From c3dd15ae015bafd09c8855f9d9a47772eafdaf65 Mon Sep 17 00:00:00 2001
From: RTann <rtannenb@redhat.com>
Date: Thu, 24 Jul 2025 16:03:12 -0700
Subject: [PATCH 1/3] e2e: fix tests with latest vuln data

---
 e2etests/testcase_test.go |  6 +++---
 e2etests/vuln_test.go     | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go
index fc25c5a5a..00c580727 100644
--- a/e2etests/testcase_test.go
+++ b/e2etests/testcase_test.go
@@ -4028,7 +4028,7 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 				Name:          "tomcat",
 				VersionFormat: component.JavaSourceType.String(),
 				Version:       "9.0.59",
-				FixedBy:       "9.0.104",
+				FixedBy:       "9.0.106",
 				Location:      "tomcat-embed-core-9.0.59.jar",
 				Vulnerabilities: []apiV1.Vulnerability{
 					{
@@ -4797,7 +4797,7 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 				NamespaceName: "rhel:8",
 				VersionFormat: "rpm",
 				Version:       "1:17.0.11.0.9-2.el8.x86_64",
-				FixedBy:       "1:17.0.15.0.6-2.el8",
+				FixedBy:       "1:17.0.16.0.8-2.el8",
 				AddedBy:       "sha256:06c7a3d491f551a56296ccb9bee8a68c83776991e73a9005e8b5ebb533002097",
 			},
 		},
@@ -4816,7 +4816,7 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda
 				NamespaceName: "rhel:8",
 				VersionFormat: "rpm",
 				Version:       "1:17.0.13.0.11-3.el8.x86_64",
-				FixedBy:       "1:17.0.15.0.6-2.el8",
+				FixedBy:       "1:17.0.16.0.8-2.el8",
 				AddedBy:       "sha256:2f7b9495af5ddc85b0be7ca9411fddb54f37999ea73b03cbf1115dd0c5bd4f95",
 			},
 		},
diff --git a/e2etests/vuln_test.go b/e2etests/vuln_test.go
index 97b44f358..a4c46785a 100644
--- a/e2etests/vuln_test.go
+++ b/e2etests/vuln_test.go
@@ -142,9 +142,11 @@ func TestStackroxVulnImages(t *testing.T) {
 			image: "quay.io/rhacs-eng/qa:rails-cve-2016-2098",
 			expectedFeatures: []feature{
 				{"rails", "4.2.5.1", []expectedVuln{
-					{name: "CVE-2016-2098"},
-					{name: "CVE-2016-6316"},
-					{name: "CVE-2016-6317"},
+					// These three vulns should exist, but NVD set these to deferred.
+					// Commenting out until they are no longer deferred.
+					// {name: "CVE-2016-2098"},
+					// {name: "CVE-2016-6316"},
+					// {name: "CVE-2016-6317"},
 					{name: "CVE-2018-16476", fixedBy: "4.2.11"},
 					{name: "CVE-2019-5418", fixedBy: "4.2.11.1"},
 					{name: "CVE-2019-5419", fixedBy: "4.2.11.1"},
@@ -178,7 +180,9 @@ func TestStackroxVulnImages(t *testing.T) {
 				},
 				},
 				{"commons_fileupload", "1.3.2", []expectedVuln{
-					{name: "CVE-2016-1000031", fixedBy: ""},
+					// This vuln should exist, but NVD set these to deferred.
+					// Commenting out until they are no longer deferred.
+					// {name: "CVE-2016-1000031", fixedBy: ""},
 				},
 				},
 				{"guava", "18.0", []expectedVuln{
@@ -211,7 +215,9 @@ func TestStackroxVulnImages(t *testing.T) {
 			image: "quay.io/rhacs-eng/qa:cassandra",
 			expectedFeatures: []feature{
 				{"logback", "1.1.3", []expectedVuln{
-					{name: "CVE-2017-5929", fixedBy: ""},
+					// This vuln should exist, but NVD set these to deferred.
+					// Commenting out until they are no longer deferred.
+					// {name: "CVE-2017-5929", fixedBy: ""},
 				},
 				},
 			},

From a1145d6ca6431a964810d81090c6b64f5d4d0f58 Mon Sep 17 00:00:00 2001
From: RTann <rtannenb@redhat.com>
Date: Fri, 25 Jul 2025 10:05:15 -0700
Subject: [PATCH 2/3] move to unexpected

