integration tests for corner case

Signed-off-by: Alfredo Deza <adeza@anchore.com>
2024-11-10 06:34:13 +00:00 · 2020-08-04 11:52:26 -04:00 · 2020-08-04 11:52:26 -04:00 · a9bf268abc
commit a9bf268abc
parent cff46b8443
3 changed files with 39 additions and 7 deletions
--- a/grype/vulnerability/namespace.go
+++ b/grype/vulnerability/namespace.go
@ -43,6 +43,10 @@ func distroNamespace(d distro.Distro) string {
 		distroStr = "amzn"
 	case distro.OracleLinux:
 		distroStr = "ol"
+	case distro.Alpine:
+		// XXX this assumes that a major and minor versions will always exist in Segments
+		segments := d.Version.Segments()
+		return fmt.Sprintf("%s:%d.%d", d.Type.String(), segments[0], segments[1])
 	default:
 		distroStr = d.Type.String()
 	}
--- a/grype/vulnerability/namespace_test.go
+++ b/grype/vulnerability/namespace_test.go
@ -32,7 +32,7 @@ func TestDistroNamespace_AllDistros(t *testing.T) {
 		{
 			dist:     distro.Alpine,
 			version:  "1.3.1",
-			expected: "alpine:1.3.1",
+			expected: "alpine:1.3",
 		},
 		{
 			dist:     distro.Debian,
--- a/test/integration/corner_cases_test.go
+++ b/test/integration/corner_cases_test.go
@ -1,11 +1,11 @@
 package integration

 import (
-	"fmt"
 	"testing"

 	v1 "github.com/anchore/grype-db/pkg/db/v1"
 	"github.com/anchore/grype/grype"
+	"github.com/anchore/grype/grype/match"
 	"github.com/anchore/grype/grype/vulnerability"
 	"github.com/anchore/syft/syft/scope"
 )
@ -17,8 +17,24 @@ func TestApkNoVersion(t *testing.T) {
 				"libvncserver": []v1.Vulnerability{
 					{
 						ID:                "CVE-2010-5304",
-						VersionConstraint: "< 0.9.9",
+						VersionConstraint: "<= 0.9.9",
 						VersionFormat:     "unknown",
+						CPEs:              []string{"cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*"},
+					},
+					{
+						ID:                "CVE-2010-5305",
+						VersionConstraint: "<= 0.9.8",
+						VersionFormat:     "unknown",
+						CPEs:              []string{"cpe:2.3:a:libvncserver:libvncserver:*:*:*:*:*:*:*:*"},
+					},
+				},
+			},
+			"alpine:3.12": {
+				"libvncserver": []v1.Vulnerability{
+					{
+						ID:                "CVE-2010-5304",
+						VersionConstraint: "0.9.9",
+						VersionFormat:     "apk",
 					},
 				},
 			},
@ -27,17 +43,29 @@ func TestApkNoVersion(t *testing.T) {

 	results, _, _, err := grype.FindVulnerabilities(
 		vulnerability.NewProviderFromStore(&store),
-		"dir://test-fixtures/corner-cases/apk",
+		"dir://test-fixtures/corner-cases/apk/vnc",
 		scope.AllLayersScope,
 	)
 	if err != nil {
 		t.Fatalf("failed to find vulnerabilities: %+v", err)
 	}
-
+	vulnerabilities := make([]match.Match, 0)
 	for result := range results.Enumerate() {
-		fmt.Printf("%v\n", result)
+		// would it be useful to have a results.Count() method? this seems too much extra work
+		vulnerabilities = append(vulnerabilities, result)
 	}
-	if len(results.Enumerate()) != 1 {
+	if len(vulnerabilities) != 1 {
 		t.Errorf("vulnerability count does not match '%d' != '%d'", len(results.Enumerate()), 1)
 	}
+
+	actual := vulnerabilities[0]
+	expectedSearchKey := "cpe[cpe:2.3:*:libvncserver:libvncserver:0.9.9-r3:*:*:*:*:*:*:*] constraint[< 0.9.9 (unknown)]"
+
+	if actual.SearchKey != expectedSearchKey {
+		t.Errorf("unexpected Searchkey: '%s' != '%s'", actual.SearchKey, expectedSearchKey)
+	}
+
+	if actual.Package.Name != "libvncserver" {
+		t.Errorf("expected libvncserver Package, but got: %s", actual.Package.Name)
+	}
 }