internal/worker: enable tests for insecure mode
This required copying the test database from cmd/govulncheck_sandbox.
Change-Id: Icef23ba6919b37209384f2a955d25bfc5dc55768
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/477435
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/cmd/govulncheck_sandbox/govulncheck_sandbox_test.go b/cmd/govulncheck_sandbox/govulncheck_sandbox_test.go
index 536d504..6e1de92 100644
--- a/cmd/govulncheck_sandbox/govulncheck_sandbox_test.go
+++ b/cmd/govulncheck_sandbox/govulncheck_sandbox_test.go
@@ -41,15 +41,17 @@
}
}
+ testData := "../../internal/testdata"
+ module := filepath.Join(testData, "module")
// govulncheck binary requires a full path to the vuln db. Otherwise, one
// gets "[file://testdata/vulndb], opts): file URL specifies non-local host."
- vulndb, err := filepath.Abs("testdata/vulndb")
+ vulndb, err := filepath.Abs(filepath.Join(testData, "vulndb"))
if err != nil {
t.Fatal(err)
}
t.Run("source", func(t *testing.T) {
- resp, err := runTest([]string{govulncheckPath, worker.ModeGovulncheck, "testdata/module", vulndb})
+ resp, err := runTest([]string{govulncheckPath, worker.ModeGovulncheck, module, vulndb})
if err != nil {
t.Fatal(err)
}
@@ -65,9 +67,9 @@
t.Run("binary", func(t *testing.T) {
t.Skip("govulncheck may not support the Go version")
- const binary = "testdata/module/vuln"
+ binary := filepath.Join(module, "vuln")
cmd := exec.Command("go", "build")
- cmd.Dir = "testdata/module"
+ cmd.Dir = module
if _, err := cmd.Output(); err != nil {
t.Fatal(derrors.IncludeStderr(err))
}
@@ -92,17 +94,17 @@
},
{
name: "no vulndb",
- args: []string{govulncheckPath, worker.ModeGovulncheck, "testdata/module", "does not exist"},
+ args: []string{govulncheckPath, worker.ModeGovulncheck, module, "does not exist"},
want: "does not exist",
},
{
name: "no mode",
- args: []string{govulncheckPath, "MODE", "testdata/module", vulndb},
+ args: []string{govulncheckPath, "MODE", module, vulndb},
want: "not a valid mode",
},
{
name: "no module",
- args: []string{govulncheckPath, worker.ModeGovulncheck, "testdata/nosuchmodule", vulndb},
+ args: []string{govulncheckPath, worker.ModeGovulncheck, "nosuchmodule", vulndb},
want: "no such file",
},
} {
diff --git a/cmd/govulncheck_sandbox/testdata/module/go.mod b/internal/testdata/module/go.mod
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/module/go.mod
rename to internal/testdata/module/go.mod
diff --git a/cmd/govulncheck_sandbox/testdata/module/go.sum b/internal/testdata/module/go.sum
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/module/go.sum
rename to internal/testdata/module/go.sum
diff --git a/cmd/govulncheck_sandbox/testdata/module/vuln.go b/internal/testdata/module/vuln.go
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/module/vuln.go
rename to internal/testdata/module/vuln.go
diff --git a/cmd/govulncheck_sandbox/testdata/vulndb/golang.org/x/text.json b/internal/testdata/vulndb/golang.org/x/text.json
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/vulndb/golang.org/x/text.json
rename to internal/testdata/vulndb/golang.org/x/text.json
diff --git a/cmd/govulncheck_sandbox/testdata/vulndb/index.json b/internal/testdata/vulndb/index.json
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/vulndb/index.json
rename to internal/testdata/vulndb/index.json
diff --git a/cmd/govulncheck_sandbox/testdata/vulndb/stdlib.json b/internal/testdata/vulndb/stdlib.json
similarity index 100%
rename from cmd/govulncheck_sandbox/testdata/vulndb/stdlib.json
rename to internal/testdata/vulndb/stdlib.json
diff --git a/internal/worker/govulncheck_scan_test.go b/internal/worker/govulncheck_scan_test.go
index 72e6323..0f02bdd 100644
--- a/internal/worker/govulncheck_scan_test.go
+++ b/internal/worker/govulncheck_scan_test.go
@@ -10,15 +10,14 @@
"flag"
"fmt"
"io"
+ "path/filepath"
"strings"
"testing"
"cloud.google.com/go/storage"
"golang.org/x/pkgsite-metrics/internal/bigquery"
- "golang.org/x/pkgsite-metrics/internal/config"
+ "golang.org/x/pkgsite-metrics/internal/buildtest"
"golang.org/x/pkgsite-metrics/internal/govulncheck"
- "golang.org/x/pkgsite-metrics/internal/proxy"
- vulnclient "golang.org/x/vuln/client"
)
var integration = flag.Bool("integration", false, "test against actual service")
@@ -66,54 +65,35 @@
}
}
-func TestRunScanModule(t *testing.T) {
- t.Skip("breaks on trybots")
+// TODO: can we have a test for sandbox? We do test the sandbox
+// and unmarshalling in cmd/govulncheck_sandbox, so what would be
+// left here is checking that runsc is initiated properly. It is
+// not clear how to do that here nor is it necessary.
