-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
- Loading branch information
Showing
10 changed files
with
401 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,357 @@ | ||
package v1 | ||
|
||
import ( | ||
"sort" | ||
"testing" | ||
"time" | ||
|
||
"github.com/armosec/armoapi-go/armotypes" | ||
"github.com/armosec/cluster-container-scanner-api/containerscan" | ||
v1 "github.com/armosec/cluster-container-scanner-api/containerscan/v1" | ||
"github.com/go-test/deep" | ||
"github.com/kubescape/kubevuln/core/domain" | ||
"k8s.io/utils/pointer" | ||
) | ||
|
||
func Test_summarize(t *testing.T) { | ||
containerScanID := "9711c327-1a08-487e-b24a-72128712ef2d" | ||
designators := armotypes.PortalDesignator{ | ||
DesignatorType: "Attributes", | ||
Attributes: map[string]string{ | ||
"cluster": "minikube", | ||
"namespace": "default", | ||
"kind": "deployment", | ||
"name": "nginx", | ||
"containerName": "nginx", | ||
"workloadHash": "8449841542515860619", | ||
"customerGUID": "3fcd1e54-7871-49dc-8ebf-8d828d28c00b", | ||
}, | ||
} | ||
imageHash := "imagehash" | ||
imageTag := "imagetag" | ||
jobIDs := []string{ | ||
"80fc5ba7-e6df-4d8f-ae94-475242cd7345", | ||
"b56211c7-716a-4f9f-b27f-b4942195fa5e", | ||
} | ||
timestamp := time.Now().Unix() | ||
wlid := "wlid" | ||
type args struct { | ||
report v1.ScanResultReport | ||
workload domain.ScanCommand | ||
hasRelevancy bool | ||
} | ||
tests := []struct { | ||
name string | ||
args args | ||
want *containerscan.CommonContainerScanSummaryResult | ||
}{ | ||
{ | ||
name: "empty args", | ||
args: args{ | ||
report: v1.ScanResultReport{}, | ||
workload: domain.ScanCommand{}, | ||
hasRelevancy: false, | ||
}, | ||
want: &containerscan.CommonContainerScanSummaryResult{ | ||
PackagesName: []string{}, | ||
Status: "Success", | ||
Vulnerabilities: []containerscan.ShortVulnerabilityResult{}, | ||
}, | ||
}, | ||
{ | ||
name: "empty report", | ||
args: args{ | ||
report: v1.ScanResultReport{}, | ||
workload: domain.ScanCommand{ | ||
ImageHash: imageHash, | ||
Wlid: wlid, | ||
ImageTag: imageTag, | ||
Session: domain.Session{ | ||
JobIDs: jobIDs, | ||
}, | ||
}, | ||
hasRelevancy: false, | ||
}, | ||
want: &containerscan.CommonContainerScanSummaryResult{ | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
JobIDs: jobIDs, | ||
PackagesName: []string{}, | ||
Status: "Success", | ||
Version: imageTag, | ||
Vulnerabilities: []containerscan.ShortVulnerabilityResult{}, | ||
WLID: wlid, | ||
}, | ||
}, | ||
{ | ||
name: "real report", | ||
args: args{ | ||
report: v1.ScanResultReport{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
Timestamp: timestamp, | ||
Vulnerabilities: []containerscan.CommonContainerVulnerabilityResult{ | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 0, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: nil, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Severity: "Negligible", | ||
Name: "CVE-2005-2541", | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: false}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: nil, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Severity: "Medium", | ||
Name: "CVE-2016-9318", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: false}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: nil, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Description: "code execution", | ||
Severity: "Critical", | ||
Name: "CVE-2017-18269", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: true}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: nil, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Description: "command injection", | ||
Severity: "Critical", | ||
Name: "CVE-2022-1292", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: true}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
}, | ||
}, | ||
workload: domain.ScanCommand{ | ||
ImageHash: imageHash, | ||
Wlid: wlid, | ||
ImageTag: imageTag, | ||
Session: domain.Session{ | ||
JobIDs: jobIDs, | ||
}, | ||
}, | ||
hasRelevancy: false, | ||
}, | ||
want: &containerscan.CommonContainerScanSummaryResult{ | ||
ClusterName: designators.Attributes["cluster"], | ||
ContainerName: designators.Attributes["containerName"], | ||
ContainerScanID: containerScanID, | ||
CustomerGUID: designators.Attributes["customerGUID"], | ||
Designators: designators, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
JobIDs: jobIDs, | ||
Namespace: designators.Attributes["namespace"], | ||
