Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98c5421edce318bf05a95be4c03ca7c12f099379
vuls/scan/debian_test.go
Kota Kanbe 44fa2c5800 v0.5.0 (no backwards compatibility) (#478) 
* Change config.toml, Auto-generate UUIDs, change structure of optional field

* Detect processes affected by update using yum-ps (#482)

Detect processes affected by update using yum-ps

* Detect processes needs restart using checkrestart on Debian and Ubuntu.

* pass cpename by args when calling FillCveInfo (#513)

* fix new db (#502)

* Include Version,Revision in JSON

* Include hostname in JSON

* Update goval-dictionary's commit hash in Gopkg.lock

* Remove README.ja.md

* update packages (#596)

* fix: change ControlPath to .vuls of SSH option (#618)

* feat: checkrestart for Ubuntu and Debian (#622)

* feat: checkrestart for Ubuntu and Debian

* fix: dependencies check logic of configtest

* feat: need-restarting on RedHat

* refactor: Process.ProcName to Process.Name

* feat: detect a systemd service name of need-restarting-process

* feat: detect a systemd service name of need-restarting-process on Ubuntu

* feat: fill a service name of need-restarting-process, init-system

* Support NVD JSON and CVSS3 of JVN (#605)

* fix: compile errors

* fix: Show CVSS3 on TUI

* fix: test cases

* fix: Avoid null in JSON

* Fix maxCvssScore (#621)

* Fix maxCvssScore

* Update vulninfos.go

* fix(init): remove unnecessary log initialization

* refactor(nvd): use only json feed if exists json data. if not, use xml feed

* fix(scan): make Confidence slice

* feat(CWE): Display CWE name to TUI

* feat(cwe): import CWE defs in Japanese

* feat(cwe): add OWASP Top 10 ranking to CWE if applicable

* feat(scan): add -fast-root mode, implement scan/amazon.go

* refactor(const): change const name JVN to Jvn

* feat(scan): add -fast-root mode, implement scan/centos.go

* refactor(dep): update deps

* fix(amazon): deps check

* feat(scan): add -fast-root mode, implement scan/rhel.go

* feat(scan): add -fast-root mode, implement scan/oracle.go

* fix complile err

* feat(scan): add -fast-root mode, implement scan/debian.go

* fix testcase

* fix(amazon): scan using yum

* fix(configtest): change error message, status when no scannnable servers

* Fix(scan): detect init process logic

* fix(tui): display cvss as table format

* fix(scan): parse a output of reboot-notifier on CentOS6.9

* fix(tui): don't display score, vector when score is zero

* fix(scan): add -offline mode to suse scanner

* fix(scan): fix help message

* feat(scan): enable to define scan mode for each servers in config.toml #510

* refactor(config): chagne cpeNames to cpeURIs

* refactor(config): change dependencyCheckXMLPath to owaspDCXMLPath

* fix(config): containers -> containersIncluded, Excluded, containerType

* feature(report): enable to define cpeURIs for each contaner

* feature(report): enable to specify owasp dc xml path for each container

* fix(discover): fix a template displayed at the end of discover

* feature(report): add ignorePkgsRegexp #665

* feature(report): enable to define ignoreCves for each container #666

* fix(report): Displayed nothing in TUI detail area when CweID is nil

* Gopkg.toml diet

* feat(server): support server mode (#678)

* feat(server): support server mode

* Lock go version

* Use the latest kernel release among the installed release when the running kernel release is unknown

* Add TestViaHTTP

* Set logger to go-cve-dictionary client

* Add -to-localfile

* Add -to-http option to report

* Load -to-http conf from config.toml

* Support gost (#676)

* feat(gost): Support RedHat API

* feat(gost): Support Debian Security Tracker

* feat(db): display error msg when SQLite3 is locked at the beginning of reporting.

* feat(gost): TUI

* Only use RedHat information of installed packages

* feat(tui): show mitigation on TUI

* feat(gost): support redis backend

* fix test case

* fix nil pointer when db is nil

* fix(gost): detect vulns of src packages for Debian

* feat(gost): implement redis backend for gost redhat api

* feat(report): display fixState of unfixed pkgs

* fix(report): display distincted cweIDs

* feat(slack): display gost info

* feat(slack): display mitigation

* feat(report): display available patch state as fixed/total

* fix(tui): display - if source of reference is empty

* update deps

* fix(report): key in ScanResult JSON be lowerCamelcase.

