Raspberry Pi OS(Raspbian) scanning using OVAL DB (#1019)

* change: never refer to ChangeLog * change raspberry pi os use debian oval at report * change do not use r.Family * change gost do not use r.Family * change use r.Family because family has a large impact * change replace MaineK00n/goval-dictionary@raspberrypi-oval * note Raspbian Scan Policy * add Raspbian Changelog support policy * change grep Package for Raspbian at fast-scan mode * add changelog preprocessing for Raspbian * add take note of TODO * change Changelog fetch part to function * change error handling * change solve one TODO * change make ChangelogDir once * add comment * fix oval support Amazon Linux :refs #824 * change to useScannedCves from ovalSupproted * change confidence for Raspbian * change skip package for raspbian in OVAL DB * change separate raspbian implementation from util * change error, log format * change print format * change log format(delete newline) * change support changelog.(Debian.)gz * Revert "change support changelog.(Debian.)gz" This reverts commit 2265a72c67. * change test chnage.(Debian.)gz * change support raspbian package(*raspberry*) * change error format * fix regexp pattern * fix typo * fix changelog cache * change rename function name * add TestParseChangelog * change changelog lenient match for raspbian * fix test case * change clog dir support symbolic link, clog save dir name append suffix * change remove more package for raspberry pi * fix error handling * change module update * change refactoring around identifying raspbian package * update go module * update scan image * update scan image * change clarify scan mode * change raspiPackNamePattern and add test case
2020-08-25 14:11:34 +09:00
parent 58cf1f4c8e
commit 7969b343b0
13 changed files with 472 additions and 28 deletions
--- a/scan/debian_test.go
+++ b/scan/debian_test.go
@@ -746,3 +746,121 @@ libuuid1:amd64: /lib/x86_64-linux-gnu/libuuid.so.1.3.0`,
 		})
 	}
 }
+
+func TestParseChangelog(t *testing.T) {
+	type args struct {
+		changelog string
+		name      string
+		ver       string
+	}
+	type expect struct {
+		cveIDs []DetectedCveID
+		pack   models.Package
+	}
+	tests := []struct {
+		packName string
+		args     args
+		expect   expect
+	}{
+		{
+			packName: "vlc",
+			args: args{
+				changelog: `vlc (3.0.11-0+deb10u1+rpt2) buster; urgency=medium
+
+  * Add MMAL patch 19
+
+ -- Serge Schneider <serge@raspberrypi.com>  Wed, 29 Jul 2020 14:28:28 +0100
+
+vlc (3.0.11-0+deb10u1+rpt1) buster; urgency=high
+
+  * Add MMAL patch 18
+  * Add libxrandr-dev dependency
+  * Add libdrm-dev dependency
+  * Disable vdpau, libva, aom
+  * Enable dav1d
+
+ -- Serge Schneider <serge@raspberrypi.com>  Wed, 17 Jun 2020 10:30:58 +0100
+
+vlc (3.0.11-0+deb10u1) buster-security; urgency=high
+
+  * New upstream release
+    - Fix heap-based buffer overflow in hxxx_nall (CVE-2020-13428)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Mon, 15 Jun 2020 23:08:37 +0200
+
+vlc (3.0.10-0+deb10u1) buster-security; urgency=medium`,
+				name: "vlc",
+				ver:  "3.0.10-0+deb10u1+rpt2",
+			},
+			expect: expect{
+				cveIDs: []DetectedCveID{{"CVE-2020-13428", models.ChangelogExactMatch}},
+				pack: models.Package{Changelog: models.Changelog{
+					Contents: `vlc (3.0.11-0+deb10u1+rpt2) buster; urgency=medium
+
+  * Add MMAL patch 19
+
+ -- Serge Schneider <serge@raspberrypi.com>  Wed, 29 Jul 2020 14:28:28 +0100
+
+vlc (3.0.11-0+deb10u1+rpt1) buster; urgency=high
+
+  * Add MMAL patch 18
+  * Add libxrandr-dev dependency
+  * Add libdrm-dev dependency
+  * Disable vdpau, libva, aom
+  * Enable dav1d
+
+ -- Serge Schneider <serge@raspberrypi.com>  Wed, 17 Jun 2020 10:30:58 +0100
+
+vlc (3.0.11-0+deb10u1) buster-security; urgency=high
+
+  * New upstream release
+    - Fix heap-based buffer overflow in hxxx_nall (CVE-2020-13428)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Mon, 15 Jun 2020 23:08:37 +0200
+`,
+					Method: models.ChangelogExactMatchStr,
+				}},
+			},
+		},
+		{
+			packName: "realvnc-vnc-server",
+			args: args{
+				changelog: `realvnc-vnc (6.7.2.42622) stable; urgency=low
+
+  * Debian package for VNC Server
+
+ -- RealVNC <noreply@realvnc.com>  Wed, 13 May 2020 19:51:40 +0100
+
+`,
+				name: "realvnc-vnc-server",
+				ver:  "6.7.1.42348",
+			},
+			expect: expect{
+				cveIDs: []DetectedCveID{},
+				pack: models.Package{Changelog: models.Changelog{
+					Contents: `realvnc-vnc (6.7.2.42622) stable; urgency=low
+
+  * Debian package for VNC Server
+
+ -- RealVNC <noreply@realvnc.com>  Wed, 13 May 2020 19:51:40 +0100
+`,
+					Method: models.ChangelogLenientMatchStr,
+				}},
+			},
+		},
+	}
+
+	o := newDebian(config.ServerInfo{})
+	o.Distro = config.Distro{Family: config.Raspbian}
+	for _, tt := range tests {
+		t.Run(tt.packName, func(t *testing.T) {
+			cveIDs, pack, _ := o.parseChangelog(tt.args.changelog, tt.args.name, tt.args.ver, models.ChangelogExactMatch)
+			if !reflect.DeepEqual(cveIDs, tt.expect.cveIDs) {
+				t.Errorf("[%s]->cveIDs: expected: %s, actual: %s", tt.packName, tt.expect.cveIDs, cveIDs)
+			}
+			if !reflect.DeepEqual(pack.Changelog.Contents, tt.expect.pack.Changelog.Contents) {
+				t.Errorf("[%s]->changelog.Contents: expected: %s, actual: %s", tt.packName, tt.expect.pack.Changelog.Contents, pack.Changelog.Contents)
+			}
+		})
+	}
+}