---
 e2etests/vuln_test.go | 41 ++++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/e2etests/vuln_test.go b/e2etests/vuln_test.go
index a4c46785a..05c6ffec5 100644
--- a/e2etests/vuln_test.go
+++ b/e2etests/vuln_test.go
@@ -142,11 +142,6 @@ func TestStackroxVulnImages(t *testing.T) {
 			image: "quay.io/rhacs-eng/qa:rails-cve-2016-2098",
 			expectedFeatures: []feature{
 				{"rails", "4.2.5.1", []expectedVuln{
-					// These three vulns should exist, but NVD set these to deferred.
-					// Commenting out until they are no longer deferred.
-					// {name: "CVE-2016-2098"},
-					// {name: "CVE-2016-6316"},
-					// {name: "CVE-2016-6317"},
 					{name: "CVE-2018-16476", fixedBy: "4.2.11"},
 					{name: "CVE-2019-5418", fixedBy: "4.2.11.1"},
 					{name: "CVE-2019-5419", fixedBy: "4.2.11.1"},
@@ -154,6 +149,16 @@ func TestStackroxVulnImages(t *testing.T) {
 				},
 				},
 			},
+			unexpectedVulns: []feature{
+				{"rails", "4.2.5.1", []expectedVuln{
+					// These three vulns should exist, but NVD set these to deferred.
+					// Placing them here until they are no longer deferred.
+					{name: "CVE-2016-2098"},
+					{name: "CVE-2016-6316"},
+					{name: "CVE-2016-6317"},
+				},
+				},
+			},
 		},
 		{
 			// docker.io/1and1internet/ubuntu-16-customerssh:latest
@@ -179,12 +184,6 @@ func TestStackroxVulnImages(t *testing.T) {
 					{name: "CVE-2019-10086", fixedBy: ""},
 				},
 				},
-				{"commons_fileupload", "1.3.2", []expectedVuln{
-					// This vuln should exist, but NVD set these to deferred.
-					// Commenting out until they are no longer deferred.
-					// {name: "CVE-2016-1000031", fixedBy: ""},
-				},
-				},
 				{"guava", "18.0", []expectedVuln{
 					{name: "CVE-2018-10237", fixedBy: "24.1.1"},
 				},
@@ -198,6 +197,12 @@ func TestStackroxVulnImages(t *testing.T) {
 					{name: "CVE-2015-2512"},
 				},
 				},
+				{"commons_fileupload", "1.3.2", []expectedVuln{
+					// This vuln should exist, but NVD set it to deferred.
+					// Placing it here until they are no longer deferred.
+					{name: "CVE-2016-1000031", fixedBy: ""},
+				},
+				},
 			},
 		},
 		{
@@ -213,19 +218,17 @@ func TestStackroxVulnImages(t *testing.T) {
 		{
 			// docker.io/library/cassandra:latest
 			image: "quay.io/rhacs-eng/qa:cassandra",
-			expectedFeatures: []feature{
-				{"logback", "1.1.3", []expectedVuln{
-					// This vuln should exist, but NVD set these to deferred.
-					// Commenting out until they are no longer deferred.
-					// {name: "CVE-2017-5929", fixedBy: ""},
-				},
-				},
-			},
 			unexpectedVulns: []feature{
 				{"slingshot", "0.10.3", []expectedVuln{
 					{name: "CVE-2015-5711"},
 				},
 				},
+				{"logback", "1.1.3", []expectedVuln{
+					// This vuln should exist, but NVD set it to deferred.
+					// Placing it here until they are no longer deferred.
+					{name: "CVE-2017-5929", fixedBy: ""},
+				},
+				},
 			},
 		},
 		{

From 3eae91928290a8ce170011e9fcd16b2704380087 Mon Sep 17 00:00:00 2001
From: RTann <rtannenb@redhat.com>
Date: Tue, 29 Jul 2025 09:51:01 -0700
Subject: [PATCH 3/3] update DB timeout

---
 cmd/clair/main.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/clair/main.go b/cmd/clair/main.go
index 58cf533bd..edc252d50 100644
--- a/cmd/clair/main.go
+++ b/cmd/clair/main.go
@@ -113,7 +113,8 @@ func Boot(config *Config, slimMode bool) {
 	go func() {
 		defer wg.Add(-1)
 		var err error
-		db, err = database.OpenWithRetries(config.Database, true, 30, 10*time.Second)
+		// Wait for the DB to be ready: 10 minutes.
+		db, err = database.OpenWithRetries(config.Database, true, 60, 10*time.Second)
 		if err != nil {
 			log.WithError(err).Fatal("Failed to open database despite multiple retries...")
 		}