* some keys to lower camel

* fix(configtest): dep check logic of yum-plugin-ps

* fix(tui): format

* feat(report): add -format-list option

* fix(report): -format-full-text

* fix(report): report -format-full-text

* fix(report): display v3 score detected by gost

* fix(scan): scan in fast mode if not defined in config.toml

* fix(gost): fetch RedHat data for fixed CVEs

* feat(report): show number of cves detected in each database

* fix(report): show new version as `Unknown` in offline and fast scan mode

* fix(report): fix num of upadtable and fixed

* fix(report): set `Not fixed yet` if packageStatus is empty

* refact(gost): make convertToModel public

* fix(test): fix test case

* update deps

* fix(report): include gost score in MaxCvssScore

* [WIP] feat(config): enable to set options in config.toml instead of cmd opt (#690)

* feat(config): enable to set options in config.toml instead of cmd opt

* fix(config): change Conf.Report.Slack to Conf.Slack

* fix(discover): change tempalte

* fix(report): fix config.toml auto-generate with -uuid

* Add endpoint for health check and change endpoint

* refact(cmd): refactor flag set

* fix(report): enable to specify opts with cmd arg and env value

* fix(scan): enable to parse the release version of amazon linux 2

* add(report) add -to-saas option (#695)

* add(report) add -to-saas option

* ignore other writer if -to-saas

* fix(saas) fix bug

* fix(scan): need-restarting needs internet connection

* fix(scan,configtest): check scan mode

* refactor(scan): change func name

* fix(suse): support offline mode, bug fix on AWS, zypper --no-color

* fix(tui): fix nil pointer when no vulns in tui

* feat(report): enable to define CPE FS format in config.toml

* fix(vet): fix warnings of go vet

* fix(travis): go version to 1.11

* update deps
2018-08-27 13:51:09 +09:00

726 lines
23 KiB
Go
Raw Blame History

/* Vuls - Vulnerability Scanner
Copyright (C) 2016 Future Corporation , Japan.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package scan
import (
"os"
"reflect"
"testing"
"github.com/future-architect/vuls/cache"
"github.com/future-architect/vuls/config"
"github.com/future-architect/vuls/models"
"github.com/k0kubun/pp"
"github.com/sirupsen/logrus"
)
func TestGetCveIDsFromChangelog(t *testing.T) {
var tests = []struct {
in []string
cveIDs []DetectedCveID
changelog models.Changelog
}{
{
//0 verubuntu1
[]string{
"systemd",
"228-4ubuntu1",
`systemd (229-2) unstable; urgency=medium
systemd (229-1) unstable; urgency=medium
systemd (228-6) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
systemd (228-5) unstable; urgency=medium
systemd (228-4) unstable; urgency=medium
systemd (228-3) unstable; urgency=medium`,
},
[]DetectedCveID{
{"CVE-2015-2325", models.ChangelogExactMatch},
{"CVE-2015-2326", models.ChangelogExactMatch},
{"CVE-2015-3210", models.ChangelogExactMatch},
},
models.Changelog{
Contents: `systemd (229-2) unstable; urgency=medium
systemd (229-1) unstable; urgency=medium
systemd (228-6) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
systemd (228-5) unstable; urgency=medium`,
Method: models.ChangelogExactMatchStr,
},
},
{
//1 ver
[]string{
"libpcre3",
"2:8.35-7.1ubuntu1",
`pcre3 (2:8.38-2) unstable; urgency=low
pcre3 (2:8.38-1) unstable; urgency=low
pcre3 (2:8.35-8) unstable; urgency=low
pcre3 (2:8.35-7.4) unstable; urgency=medium
pcre3 (2:8.35-7.3) unstable; urgency=medium
