2021-12-18 02:11:51 +03:00
|
|
|
// Copyright 2021 The Go Authors. All rights reserved.
|
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
|
|
//go:build go1.17 && !windows
|
|
|
|
|
// +build go1.17,!windows
|
|
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2022-08-11 00:26:13 +03:00
|
|
|
"errors"
|
2021-12-18 02:11:51 +03:00
|
|
|
"os"
|
|
|
|
|
"os/exec"
|
2021-12-21 01:14:01 +03:00
|
|
|
"path/filepath"
|
|
|
|
|
"runtime"
|
2022-08-11 00:26:13 +03:00
|
|
|
"sort"
|
2021-12-21 01:14:01 +03:00
|
|
|
"strings"
|
2021-12-18 02:11:51 +03:00
|
|
|
"testing"
|
2022-09-14 02:09:01 +03:00
|
|
|
"time"
|
2021-12-21 01:14:01 +03:00
|
|
|
|
2022-09-14 02:09:01 +03:00
|
|
|
"github.com/google/go-cmp/cmp"
|
|
|
|
|
"github.com/google/go-cmp/cmp/cmpopts"
|
2024-05-07 00:34:29 +03:00
|
|
|
"golang.org/x/vulndb/internal/cve5"
|
2023-05-12 23:14:27 +03:00
|
|
|
"golang.org/x/vulndb/internal/osvutils"
|
2023-08-29 21:10:18 +03:00
|
|
|
"golang.org/x/vulndb/internal/proxy"
|
2021-12-21 01:14:01 +03:00
|
|
|
"golang.org/x/vulndb/internal/report"
|
2021-12-18 02:11:51 +03:00
|
|
|
)
|
|
|
|
|
|
2021-12-21 01:14:01 +03:00
|
|
|
func TestChecksBash(t *testing.T) {
|
2021-12-18 02:11:51 +03:00
|
|
|
bash, err := exec.LookPath("bash")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Skipf("skipping: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-11 17:57:25 +03:00
|
|
|
// In short mode (used by presubmit checks), only do offline checks.
|
|
|
|
|
var cmd *exec.Cmd
|
|
|
|
|
if testing.Short() {
|
|
|
|
|
cmd = exec.Command(bash, "./checks.bash", "offline")
|
|
|
|
|
} else {
|
|
|
|
|
cmd = exec.Command(bash, "./checks.bash")
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-18 02:11:51 +03:00
|
|
|
cmd.Stdout = os.Stdout
|
|
|
|
|
cmd.Stderr = os.Stderr
|
|
|
|
|
if err := cmd.Run(); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-12-21 01:14:01 +03:00
|
|
|
|
|
|
|
|
func TestLintReports(t *testing.T) {
|
|
|
|
|
if runtime.GOOS == "android" {
|
|
|
|
|
t.Skipf("android builder does not have access to reports/")
|
|
|
|
|
}
|
2022-08-11 00:26:13 +03:00
|
|
|
allFiles := make(map[string]string)
|
|
|
|
|
var reports []string
|
2022-11-19 00:26:39 +03:00
|
|
|
for _, dir := range []string{report.YAMLDir, report.ExcludedDir} {
|
2022-09-14 09:13:32 +03:00
|
|
|
files, err := os.ReadDir(dir)
|
2022-08-11 00:26:13 +03:00
|
|
|
if err != nil && !errors.Is(err, os.ErrNotExist) {
|
|
|
|
|
t.Fatalf("unable to read %v/: %s", dir, err)
|
|
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
for _, file := range files {
|
|
|
|
|
if file.IsDir() {
|
2022-08-11 00:26:13 +03:00
|
|
|
continue
|
|
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
if filepath.Ext(file.Name()) != ".yaml" {
|
2022-08-22 22:01:49 +03:00
|
|
|
continue
|
|
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
filename := filepath.Join(dir, file.Name())
|
|
|
|
|
if allFiles[file.Name()] != "" {
|
|
|
|
|
t.Errorf("report appears in multiple locations: %v, %v", allFiles[file.Name()], filename)
|
2022-08-11 00:26:13 +03:00
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
allFiles[file.Name()] = filename
|
|
|
|
|
reports = append(reports, filename)
|
2021-12-21 01:14:01 +03:00
|
|
|
}
|
2022-08-11 00:26:13 +03:00
|
|
|
}
|
2023-08-30 00:49:11 +03:00
|
|
|
|
|
|
|
|
// Skip network calls in short mode.
