2023-09-18 01:12:20 +03:00
|
|
|
//go:build search
|
|
|
|
|
|
|
|
package convert
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/99designs/gqlgen/graphql"
|
|
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
|
|
|
2024-02-01 06:34:07 +02:00
|
|
|
cvemodel "zotregistry.dev/zot/pkg/extensions/search/cve/model"
|
|
|
|
"zotregistry.dev/zot/pkg/extensions/search/gql_generated"
|
|
|
|
"zotregistry.dev/zot/pkg/log"
|
|
|
|
"zotregistry.dev/zot/pkg/meta/boltdb"
|
|
|
|
. "zotregistry.dev/zot/pkg/test/image-utils"
|
|
|
|
"zotregistry.dev/zot/pkg/test/mocks"
|
2023-09-18 01:12:20 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
var ErrTestError = errors.New("TestError")
|
|
|
|
|
|
|
|
func TestCVEConvert(t *testing.T) {
|
|
|
|
Convey("Test adding CVE information to Summary objects", t, func() {
|
|
|
|
params := boltdb.DBParameters{
|
|
|
|
RootDir: t.TempDir(),
|
|
|
|
}
|
|
|
|
boltDB, err := boltdb.GetBoltDriver(params)
|
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
|
|
|
metaDB, err := boltdb.New(boltDB, log.NewLogger("debug", ""))
|
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
image := CreateImageWith().
|
|
|
|
Layers([]Layer{{
|
|
|
|
MediaType: ispec.MediaTypeImageLayerGzip,
|
|
|
|
Digest: ispec.MediaTypeEmptyJSON,
|
|
|
|
Blob: ispec.DescriptorEmptyJSON.Data,
|
|
|
|
}}).DefaultConfig().Build()
|
2023-09-18 01:12:20 +03:00
|
|
|
|
2023-11-01 18:16:18 +02:00
|
|
|
err = metaDB.SetRepoReference(context.Background(), "repo1", "0.1.0", image.AsImageMeta())
|
2023-09-18 01:12:20 +03:00
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
repoMetaList, err := metaDB.SearchRepos(context.Background(), "")
|
2023-09-18 01:12:20 +03:00
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
imageMeta, err := metaDB.FilterImageMeta(context.Background(), []string{image.DigestStr()})
|
2023-09-18 01:12:20 +03:00
|
|
|
|
|
|
|
ctx := graphql.WithResponseContext(context.Background(),
|
|
|
|
graphql.DefaultErrorPresenter, graphql.DefaultRecover)
|
|
|
|
|
|
|
|
Convey("Add CVE Summary to ImageSummary", func() {
|
|
|
|
var imageSummary *gql_generated.ImageSummary
|
|
|
|
|
|
|
|
So(imageSummary, ShouldBeNil)
|
|
|
|
|
|
|
|
updateImageSummaryVulnerabilities(ctx,
|
|
|
|
imageSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{}, ErrTestError
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(imageSummary, ShouldBeNil)
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
imageSummary, _, err = ImageManifest2ImageSummary(ctx, GetFullImageMeta("0.1.0", repoMetaList[0],
|
|
|
|
imageMeta[image.DigestStr()]))
|
2023-09-18 01:12:20 +03:00
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
|
|
|
So(imageSummary, ShouldNotBeNil)
|
|
|
|
So(imageSummary.Vulnerabilities, ShouldBeNil)
|
|
|
|
|
|
|
|
updateImageSummaryVulnerabilities(ctx,
|
|
|
|
imageSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: true,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(imageSummary.Vulnerabilities, ShouldNotBeNil)
|
|
|
|
So(*imageSummary.Vulnerabilities.Count, ShouldEqual, 0)
|
2023-12-13 19:16:31 +02:00
|
|
|
So(*imageSummary.Vulnerabilities.UnknownCount, ShouldEqual, 0)
|
|
|
|
So(*imageSummary.Vulnerabilities.LowCount, ShouldEqual, 0)
|
|
|
|
So(*imageSummary.Vulnerabilities.MediumCount, ShouldEqual, 0)
|
|
|
|
So(*imageSummary.Vulnerabilities.HighCount, ShouldEqual, 0)
|
|
|
|
So(*imageSummary.Vulnerabilities.CriticalCount, ShouldEqual, 0)
|
2023-09-18 01:12:20 +03:00
|
|
|
So(*imageSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "")
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
|
|
|
|
imageSummary.Vulnerabilities = nil
|
|
|
|
|
|
|
|
updateImageSummaryVulnerabilities(ctx,
|
|
|
|
imageSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{
|
2023-12-13 19:16:31 +02:00
|
|
|
Count: 30,
|
|
|
|
UnknownCount: 1,
|
|
|
|
LowCount: 2,
|
|
|