pcre3 (2:8.35-7.2) unstable; urgency=low
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
pcre3 (2:8.35-7.1) unstable; urgency=medium
pcre3 (2:8.35-7) unstable; urgency=medium`,
},
[]DetectedCveID{
{"CVE-2015-2325", models.ChangelogExactMatch},
{"CVE-2015-2326", models.ChangelogExactMatch},
{"CVE-2015-3210", models.ChangelogExactMatch},
},
models.Changelog{
Contents: `pcre3 (2:8.38-2) unstable; urgency=low
pcre3 (2:8.38-1) unstable; urgency=low
pcre3 (2:8.35-8) unstable; urgency=low
pcre3 (2:8.35-7.4) unstable; urgency=medium
pcre3 (2:8.35-7.3) unstable; urgency=medium
pcre3 (2:8.35-7.2) unstable; urgency=low
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /`,
Method: models.ChangelogExactMatchStr,
},
},
{
//2 ver-ubuntu3
[]string{
"sysvinit",
"2.88dsf-59.2ubuntu3",
`sysvinit (2.88dsf-59.3ubuntu1) xenial; urgency=low
sysvinit (2.88dsf-59.3) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
sysvinit (2.88dsf-59.2ubuntu3) xenial; urgency=medium
sysvinit (2.88dsf-59.2ubuntu2) wily; urgency=medium
sysvinit (2.88dsf-59.2ubuntu1) wily; urgency=medium
CVE-2015-2321: heap buffer overflow in pcre_compile2(). (Closes: #783285)
sysvinit (2.88dsf-59.2) unstable; urgency=medium
sysvinit (2.88dsf-59.1ubuntu3) wily; urgency=medium
CVE-2015-2322: heap buffer overflow in pcre_compile2(). (Closes: #783285)
sysvinit (2.88dsf-59.1ubuntu2) wily; urgency=medium
sysvinit (2.88dsf-59.1ubuntu1) wily; urgency=medium
sysvinit (2.88dsf-59.1) unstable; urgency=medium
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
sysvinit (2.88dsf-59) unstable; urgency=medium
sysvinit (2.88dsf-58) unstable; urgency=low
sysvinit (2.88dsf-57) unstable; urgency=low`,
},
[]DetectedCveID{
{"CVE-2015-2325", models.ChangelogExactMatch},
{"CVE-2015-2326", models.ChangelogExactMatch},
{"CVE-2015-3210", models.ChangelogExactMatch},
},
models.Changelog{
Contents: `sysvinit (2.88dsf-59.3ubuntu1) xenial; urgency=low
sysvinit (2.88dsf-59.3) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: heap buffer overflow in pcre_compile2() /`,
Method: models.ChangelogExactMatchStr,
},
},
{
//3 1:ver-ubuntu3
[]string{
"bsdutils",
"1:2.27.1-1ubuntu3",
`util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
util-linux (2.27.1-3) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: CVE-2016-1000000heap buffer overflow in pcre_compile2() /
util-linux (2.27.1-2) unstable; urgency=medium
util-linux (2.27.1-1ubuntu4) xenial; urgency=medium
util-linux (2.27.1-1ubuntu3) xenial; urgency=medium
util-linux (2.27.1-1ubuntu2) xenial; urgency=medium
util-linux (2.27.1-1ubuntu1) xenial; urgency=medium
util-linux (2.27.1-1) unstable; urgency=medium
util-linux (2.27-3ubuntu1) xenial; urgency=medium`,
},
[]DetectedCveID{
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
},
models.Changelog{
// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
// util-linux (2.27.1-3) unstable; urgency=medium
// CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
// CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
// CVE-2015-3210: CVE-2016-1000000heap buffer overflow in pcre_compile2() /
// util-linux (2.27.1-2) unstable; urgency=medium
// util-linux (2.27.1-1ubuntu4) xenial; urgency=medium
// util-linux (2.27.1-1ubuntu3) xenial; urgency=medium`,
Method: models.ChangelogExactMatchStr,
},
},
{
//4 1:ver-ubuntu3
[]string{
"bsdutils",
"1:2.27-3ubuntu3",
`util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
