Update grype-db dependency, add some SLES tests (#413)

* Update grype-db dependency, add some SLES tests

Signed-off-by: Dan Palmer <dan.palmer@anchore.com>
This commit is contained in:
Dan Palmer 2021-09-14 15:08:32 -04:00 committed by GitHub
parent c272d8019e
commit 83c6ee23a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 146 additions and 17 deletions

2
go.mod
View file

@ -7,7 +7,7 @@ require (
github.com/adrg/xdg v0.2.1
github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
github.com/anchore/grype-db v0.0.0-20210809130557-72ff1b90af67
github.com/anchore/grype-db v0.0.0-20210913215030-fe28197b36f1
github.com/anchore/stereoscope v0.0.0-20210817160504-0f4abc2a5a5a
github.com/anchore/syft v0.23.0
github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible

4
go.sum
View file

@ -125,8 +125,8 @@ github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 h1:rmZG77uXgE
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/grype v0.14.1-0.20210702143224-05ade7bbbf70/go.mod h1:yPh9WHflzInB/INwPrDs2wLKmRsa8owAuojmv4K8H6I=
github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927/go.mod h1:XSlPf1awNrMpah+rHbWrzgUvnmWLgn/KkdicxERVClg=
github.com/anchore/grype-db v0.0.0-20210809130557-72ff1b90af67 h1:JyK6DKtAWQ11jzzrvSe91gY07BW4I//IJQVdj5JKeIk=
github.com/anchore/grype-db v0.0.0-20210809130557-72ff1b90af67/go.mod h1:Hx1keM12D75ZDD3kYVcSqBSg1NRSPtsF0bfWOdXa4E0=
github.com/anchore/grype-db v0.0.0-20210913215030-fe28197b36f1 h1:Jr7IuHtpd2mIktOzhcr014boySty6AzVwp+pJF6Iet0=
github.com/anchore/grype-db v0.0.0-20210913215030-fe28197b36f1/go.mod h1:GniMuMokZ2iAX67Qrd5fJW7BstX8a+4U48LyypGC2g0=
github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
github.com/anchore/stereoscope v0.0.0-20210817160504-0f4abc2a5a5a h1:RQb+Gft1MKxjDfJCnHP/f1mwfy0Jz50Kp9QGgSWKQiY=

View file

@ -35,21 +35,14 @@ func (pr *mockDistroProvider) stub() {
Namespace: "debian:8",
},
},
// indirect...
"neutron-devel": {
// expected...
}
pr.data["sles:12.5"] = map[string][]vulnerability.Vulnerability{
// direct...
"sles_test_package": {
{
Constraint: version.MustGetConstraint("< 2014.1.4-5", version.DebFormat),
ID: "CVE-2014-fake-2",
},
{
Constraint: version.MustGetConstraint("< 2015.0.0-1", version.DebFormat),
ID: "CVE-2013-fake-3",
},
// unexpected...
{
Constraint: version.MustGetConstraint("< 2014.0.4-1", version.DebFormat),
ID: "CVE-2013-fake-BAD",
Constraint: version.MustGetConstraint("< 2014.1.5-6", version.RpmFormat),
ID: "CVE-2014-fake-4",
Namespace: "sles:12.5",
},
},
}
@ -109,3 +102,54 @@ func TestFindMatchesByPackageDistro(t *testing.T) {
assert.NoError(t, err)
assertMatchesUsingIDsForVulnerabilities(t, expected, actual)
}
func TestFindMatchesByPackageDistroSles(t *testing.T) {
p := pkg.Package{
Name: "sles_test_package",
Version: "2014.1.3-6",
Type: syftPkg.RpmPkg,
Metadata: pkg.DpkgMetadata{
Source: "sles_test_package",
},
}
d, err := distro.NewDistro(distro.SLES, "12.5", "")
if err != nil {
t.Fatal("could not create distro: ", err)
}
expected := []match.Match{
{
Type: match.ExactDirectMatch,
Vulnerability: vulnerability.Vulnerability{
ID: "CVE-2014-fake-4",
},
Package: p,
MatchDetails: []match.Details{
{
Confidence: 1,
SearchedBy: map[string]interface{}{
"distro": map[string]string{
"type": "sles",
"version": "12.5",
},
"package": map[string]string{
"name": "sles_test_package",
"version": "2014.1.3-6",
},
"namespace": "sles:12.5",
},
Found: map[string]interface{}{
"versionConstraint": "< 2014.1.5-6 (rpm)",
},
Matcher: match.PythonMatcher,
},
},
},
}
store := newMockProviderByDistro()
actual, err := FindMatchesByPackageDistro(store, &d, p, match.PythonMatcher)
assert.NoError(t, err)
assertMatchesUsingIDsForVulnerabilities(t, expected, actual)
}