+func TestRunScanModuleInsecure(t *testing.T) {
+ govulncheckPath, err := buildtest.BuildGovulncheck(t.TempDir())
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ vulndb, err := filepath.Abs("../testdata/vulndb")
+ if err != nil {
+ t.Fatal(err)
+ }
ctx := context.Background()
- cfg, err := config.Init(ctx)
- if err != nil {
- t.Fatal(err)
- }
- dbClient, err := vulnclient.NewClient([]string{cfg.VulnDBURL}, vulnclient.Options{})
- if err != nil {
- t.Fatal(err)
- }
- proxyClient, err := proxy.New(cfg.ProxyURL)
- if err != nil {
- t.Fatal(err)
- }
- t.Run("binary", func(t *testing.T) {
- if !*integration { // needs GCS read permission, not available on kokoro
- t.Skip("missing -integration")
- }
- s := &scanner{proxyClient: proxyClient, dbClient: dbClient}
- gcsClient, err := storage.NewClient(context.Background())
- if err != nil {
- t.Fatal(err)
- }
- s.gcsBucket = gcsClient.Bucket("go-ecosystem")
- stats := &scanStats{}
- vulns, err := s.runScanModule(ctx, "golang.org/x/pkgsite", "v0.0.0-20221004150836-873fb37c2479", "cmd/worker", ModeBinary, stats)
- if err != nil {
- t.Fatal(err)
- }
- if g, w := len(vulns), 14; g != w {
- t.Errorf("got %d vulns, want %d", g, w)
- }
- })
t.Run("govulncheck", func(t *testing.T) {
- s := &scanner{proxyClient: proxyClient, dbClient: dbClient, insecure: true}
+ s := &scanner{insecure: true, govulncheckPath: govulncheckPath, vulnDBDir: vulndb}
stats := &scanStats{}
- vulns, err := s.runScanModule(ctx,
- "golang.org/x/exp/event", "v0.0.0-20220929112958-4a82f8963a65",
- "", ModeGovulncheck, stats)
+ vulns, err := s.runGovulncheckScanInsecure(ctx,
+ "golang.org/vuln", "v0.0.0",
+ "../testdata/module", ModeGovulncheck, stats)
if err != nil {
t.Fatal(err)
}
- wantID := "GO-2022-0493"
+ wantID := "GO-2021-0113"
found := false
for _, v := range vulns {
- if v.ID == wantID {
+ if v.OSV.ID == wantID {
found = true
break
}
@@ -128,4 +108,25 @@
t.Errorf("scan memory not collected or negative: %v", got)
}
})
+ t.Run("binary", func(t *testing.T) {
+ if !*integration { // needs GCS read permission, not available on kokoro
+ t.Skip("missing -integration")
+ }
+ s := &scanner{govulncheckPath: govulncheckPath, vulnDBDir: vulndb}
+ gcsClient, err := storage.NewClient(context.Background())
+ if err != nil {
+ t.Fatal(err)
+ }
+ s.gcsBucket = gcsClient.Bucket("go-ecosystem")
+ stats := &scanStats{}
+ vulns, err := s.runGovulncheckScanInsecure(ctx,
+ "golang.org/vuln", "v0.0.0",
+ "cmd/worker", ModeBinary, stats)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if g, w := len(vulns), 14; g != w {
+ t.Errorf("got %d vulns, want %d", g, w)
+ }
+ })
}