test: update integration tests for alpine

Signed-off-by: Alfredo Deza <adeza@anchore.com>

test/integration/db_mock_test.go

@@ -14,6 +14,25 @@ type mockStore struct {
 func NewMockDbStore() *mockStore {
 	return &mockStore{
 		backend: map[string]map[string][]v1.Vulnerability{
+			"nvd": {
+				"libvncserver": []v1.Vulnerability{
+					{
+						ID:                "CVE-alpine-libvncserver",
+						VersionConstraint: "< 0.9.10",
+						VersionFormat:     "unknown",
+						CPEs:              []string{"cpe:2.3:a:lib_vnc_project-(server):libvncserver:*:*:*:*:*:*:*:*"},
+					},
+				},
+			},
+			"alpine:3.12": {
+				"libvncserver": []v1.Vulnerability{
+					{
+						ID:                "CVE-alpine-libvncserver",
+						VersionConstraint: "< 0.9.10",
+						VersionFormat:     "unknown",
+					},
+				},
+			},
 			"github:npm": {
 				"validator": []v1.Vulnerability{
 					{

test/integration/match_coverage_test.go

@@ -26,6 +26,29 @@ func getPackagesByPath(t *testing.T, theScope scope.Scope, catalog *pkg.Catalog,
 	return catalog.PackagesByFile(refs[0])
 }
 
+func addAlpineMatches(t *testing.T, theScope scope.Scope, catalog *pkg.Catalog, theStore *mockStore, theResult *result.Result) {
+	packages := getPackagesByPath(t, theScope, catalog, "/lib/apk/db/installed")
+	if len(packages) != 1 {
+		t.Logf("Alpine Packages: %+v", packages)
+		t.Fatalf("problem with upstream syft cataloger (alpine)")
+	}
+	thePkg := packages[0]
+	theVuln := theStore.backend["alpine:3.12"][thePkg.Name][0]
+	vulnObj, err := vulnerability.NewVulnerability(theVuln)
+	if err != nil {
+		t.Fatalf("failed to create vuln obj: %+v", err)
+	}
+	theResult.Add(thePkg, match.Match{
+		Type:            match.FuzzyMatch,
+		Confidence:      1.0,
+		Vulnerability:   *vulnObj,
+		Package:         thePkg,
+		SearchKey:       "cpe[cpe:2.3:*:*:libvncserver:0.9.9:*:*:*:*:*:*:*] constraint[< 0.9.10 (unknown)]",
+		IndirectPackage: nil,
+		Matcher:         match.ApkMatcher,
+	})
+}
+
 func addJavascriptMatches(t *testing.T, theScope scope.Scope, catalog *pkg.Catalog, theStore *mockStore, theResult *result.Result) {
 	packages := getPackagesByPath(t, theScope, catalog, "/javascript/pkg-lock/package-lock.json")
 	if len(packages) != 1 {
@@ -204,6 +227,14 @@ func TestPkgCoverageImage(t *testing.T) {
 				return expectedResults
 			},
 		},
+		{
+			fixtureImage: "image-alpine-match-coverage",
+			expectedFn: func(theScope scope.Scope, catalog *pkg.Catalog, theStore *mockStore) result.Result {
+				expectedResults := result.NewResult()
+				addAlpineMatches(t, theScope, catalog, theStore, &expectedResults)
+				return expectedResults
+			},
+		},
 	}
 
 	for _, test := range tests {

test/integration/test-fixtures/image-alpine-match-coverage/Dockerfile

@@ -0,0 +1,2 @@
+FROM scratch
+COPY . .

test/integration/test-fixtures/image-alpine-match-coverage/etc/os-release

@@ -0,0 +1,6 @@
+NAME="Alpine Linux"
+ID=alpine
+VERSION_ID=3.12.0
+PRETTY_NAME="Alpine Linux v3.12"
+HOME_URL="https://alpinelinux.org/"
+BUG_REPORT_URL="https://bugs.alpinelinux.org/"

test/integration/test-fixtures/image-alpine-match-coverage/lib/apk/db/installed

@@ -0,0 +1,29 @@
+C:Q1z0MwWQKfva+S+q7XmOBYFfQgW/k=
+P:libvncserver
+V:0.9.9
+A:x86_64
+S:166239
+I:389120
+T:Library to make writing a vnc server easy
+U:http://libvncserver.sourceforge.net/
+L:GPL-2.0-or-later
+o:libvncserver
+m:A. Wilcox <awilfox@adelielinux.org>
+t:1572818861
+c:bf1ec813f662f128fc6b70f37ef1c0474bb24488
+D:so:libc.musl-x86_64.so.1 so:libgcrypt.so.20 so:libgnutls.so.30 so:libjpeg.so.8 so:libpng16.so.16 so:libz.so.1
+p:so:libvncclient.so.1=1.0.0 so:libvncserver.so.1=1.0.0
+F:usr
+F:usr/lib
+R:libvncclient.so.1
+a:0:0:777
+Z:Q1quyp/JcSPFQhtQFjMUYdMwRvAWM=
+R:libvncserver.so.1.0.0
+a:0:0:755
+Z:Q16Pd1AqyqQRMwiFfbUt9XkYnkapw=
+R:libvncserver.so.1
+a:0:0:777
+Z:Q184HrHsxEBqnsH4QNxeU5w8alhKI=
+R:libvncclient.so.1.0.0
+a:0:0:755
+Z:Q1IEjCrEwVlQt2GjIsb3o39vcgqMg=