util-linux (2.27.1-3) unstable; urgency=medium
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
CVE-2015-3210: CVE-2016-1000000heap buffer overflow in pcre_compile2() /
util-linux (2.27.1-2) unstable; urgency=medium
util-linux (2.27.1-1ubuntu4) xenial; urgency=medium
util-linux (2.27.1-1ubuntu3) xenial; urgency=medium
util-linux (2.27.1-1ubuntu2) xenial; urgency=medium
util-linux (2.27.1-1ubuntu1) xenial; urgency=medium
util-linux (2.27.1-1) unstable; urgency=medium
util-linux (2.27-3) xenial; urgency=medium`,
},
[]DetectedCveID{
// {"CVE-2015-2325", models.ChangelogLenientMatch},
// {"CVE-2015-2326", models.ChangelogLenientMatch},
// {"CVE-2015-3210", models.ChangelogLenientMatch},
// {"CVE-2016-1000000", models.ChangelogLenientMatch},
},
models.Changelog{
// Contents: `util-linux (2.27.1-3ubuntu1) xenial; urgency=medium
// util-linux (2.27.1-3) unstable; urgency=medium
// CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
// CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
// CVE-2015-3210: CVE-2016-1000000heap buffer overflow in pcre_compile2() /
// util-linux (2.27.1-2) unstable; urgency=medium
// util-linux (2.27.1-1ubuntu4) xenial; urgency=medium
// util-linux (2.27.1-1ubuntu3) xenial; urgency=medium
// util-linux (2.27.1-1ubuntu2) xenial; urgency=medium
// util-linux (2.27.1-1ubuntu1) xenial; urgency=medium
// util-linux (2.27.1-1) unstable; urgency=medium`,
Method: models.ChangelogExactMatchStr,
},
},
{
//5 https://github.com/future-architect/vuls/pull/350
[]string{
"tar",
"1.27.1-2+b1",
`tar (1.27.1-2+deb8u1) jessie-security; urgency=high
* CVE-2016-6321: Bypassing the extract path name.
tar (1.27.1-2) unstable; urgency=low`,
},
[]DetectedCveID{
{"CVE-2016-6321", models.ChangelogExactMatch},
},
models.Changelog{
Contents: `tar (1.27.1-2+deb8u1) jessie-security; urgency=high
* CVE-2016-6321: Bypassing the extract path name.`,
Method: models.ChangelogExactMatchStr,
},
},
}
d := newDebian(config.ServerInfo{})
d.Distro.Family = "ubuntu"
for i, tt := range tests {
aCveIDs, aPack := d.getCveIDsFromChangelog(tt.in[2], tt.in[0], tt.in[1])
if len(aCveIDs) != len(tt.cveIDs) {
t.Errorf("[%d] Len of return array are'nt same. expected %#v, actual %#v", i, tt.cveIDs, aCveIDs)
t.Errorf(pp.Sprintf("%s", tt.in))
continue
}
for j := range tt.cveIDs {
if !reflect.DeepEqual(tt.cveIDs[j], aCveIDs[j]) {
t.Errorf("[%d] expected %v, actual %v", i, tt.cveIDs[j], aCveIDs[j])
}
}
if aPack.Changelog.Contents != tt.changelog.Contents {
t.Error(pp.Sprintf("[%d] expected: %s, actual: %s", i, tt.changelog.Contents, aPack.Changelog.Contents))
}
if aPack.Changelog.Method != tt.changelog.Method {
t.Error(pp.Sprintf("[%d] expected: %s, actual: %s", i, tt.changelog.Method, aPack.Changelog.Method))
}
}
}
func TestGetUpdatablePackNames(t *testing.T) {
var tests = []struct {
in string
expected []string
}{
{ // Ubuntu 12.04
`Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
apt ca-certificates cpio dpkg e2fslibs e2fsprogs gnupg gpgv libc-bin libc6 libcomerr2 libpcre3
libpng12-0 libss2 libssl1.0.0 libudev0 multiarch-support openssl tzdata udev upstart
21 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.`,
[]string{
"apt",
"ca-certificates",
"cpio",
"dpkg",
"e2fslibs",
"e2fsprogs",
"gnupg",
"gpgv",
"libc-bin",
"libc6",
"libcomerr2",
"libpcre3",
"libpng12-0",
"libss2",
"libssl1.0.0",
"libudev0",
"multiarch-support",
"openssl",
"tzdata",
"udev",
"upstart",
