mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-12-24 19:38:31 +00:00
142 lines
8.6 KiB
Go
142 lines
8.6 KiB
Go
|
// Copyright (c) All respective contributors to the Peridot Project. All rights reserved.
|
||
|
// Copyright (c) 2021-2022 Rocky Enterprise Software Foundation, Inc. All rights reserved.
|
||
|
// Copyright (c) 2021-2022 Ctrl IQ, Inc. All rights reserved.
|
||
|
//
|
||
|
// Redistribution and use in source and binary forms, with or without
|
||
|
// modification, are permitted provided that the following conditions are met:
|
||
|
//
|
||
|
// 1. Redistributions of source code must retain the above copyright notice,
|
||
|
// this list of conditions and the following disclaimer.
|
||
|
//
|
||
|
// 2. Redistributions in binary form must reproduce the above copyright notice,
|
||
|
// this list of conditions and the following disclaimer in the documentation
|
||
|
// and/or other materials provided with the distribution.
|
||
|
//
|
||
|
// 3. Neither the name of the copyright holder nor the names of its contributors
|
||
|
// may be used to endorse or promote products derived from this software without
|
||
|
// specific prior written permission.
|
||
|
//
|
||
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||
|
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
||
|
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
// POSSIBILITY OF SUCH DAMAGE.
|
||
|
|
||
|
package rherrata
|
||
|
|
||
|
import (
|
||
|
"github.com/stretchr/testify/require"
|
||
|
"io/ioutil"
|
||
|
secparsepb "peridot.resf.org/secparse/proto/v1"
|
||
|
"testing"
|
||
|
)
|
||
|
|
||
|
func newInstance() *MockInstance {
|
||
|
return NewMock()
|
||
|
}
|
||
|
|
||
|
func TestRHBA20212759(t *testing.T) {
|
||
|
mock := newInstance()
|
||
|
|
||
|
htmlFile, err := ioutil.ReadFile("testdata/RHBA-2021-2759.html")
|
||
|
require.Nil(t, err)
|
||
|
|
||
|
mock.HTMLResponses["RHBA-2021:2759"] = string(htmlFile[:])
|
||
|
|
||
|
errata, err := mock.API.GetErrata("RHBA-2021:2759")
|
||
|
require.Nil(t, err)
|
||
|
|
||
|
require.Equal(t, "firefox bugfix update", errata.Synopsis)
|
||
|
require.Equal(t, secparsepb.Advisory_BugFix, errata.Type)
|
||
|
require.Len(t, errata.Topic, 1)
|
||
|
require.Equal(t, "An update for firefox is now available for Red Hat Enterprise Linux 8.", errata.Topic[0])
|
||
|
require.Len(t, errata.Description, 3)
|
||
|
require.Equal(t, "Mozilla Firefox is an open-source web browser, designed for standards", errata.Description[0])
|
||
|
require.Equal(t, "compliance, performance, and portability.", errata.Description[1])
|
||
|
require.Equal(t, "This update upgrades Firefox to version 78.12.0 ESR.", errata.Description[2])
|
||
|
require.Len(t, errata.AffectedProducts, 12)
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - AUS 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for IBM z Systems 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for Power, little endian 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - TUS 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for ARM 64 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4"])
|
||
|
|
||
|
x86 := errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 8"]
|
||
|
require.Len(t, x86.SRPMs, 1)
|
||
|
require.Equal(t, "firefox-78.12.0-2.el8_4.src.rpm", x86.SRPMs[0])
|
||
|
require.Len(t, x86.Packages[ArchX8664], 3)
|
||
|
require.Equal(t, "firefox-78.12.0-2.el8_4.x86_64.rpm", x86.Packages[ArchX8664][0])
|
||
|