|
|
|
|
|
var lint func(r *report.Report) []string
|
|
|
|
|
if testing.Short() {
|
|
|
|
|
lint = func(r *report.Report) []string {
|
|
|
|
|
return r.LintOffline()
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2023-08-30 19:45:56 +03:00
|
|
|
pc := proxy.NewDefaultClient()
|
2023-08-30 00:49:11 +03:00
|
|
|
lint = func(r *report.Report) []string {
|
|
|
|
|
return r.Lint(pc)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-18 21:35:03 +03:00
|
|
|
// Map from aliases (CVEs/GHSAS) to report paths, used to check for duplicate aliases.
|
|
|
|
|
aliases := make(map[string]string)
|
2023-11-20 21:52:02 +03:00
|
|
|
// Map from summaries to report paths, used to check for duplicate summaries.
|
|
|
|
|
summaries := make(map[string]string)
|
2022-08-11 00:26:13 +03:00
|
|
|
sort.Strings(reports)
|
2022-09-26 19:18:29 +03:00
|
|
|
for _, filename := range reports {
|
|
|
|
|
t.Run(filename, func(t *testing.T) {
|
|
|
|
|
r, err := report.Read(filename)
|
2021-12-21 01:14:01 +03:00
|
|
|
if err != nil {
|
2022-01-04 23:12:43 +03:00
|
|
|
t.Fatal(err)
|
2021-12-21 01:14:01 +03:00
|
|
|
}
|
2023-05-24 20:07:54 +03:00
|
|
|
if err := r.CheckFilename(filename); err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2023-08-30 00:49:11 +03:00
|
|
|
lints := lint(r)
|
2021-12-21 01:14:01 +03:00
|
|
|
if len(lints) > 0 {
|
|
|
|
|
t.Errorf(strings.Join(lints, "\n"))
|
|
|
|
|
}
|
2023-05-23 21:29:53 +03:00
|
|
|
for _, alias := range r.Aliases() {
|
2022-11-18 21:35:03 +03:00
|
|
|
if report, ok := aliases[alias]; ok {
|
|
|
|
|
t.Errorf("report %s shares duplicate alias %s with report %s", filename, alias, report)
|
|
|
|
|
} else {
|
|
|
|
|
aliases[alias] = filename
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-06-04 23:59:28 +03:00
|
|
|
// Ensure that each reviewed report has a unique summary.
|
|
|
|
|
if r.IsReviewed() {
|
|
|
|
|
if summary := r.Summary.String(); summary != "" {
|
|
|
|
|
if report, ok := summaries[summary]; ok {
|
|
|
|
|
t.Errorf("report %s shares duplicate summary %q with report %s", filename, summary, report)
|
|
|
|
|
} else {
|
|
|
|
|
summaries[summary] = filename
|
|
|
|
|
}
|
2023-11-20 21:52:02 +03:00
|
|
|
}
|
|
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
// Check that a correct OSV file was generated for each YAML report.
|
2022-09-14 02:09:01 +03:00
|
|
|
if r.Excluded == "" {
|
2023-05-25 18:11:56 +03:00
|
|
|
generated := r.ToOSV(time.Time{})
|
|
|
|
|
osvFilename := r.OSVFilename()
|
2022-11-19 00:26:39 +03:00
|
|
|
current, err := report.ReadOSV(osvFilename)
|
2022-09-14 02:09:01 +03:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2022-09-26 19:18:29 +03:00
|
|
|
if diff := cmp.Diff(generated, current, cmpopts.EquateEmpty()); diff != "" {
|
2022-11-19 00:26:39 +03:00
|
|
|
t.Errorf("%s does not match report:\n%v", osvFilename, diff)
|
2022-09-14 02:09:01 +03:00
|
|
|
}
|
2023-05-12 23:14:27 +03:00
|
|
|
if err := osvutils.ValidateExceptTimestamps(¤t); err != nil {
|
|
|
|
|
t.Error(err)
|
|
|
|
|
}
|
2022-09-14 02:09:01 +03:00
|
|
|
}
|
2022-10-20 22:14:42 +03:00
|
|
|
if r.CVEMetadata != nil {
|
2024-05-07 00:34:29 +03:00
|
|
|
generated, err := cve5.FromReport(r)
|
2022-10-20 22:14:42 +03:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2023-05-25 18:11:56 +03:00
|
|
|
cvePath := r.CVEFilename()
|
2024-05-07 00:34:29 +03:00
|
|
|
current, err := cve5.Read(cvePath)
|
2022-10-20 22:14:42 +03:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if diff := cmp.Diff(generated, current, cmpopts.EquateEmpty()); diff != "" {
|
|
|
|
|
t.Errorf("%s does not match report:\n%v", cvePath, diff)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
2021-12-21 01:14:01 +03:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
