diff --git a/integration/registry_test.go b/integration/registry_test.go index 9a2570062e56..3831ea9a280e 100644 --- a/integration/registry_test.go +++ b/integration/registry_test.go @@ -10,7 +10,6 @@ import ( "crypto/x509" "encoding/json" "fmt" - "github.com/aquasecurity/trivy/pkg/types" "io" "net/http" "net/url" @@ -18,6 +17,8 @@ import ( "path/filepath" "testing" + "github.com/aquasecurity/trivy/pkg/types" + dockercontainer "github.com/docker/docker/api/types/container" "github.com/docker/go-connections/nat" "github.com/google/go-containerregistry/pkg/authn" @@ -152,32 +153,59 @@ func TestRegistry(t *testing.T) { name string imageName string imageFile string + os string option registryOption golden string wantErr string }{ { - name: "happy path with username/password", + name: "authenticate with username/password", imageName: "alpine:3.10", imageFile: "testdata/fixtures/images/alpine-310.tar.gz", + os: "alpine 3.10.2", option: registryOption{ AuthURL: authURL, Username: authUsername, Password: authPassword, }, - golden: "testdata/alpine-310-registry.json.golden", + golden: "testdata/alpine-310.json.golden", }, { - name: "happy path with registry token", + name: "authenticate with registry token", imageName: "alpine:3.10", imageFile: "testdata/fixtures/images/alpine-310.tar.gz", + os: "alpine 3.10.2", option: registryOption{ AuthURL: authURL, Username: authUsername, Password: authPassword, RegistryToken: true, }, - golden: "testdata/alpine-310-registry.json.golden", + golden: "testdata/alpine-310.json.golden", + }, + { + name: "amazonlinux 2", + imageName: "amazonlinux:2", + imageFile: "testdata/fixtures/images/amazon-2.tar.gz", + os: "amazon 2 (Karoo)", + option: registryOption{ + AuthURL: authURL, + Username: authUsername, + Password: authPassword, + }, + golden: "testdata/amazon-2.json.golden", + }, + { + name: "debian buster", + imageName: "debian:buster", + imageFile: "testdata/fixtures/images/debian-buster.tar.gz", + os: "debian 10.1", + option: registryOption{ + AuthURL: authURL, + Username: authUsername, + Password: authPassword, + }, + golden: "testdata/debian-buster.json.golden", }, { name: "sad path", @@ -187,25 +215,25 @@ func TestRegistry(t *testing.T) { }, } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - s := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName) + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + s := fmt.Sprintf("%s/%s", registryURL.Host, tt.imageName) imageRef, err := name.ParseReference(s) require.NoError(t, err) // Load a test image from the tar file, tag it and push to the test registry. - err = replicateImage(imageRef, tc.imageFile, auth) + err = replicateImage(imageRef, tt.imageFile, auth) require.NoError(t, err) - osArgs, err := scan(t, imageRef, baseDir, tc.golden, tc.option) + osArgs, err := scan(t, imageRef, baseDir, tt.option) // Run Trivy - runTest(t, osArgs, tc.golden, "", types.FormatJSON, runOptions{ - wantErr: tc.wantErr, - override: overrideFuncs(overrideUID, func(t *testing.T, _, got *types.Report) { - got.ArtifactName = tc.imageName - for i := range got.Results { - got.Results[i].Target = fmt.Sprintf("%s (alpine 3.10.2)", tc.imageName) + runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{ + wantErr: tt.wantErr, + override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) { + want.ArtifactName = s + for i := range want.Results { + want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os) } }), }) @@ -213,7 +241,7 @@ func TestRegistry(t *testing.T) { } } -func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) ([]string, error) { +func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOption) ([]string, error) { // Set up testing DB cacheDir := initDB(t) @@ -232,6 +260,8 @@ func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt "image", "--format", "json", + "--image-src", + "remote", "--skip-update", imageRef.Name(), } diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden deleted file mode 100644 index 51100d633f53..000000000000 --- a/integration/testdata/alpine-310-registry.json.golden +++ /dev/null @@ -1,374 +0,0 @@ -{ - "SchemaVersion": 2, - "CreatedAt": "2021-08-25T12:20:30.000000005Z", - "ArtifactName": "alpine:3.10", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "alpine", - "Name": "3.10.2", - "EOSL": true - }, - "ImageID": "sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4", - "DiffIDs": [ - "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - ], - "RepoTags": [ - "alpine:3.10" - ], - "RepoDigests": [ - "alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60" - ], - "ImageConfig": { - "architecture": "amd64", - "container": "0a80155a31551fcc1a36fccbbda79fcd3f0b1c7d270653d00310e6e2217c57e6", - "created": "2019-08-20T20:19:55.211423266Z", - "docker_version": "18.06.1-ce", - "history": [ - { - "created": "2019-08-20T20:19:55.062606894Z", - "created_by": "/bin/sh -c #(nop) ADD file:fe64057fbb83dccb960efabbf1cd8777920ef279a7fa8dbca0a8801c651bdf7c in / " - }, - { - "created": "2019-08-20T20:19:55.211423266Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - ] - }, - "config": { - "Cmd": [ - "/bin/sh" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ], - "Image": "sha256:06f4121dff4d0123ce11bd2e44f48da9ba9ddcd23ae376ea1f363f63ea0849b5", - "ArgsEscaped": true - } - } - }, - "Results": [ - { - "Target": "alpine:3.10 (alpine 3.10.2)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2019-1549", - "PkgID": "libcrypto1.1@1.1.1c-r0", - "PkgName": "libcrypto1.1", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2" - }, - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "VendorSeverity": { - "amazon": 2, - "nvd": 2, - "oracle-oval": 2, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2019-1549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://linux.oracle.com/cve/CVE-2019-1549.html", - "https://linux.oracle.com/errata/ELSA-2020-1840.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/", - "https://seclists.org/bugtraq/2019/Oct/1", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://ubuntu.com/security/notices/USN-4376-1", - "https://usn.ubuntu.com/4376-1/", - "https://www.debian.org/security/2019/dsa-4539", - "https://www.openssl.org/news/secadv/20190910.txt", - "https://www.oracle.com/security-alerts/cpuapr2020.html", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/security-alerts/cpujul2020.html", - "https://www.oracle.com/security-alerts/cpuoct2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2020-10-20T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgID": "libcrypto1.1@1.1.1c-r0", - "PkgName": "libcrypto1.1", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2" - }, - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Status": "fixed", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "VendorSeverity": { - "amazon": 1, - "nvd": 2, - "oracle-oval": 1, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://access.redhat.com/security/cve/CVE-2019-1551", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://linux.oracle.com/cve/CVE-2019-1551.html", - "https://linux.oracle.com/errata/ELSA-2020-4514.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.gentoo.org/glsa/202004-10", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://ubuntu.com/security/notices/USN-4376-1", - "https://ubuntu.com/security/notices/USN-4504-1", - "https://usn.ubuntu.com/4376-1/", - "https://usn.ubuntu.com/4504-1/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.debian.org/security/2021/dsa-4855", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.oracle.com/security-alerts/cpuApr2021.html", - "https://www.oracle.com/security-alerts/cpujan2021.html", - "https://www.oracle.com/security-alerts/cpujul2020.html", - "https://www.tenable.com/security/tns-2019-09", - "https://www.tenable.com/security/tns-2020-03", - "https://www.tenable.com/security/tns-2020-11", - "https://www.tenable.com/security/tns-2021-10" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2021-07-21T11:39:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1549", - "PkgID": "libssl1.1@1.1.1c-r0", - "PkgName": "libssl1.1", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libssl1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2" - }, - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: information disclosure in fork()", - "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-330" - ], - "VendorSeverity": { - "amazon": 2, - "nvd": 2, - "oracle-oval": 2, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2019-1549", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be", - "https://linux.oracle.com/cve/CVE-2019-1549.html", - "https://linux.oracle.com/errata/ELSA-2020-1840.