},
},
{ // Ubuntu 14.04
`Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
apt apt-utils base-files bsdutils coreutils cpio dh-python dpkg e2fslibs
e2fsprogs gcc-4.8-base gcc-4.9-base gnupg gpgv ifupdown initscripts iproute2
isc-dhcp-client isc-dhcp-common libapt-inst1.5 libapt-pkg4.12 libblkid1
libc-bin libc6 libcgmanager0 libcomerr2 libdrm2 libexpat1 libffi6 libgcc1
libgcrypt11 libgnutls-openssl27 libgnutls26 libmount1 libpcre3 libpng12-0
libpython3.4-minimal libpython3.4-stdlib libsqlite3-0 libss2 libssl1.0.0
libstdc++6 libtasn1-6 libudev1 libuuid1 login mount multiarch-support
ntpdate passwd python3.4 python3.4-minimal rsyslog sudo sysv-rc
sysvinit-utils tzdata udev util-linux
59 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
`,
[]string{
"apt",
"apt-utils",
"base-files",
"bsdutils",
"coreutils",
"cpio",
"dh-python",
"dpkg",
"e2fslibs",
"e2fsprogs",
"gcc-4.8-base",
"gcc-4.9-base",
"gnupg",
"gpgv",
"ifupdown",
"initscripts",
"iproute2",
"isc-dhcp-client",
"isc-dhcp-common",
"libapt-inst1.5",
"libapt-pkg4.12",
"libblkid1",
"libc-bin",
"libc6",
"libcgmanager0",
"libcomerr2",
"libdrm2",
"libexpat1",
"libffi6",
"libgcc1",
"libgcrypt11",
"libgnutls-openssl27",
"libgnutls26",
"libmount1",
"libpcre3",
"libpng12-0",
"libpython3.4-minimal",
"libpython3.4-stdlib",
"libsqlite3-0",
"libss2",
"libssl1.0.0",
"libstdc++6",
"libtasn1-6",
"libudev1",
"libuuid1",
"login",
"mount",
"multiarch-support",
"ntpdate",
"passwd",
"python3.4",
"python3.4-minimal",
"rsyslog",
"sudo",
"sysv-rc",
"sysvinit-utils",
"tzdata",
"udev",
"util-linux",
},
},
{
//Ubuntu12.04
`Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.`,
[]string{},
},
{
//Ubuntu14.04
`Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.`,
[]string{},
},
}
d := newDebian(config.ServerInfo{})
for _, tt := range tests {
actual, err := d.parseAptGetUpgrade(tt.in)
if err != nil {
t.Errorf("Returning error is unexpected")
}
if len(tt.expected) != len(actual) {
t.Errorf("Result length is not as same as expected. expected: %d, actual: %d", len(tt.expected), len(actual))
pp.Println(tt.expected)
pp.Println(actual)
return
}
for i := range tt.expected {
if tt.expected[i] != actual[i] {
t.Errorf("[%d] expected %s, actual %s", i, tt.expected[i], actual[i])
}
}
}
}
func TestGetChangelogCache(t *testing.T) {
const servername = "server1"
pack := models.Package{
Name: "apt",
Version: "1.0.0",
NewVersion: "1.0.1",
}
var meta = cache.Meta{
Name: servername,
Distro: config.Distro{
Family: "ubuntu",
Release: "16.04",
},
Packs: models.Packages{
"apt": pack,
},
}
const path = "/tmp/vuls-test-cache-11111111.db"
log := logrus.NewEntry(&logrus.Logger{})
if err := cache.SetupBolt(path, log); err != nil {
t.Errorf("Failed to setup bolt: %s", err)
}
defer os.Remove(path)
if err := cache.DB.EnsureBuckets(meta); err != nil {
t.Errorf("Failed to ensure buckets: %s", err)
}
d := newDebian(config.ServerInfo{})
actual := d.getChangelogCache(&meta, pack)
if actual != "" {
t.Errorf("Failed to get empty stirng from cache:")
}
clog := "changelog-text"
if err := cache.DB.PutChangelog(servername, "apt", clog); err != nil {
t.Errorf("Failed to put changelog: %s", err)
}
actual = d.getChangelogCache(&meta, pack)
if actual != clog {
t.Errorf("Failed to get changelog from cache: %s", actual)
}
// increment a version of the pack
pack.NewVersion = "1.0.2"
actual = d.getChangelogCache(&meta, pack)
if actual != "" {
