From 4573a003ee7867ee71aa4104322386c216abb4ef Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Mon, 21 Aug 2023 15:08:40 +0100 Subject: [PATCH] chore: add rust auditable binary match integration test Signed-off-by: Weston Steimel --- grype/db/v5/namespace/index_test.go | 6 +++ .../v5/namespace/language/namespace_test.go | 4 ++ test/grype-test-config.yaml | 1 + test/integration/db_mock_test.go | 16 ++++++ test/integration/match_by_image_test.go | 51 +++++++++++++++++-- .../Dockerfile | 2 + 6 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 test/integration/test-fixtures/image-rust-auditable-match-coverage/Dockerfile diff --git a/grype/db/v5/namespace/index_test.go b/grype/db/v5/namespace/index_test.go index 64ce00c4a79..cac7b68aa87 100644 --- a/grype/db/v5/namespace/index_test.go +++ b/grype/db/v5/namespace/index_test.go @@ -30,6 +30,8 @@ func TestFromStringSlice(t *testing.T) { "nvd:cpe", "github:language:ruby", "abc.xyz:language:ruby", + "github:language:rust", + "something:language:rust", "1234.4567:language:unknown", "---:cpe", "another-provider:distro:alpine:3.15", @@ -44,6 +46,10 @@ func TestFromStringSlice(t *testing.T) { language.NewNamespace("github", syftPkg.Ruby, ""), language.NewNamespace("abc.xyz", syftPkg.Ruby, ""), }, + syftPkg.Rust: { + language.NewNamespace("github", syftPkg.Rust, ""), + language.NewNamespace("something", syftPkg.Rust, ""), + }, syftPkg.Language("unknown"): { language.NewNamespace("1234.4567", syftPkg.Language("unknown"), ""), }, diff --git a/grype/db/v5/namespace/language/namespace_test.go b/grype/db/v5/namespace/language/namespace_test.go index 35cd74241b7..faad7bd5d12 100644 --- a/grype/db/v5/namespace/language/namespace_test.go +++ b/grype/db/v5/namespace/language/namespace_test.go @@ -25,6 +25,10 @@ func TestFromString(t *testing.T) { namespaceString: "github:language:java", result: NewNamespace("github", syftPkg.Java, ""), }, + { + namespaceString: "github:language:rust", + result: NewNamespace("github", syftPkg.Rust, ""), + }, { namespaceString: "abc.xyz:language:something", result: NewNamespace("abc.xyz", syftPkg.Language("something"), ""), diff --git a/test/grype-test-config.yaml b/test/grype-test-config.yaml index 4b4d63bf0f0..21b7d303846 100644 --- a/test/grype-test-config.yaml +++ b/test/grype-test-config.yaml @@ -1 +1,2 @@ check-for-app-update: false + diff --git a/test/integration/db_mock_test.go b/test/integration/db_mock_test.go index 716d8202950..c24596846c8 100644 --- a/test/integration/db_mock_test.go +++ b/test/integration/db_mock_test.go @@ -161,6 +161,22 @@ func newMockDbStore() *mockStore { }, }, }, + "github:language:rust": { + "hello-auditable": []grypeDB.Vulnerability{ + { + ID: "CVE-rust-sample-1", + VersionConstraint: "< 0.2.0", + VersionFormat: "unknown", + }, + }, + "auditable": []grypeDB.Vulnerability{ + { + ID: "CVE-rust-sample-2", + VersionConstraint: "< 0.2.0", + VersionFormat: "unknown", + }, + }, + }, "debian:distro:debian:8": { "apt-dev": []grypeDB.Vulnerability{ { diff --git a/test/integration/match_by_image_test.go b/test/integration/match_by_image_test.go index b10e3e3c233..ca8bd345940 100644 --- a/test/integration/match_by_image_test.go +++ b/test/integration/match_by_image_test.go @@ -9,7 +9,6 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" - "github.com/anchore/grype/grype" "github.com/anchore/grype/grype/db" "github.com/anchore/grype/grype/match" "github.com/anchore/grype/grype/matcher" @@ -537,6 +536,45 @@ func addHaskellMatches(t *testing.T, theSource source.Source, catalog *syftPkg.C }) } +func addRustMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Collection, theStore *mockStore, theResult *match.Matches) { + packages := catalog.PackagesByPath("/hello-auditable") + if len(packages) < 1 { + t.Logf("Rust Packages: %+v", packages) + t.Fatalf("problem with upstream syft cataloger (cargo-auditable-binary-cataloger)") + } + + for _, p := range packages { + thePkg := pkg.New(p) + theVuln := theStore.backend["github:language:rust"][strings.ToLower(thePkg.Name)][0] + vulnObj, err := vulnerability.NewVulnerability(theVuln) + require.NoError(t, err) + + theResult.Add(match.Match{ + Vulnerability: *vulnObj, + Package: thePkg, + Details: []match.Detail{ + { + Type: match.ExactDirectMatch, + Confidence: 1.0, + SearchedBy: map[string]any{ + "language": "rust", + "namespace": "github:language:rust", + "package": map[string]string{ + "name": thePkg.Name, + "version": thePkg.Version, + }, + }, + Found: map[string]any{ + "versionConstraint": vulnObj.Constraint.String(), + "vulnerabilityID": vulnObj.ID, + }, + Matcher: match.RustMatcher, + }, + }, + }) + } +} + func TestMatchByImage(t *testing.T) { observedMatchers := stringutil.NewStringSet() definedMatchers := stringutil.NewStringSet() @@ -595,6 +633,14 @@ func TestMatchByImage(t *testing.T) { return expectedMatches }, }, + { + fixtureImage: "image-rust-auditable-match-coverage", + expectedFn: func(theSource source.Source, catalog *syftPkg.Collection, theStore *mockStore) match.Matches { + expectedMatches := match.NewMatches() + addRustMatches(t, theSource, catalog, theStore, &expectedMatches) + return expectedMatches + }, + }, } for _, test := range tests { @@ -638,8 +684,7 @@ func TestMatchByImage(t *testing.T) { ExclusionProvider: ep, } - actualResults := grype.FindVulnerabilitiesForPackage(str, theDistro, matchers, pkg.FromCollection(collection, pkg.SynthesisConfig{})) - + actualResults := matcher.FindMatches(str, theDistro, matchers, pkg.FromCollection(collection, pkg.SynthesisConfig{})) for _, m := range actualResults.Sorted() { for _, d := range m.Details { observedMatchers.Add(string(d.Matcher)) diff --git a/test/integration/test-fixtures/image-rust-auditable-match-coverage/Dockerfile b/test/integration/test-fixtures/image-rust-auditable-match-coverage/Dockerfile new file mode 100644 index 00000000000..ac01990fce0 --- /dev/null +++ b/test/integration/test-fixtures/image-rust-auditable-match-coverage/Dockerfile @@ -0,0 +1,2 @@ +# An image containing the example hello-auditable binary from https://github.com/Shnatsel/rust-audit/tree/master/hello-auditable +FROM docker.io/tofay/hello-rust-auditable:latest \ No newline at end of file