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/", - "https://seclists.org/bugtraq/2019/Oct/1", - "https://security.netapp.com/advisory/ntap-20190919-0002/", - "https://support.f5.com/csp/article/K44070243", - "https://support.f5.com/csp/article/K44070243?utm_source=f5support\u0026amp;utm_medium=RSS", - "https://ubuntu.com/security/notices/USN-4376-1", - "https://usn.ubuntu.com/4376-1/", - "https://www.debian.org/security/2019/dsa-4539", - "https://www.openssl.org/news/secadv/20190910.txt", - "https://www.oracle.com/security-alerts/cpuapr2020.html", - "https://www.oracle.com/security-alerts/cpujan2020.html", - "https://www.oracle.com/security-alerts/cpujul2020.html", - "https://www.oracle.com/security-alerts/cpuoct2020.html", - "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" - ], - "PublishedDate": "2019-09-10T17:15:00Z", - "LastModifiedDate": "2020-10-20T22:15:00Z" - }, - { - "VulnerabilityID": "CVE-2019-1551", - "PkgID": "libssl1.1@1.1.1c-r0", - "PkgName": "libssl1.1", - "PkgIdentifier": { - "PURL": "pkg:apk/alpine/libssl1.1@1.1.1c-r0?arch=x86_64\u0026distro=3.10.2" - }, - "InstalledVersion": "1.1.1c-r0", - "FixedVersion": "1.1.1d-r2", - "Status": "fixed", - "Layer": { - "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", - "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64", - "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-200" - ], - "VendorSeverity": { - "amazon": 1, - "nvd": 2, - "oracle-oval": 1, - "photon": 2, - "redhat": 1, - "ubuntu": 1 - }, - "CVSS": { - "nvd": { - "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "V2Score": 5, - "V3Score": 5.3 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "V3Score": 4.8 - } - }, - "References": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", - "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html", - "https://access.redhat.com/security/cve/CVE-2019-1551", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f", - "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98", - "https://github.com/openssl/openssl/pull/10575", - "https://linux.oracle.com/cve/CVE-2019-1551.html", - "https://linux.oracle.com/errata/ELSA-2020-4514.html", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/", - "https://seclists.org/bugtraq/2019/Dec/39", - "https://seclists.org/bugtraq/2019/Dec/46", - "https://security.gentoo.org/glsa/202004-10", - "https://security.netapp.com/advisory/ntap-20191210-0001/", - "https://ubuntu.com/security/notices/USN-4376-1", - "https://ubuntu.com/security/notices/USN-4504-1", - "https://usn.ubuntu.com/4376-1/", - "https://usn.ubuntu.com/4504-1/", - "https://www.debian.org/security/2019/dsa-4594", - "https://www.debian.org/security/2021/dsa-4855", - "https://www.openssl.org/news/secadv/20191206.txt", - "https://www.oracle.com/security-alerts/cpuApr2021.html", - "https://www.oracle.com/security-alerts/cpujan2021.html", - "https://www.oracle.com/security-alerts/cpujul2020.html", - "https://www.tenable.com/security/tns-2019-09", - "https://www.tenable.com/security/tns-2020-03", - "https://www.tenable.com/security/tns-2020-11", - "https://www.tenable.com/security/tns-2021-10" - ], - "PublishedDate": "2019-12-06T18:15:00Z", - "LastModifiedDate": "2021-07-21T11:39:00Z" - } - ] - } - ] -} diff --git a/pkg/fanal/test/integration/library_test.go b/pkg/fanal/test/integration/library_test.go index cf7ed95a1679..ea76c7965b3a 100644 --- a/pkg/fanal/test/integration/library_test.go +++ b/pkg/fanal/test/integration/library_test.go @@ -139,54 +139,6 @@ var tests = []testCase{ }, } -func TestFanal_Library_DockerLessMode(t *testing.T) { - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - ctx := context.Background() - d := t.TempDir() - - c, err := cache.NewFSCache(d) - require.NoError(t, err, tt.name) - - cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) - require.NoError(t, err) - - // remove existing Image if any - _, _ = cli.ImageRemove(ctx, tt.remoteImageName, dimage.RemoveOptions{ - Force: true, - PruneChildren: true, - }) - - // Enable only registry scanning - img, cleanup, err := image.NewContainerImage(ctx, tt.remoteImageName, types.ImageOptions{ - ImageSources: types.ImageSources{types.RemoteImageSource}, - }) - require.NoError(t, err) - defer cleanup() - - // don't scan licenses in the test - in parallel it will fail - ar, err := aimage.NewArtifact(img, c, artifact.Option{ - DisabledAnalyzers: []analyzer.Type{ - analyzer.TypeExecutable, - analyzer.TypeLicenseFile, - }, - }) - require.NoError(t, err) - - applier := applier.NewApplier(c) - - // run tests twice, one without cache and with cache - for i := 1; i <= 2; i++ { - runChecks(t, ctx, ar, applier, tt) - } - - // clear Cache - require.NoError(t, c.Clear()) - }) - } -} - func TestFanal_Library_DockerMode(t *testing.T) { // Disable updating golden files because local images don't have compressed layer digests, // and updating golden files in this function results in incomplete files.