require.Equal(t, "firefox-debuginfo-78.12.0-2.el8_4.x86_64.rpm", x86.Packages[ArchX8664][1])
|
||
|
require.Equal(t, "firefox-debugsource-78.12.0-2.el8_4.x86_64.rpm", x86.Packages[ArchX8664][2])
|
||
|
}
|
||
|
|
||
|
func TestRHBA20212743(t *testing.T) {
|
||
|
mock := newInstance()
|
||
|
|
||
|
htmlFile, err := ioutil.ReadFile("testdata/RHSA-2021-2743.html")
|
||
|
require.Nil(t, err)
|
||
|
|
||
|
mock.HTMLResponses["RHSA-2021:2743"] = string(htmlFile[:])
|
||
|
|
||
|
errata, err := mock.API.GetErrata("RHSA-2021:2743")
|
||
|
require.Nil(t, err)
|
||
|
|
||
|
require.Equal(t, "Important: firefox security update", errata.Synopsis)
|
||
|
require.Equal(t, secparsepb.Advisory_Security, errata.Type)
|
||
|
require.Equal(t, secparsepb.Advisory_Important, errata.Severity)
|
||
|
require.Len(t, errata.Topic, 2)
|
||
|
require.Equal(t, "An update for firefox is now available for Red Hat Enterprise Linux 8.", errata.Topic[0])
|
||
|
require.Equal(t, "Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", errata.Topic[1])
|
||
|
require.Len(t, errata.Description, 3)
|
||
|
require.Equal(t, "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.", errata.Description[0])
|
||
|
require.Equal(t, "This update upgrades Firefox to version 78.12.0 ESR.", errata.Description[1])
|
||
|
require.Equal(t, "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", errata.Description[2])
|
||
|
require.Len(t, errata.AffectedProducts, 12)
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - AUS 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for IBM z Systems 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for Power, little endian 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - TUS 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for ARM 64 8"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4"])
|
||
|
require.NotNil(t, errata.AffectedProducts["Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4"])
|
||
|
require.Len(t, errata.Fixes, 3)
|
||
|
require.Equal(t, "1970109", errata.Fixes[0].BugzillaID)
|
||
|
require.Equal(t, "CVE-2021-30547 chromium-browser: Out of bounds write in ANGLE", errata.Fixes[0].Description)
|
||
|
require.Equal(t, "1982013", errata.Fixes[1].BugzillaID)
|
||
|
require.Equal(t, "CVE-2021-29970 Mozilla: Use-after-free in accessibility features of a document", errata.Fixes[1].Description)
|
||
|
require.Equal(t, "1982014", errata.Fixes[2].BugzillaID)
|
||
|
require.Equal(t, "CVE-2021-29976 Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12", errata.Fixes[2].Description)
|
||
|
require.Len(t, errata.CVEs, 3)
|
||
|
require.Equal(t, "CVE-2021-29970", errata.CVEs[0])
|
||
|
require.Equal(t, "CVE-2021-29976", errata.CVEs[1])
|
||
|
require.Equal(t, "CVE-2021-30547", errata.CVEs[2])
|
||
|
require.Len(t, errata.References, 1)
|
||
|
require.Equal(t, "https://access.redhat.com/security/updates/classification/#important", errata.References[0])
|
||
|
|
||
|
x86 := errata.AffectedProducts["Red Hat Enterprise Linux for x86_64 8"]
|
||
|
require.Len(t, x86.SRPMs, 1)
|
||
|
require.Equal(t, "firefox-78.12.0-1.el8_4.src.rpm", x86.SRPMs[0])
|
||
|
require.Len(t, x86.Packages[ArchX8664], 3)
|
||
|
require.Equal(t, "firefox-78.12.0-1.el8_4.x86_64.rpm", x86.Packages[ArchX8664][0])
|
||
|
require.Equal(t, "firefox-debuginfo-78.12.0-1.el8_4.x86_64.rpm", x86.Packages[ArchX8664][1])
|
||
|
require.Equal(t, "firefox-debugsource-78.12.0-1.el8_4.x86_64.rpm", x86.Packages[ArchX8664][2])
|
||
|
}
|