From 060f039a7122e56fa931f29ce0e5bc3d86efffd9 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Fri, 30 Jun 2023 09:12:25 +0600 Subject: [PATCH 1/2] add DataSource in result of Get function --- pkg/vulnsrc/redhat-oval/redhat-oval.go | 1 + pkg/vulnsrc/redhat-oval/redhat-oval_test.go | 36 +++++++++++++++++-- .../testdata/fixtures/data-source.yaml | 7 ++++ 3 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 pkg/vulnsrc/redhat-oval/testdata/fixtures/data-source.yaml diff --git a/pkg/vulnsrc/redhat-oval/redhat-oval.go b/pkg/vulnsrc/redhat-oval/redhat-oval.go index 2fb91898..b20b8a54 100644 --- a/pkg/vulnsrc/redhat-oval/redhat-oval.go +++ b/pkg/vulnsrc/redhat-oval/redhat-oval.go @@ -275,6 +275,7 @@ func (vs VulnSrc) Get(pkgName string, repositories, nvrs []string) ([]types.Advi FixedVersion: entry.FixedVersion, Arches: entry.Arches, State: entry.State, + DataSource: &v.Source, } if strings.HasPrefix(vulnID, "CVE-") { diff --git a/pkg/vulnsrc/redhat-oval/redhat-oval_test.go b/pkg/vulnsrc/redhat-oval/redhat-oval_test.go index 620eb77f..135506f5 100644 --- a/pkg/vulnsrc/redhat-oval/redhat-oval_test.go +++ b/pkg/vulnsrc/redhat-oval/redhat-oval_test.go @@ -487,7 +487,7 @@ func TestVulnSrc_Get(t *testing.T) { pkgName: "bind", repositories: []string{"rhel-8-for-x86_64-baseos-rpms"}, }, - fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml"}, + fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml", "testdata/fixtures/data-source.yaml"}, want: []types.Advisory{ { VulnerabilityID: "CVE-2017-3145", @@ -495,10 +495,20 @@ func TestVulnSrc_Get(t *testing.T) { Severity: types.SeverityHigh, FixedVersion: "32:9.9.4-29.el7_2.8", Arches: []string{"i386", "ppc64", "x86_64"}, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, { VulnerabilityID: "CVE-2020-8625", Severity: types.SeverityLow, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, }, }, @@ -508,7 +518,7 @@ func TestVulnSrc_Get(t *testing.T) { pkgName: "bind", nvrs: []string{"ubi8-init-container-8.0-7-x86_64"}, }, - fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml"}, + fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml", "testdata/fixtures/data-source.yaml"}, want: []types.Advisory{ { VulnerabilityID: "CVE-2017-3145", @@ -516,10 +526,20 @@ func TestVulnSrc_Get(t *testing.T) { Severity: types.SeverityHigh, FixedVersion: "32:9.9.4-29.el7_2.8", Arches: []string{"i386", "ppc64", "x86_64"}, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, { VulnerabilityID: "CVE-2020-8625", Severity: types.SeverityLow, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, }, }, @@ -529,7 +549,7 @@ func TestVulnSrc_Get(t *testing.T) { pkgName: "bind", nvrs: []string{"ubi8-init-container-8.0-7-x86_64"}, }, - fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml"}, + fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml", "testdata/fixtures/data-source.yaml"}, want: []types.Advisory{ { VulnerabilityID: "CVE-2017-3145", @@ -537,10 +557,20 @@ func TestVulnSrc_Get(t *testing.T) { Severity: types.SeverityHigh, FixedVersion: "32:9.9.4-29.el7_2.8", Arches: []string{"i386", "ppc64", "x86_64"}, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, { VulnerabilityID: "CVE-2020-8625", Severity: types.SeverityLow, + DataSource: &types.DataSource{ + ID: vulnerability.RedHatOVAL, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, }, }, diff --git a/pkg/vulnsrc/redhat-oval/testdata/fixtures/data-source.yaml b/pkg/vulnsrc/redhat-oval/testdata/fixtures/data-source.yaml new file mode 100644 index 00000000..2e4112b0 --- /dev/null +++ b/pkg/vulnsrc/redhat-oval/testdata/fixtures/data-source.yaml @@ -0,0 +1,7 @@ +- bucket: data-source + pairs: + - key: Red Hat + value: + ID: "redhat-oval" + Name: "Red Hat OVAL v2" + URL: "https://www.redhat.com/security/data/oval/v2/" \ No newline at end of file From 3b8ed7d413cd0533386f915944f9bb46ab7dc43c Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Fri, 30 Jun 2023 09:13:01 +0600 Subject: [PATCH 2/2] remove duplicate test --- pkg/vulnsrc/redhat-oval/redhat-oval_test.go | 31 --------------------- 1 file changed, 31 deletions(-) diff --git a/pkg/vulnsrc/redhat-oval/redhat-oval_test.go b/pkg/vulnsrc/redhat-oval/redhat-oval_test.go index 135506f5..2a3ca2a1 100644 --- a/pkg/vulnsrc/redhat-oval/redhat-oval_test.go +++ b/pkg/vulnsrc/redhat-oval/redhat-oval_test.go @@ -543,37 +543,6 @@ func TestVulnSrc_Get(t *testing.T) { }, }, }, - { - name: "nvr", - args: args{ - pkgName: "bind", - nvrs: []string{"ubi8-init-container-8.0-7-x86_64"}, - }, - fixtures: []string{"testdata/fixtures/happy.yaml", "testdata/fixtures/cpe.yaml", "testdata/fixtures/data-source.yaml"}, - want: []types.Advisory{ - { - VulnerabilityID: "CVE-2017-3145", - VendorIDs: []string{"RHSA-2018:0488"}, - Severity: types.SeverityHigh, - FixedVersion: "32:9.9.4-29.el7_2.8", - Arches: []string{"i386", "ppc64", "x86_64"}, - DataSource: &types.DataSource{ - ID: vulnerability.RedHatOVAL, - Name: "Red Hat OVAL v2", - URL: "https://www.redhat.com/security/data/oval/v2/", - }, - }, - { - VulnerabilityID: "CVE-2020-8625", - Severity: types.SeverityLow, - DataSource: &types.DataSource{ - ID: vulnerability.RedHatOVAL, - Name: "Red Hat OVAL v2", - URL: "https://www.redhat.com/security/data/oval/v2/", - }, - }, - }, - }, { name: "no CPE match", args: args{