fix(photon): skip empty CVE-IDs (#75)

* photon: display warning on invalid CVE-ID * photon: CVE-ID: ignore on empty, error on invalid * photon: update test cases * photon: separate tests for empty and invalid CVE-ID
2021-03-10 17:40:38 +07:00 · 2021-03-10 17:40:38 +07:00 · 1e28a8e150
commit 1e28a8e150
parent 03e56c5a5d
3 changed files with 36 additions and 3 deletions
--- a/photon/photon.go
+++ b/photon/photon.go
@ -87,6 +87,11 @@ func (c Config) Update() error {
 }

 func (c Config) saveCVEPerPkg(dirName, pkgName, cveID string, data interface{}) error {
+	if cveID == "" {
+		log.Printf("CVE-ID is empty")
+		return nil
+	}
+
 	s := strings.Split(cveID, "-")
 	if len(s) != 3 {
 		log.Printf("invalid CVE-ID: %s", cveID)
--- a/photon/photon_test.go
+++ b/photon/photon_test.go
@ -104,13 +104,32 @@ func TestConfig_Update(t *testing.T) {
 			appFs: afero.NewMemMapFs(),
 			bzip2FileNames: map[string]string{
 				"/photon_cve_metadata/photon_versions.json":    "testdata/photon_versions.json",
-				"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon1.0.json",
-				"/photon_cve_metadata/cve_data_photon2.0.json": "testdata/cve_data_photon2.0.json",
-				"/photon_cve_metadata/cve_data_photon3.0.json": "testdata/cve_data_photon3.0_invalid_cveid.json",
+				"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon3.0_invalid_cveid.json",
 			},
 			goldenFiles:      map[string]string{},
 			expectedErrorMsg: "invalid CVE-ID format",
 		},
+		{
+			name:  "empty CVE-ID",
+			appFs: afero.NewMemMapFs(),
+			bzip2FileNames: map[string]string{
+				"/photon_cve_metadata/photon_versions.json":    "testdata/photon_versions.json",
+				"/photon_cve_metadata/cve_data_photon1.0.json": "testdata/cve_data_photon1.0.json",
+				"/photon_cve_metadata/cve_data_photon2.0.json": "testdata/cve_data_photon_empty_cveid.json",
+				"/photon_cve_metadata/cve_data_photon3.0.json": "testdata/cve_data_photon3.0.json",
+			},
+			goldenFiles: map[string]string{
+				"/tmp/photon/1.0/zlib/CVE-2016-9843.json":           "testdata/golden/CVE-2016-9843.json",
+				"/tmp/photon/1.0/zookeeper/CVE-2017-5637.json":      "testdata/golden/CVE-2017-5637.json",
+				"/tmp/photon/1.0/apache-tomcat/CVE-2017-12617.json": "testdata/golden/CVE-2017-12617.json",
+				"/tmp/photon/1.0/binutils/CVE-2018-10372.json":      "testdata/golden/CVE-2018-10372.json",
+				"/tmp/photon/1.0/binutils/CVE-2019-12972.json":      "testdata/golden/CVE-2019-12972.json",
+				"/tmp/photon/3.0/ansible/CVE-2019-3828.json":        "testdata/golden/CVE-2019-3828.json",
+				"/tmp/photon/3.0/apache-tomcat/CVE-2019-0199.json":  "testdata/golden/CVE-2019-0199.json",
+				"/tmp/photon/3.0/apache-tomcat/CVE-2019-10072.json": "testdata/golden/CVE-2019-10072.json",
+				"/tmp/photon/3.0/binutils/CVE-2017-16826.json":      "testdata/golden/CVE-2017-16826.json",
+			},
+		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
--- a/photon/testdata/cve_data_photon_empty_cveid.json
+++ b/photon/testdata/cve_data_photon_empty_cveid.json
@ -0,0 +1,9 @@
+[
+  {
+    "cve_id": "",
+    "pkg": "ansible",
+    "cve_score": 10,
+    "aff_ver": "all versions before 2.7.6-2.ph3 are vulnerable",
+    "res_ver": "2.7.6-2.ph3"
+  }
+]