diff --git a/pkg/vulnsrc/mariner/mariner_test.go b/pkg/vulnsrc/mariner/mariner_test.go index cd6cf468..eb978d7f 100644 --- a/pkg/vulnsrc/mariner/mariner_test.go +++ b/pkg/vulnsrc/mariner/mariner_test.go @@ -50,6 +50,18 @@ func TestVulnSrc_Update(t *testing.T) { FixedVersion: "", }, }, + { + Key: []string{"advisory-detail", "CVE-2023-5678", "CBL-Mariner 2.0", "openssl"}, + Value: types.Advisory{ + FixedVersion: "0:1.1.1k-28.cm2", + }, + }, + { + Key: []string{"advisory-detail", "CVE-2023-5678", "CBL-Mariner 2.0", "edk2"}, + Value: types.Advisory{ + FixedVersion: "0:20230301gitf80f052277c8-38.cm2", + }, + }, { Key: []string{"vulnerability-detail", "CVE-2008-3914", "cbl-mariner"}, Value: types.VulnerabilityDetail{ @@ -68,6 +80,15 @@ func TestVulnSrc_Update(t *testing.T) { References: []string{"https://nvd.nist.gov/vuln/detail/CVE-2021-39924"}, }, }, + { + Key: []string{"vulnerability-detail", "CVE-2023-5678", "cbl-mariner"}, + Value: types.VulnerabilityDetail{ + Severity: types.SeverityMedium, + Title: "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28", + Description: "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28. A patched version of the package is available.", + References: []string{"https://nvd.nist.gov/vuln/detail/CVE-2023-5678"}, + }, + }, { Key: []string{"vulnerability-id", "CVE-2008-3914"}, Value: map[string]interface{}{}, @@ -76,6 +97,10 @@ func TestVulnSrc_Update(t *testing.T) { Key: []string{"vulnerability-id", "CVE-2021-39924"}, Value: map[string]interface{}{}, }, + { + Key: []string{"vulnerability-id", "CVE-2023-5678"}, + Value: map[string]interface{}{}, + }, }, }, { diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/1.0/definitions/2008/3173.json similarity index 100% rename from pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json rename to pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/1.0/definitions/2008/3173.json diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2021/CVE-2021-39924.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2021/7412.json similarity index 100% rename from pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2021/CVE-2021-39924.json rename to pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2021/7412.json diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31872-1.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31872-1.json new file mode 100644 index 00000000..6fb3156e --- /dev/null +++ b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31872-1.json @@ -0,0 +1,28 @@ +{ + "Class": "vulnerability", + "ID": "oval:com.microsoft.cbl-mariner:def:31872", + "Version": "1", + "Metadata": { + "Title": "CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38", + "Affected": { + "Family": "unix", + "Platform": "CBL-Mariner" + }, + "Reference": { + "RefID": "CVE-2023-5678", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "Source": "CVE" + }, + "Patchable": "true", + "AdvisoryID": "31872-1", + "Severity": "Medium", + "Description": "CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is available." + }, + "Criteria": { + "Operator": "AND", + "Criterion": { + "Comment": "Package edk2 is earlier than 20230301gitf80f052277c8-38, affected by CVE-2023-5678", + "TestRef": "oval:com.microsoft.cbl-mariner:tst:31872000" + } + } +} \ No newline at end of file diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31880-1.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31880-1.json new file mode 100644 index 00000000..ed4b4fe8 --- /dev/null +++ b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/definitions/2023/31880-1.json @@ -0,0 +1,28 @@ +{ + "Class": "vulnerability", + "ID": "oval:com.microsoft.cbl-mariner:def:31880", + "Version": "1", + "Metadata": { + "Title": "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28", + "Affected": { + "Family": "unix", + "Platform": "CBL-Mariner" + }, + "Reference": { + "RefID": "CVE-2023-5678", + "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "Source": "CVE" + }, + "Patchable": "true", + "AdvisoryID": "31880-1", + "Severity": "Medium", + "Description": "CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28. A patched version of the package is available." + }, + "Criteria": { + "Operator": "AND", + "Criterion": { + "Comment": "Package openssl is earlier than 