test: failing test for nvd vs secdb fix in alpine

Signed-off-by: Will Murphy <[email protected]>
anchore · Oct 4, 2024 · 7f57b42 · 7f57b42
1 parent 100c124
commit 7f57b42
Showing 1 changed file with 79 additions and 0 deletions.
diff --git a/grype/matcher/apk/matcher_test.go b/grype/matcher/apk/matcher_test.go
@@ -372,6 +372,85 @@ func TestNvdOnlyMatches(t *testing.T) {
 	assertMatches(t, expected, actual)
 }
 
+func TestNvdOnlyMatches_FixInNvd(t *testing.T) {
+	nvdVuln := grypeDB.Vulnerability{
+		ID:                "CVE-2020-1",
+		VersionConstraint: "< 0.9.11",
+		VersionFormat:     "unknown",
+		CPEs:              []string{`cpe:2.3:a:lib_vnc_project-\(server\):libvncserver:*:*:*:*:*:*:*:*`},
+		Namespace:         "nvd:cpe",
+		Fix: grypeDB.Fix{
+			Versions: []string{"0.9.12"},
+			State:    grypeDB.FixedState,
+		},
+	}
+	store := mockStore{
+		backend: map[string]map[string][]grypeDB.Vulnerability{
+			"nvd:cpe": {
+				"libvncserver": []grypeDB.Vulnerability{nvdVuln},
+			},
+		},
+	}
+
+	provider, err := db.NewVulnerabilityProvider(&store)
+	require.NoError(t, err)
+
+	m := Matcher{}
+	d, err := distro.New(distro.Alpine, "3.12.0", "")
+	if err != nil {
+		t.Fatalf("failed to create a new distro: %+v", err)
+	}
+	p := pkg.Package{
+		ID:      pkg.ID(uuid.NewString()),
+		Name:    "libvncserver",
+		Version: "0.9.9",
+		Type:    syftPkg.ApkPkg,
+		CPEs: []cpe.CPE{
+			cpe.Must("cpe:2.3:a:*:libvncserver:0.9.9:*:*:*:*:*:*:*", ""),
+		},
+	}
+
+	vulnFound, err := vulnerability.NewVulnerability(nvdVuln)
+	assert.NoError(t, err)
+	vulnFound.CPEs = []cpe.CPE{cpe.Must(nvdVuln.CPEs[0], "")}
+	// Important: for alpine matcher, fix version can come from secDB but _not_ from
+	// NVD data.
+	vulnFound.Fix = vulnerability.Fix{}
+
+	expected := []match.Match{
+		{
+
+			Vulnerability: *vulnFound,
+			Package:       p,
+			Details: []match.Detail{
+				{
+					Type:       match.CPEMatch,
+					Confidence: 0.9,
+					SearchedBy: search.CPEParameters{
+						CPEs:      []string{"cpe:2.3:a:*:libvncserver:0.9.9:*:*:*:*:*:*:*"},
+						Namespace: "nvd:cpe",
+						Package: search.CPEPackageParameter{
+							Name:    "libvncserver",
+							Version: "0.9.9",
+						},
+					},
+					Found: search.CPEResult{
+						CPEs:              []string{vulnFound.CPEs[0].Attributes.BindToFmtString()},
+						VersionConstraint: vulnFound.Constraint.String(),
+						VulnerabilityID:   "CVE-2020-1",
+					},
+					Matcher: match.ApkMatcher,
+				},
+			},
+		},
+	}
+
+	actual, err := m.Match(provider, d, p)
+	assert.NoError(t, err)
+
+	assertMatches(t, expected, actual)
+}
+
 func TestNvdMatchesProperVersionFiltering(t *testing.T) {
 	nvdVulnMatch := grypeDB.Vulnerability{
 		ID:                "CVE-2020-1",