def mock_get_packages_by_type(type):
return [
ImagePackage(
image_id=image_id,
image_user_id=user,
pkg_type="npm",
name="yarn",
version="1.22.10",
),
ImagePackage(
image_id=image_id,
image_user_id=user,
pkg_type="npm",
name="jsonparse",
version="1.1.0",
),
ImagePackage(
image_id=image_id,
image_user_id=user,
pkg_type="npm",
name="ini",
version="1.0.0",
),
ImagePackage(
image_id=image_id,
image_user_id=user,
pkg_type="npm",
name="unofficial-test",
version="1.3.1",
),
]
def mock_get_packages_by_type(type):
return [
# latest and offical
ImagePackage(
image_id=image_id,
image_user_id=user,
name="rails",
version="6.0.3.4",
pkg_type="gem",
),
# official but not latest
ImagePackage(
image_id=image_id,
image_user_id=user,
name="nokogiri",
version="1.0.5",
pkg_type="gem",
),
# not latest nor official
ImagePackage(
image_id=image_id,
image_user_id=user,
name="builder",
version="3.3.rc1",
pkg_type="gem",
),
# not in feed
ImagePackage(
image_id=image_id,
image_user_id=user,
name="unoffical_test",
version="3.0",
pkg_type="gem",
),
]
def packages():
return [
ImagePackage(
image_id=image_id,
image_user_id=user,
name="git",
license=
"GPL-2 LGPL-2.1+ EDL-1.0 GPL-2+ Expat BSD-2-clause GPL-1+ ISC mingw-runtime Boost dlmalloc Apache-2.0 LGPL-2+",
),
ImagePackage(
image_id=image_id,
image_user_id=user,
name="gnupg",
license=
"GPL-3+ permissive LGPL-2.1+ Expat LGPL-3+ RFC-Reference TinySCHEME BSD-3-clause",
),
]
def python_pkg1_101():
pkg = ImagePackage()
pkg.image_id = "image1"
pkg.image_user_id = "admin"
pkg.name = "pythonpkg1"
pkg.normalized_src_pkg = "pythonpkg1"
pkg.version = "1.0.1"
pkg.fullversion = "1.0.1"
pkg.release = None
pkg.pkg_type = "python"
pkg.distro_name = "centos"
pkg.distro_version = "8"
pkg.like_distro = "RHEL"
return pkg
def nonvulnerable_pkg1():
pkg = ImagePackage()
pkg.image_id = "image1"
pkg.image_user_id = "admin"
pkg.name = "pkg1"
pkg.normalized_src_pkg = "pkg1"
pkg.version = "1.1.el8"
pkg.fullversion = "0:1.1.el8"
pkg.release = None
pkg.pkg_type = "RPM"
pkg.distro_name = "centos"
pkg.distro_version = "8"
pkg.like_distro = "RHEL"
return pkg
def vulnerable_pkg1():
pkg = ImagePackage()
pkg.image_id = "image1"
pkg.image_user_id = "admin"
pkg.name = "pkg1"
pkg.normalized_src_pkg = "pkg1"
pkg.version = "0:1.0.el8"
pkg.fullversion = "0:1.0.el8"
pkg.release = None
pkg.pkg_type = "RPM"
pkg.distro_name = "rhel"
pkg.distro_version = "8"
pkg.like_distro = "RHEL"
pkg.arch = "amd64"
pkg.pkg_path = "rpmdb"
return pkg
def vulnerable_semver_pkg2():
pkg = ImagePackage()
pkg.image_id = "image1"
pkg.image_user_id = "admin"
pkg.name = "semverpkg1"
pkg.normalized_src_pkg = "semverpkg1"
pkg.version = "2.2.0"
pkg.fullversion = "2.2.0"
pkg.release = None
pkg.pkg_type = "npm"
pkg.distro_name = "npm"
pkg.distro_version = "N/A"
pkg.like_distro = "npm"
pkg.arch = "amd64"
pkg.pkg_path = "/app/myapp2/package.json"
return pkg
def python_pkg1_101():
pkg = ImagePackage()
pkg.image_id = 'image1'
pkg.image_user_id = 'admin'
pkg.name = 'pythonpkg1'
pkg.normalized_src_pkg = 'pythonpkg1'
pkg.version = '1.0.1'
pkg.fullversion = '1.0.1'
pkg.release = None
pkg.pkg_type = 'python'
pkg.distro_name = 'centos'
pkg.distro_version = '8'
pkg.like_distro = 'rhel'
return pkg
def nonvulnerable_pkg1():
pkg = ImagePackage()
pkg.image_id = 'image1'
pkg.image_user_id = 'admin'
pkg.name = 'pkg1'
pkg.normalized_src_pkg = 'pkg1'
pkg.version = '1.1.el8'
pkg.fullversion = '0:1.1.el8'
pkg.release = None
pkg.pkg_type = 'RPM'
pkg.distro_name = 'centos'
pkg.distro_version = '8'
pkg.like_distro = 'rhel'
return pkg
def vulnerable_pkg1():
pkg = ImagePackage()
pkg.image_id = 'image1'
pkg.image_user_id = 'admin'
pkg.name = 'pkg1'
pkg.normalized_src_pkg = 'pkg1'
pkg.version = '0:1.0.el8'
pkg.fullversion = '0:1.0.el8'
pkg.release = None
pkg.pkg_type = 'RPM'
pkg.distro_name = 'rhel'
pkg.distro_version = '8'
pkg.like_distro = 'rhel'
pkg.arch = 'amd64'
pkg.pkg_path = 'rpmdb'
return pkg
def vulnerable_semver_pkg2():
pkg = ImagePackage()
pkg.image_id = 'image1'
pkg.image_user_id = 'admin'
pkg.name = 'semverpkg1'
pkg.normalized_src_pkg = 'semverpkg1'
pkg.version = '2.2.0'
pkg.fullversion = '2.2.0'
pkg.release = None
pkg.pkg_type = 'npm'
pkg.distro_name = 'npm'
pkg.distro_version = 'N/A'
pkg.like_distro = 'npm'
pkg.arch = 'amd64'
pkg.pkg_path = '/app/myapp2/package.json'
return pkg
)
def test_filter_secdb(
image_matches,
mock_db_query_manager,
expected,
):
namespace = DistroNamespace(
name="debian", version="9"
) # This is needed for lookup, but does not change results since the cves are injected
filtered = filter_secdb_entries(
image_distro=namespace, matches=image_matches, db_manager=mock_db_query_manager
)
assert filtered == expected
pkg1 = ImagePackage(name="pkg1", version="1.0.0")
pkg2 = ImagePackage(name="pkg-two", version="2.0.0")
pkg1_cpe = ImageCpe(name="pkg1", version="1.0.0")
pkg2_cpe1 = ImageCpe(name="pkg-two", version="2.0.0")
pkg2_cpe2 = ImageCpe(name="pkg_two", version="2.0.0")
@pytest.mark.parametrize(
"packages, mapped_cpes",
[
(
[pkg1],
[(pkg1, pkg1_cpe)],
),
(
[pkg2],