1.1.1k-28, affected by CVE-2023-5678", + "TestRef": "oval:com.microsoft.cbl-mariner:tst:31880000" + } + } +} \ No newline at end of file diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json index 250944fe..528d7a37 100644 --- a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json +++ b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/objects/objects.json @@ -4,6 +4,16 @@ "ID": "oval:com.microsoft.cbl-mariner:obj:1643374850000429", "Version": "1643374850", "Name": "wireshark" + }, + { + "ID": "oval:com.microsoft.cbl-mariner:obj:31880001", + "Version": "0", + "Name": "openssl" + }, + { + "ID": "oval:com.microsoft.cbl-mariner:obj:31872001", + "Version": "0", + "Name": "edk2" } ] } diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json index 5da12f94..ca412384 100644 --- a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json +++ b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/states/states.json @@ -8,6 +8,24 @@ "Datatype": "evr_string", "Operation": "less than or equal" } + }, + { + "ID": "oval:com.microsoft.cbl-mariner:ste:31880002", + "Version": "0", + "Evr": { + "Text": "0:1.1.1k-28.cm2", + "Datatype": "evr_string", + "Operation": "less than" + } + }, + { + "ID": "oval:com.microsoft.cbl-mariner:ste:31872002", + "Version": "0", + "Evr": { + "Text": "0:20230301gitf80f052277c8-38.cm2", + "Datatype": "evr_string", + "Operation": "less than" + } } ] } diff --git a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json index cabd6247..85693a33 100644 --- a/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json +++ b/pkg/vulnsrc/mariner/testdata/happy/vuln-list/mariner/2.0/tests/tests.json @@ -11,6 +11,30 @@ "State": { "StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374850000031" } + }, + { + "Check": "at least one", + "Comment": "Package openssl is earlier than 1.1.1k-28, affected by CVE-2023-5678", + "ID": "oval:com.microsoft.cbl-mariner:tst:31880000", + "Version": "0", + "Object": { + "ObjectRef": "oval:com.microsoft.cbl-mariner:obj:31880001" + }, + "State": { + "StateRef": "oval:com.microsoft.cbl-mariner:ste:31880002" + } + }, + { + "Check": "at least one", + "Comment": "Package edk2 is earlier than 20230301gitf80f052277c8-38, affected by CVE-2023-5678", + "ID": "oval:com.microsoft.cbl-mariner:tst:31872000", + "Version": "0", + "Object": { + "ObjectRef": "oval:com.microsoft.cbl-mariner:obj:31872001" + }, + "State": { + "StateRef": "oval:com.microsoft.cbl-mariner:ste:31872002" + } } ] } diff --git a/pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/CVE-2013-7381.json b/pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/6640.json similarity index 99% rename from pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/CVE-2013-7381.json rename to pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/6640.json index 8145d42b..a1179386 100644 --- a/pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/CVE-2013-7381.json +++ b/pkg/vulnsrc/mariner/testdata/not-applicable-definition/vuln-list/mariner/2.0/definitions/2013/6640.json @@ -25,4 +25,4 @@ "TestRef": "oval:com.microsoft.cbl-mariner:tst:1653048070000135" } } -} +} \ No newline at end of file diff --git a/pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json b/pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/3173.json similarity index 99% rename from pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json rename to pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/3173.json index 5ffc5f85..507ccf8f 100644 --- a/pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json +++ b/pkg/vulnsrc/mariner/testdata/sad/empty-stateref-tests/vuln-list/mariner/1.0/definitions/2008/3173.json @@ -26,4 +26,4 @@ "TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374849000003" } } -} +} \ No newline at end of file diff --git a/pkg/vulnsrc/mariner/testdata/sad/empty-testref-definition/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json b/pkg/vulnsrc/mariner/testdata/sad/empty-testref-definition/vuln-list/mariner/1.0/definitions/2008/3173.json similarity index 100% rename from pkg/vulnsrc/mariner/testdata/sad/empty-testref-definition/vuln-list/mariner/1.0/definitions/2008/CVE-2008-3914.json rename to pkg/vulnsrc/mariner/testdata/sad/empty-testref-definition/vuln-list/mariner/1.0/definitions/2008/3173.json