adding tests for summary

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
kubescape · Mar 31, 2023 · f1f3cff · f1f3cff
1 parent 437673c
commit f1f3cff
Show file tree

Hide file tree

Showing 10 changed files with 401 additions and 46 deletions.
diff --git a/adapters/v1/armo_test.go b/adapters/v1/armo_test.go
@@ -8,14 +8,14 @@ import (
 	"io"
 	"net/http"
 	"os"
-	"reflect"
 	"testing"
 	"time"
 
 	"github.com/anchore/grype/grype/presenter/models"
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/utils-go/httputils"
 	"github.com/armosec/utils-k8s-go/armometadata"
+	"github.com/go-test/deep"
 	"github.com/google/uuid"
 	"github.com/kubescape/kubevuln/core/domain"
 	"github.com/kubescape/kubevuln/internal/tools"
@@ -74,8 +74,9 @@ func TestArmoAdapter_GetCVEExceptions(t *testing.T) {
 				t.Errorf("GetCVEExceptions() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("GetCVEExceptions() got = %v, want %v", got, tt.want)
+			diff := deep.Equal(got, tt.want)
+			if diff != nil {
+				t.Errorf("compare failed: %v", diff)
 			}
 		})
 	}
@@ -160,8 +161,9 @@ func TestNewArmoAdapter(t *testing.T) {
 			// need to nil functions to compare
 			got.httpPostFunc = nil
 			got.getCVEExceptionsFunc = nil
-			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("NewArmoAdapter() = %v, want %v", got, tt.want)
+			diff := deep.Equal(got, tt.want)
+			if diff != nil {
+				t.Errorf("compare failed: %v", diff)
 			}
 		})
 	}