|
MediumCount: 3,
|
|
|
|
HighCount: 10,
|
|
|
|
CriticalCount: 14,
|
|
|
|
MaxSeverity: "HIGH",
|
2023-09-18 01:12:20 +03:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(imageSummary.Vulnerabilities, ShouldNotBeNil)
|
2023-12-13 19:16:31 +02:00
|
|
|
So(*imageSummary.Vulnerabilities.Count, ShouldEqual, 30)
|
|
|
|
So(*imageSummary.Vulnerabilities.UnknownCount, ShouldEqual, 1)
|
|
|
|
So(*imageSummary.Vulnerabilities.LowCount, ShouldEqual, 2)
|
|
|
|
So(*imageSummary.Vulnerabilities.MediumCount, ShouldEqual, 3)
|
|
|
|
So(*imageSummary.Vulnerabilities.HighCount, ShouldEqual, 10)
|
|
|
|
So(*imageSummary.Vulnerabilities.CriticalCount, ShouldEqual, 14)
|
2023-09-18 01:12:20 +03:00
|
|
|
So(*imageSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "HIGH")
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
So(len(imageSummary.Manifests), ShouldEqual, 1)
|
|
|
|
So(imageSummary.Manifests[0].Vulnerabilities, ShouldNotBeNil)
|
2023-12-13 19:16:31 +02:00
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.Count, ShouldEqual, 30)
|
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.UnknownCount, ShouldEqual, 1)
|
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.LowCount, ShouldEqual, 2)
|
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.MediumCount, ShouldEqual, 3)
|
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.HighCount, ShouldEqual, 10)
|
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.CriticalCount, ShouldEqual, 14)
|
2023-09-18 01:12:20 +03:00
|
|
|
So(*imageSummary.Manifests[0].Vulnerabilities.MaxSeverity, ShouldEqual, "HIGH")
|
|
|
|
|
|
|
|
imageSummary.Vulnerabilities = nil
|
|
|
|
|
|
|
|
updateImageSummaryVulnerabilities(ctx,
|
|
|
|
imageSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{}, ErrTestError
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(imageSummary.Vulnerabilities, ShouldNotBeNil)
|
|
|
|
So(*imageSummary.Vulnerabilities.Count, ShouldEqual, 0)
|
|
|
|
So(*imageSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "")
|
|
|
|
So(graphql.GetErrors(ctx).Error(), ShouldContainSubstring, "unable to run vulnerability scan on tag")
|
|
|
|
})
|
|
|
|
|
|
|
|
Convey("Add CVE Summary to RepoSummary", func() {
|
|
|
|
var repoSummary *gql_generated.RepoSummary
|
2024-07-29 19:32:51 +02:00
|
|
|
|
2023-09-18 01:12:20 +03:00
|
|
|
So(repoSummary, ShouldBeNil)
|
|
|
|
|
|
|
|
updateRepoSummaryVulnerabilities(ctx,
|
|
|
|
repoSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{
|
2023-12-13 19:16:31 +02:00
|
|
|
Count: 30,
|
|
|
|
UnknownCount: 1,
|
|
|
|
LowCount: 2,
|
|
|
|
MediumCount: 3,
|
|
|
|
HighCount: 10,
|
|
|
|
CriticalCount: 14,
|
|
|
|
MaxSeverity: "HIGH",
|
2023-09-18 01:12:20 +03:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(repoSummary, ShouldBeNil)
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
imageSummary, _, err := ImageManifest2ImageSummary(ctx, GetFullImageMeta("0.1.0", repoMetaList[0],
|
|
|
|
imageMeta[image.DigestStr()]))
|
2023-09-18 01:12:20 +03:00
|
|
|
So(err, ShouldBeNil)
|
|
|
|
|
|
|
|
So(imageSummary, ShouldNotBeNil)
|
|
|
|
|
|
|
|
repoSummary = &gql_generated.RepoSummary{}
|
|
|
|
repoSummary.NewestImage = imageSummary
|
|
|
|
|
|
|
|
So(repoSummary.NewestImage.Vulnerabilities, ShouldBeNil)
|
|
|
|
|
|
|
|
updateImageSummaryVulnerabilities(ctx,
|
|
|
|
imageSummary,
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{
|
2023-12-13 19:16:31 +02:00
|
|
|
Count: 30,
|
|
|
|
UnknownCount: 1,
|
|
|
|
LowCount: 2,
|
|
|
|
MediumCount: 3,
|
|
|
|
HighCount: 10,
|
|
|
|
CriticalCount: 14,
|
|
|
|
MaxSeverity: "HIGH",
|
2023-09-18 01:12:20 +03:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(repoSummary.NewestImage.Vulnerabilities, ShouldNotBeNil)
|
2023-12-13 19:16:31 +02:00
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.Count, ShouldEqual, 30)
|