PackagesName: []string{}, | ||
SeveritiesStats: []containerscan.SeverityStats{ | ||
{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2}, | ||
{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1}, | ||
{Severity: "Negligible", TotalCount: 1}, | ||
}, | ||
SeverityStats: containerscan.SeverityStats{ | ||
TotalCount: 4, | ||
RCEFixCount: 2, | ||
FixAvailableOfTotalCount: 3, | ||
RCECount: 2, | ||
}, | ||
Status: "Success", | ||
Timestamp: timestamp, | ||
Version: imageTag, | ||
Vulnerabilities: []containerscan.ShortVulnerabilityResult{ | ||
{Name: "CVE-2005-2541"}, | ||
{Name: "CVE-2016-9318"}, | ||
{Name: "CVE-2017-18269"}, | ||
{Name: "CVE-2022-1292"}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
}, | ||
{ | ||
name: "real report with relevancy", | ||
args: args{ | ||
report: v1.ScanResultReport{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
Timestamp: timestamp, | ||
Vulnerabilities: []containerscan.CommonContainerVulnerabilityResult{ | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 0, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: pointer.Bool(false), | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Severity: "Negligible", | ||
Name: "CVE-2005-2541", | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: false}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: pointer.Bool(false), | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Severity: "Medium", | ||
Name: "CVE-2016-9318", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: false}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: pointer.Bool(false), | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Description: "code execution", | ||
Severity: "Critical", | ||
Name: "CVE-2017-18269", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: true}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
{ | ||
ContainerScanID: containerScanID, | ||
Designators: designators, | ||
IntroducedInLayer: dummyLayer, | ||
IsFixed: 1, | ||
IsLastScan: 1, | ||
Layers: []containerscan.ESLayer{{LayerHash: dummyLayer}}, | ||
Vulnerability: containerscan.Vulnerability{ | ||
IsRelevant: pointer.Bool(true), | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
Description: "command injection", | ||
Severity: "Critical", | ||
Name: "CVE-2022-1292", | ||
Fixes: containerscan.VulFixes{{Version: "foo"}}, | ||
Categories: containerscan.VulnerabilityCategory{IsRCE: true}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
}, | ||
}, | ||
workload: domain.ScanCommand{ | ||
ImageHash: imageHash, | ||
Wlid: wlid, | ||
ImageTag: imageTag, | ||
Session: domain.Session{ | ||
JobIDs: jobIDs, | ||
}, | ||
}, | ||
hasRelevancy: true, | ||
}, | ||
want: &containerscan.CommonContainerScanSummaryResult{ | ||
ClusterName: designators.Attributes["cluster"], | ||
ContainerName: designators.Attributes["containerName"], | ||
ContainerScanID: containerScanID, | ||
CustomerGUID: designators.Attributes["customerGUID"], | ||
Designators: designators, | ||
HasRelevancyData: true, | ||
ImageID: imageHash, | ||
ImageTag: imageTag, | ||
JobIDs: jobIDs, | ||
Namespace: designators.Attributes["namespace"], | ||
PackagesName: []string{}, | ||
RelevantLabel: "yes", | ||
SeveritiesStats: []containerscan.SeverityStats{ | ||
{Severity: "Critical", TotalCount: 2, RCEFixCount: 2, FixAvailableOfTotalCount: 2, RCECount: 2, RelevantCount: 1, RelevantFixCount: 1}, | ||
{Severity: "Medium", TotalCount: 1, FixAvailableOfTotalCount: 1}, | ||
{Severity: "Negligible", TotalCount: 1}, | ||
}, | ||
SeverityStats: containerscan.SeverityStats{ | ||
TotalCount: 4, | ||
RCEFixCount: 2, | ||
FixAvailableOfTotalCount: 3, | ||
RCECount: 2, | ||
RelevantCount: 1, | ||
RelevantFixCount: 1, | ||
}, | ||
Status: "Success", | ||
Timestamp: timestamp, | ||
Version: imageTag, | ||
Vulnerabilities: []containerscan.ShortVulnerabilityResult{ | ||
{Name: "CVE-2005-2541"}, | ||
{Name: "CVE-2016-9318"}, | ||
{Name: "CVE-2017-18269"}, | ||
{Name: "CVE-2022-1292"}, | ||
}, | ||
WLID: wlid, | ||
}, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
got := summarize(tt.args.report, tt.args.workload, tt.args.hasRelevancy) | ||
sort.Slice(got.SeveritiesStats, func(i, j int) bool { | ||
return got.SeveritiesStats[i].Severity < got.SeveritiesStats[j].Severity | ||
}) | ||
diff := deep.Equal(got, tt.want) | ||
if diff != nil { | ||
t.Errorf("compare failed: %v", diff) | ||
} | ||
}) | ||
} | ||
} |
Oops, something went wrong.