Skip to content

Commit

Permalink
test: use test file with different arches for src pkgs
Browse files Browse the repository at this point in the history
  • Loading branch information
@DmitriyLewen
DmitriyLewen committed Jul 31, 2024
1 parent eee8cdb commit 751c88d
Show file tree
Hide file tree
Showing 3 changed files with 304 additions and 517 deletions.
51 changes: 39 additions & 12 deletions pkg/vulnsrc/openeuler/openeuler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func TestVulnSrc_Update(t *testing.T) {
{
Key: []string{
"data-source",
"openEuler-22.03-LTS-SP2",
"openEuler-20.03-LTS",
},
Value: types.DataSource{
ID: vulnerability.OpenEuler,
Expand All @@ -44,39 +44,66 @@ func TestVulnSrc_Update(t *testing.T) {
{
Key: []string{
"advisory-detail",
"openEuler-SA-2024-1349",
"openEuler-22.03-LTS-SP2",
"kernel",
"openEuler-SA-2021-1061",
"openEuler-20.03-LTS",
"openjpeg",
},
Value: types.Advisory{
FixedVersion: "5.10.0-153.48.0.126",
FixedVersion: "1.5.1-25",
Arches: []string{
"aarch64",
"noarch",
"x86_64",
},
},
},
{
Key: []string{
"data-source",
"openEuler-20.03-LTS-SP1",
},
Value: types.DataSource{
ID: vulnerability.OpenEuler,
Name: "openEuler CVRF",
URL: "https://repo.openeuler.org/security/data/cvrf",
},
},
{
Key: []string{
"advisory-detail",
"openEuler-SA-2021-1061",
"openEuler-20.03-LTS-SP1",
"openjpeg",
},
Value: types.Advisory{
FixedVersion: "1.5.1-25",
Arches: []string{
"noarch",
"x86_64",
},
},
},
{
Key: []string{
"vulnerability-detail",
"openEuler-SA-2024-1349",
"openEuler-SA-2021-1061",
"openeuler",
},
Value: types.VulnerabilityDetail{
Title: "An update for kernel is now available for openEuler-22.03-LTS-SP2",
Description: "The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel...",
Title: "An update for openjpeg is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1",
Description: "\n\nSecurity Fix(es):\n\nHeap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2...",
References: []string{
"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1349",
"https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-52604",
"https://nvd.nist.gov/vuln/detail/CVE-2023-52604",
"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1061",
"https://openeuler.org/en/security/cve/detail.html?id=CVE-2014-0158",
"https://nvd.nist.gov/vuln/detail/CVE-2014-0158",
},
Severity: types.SeverityHigh,
},
},
{
Key: []string{
"vulnerability-id",
"openEuler-SA-2024-1349",
"openEuler-SA-2021-1061",
},
Value: map[string]interface{}{},
},
Expand Down
265 changes: 265 additions & 0 deletions pkg/vulnsrc/openeuler/testdata/happy/vuln-list/openeuler/openEuler-SA-2021-1061.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
{
"Title": "An update for openjpeg is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1",
"Type": "Security Advisory",
"Publisher": {
"ContactDetails": "[email protected]",
"IssuingAuthority": "openEuler security committee"
},
"Tracking": {
"ID": "openEuler-SA-2021-1061",
"Status": "Final",
"Version": "1.0",
"InitialReleaseDate": "2021-03-05",
"CurrentReleaseDate": "2021-03-05",
"Generator": {
"Engine": "openEuler SA Tool V1.0",
"Date": "2021-03-05"
},
"RevisionHistory": [
{
"Number": "1.0",
"Date": "2021-03-05",
"Description": "Initial"
}
]
},
"Notes": [
{
"Text": "openjpeg security update",
"Title": "Synopsis",
"Type": "General"
},
{
"Text": "An update for openjpeg is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.",
"Title": "Summary",
"Type": "General"
},
{
"Text": "\n\nSecurity Fix(es):\n\nHeap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2...",
"Title": "Description",
"Type": "General"
},
{
"Text": "An update for openjpeg is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
"Title": "Topic",
"Type": "General"
},
{
"Text": "High",
"Title": "Severity",
"Type": "General"
},
{
"Text": "openjpeg",
"Title": "Affected Component",
"Type": "General"
}
],
"ProductTree": {
"Branches": [
{
"Type": "Product Name",
"Name": "openEuler",
"Productions": [
{
"ProductID": "openEuler-20.03-LTS",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openEuler-20.03-LTS"
},
{
"ProductID": "openEuler-20.03-LTS-SP1",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openEuler-20.03-LTS-SP1"
}
]
},
{
"Type": "Package Arch",
"Name": "aarch64",
"Productions": [
{
"ProductID": "openjpeg-debugsource-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debugsource-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-devel-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-devel-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-libs-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-libs-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-debuginfo-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debuginfo-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-debugsource-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debugsource-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-devel-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-devel-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-libs-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-libs-1.5.1-25.oe1.aarch64.rpm"
},
{
"ProductID": "openjpeg-debuginfo-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debuginfo-1.5.1-25.oe1.aarch64.rpm"
}
]
},
{
"Type": "Package Arch",
"Name": "noarch",
"Productions": [
{
"ProductID": "openjpeg-help-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-help-1.5.1-25.oe1.noarch.rpm"
},
{
"ProductID": "openjpeg-help-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-help-1.5.1-25.oe1.noarch.rpm"
}
]
},
{
"Type": "Package Arch",
"Name": "src",
"Productions": [
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-1.5.1-25.oe1.src.rpm"
},
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-1.5.1-25.oe1.src.rpm"
}
]
},
{
"Type": "Package Arch",
"Name": "x86_64",
"Productions": [
{
"ProductID": "openjpeg-devel-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-devel-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-debugsource-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debugsource-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-debuginfo-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-debuginfo-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-libs-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS",
"Text": "openjpeg-libs-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-devel-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-devel-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-debugsource-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-debugsource-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-debuginfo-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-debuginfo-1.5.1-25.oe1.x86_64.rpm"
},
{
"ProductID": "openjpeg-libs-1.5.1-25",
"CPE": "cpe:/a:openEuler:openEuler:20.03-LTS-SP1",
"Text": "openjpeg-libs-1.5.1-25.oe1.x86_64.rpm"
}
]
}
]
},
"References": [
{
"URL": "https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1061"
},
{
"URL": "https://openeuler.org/en/security/cve/detail.html?id=CVE-2014-0158"
},
{
"URL": "https://nvd.nist.gov/vuln/detail/CVE-2014-0158"
}
],
"Vulnerabilities": [
{
"CVE": "CVE-2014-0158",
"Note": "Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only \"null pointer dereferences, division by zero, and anything that would just fit as DoS.\"",
"ReleaseDate": "2021-03-05",
"Threats": [
{
"Type": "Impact",
"Severity": "High"
}
],
"ProductStatuses": [
{
"Type": "Fixed",
"ProductID": [
"openEuler-20.03-LTS",
"openEuler-20.03-LTS-SP1"
]
}
],
"CVSSScoreSets": {
"BaseScore": "8.8",
"Vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"Remediations": {
"Type": "Vendor Fix",
"Description": "openjpeg security update",
"Date": "2021-03-05",
"URL": "https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1061"
}
}
]
}
Loading

0 comments on commit 751c88d

Please sign in to comment.