t.Errorf("The changelog is not invalidated: %s", actual)
}
// change a name of the pack
pack.Name = "bash"
actual = d.getChangelogCache(&meta, pack)
if actual != "" {
t.Errorf("The changelog is not invalidated: %s", actual)
}
}
func TestSplitAptCachePolicy(t *testing.T) {
var tests = []struct {
stdout string
expected map[string]string
}{
// This function parse apt-cache policy by using Regexp multi-line mode.
// So, test data includes "\r\n"
{
"apt:\r\n Installed: 1.2.6\r\n Candidate: 1.2.12~ubuntu16.04.1\r\n Version table:\r\n 1.2.12~ubuntu16.04.1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 1.2.10ubuntu1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 1.2.6 100\r\n 100 /var/lib/dpkg/status\r\napt-utils:\r\n Installed: 1.2.6\r\n Candidate: 1.2.12~ubuntu16.04.1\r\n Version table:\r\n 1.2.12~ubuntu16.04.1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 1.2.10ubuntu1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 1.2.6 100\r\n 100 /var/lib/dpkg/status\r\nbase-files:\r\n Installed: 9.4ubuntu3\r\n Candidate: 9.4ubuntu4.2\r\n Version table:\r\n 9.4ubuntu4.2 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 9.4ubuntu4 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 9.4ubuntu3 100\r\n 100 /var/lib/dpkg/status\r\n",
map[string]string{
"apt": "apt:\r\n Installed: 1.2.6\r\n Candidate: 1.2.12~ubuntu16.04.1\r\n Version table:\r\n 1.2.12~ubuntu16.04.1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 1.2.10ubuntu1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 1.2.6 100\r\n 100 /var/lib/dpkg/status\r\n",
"apt-utils": "apt-utils:\r\n Installed: 1.2.6\r\n Candidate: 1.2.12~ubuntu16.04.1\r\n Version table:\r\n 1.2.12~ubuntu16.04.1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 1.2.10ubuntu1 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 1.2.6 100\r\n 100 /var/lib/dpkg/status\r\n",
"base-files": "base-files:\r\n Installed: 9.4ubuntu3\r\n Candidate: 9.4ubuntu4.2\r\n Version table:\r\n 9.4ubuntu4.2 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages\r\n 9.4ubuntu4 500\r\n 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages\r\n *** 9.4ubuntu3 100\r\n 100 /var/lib/dpkg/status\r\n",
},
},
}
d := newDebian(config.ServerInfo{})
for _, tt := range tests {
actual := d.splitAptCachePolicy(tt.stdout)
if !reflect.DeepEqual(tt.expected, actual) {
e := pp.Sprintf("%v", tt.expected)
a := pp.Sprintf("%v", actual)
t.Errorf("expected %s, actual %s", e, a)
}
}
}
func TestParseAptCachePolicy(t *testing.T) {
var tests = []struct {
stdout string
name string
expected packCandidateVer
}{
{
// Ubuntu 16.04
`openssl:
Installed: 1.0.2f-2ubuntu1
Candidate: 1.0.2g-1ubuntu2
Version table:
1.0.2g-1ubuntu2 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
*** 1.0.2f-2ubuntu1 100
100 /var/lib/dpkg/status`,
"openssl",
packCandidateVer{
Name: "openssl",
Installed: "1.0.2f-2ubuntu1",
Candidate: "1.0.2g-1ubuntu2",
},
},
{
// Ubuntu 14.04
`openssl:
Installed: 1.0.1f-1ubuntu2.16
Candidate: 1.0.1f-1ubuntu2.17
Version table:
1.0.1f-1ubuntu2.17 0
500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
*** 1.0.1f-1ubuntu2.16 0
100 /var/lib/dpkg/status
1.0.1f-1ubuntu2 0
500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages`,
"openssl",
packCandidateVer{
Name: "openssl",
Installed: "1.0.1f-1ubuntu2.16",
Candidate: "1.0.1f-1ubuntu2.17",
},
},
{
// Ubuntu 12.04
`openssl:
Installed: 1.0.1-4ubuntu5.33
Candidate: 1.0.1-4ubuntu5.34
Version table:
1.0.1-4ubuntu5.34 0
500 http://archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
*** 1.0.1-4ubuntu5.33 0
100 /var/lib/dpkg/status
1.0.1-4ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages`,
"openssl",
packCandidateVer{
Name: "openssl",
Installed: "1.0.1-4ubuntu5.33",
Candidate: "1.0.1-4ubuntu5.34",
},
},
}
d := newDebian(config.ServerInfo{})
for _, tt := range tests {
actual, err := d.parseAptCachePolicy(tt.stdout, tt.name)
if err != nil {
t.Errorf("Error has occurred: %s, actual: %#v", err, actual)
}
if !reflect.DeepEqual(tt.expected, actual) {
e := pp.Sprintf("%v", tt.expected)
a := pp.Sprintf("%v", actual)
t.Errorf("expected %s, actual %s", e, a)
}
}
}
func TestParseCheckRestart(t *testing.T) {
r := newDebian(config.ServerInfo{})
r.Distro = config.Distro{Family: "debian"}
var tests = []struct {
in string
out models.Packages
unknownServices []string
}{
{
in: `Found 27 processes using old versions of upgraded files
(19 distinct programs)
(15 distinct packages)
Of these, 14 seem to contain systemd service definitions or init scripts which can be used to restart them.
The following packages seem to have definitions that could be used
to restart their services:
varnish:
3490 /usr/sbin/varnishd
3704 /usr/sbin/varnishd
memcached:
3636 /usr/bin/memcached
openssh-server:
1252 /usr/sbin/sshd
1184 /usr/sbin/sshd
accountsservice:
462 /usr/lib/accountsservice/accounts-daemon
These are the systemd services:
systemctl restart accounts-daemon.service
These are the initd scripts:
service varnish restart
service memcached restart
service ssh restart
These processes (1) do not seem to have an associated init script to restart them:
util-linux:
3650 /sbin/agetty
3648 /sbin/agetty`,
out: models.NewPackages(
models.Package{
Name: "varnish",
NeedRestartProcs: []models.NeedRestartProcess{
{
PID: "3490",
Path: "/usr/sbin/varnishd",
ServiceName: "varnish",
HasInit: true,
},
{
PID: "3704",
Path: "/usr/sbin/varnishd",
ServiceName: "varnish",
HasInit: true,
},
},
},
models.Package{
Name: "memcached",
NeedRestartProcs: []models.NeedRestartProcess{
{
PID: "3636",
Path: "/usr/bin/memcached",
ServiceName: "memcached",
HasInit: true,
},
},
},
models.Package{
Name: "openssh-server",
NeedRestartProcs: []models.NeedRestartProcess{
{
PID: "1252",
Path: "/usr/sbin/sshd",
ServiceName: "",
HasInit: true,
},
{
PID: "1184",
Path: "/usr/sbin/sshd",
ServiceName: "",
HasInit: true,
},
},
},
models.Package{
Name: "accountsservice",
NeedRestartProcs: []models.NeedRestartProcess{
{
PID: "462",
Path: "/usr/lib/accountsservice/accounts-daemon",
ServiceName: "",
HasInit: true,
},
},
},
models.Package{
Name: "util-linux",
NeedRestartProcs: []models.NeedRestartProcess{
{
PID: "3650",
Path: "/sbin/agetty",
HasInit: false,
},
{
PID: "3648",
Path: "/sbin/agetty",
HasInit: false,
},
},
},
),
unknownServices: []string{"ssh"},
},
{
in: `Found 0 processes using old versions of upgraded files`,
out: models.Packages{},
unknownServices: []string{},
},
}
for _, tt := range tests {
packages, services := r.parseCheckRestart(tt.in)
for name, ePack := range tt.out {
if !reflect.DeepEqual(ePack, packages[name]) {
e := pp.Sprintf("%v", ePack)
a := pp.Sprintf("%v", packages[name])
t.Errorf("expected %s, actual %s", e, a)
}
}
if !reflect.DeepEqual(tt.unknownServices, services) {
t.Errorf("expected %s, actual %s", tt.unknownServices, services)
}
}
}
Reference in New Issue View Git Blame Copy Permalink