatype": "evr_string",
+        "Operation": "less than"
+      }
+    },
+    {
+      "ID": "oval:com.microsoft.cbl-mariner:ste:31872002",
+      "Version": "0",
+      "Evr": {
+        "Text": "0:20230301gitf80f052277c8-38.cm2",
+        "Datatype": "evr_string",
+        "Operation": "less than"
+      }
     }
   ]
 }
diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json
@@ -11,6 +11,30 @@
       "State": {
         "StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374850000031"
       }
+    },
+    {
+      "Check": "at least one",
+      "Comment": "Package openssl is earlier than 1.1.1k-28, affected by CVE-2023-5678",
+      "ID": "oval:com.microsoft.cbl-mariner:tst:31880000",
+      "Version": "0",
+      "Object": {
+        "ObjectRef": "oval:com.microsoft.cbl-mariner:obj:31880001"
+      },
+      "State": {
+        "StateRef": "oval:com.microsoft.cbl-mariner:ste:31880002"
+      }
+    },
+    {
+      "Check": "at least one",
+      "Comment": "Package edk2 is earlier than 20230301gitf80f052277c8-38, affected by CVE-2023-5678",
+      "ID": "oval:com.microsoft.cbl-mariner:tst:31872000",
+      "Version": "0",
+      "Object": {
+        "ObjectRef": "oval:com.microsoft.cbl-mariner:obj:31872001"
+      },
+      "State": {
+        "StateRef": "oval:com.microsoft.cbl-mariner:ste:31872002"
+      }
     }
   ]
 }
diff --git a/...r/2.0/definitions/2013/CVE-2013-7381.json → ...st/mariner/2.0/definitions/2013/6640.json b/...r/2.0/definitions/2013/CVE-2013-7381.json → ...st/mariner/2.0/definitions/2013/6640.json
@@ -25,4 +25,4 @@
       "TestRef": "oval:com.microsoft.cbl-mariner:tst:1653048070000135"
     }
   }
-}
+}
diff --git a/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json b/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json
@@ -26,4 +26,4 @@
       "TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374849000003"
     }
   }
-}
+}
diff --git a/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json b/...r/1.0/definitions/2008/CVE-2008-3914.json → ...st/mariner/1.0/definitions/2008/3173.json