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.UnknownCount, ShouldEqual, 1)
|
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.LowCount, ShouldEqual, 2)
|
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.MediumCount, ShouldEqual, 3)
|
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.HighCount, ShouldEqual, 10)
|
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.CriticalCount, ShouldEqual, 14)
|
2023-09-18 01:12:20 +03:00
|
|
|
So(*repoSummary.NewestImage.Vulnerabilities.MaxSeverity, ShouldEqual, "HIGH")
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
})
|
|
|
|
|
|
|
|
Convey("Add CVE Summary to ManifestSummary", func() {
|
|
|
|
var manifestSummary *gql_generated.ManifestSummary
|
|
|
|
|
|
|
|
So(manifestSummary, ShouldBeNil)
|
|
|
|
|
|
|
|
updateManifestSummaryVulnerabilities(ctx,
|
|
|
|
manifestSummary,
|
|
|
|
"repo1",
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{
|
|
|
|
Count: 1,
|
|
|
|
MaxSeverity: "HIGH",
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(manifestSummary, ShouldBeNil)
|
|
|
|
So(graphql.GetErrors(ctx), ShouldBeNil)
|
|
|
|
|
2023-10-30 22:06:04 +02:00
|
|
|
imageSummary, _, err := ImageManifest2ImageSummary(ctx, GetFullImageMeta("0.1.0", repoMetaList[0],
|
|
|
|
imageMeta[image.DigestStr()]))
|
2023-09-18 01:12:20 +03:00
|
|
|
So(err, ShouldBeNil)
|
|
|
|
manifestSummary = imageSummary.Manifests[0]
|
|
|
|
|
|
|
|
updateManifestSummaryVulnerabilities(ctx,
|
|
|
|
manifestSummary,
|
|
|
|
"repo1",
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: true,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(manifestSummary, ShouldNotBeNil)
|
|
|
|
So(manifestSummary.Vulnerabilities, ShouldNotBeNil)
|
|
|
|
So(*manifestSummary.Vulnerabilities.Count, ShouldEqual, 0)
|
|
|
|
So(*manifestSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "")
|
|
|
|
|
|
|
|
manifestSummary.Vulnerabilities = nil
|
|
|
|
|
|
|
|
updateManifestSummaryVulnerabilities(ctx,
|
|
|
|
manifestSummary,
|
|
|
|
"repo1",
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{
|
2023-12-13 19:16:31 +02:00
|
|
|
Count: 30,
|
|
|
|
UnknownCount: 1,
|
|
|
|
LowCount: 2,
|
|
|
|
MediumCount: 3,
|
|
|
|
HighCount: 10,
|
|
|
|
CriticalCount: 14,
|
|
|
|
MaxSeverity: "HIGH",
|
2023-09-18 01:12:20 +03:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(manifestSummary.Vulnerabilities, ShouldNotBeNil)
|
2023-12-13 19:16:31 +02:00
|
|
|
So(*manifestSummary.Vulnerabilities.Count, ShouldEqual, 30)
|
|
|
|
So(*manifestSummary.Vulnerabilities.UnknownCount, ShouldEqual, 1)
|
|
|
|
So(*manifestSummary.Vulnerabilities.LowCount, ShouldEqual, 2)
|
|
|
|
So(*manifestSummary.Vulnerabilities.MediumCount, ShouldEqual, 3)
|
|
|
|
So(*manifestSummary.Vulnerabilities.HighCount, ShouldEqual, 10)
|
|
|
|
So(*manifestSummary.Vulnerabilities.CriticalCount, ShouldEqual, 14)
|
2023-09-18 01:12:20 +03:00
|
|
|
So(*manifestSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "HIGH")
|
|
|
|
|
|
|
|
manifestSummary.Vulnerabilities = nil
|
|
|
|
|
|
|
|
updateManifestSummaryVulnerabilities(ctx,
|
|
|
|
manifestSummary,
|
|
|
|
"repo1",
|
|
|
|
SkipQGLField{
|
|
|
|
Vulnerabilities: false,
|
|
|
|
},
|
|
|
|
mocks.CveInfoMock{
|
2023-11-24 10:40:10 +02:00
|
|
|
GetCVESummaryForImageMediaFn: func(ctx context.Context, repo string, digest, mediaType string,
|
2023-09-18 01:12:20 +03:00
|
|
|
) (cvemodel.ImageCVESummary, error) {
|
|
|
|
return cvemodel.ImageCVESummary{}, ErrTestError
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
So(manifestSummary.Vulnerabilities, ShouldNotBeNil)
|
|
|
|
So(*manifestSummary.Vulnerabilities.Count, ShouldEqual, 0)
|
|
|
|
So(*manifestSummary.Vulnerabilities.MaxSeverity, ShouldEqual, "")
|
|
|
|
So(graphql.GetErrors(ctx).Error(), ShouldContainSubstring, "unable to run vulnerability scan in repo")
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|