diff --git a/adapters/v1/armo_utils_test.go b/adapters/v1/armo_utils_test.go
@@ -0,0 +1,357 @@
+package v1
+
+import (
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/cluster-container-scanner-api/containerscan"
+	v1 "github.com/armosec/cluster-container-scanner-api/containerscan/v1"
+	"github.com/go-test/deep"
+	"github.com/kubescape/kubevuln/core/domain"
+	"k8s.io/utils/pointer"
+)
+
+func Test_summarize(t *testing.T) {
+	containerScanID := "9711c327-1a08-487e-b24a-72128712ef2d"
+	designators := armotypes.PortalDesignator{
+		DesignatorType: "Attributes",
+		Attributes: map[string]string{
+			"cluster":       "minikube",
+			"namespace":     "default",
+			"kind":          "deployment",
+			"name":          "nginx",
+			"containerName": "nginx",
+			"workloadHash":  "8449841542515860619",
+			"customerGUID":  "3fcd1e54-7871-49dc-8ebf-8d828d28c00b",
+		},
+	}
+	imageHash := "imagehash"
+	imageTag := "imagetag"
+	jobIDs := []string{
+		"80fc5ba7-e6df-4d8f-ae94-475242cd7345",
+		"b56211c7-716a-4f9f-b27f-b4942195fa5e",
+	}
+	timestamp := time.Now().Unix()
+	wlid := "wlid"
+	type args struct {
+		report       v1.ScanResultReport
+		workload     domain.ScanCommand
+		hasRelevancy bool
+	}
+	tests := []struct {
+		name string
+		args args
+		want *containerscan.CommonContainerScanSummaryResult
+	}{
+		{
+			name: "empty args",
+			args: args{
+				report:       v1.ScanResultReport{},
+				workload:     domain.ScanCommand{},
+				hasRelevancy: false,
+			},
+			want: &containerscan.CommonContainerScanSummaryResult{
+				PackagesName:    []string{},
+				Status:          "Success",
+				Vulnerabilities: []containerscan.ShortVulnerabilityResult{},
+			},
+		},
+		{
+			name: "empty report",
+			args: args{
+				report: v1.ScanResultReport{},
+				workload: domain.ScanCommand{
+					ImageHash: imageHash,
+					Wlid:      wlid,
+					ImageTag:  imageTag,
+					Session: domain.Session{
+						JobIDs: jobIDs,
+					},
+				},
+				hasRelevancy: false,
+			},
+			want: &containerscan.CommonContainerScanSummaryResult{
+				ImageID:         imageHash,
+				ImageTag:        imageTag,
+				JobIDs:          jobIDs,
+				PackagesName:    []string{},
+				Status:          "Success",
+				Version:         imageTag,
+				Vulnerabilities: []containerscan.ShortVulnerabilityResult{},
+				WLID:            wlid,
+			},
+		},
+		{
+			name: "real report",
+			args: args{
+				report: v1.ScanResultReport{
+					ContainerScanID: containerScanID,
+					Designators:     designators,
+					Timestamp:       timestamp,
+					Vulnerabilities: []containerscan.CommonContainerVulnerabilityResult{
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           0,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  nil,
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Severity:    "Negligible",
+								Name:        "CVE-2005-2541",
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: false},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant: nil,
+								ImageID:    imageHash,
+								ImageTag:   imageTag,
+								Severity:   "Medium",
+								Name:       "CVE-2016-9318",
+								Fixes:      containerscan.VulFixes{{Version: "foo"}},
+								Categories: containerscan.VulnerabilityCategory{IsRCE: false},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  nil,
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Description: "code execution",
+								Severity:    "Critical",
+								Name:        "CVE-2017-18269",
+								Fixes:       containerscan.VulFixes{{Version: "foo"}},
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: true},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  nil,
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Description: "command injection",
+								Severity:    "Critical",
+								Name:        "CVE-2022-1292",
+								Fixes:       containerscan.VulFixes{{Version: "foo"}},
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: true},
+							},
+							WLID: wlid,
+						},
+					},
+				},
+				workload: domain.ScanCommand{
+					ImageHash: imageHash,
+					Wlid:      wlid,
+					ImageTag:  imageTag,
+					Session: domain.Session{
+						JobIDs: jobIDs,
+					},
+				},
+				hasRelevancy: false,
+			},
+			want: &containerscan.CommonContainerScanSummaryResult{
+				ClusterName:     designators.Attributes["cluster"],
+				ContainerName:   designators.Attributes["containerName"],
+				ContainerScanID: containerScanID,
+				CustomerGUID:    designators.Attributes["customerGUID"],
+				Designators:     designators,
+				ImageID:         imageHash,
+				ImageTag:        imageTag,
+				JobIDs:          jobIDs,
+				Namespace:       designators.Attributes["namespace"],
+				PackagesName:    []string{},
+				SeveritiesStats: []containerscan.SeverityStats{
+					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2},
+					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1},
+					{Severity: "Negligible", TotalCount: 1},
+				},
+				SeverityStats: containerscan.SeverityStats{
+					TotalCount:               4,
+					RCEFixCount:              2,
+					FixAvailableOfTotalCount: 3,
+					RCECount:                 2,
+				},
+				Status:    "Success",
+				Timestamp: timestamp,
+				Version:   imageTag,
+				Vulnerabilities: []containerscan.ShortVulnerabilityResult{
+					{Name: "CVE-2005-2541"},
+					{Name: "CVE-2016-9318"},
+					{Name: "CVE-2017-18269"},
+					{Name: "CVE-2022-1292"},
+				},
+				WLID: wlid,
+			},
+		},
+		{
+			name: "real report with relevancy",
+			args: args{
+				report: v1.ScanResultReport{
+					ContainerScanID: containerScanID,
+					Designators:     designators,
+					Timestamp:       timestamp,
+					Vulnerabilities: []containerscan.CommonContainerVulnerabilityResult{
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           0,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  pointer.Bool(false),
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Severity:    "Negligible",
+								Name:        "CVE-2005-2541",
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: false},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  pointer.Bool(false),
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Severity:    "Medium",
+								Name:        "CVE-2016-9318",
+								Fixes:       containerscan.VulFixes{{Version: "foo"}},
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: false},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  pointer.Bool(false),
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Description: "code execution",
+								Severity:    "Critical",
+								Name:        "CVE-2017-18269",
+								Fixes:       containerscan.VulFixes{{Version: "foo"}},
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: true},
+							},
+							WLID: wlid,
+						},
+						{
+							ContainerScanID:   containerScanID,
+							Designators:       designators,
+							IntroducedInLayer: dummyLayer,
+							IsFixed:           1,
+							IsLastScan:        1,
+							Layers:            []containerscan.ESLayer{{LayerHash: dummyLayer}},
+							Vulnerability: containerscan.Vulnerability{
+								IsRelevant:  pointer.Bool(true),
+								ImageID:     imageHash,
+								ImageTag:    imageTag,
+								Description: "command injection",
+								Severity:    "Critical",
+								Name:        "CVE-2022-1292",
+								Fixes:       containerscan.VulFixes{{Version: "foo"}},
+								Categories:  containerscan.VulnerabilityCategory{IsRCE: true},
+							},
+							WLID: wlid,
+						},
+					},
+				},
+				workload: domain.ScanCommand{
+					ImageHash: imageHash,
+					Wlid:      wlid,
+					ImageTag:  imageTag,
+					Session: domain.Session{
+						JobIDs: jobIDs,
+					},
+				},
+				hasRelevancy: true,
+			},
+			want: &containerscan.CommonContainerScanSummaryResult{
+				ClusterName:      designators.Attributes["cluster"],
+				ContainerName:    designators.Attributes["containerName"],
+				ContainerScanID:  containerScanID,
+				CustomerGUID:     designators.Attributes["customerGUID"],
+				Designators:      designators,
+				HasRelevancyData: true,
+				ImageID:          imageHash,
+				ImageTag:         imageTag,
+				JobIDs:           jobIDs,
+				Namespace:        designators.Attributes["namespace"],
+				PackagesName:     []string{},
+				RelevantLabel:    "yes",
+				SeveritiesStats: []containerscan.SeverityStats{
+					{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2, RelevantCount: 1, RelevantFixCount: 1},
+					{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1},
+					{Severity: "Negligible", TotalCount: 1},
+				},
+				SeverityStats: containerscan.SeverityStats{
+					TotalCount:               4,
+					RCEFixCount:              2,
+					FixAvailableOfTotalCount: 3,
+					RCECount:                 2,
+					RelevantCount:            1,
+					RelevantFixCount:         1,
+				},
+				Status:    "Success",
+				Timestamp: timestamp,
+				Version:   imageTag,
+				Vulnerabilities: []containerscan.ShortVulnerabilityResult{
+					{Name: "CVE-2005-2541"},
+					{Name: "CVE-2016-9318"},
+					{Name: "CVE-2017-18269"},
+					{Name: "CVE-2022-1292"},
+				},
+				WLID: wlid,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := summarize(tt.args.report, tt.args.workload, tt.args.hasRelevancy)
+			sort.Slice(got.SeveritiesStats, func(i, j int) bool {
+				return got.SeveritiesStats[i].Severity < got.SeveritiesStats[j].Severity
+			})
+			diff := deep.Equal(got, tt.want)
+			if diff != nil {
+				t.Errorf("compare failed: %v", diff)
+			}
+		})
+	}
+}