def test_multifix_vulnerability(
vulnerability_with_multifix,
vulnerable_semver_pkg1,
vulnerable_semver_pkg2,
monkeypatch_distros,
):
"""
Test matches against multiple semver range fixed artifacts (e.g. like a GHSA record)
:return:
"""
f = vulnerability_with_multifix.fixed_in[0]
f2 = vulnerability_with_multifix.fixed_in[1]
logger.info("Testing package %s", vulnerable_semver_pkg1)
logger.info("Testing vuln %s", f)
assert isinstance(f, FixedArtifact)
assert f.match_but_not_fixed(vulnerable_semver_pkg1)
assert not f.match_but_not_fixed(vulnerable_semver_pkg2)
t = ImagePackageVulnerability()
t.package = vulnerable_semver_pkg1
t.vulnerability = vulnerability_with_multifix
assert t.fixed_artifact() == f
assert t.fixed_in() == "1.1.2"
logger.info("Testing package %s", vulnerable_semver_pkg2)
logger.info("Testing vuln %s", f2)
assert isinstance(f2, FixedArtifact)
assert not f2.match_but_not_fixed(vulnerable_semver_pkg1)
assert f2.match_but_not_fixed(vulnerable_semver_pkg2)
t = ImagePackageVulnerability()
t.package = vulnerable_semver_pkg2
t.vulnerability = vulnerability_with_multifix
assert t.fixed_artifact() == f2
assert t.fixed_in() == "2.2.2"
# Unset the fix version
f2.fix_metadata = {}
logger.info("Testing vuln with fix removed %s", f2)
assert isinstance(f2, FixedArtifact)
assert not f2.match_but_not_fixed(vulnerable_semver_pkg1)
assert f2.match_but_not_fixed(vulnerable_semver_pkg2)
t = ImagePackageVulnerability()
t.package = vulnerable_semver_pkg2
t.vulnerability = vulnerability_with_multifix
assert t.fixed_artifact() == f2
assert t.fixed_in() is None
def test_notfixed_match(vulnerability_with_nofix, vulnerable_pkg1,
monkeypatch_distros):
"""
Test matches against fixed artifacts
:return:
"""
f = vulnerability_with_nofix.fixed_in[0]
logger.info("Testing package %s", vulnerable_pkg1)
logger.info("Testing vuln %s", f)
assert isinstance(f, FixedArtifact)
assert f.match_but_not_fixed(vulnerable_pkg1)
pkg_vuln = ImagePackageVulnerability()
pkg_vuln.package = vulnerable_pkg1
pkg_vuln.vulnerability = vulnerability_with_nofix
pkg_vuln.pkg_type = vulnerable_pkg1.name
pkg_vuln.pkg_version = vulnerable_pkg1.version
pkg_vuln.pkg_image_id = vulnerable_pkg1.image_id
pkg_vuln.pkg_user_id = vulnerable_pkg1.image_user_id
pkg_vuln.pkg_name = vulnerable_pkg1.name
pkg_vuln.pkg_arch = vulnerable_pkg1.arch
pkg_vuln.vulnerability_id = vulnerability_with_nofix.id
pkg_vuln.vulnerability_namespace_name = vulnerability_with_nofix.namespace_name
assert pkg_vuln.fixed_in() is None
def test_fixed_and_vulnerable(vulnerability_with_both, vulnerable_pkg1,
nonvulnerable_pkg1, monkeypatch_distros):
"""
Test both fixed and vulnerable matches
:return:
"""
f = vulnerability_with_both.fixed_in[0]
v = vulnerability_with_both.vulnerable_in[0]
logger.info("Testing package %s", vulnerable_pkg1)
logger.info("Testing vuln %s", f)
assert isinstance(v, VulnerableArtifact)
assert v.match_and_vulnerable(vulnerable_pkg1)
assert not v.match_and_vulnerable(nonvulnerable_pkg1)
pkg_vuln = ImagePackageVulnerability()
pkg_vuln.package = vulnerable_pkg1
pkg_vuln.vulnerability = vulnerability_with_both
pkg_vuln.pkg_type = vulnerable_pkg1.name
pkg_vuln.pkg_version = vulnerable_pkg1.version
pkg_vuln.pkg_image_id = vulnerable_pkg1.image_id
pkg_vuln.pkg_user_id = vulnerable_pkg1.image_user_id
pkg_vuln.pkg_name = vulnerable_pkg1.name
pkg_vuln.pkg_arch = vulnerable_pkg1.arch
pkg_vuln.vulnerability_id = vulnerability_with_both.id
pkg_vuln.vulnerability_namespace_name = vulnerability_with_both.namespace_name
assert pkg_vuln.fixed_in() == "0:1.1.el8"
def test_vulnerable_in(vulnerability_with_vulnartifact, vulnerable_pkg1, nonvulnerable_pkg1, monkeypatch_distros):
"""
Test vulnerable in matches
:return:
"""
f = vulnerability_with_vulnartifact.vulnerable_in[0]
logger.info('Testing package %s', vulnerable_pkg1)
logger.info('Testing vuln %s', f)
assert isinstance(f, VulnerableArtifact)
assert f.match_and_vulnerable(vulnerable_pkg1)
assert not f.match_and_vulnerable(nonvulnerable_pkg1)
f = vulnerability_with_vulnartifact.vulnerable_in[1]
logger.info('Testing package %s', vulnerable_pkg1)
logger.info('Testing vuln %s', f)
assert isinstance(f, VulnerableArtifact)
assert not f.match_and_vulnerable(vulnerable_pkg1) # Both not vuln now, this entry is for 0.9.x
assert not f.match_and_vulnerable(nonvulnerable_pkg1)
pkg_vuln = ImagePackageVulnerability()
pkg_vuln.package = vulnerable_pkg1
pkg_vuln.vulnerability = vulnerability_with_vulnartifact
pkg_vuln.pkg_type = vulnerable_pkg1.name
pkg_vuln.pkg_version = vulnerable_pkg1.version
pkg_vuln.pkg_image_id = vulnerable_pkg1.image_id
pkg_vuln.pkg_user_id = vulnerable_pkg1.image_user_id
pkg_vuln.pkg_name = vulnerable_pkg1.name
pkg_vuln.pkg_arch = vulnerable_pkg1.arch
pkg_vuln.vulnerability_id = vulnerability_with_vulnartifact.id
pkg_vuln.vulnerability_namespace_name = vulnerability_with_vulnartifact.namespace_name
assert pkg_vuln.fixed_in() == None