View file

@ -96,6 +96,15 @@ func newMockDbStore() *mockStore {
},
},
},
"sles:12.5": {
"dive": []grypeDB.Vulnerability{
{
ID: "CVE-rpmdb-dive",
VersionConstraint: "<= 1.0.42",
VersionFormat: "rpm",
},
},
},
},
}
}

View file

@ -253,6 +253,40 @@ func addRhelMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Cata
})
}
func addSlesMatches(t *testing.T, theSource source.Source, catalog *syftPkg.Catalog, theStore *mockStore, theResult *match.Matches) {
packages := catalog.PackagesByPath("/var/lib/rpm/Packages")
if len(packages) != 1 {
t.Logf("Sles Packages: %+v", packages)
t.Fatalf("problem with upstream syft cataloger (RPMDB)")
}
thePkg := pkg.New(packages[0])
theVuln := theStore.backend["rhel:8"][thePkg.Name][0]
vulnObj, err := vulnerability.NewVulnerability(theVuln)
if err != nil {
t.Fatalf("failed to create vuln obj: %+v", err)
}
theResult.Add(thePkg, match.Match{
Type: match.ExactDirectMatch,
Vulnerability: *vulnObj,
Package: thePkg,
MatchDetails: []match.Details{
{
Confidence: 1.0,
SearchedBy: map[string]interface{}{
"distro": map[string]string{
"type": "sles",
"version": "12.5",
},
},
Found: map[string]interface{}{
"constraint": "<= 1.0.42 (rpm)",
},
Matcher: match.RpmDBMatcher,
},
},
})
}
func TestMatchByImage(t *testing.T) {
observedMatchers := internal.NewStringSet()
@ -293,6 +327,14 @@ func TestMatchByImage(t *testing.T) {
return expectedMatches
},
},
{
fixtureImage: "image-sles-match-coverage",
expectedFn: func(theSource source.Source, catalog *syftPkg.Catalog, theStore *mockStore) match.Matches {
expectedMatches := match.NewMatches()
addSlesMatches(t, theSource, catalog, theStore, &expectedMatches)
return expectedMatches
},
},
}
for _, test := range tests {

View file

@ -0,0 +1,2 @@
FROM scratch
COPY . .

View file

@ -0,0 +1,9 @@
NAME="SLES"
VERSION="12-SP5"
VERSION_ID="12.5"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP5"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp5"
DOCUMENTATION_URL="https://documentation.suse.com/"

View file

@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -eux
docker create --name generate-rpmdb-fixture sles12sp5:latest sh -c 'tail -f /dev/null'
function cleanup {
docker kill generate-rpmdb-fixture
docker rm generate-rpmdb-fixture
}
trap cleanup EXIT
docker start generate-rpmdb-fixture
docker exec -i --tty=false generate-rpmdb-fixture bash <<-EOF
mkdir -p /scratch
cd /scratch
rpm --initdb --dbpath /scratch
curl -sSLO https://github.com/wagoodman/dive/releases/download/v0.9.2/dive_0.9.2_linux_amd64.rpm
rpm --dbpath /scratch -ivh dive_0.9.2_linux_amd64.rpm
rm dive_0.9.2_linux_amd64.rpm
rpm --dbpath /scratch -qa
EOF
docker cp generate-rpmdb-fixture:/scratch/Packages .