■ ■ ■ ■ ■ ■
grype/matcher/apk/matcher_test.go
skipped 367 lines 368 368 assertMatches(t, expected, actual) 369 369 } 370 370 371 + func TestNvdMatchesProperVersionFiltering(t *testing.T) { 372 + nvdVulnMatch := grypeDB.Vulnerability{ 373 + ID: "CVE-2020-1", 374 + VersionConstraint: "<= 0.9.11", 375 + VersionFormat: "unknown", 376 + CPEs: []string{`cpe:2.3:a:lib_vnc_project-\(server\):libvncserver:*:*:*:*:*:*:*:*`}, 377 + Namespace: "nvd:cpe", 378 + } 379 + nvdVulnNoMatch := grypeDB.Vulnerability{ 380 + ID: "CVE-2020-2", 381 + VersionConstraint: "< 0.9.11", 382 + VersionFormat: "unknown", 383 + CPEs: []string{`cpe:2.3:a:lib_vnc_project-\(server\):libvncserver:*:*:*:*:*:*:*:*`}, 384 + Namespace: "nvd:cpe", 385 + } 386 + store := mockStore{ 387 + backend: map[string]map[string][]grypeDB.Vulnerability{ 388 + "nvd:cpe": { 389 + "libvncserver": []grypeDB.Vulnerability{nvdVulnMatch, nvdVulnNoMatch}, 390 + }, 391 + }, 392 + } 393 + 394 + provider, err := db.NewVulnerabilityProvider(&store) 395 + require.NoError(t, err) 396 + 397 + m := Matcher{} 398 + d, err := distro.New(distro.Alpine, "3.12.0", "") 399 + if err != nil { 400 + t.Fatalf("failed to create a new distro: %+v", err) 401 + } 402 + p := pkg.Package{ 403 + ID: pkg.ID(uuid.NewString()), 404 + Name: "libvncserver", 405 + Version: "0.9.11-r10", 406 + Type: syftPkg.ApkPkg, 407 + CPEs: []cpe.CPE{ 408 + cpe.Must("cpe:2.3:a:*:libvncserver:0.9.11:*:*:*:*:*:*:*"), 409 + }, 410 + } 411 + 412 + vulnFound, err := vulnerability.NewVulnerability(nvdVulnMatch) 413 + assert.NoError(t, err) 414 + vulnFound.CPEs = []cpe.CPE{cpe.Must(nvdVulnMatch.CPEs[0])} 415 + 416 + expected := []match.Match{ 417 + { 418 + 419 + Vulnerability: *vulnFound, 420 + Package: p, 421 + Details: []match.Detail{ 422 + { 423 + Type: match.CPEMatch, 424 + Confidence: 0.9, 425 + SearchedBy: search.CPEParameters{ 426 + CPEs: []string{"cpe:2.3:a:*:libvncserver:0.9.11:*:*:*:*:*:*:*"}, 427 + Namespace: "nvd:cpe", 428 + }, 429 + Found: search.CPEResult{ 430 + CPEs: []string{vulnFound.CPEs[0].BindToFmtString()}, 431 + VersionConstraint: vulnFound.Constraint.String(), 432 + VulnerabilityID: "CVE-2020-1", 433 + }, 434 + Matcher: match.ApkMatcher, 435 + }, 436 + }, 437 + }, 438 + } 439 + 440 + actual, err := m.Match(provider, d, p) 441 + assert.NoError(t, err) 442 + 443 + assertMatches(t, expected, actual) 444 + } 445 + 371 446 func TestNvdMatchesWithSecDBFix(t *testing.T) { 372 447 nvdVuln := grypeDB.Vulnerability{ 373 448 ID: "CVE-2020-1", skipped 263 lines