38108d7f2d
* Updated logic to parse patches in ubuntu CVE file * test(ubuntu): add the test case * test(ubuntu): add a new case causing a problem * test(ubuntu): pending case * test(ubuntu): multiple upstreams * fix(ubuntu): handle corner cases Co-authored-by: knqyf263 <knqyf263@gmail.com>
443 lines
14 KiB
Go
443 lines
14 KiB
Go
package ubuntu
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func Test_parse(t *testing.T) {
|
|
type args struct {
|
|
filePath string
|
|
}
|
|
testCases := []struct {
|
|
name string
|
|
args args
|
|
want *Vulnerability
|
|
wantErr error
|
|
}{
|
|
{
|
|
name: "when empty upstream patch is passed",
|
|
args: args{
|
|
filePath: "./testdata/empty_status_upstream",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2007-0255",
|
|
References: []string{"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255"},
|
|
Description: "XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.",
|
|
PublicDate: time.Date(2007, 1, 16, 23, 28, 0, 0, time.UTC),
|
|
Patches: map[Package]Statuses{
|
|
Package("xine-ui"): {
|
|
"dapper": Status{
|
|
Status: "ignored",
|
|
Note: "reached end-of-life",
|
|
},
|
|
"edgy": Status{
|
|
Status: "needed",
|
|
Note: "reached end-of-life",
|
|
},
|
|
"vivid/stable-phone-overlay": Status{
|
|
Status: "DNE",
|
|
},
|
|
"vivid/ubuntu-core": Status{
|
|
Status: "DNE",
|
|
},
|
|
"wily": Status{
|
|
Status: "ignored",
|
|
Note: "reached end-of-life",
|
|
},
|
|
"xenial": Status{
|
|
Status: "needed",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{},
|
|
},
|
|
},
|
|
{
|
|
name: "when line break is present between patch",
|
|
args: args{
|
|
filePath: "./testdata/line_break_between_patches",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2017-7702",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7702",
|
|
"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477",
|
|
"https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7",
|
|
"https://www.wireshark.org/security/wnpa-sec-2017-13.html",
|
|
},
|
|
Description: "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.",
|
|
Priority: "medium",
|
|
DiscoveredBy: "Otto Airamo and Antti Levomäki",
|
|
PublicDate: time.Date(2007, 1, 16, 23, 28, 0, 0, time.UTC),
|
|
Patches: map[Package]Statuses{
|
|
Package("wireshark"): {
|
|
"upstream": Status{
|
|
Status: "released",
|
|
Note: "2.2.6, 2.0.12",
|
|
},
|
|
"precise": Status{
|
|
Status: "ignored",
|
|
Note: "reached end-of-life",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
Note: "precise was needed",
|
|
},
|
|
"trusty/esm": Status{
|
|
Status: "released",
|
|
Note: "2.6.3-1~ubuntu14.04.1",
|
|
},
|
|
"vivid/stable-phone-overlay": Status{
|
|
Status: "DNE",
|
|
},
|
|
"xenial": Status{
|
|
Status: "released",
|
|
Note: "2.6.3-1~ubuntu16.04.1",
|
|
},
|
|
"yakkety": Status{
|
|
Status: "released",
|
|
Note: "2.2.6+g32dac6a-2ubuntu0.16.10",
|
|
},
|
|
"bionic": Status{
|
|
Status: "released",
|
|
Note: "2.6.3-1~ubuntu18.04.1",
|
|
},
|
|
"devel": Status{
|
|
Status: "not-affected",
|
|
Note: "2.6.3-1",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{},
|
|
},
|
|
},
|
|
{
|
|
name: "more than one package patches",
|
|
args: args{
|
|
filePath: "./testdata/more_than_one_package_patches",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2017-9228",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228",
|
|
"https://usn.ubuntu.com/usn/usn-3382-1",
|
|
"https://usn.ubuntu.com/usn/usn-3382-2",
|
|
},
|
|
Description: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.",
|
|
UbuntuDescription: "It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to obtain sensitive information, cause a denial of service or execute arbitrary code.",
|
|
Priority: "medium",
|
|
Bugs: []string{
|
|
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863316",
|
|
"https://github.com/kkos/oniguruma/issues/60"},
|
|
PublicDate: time.Date(2007, 1, 16, 23, 28, 0, 0, time.UTC),
|
|
Patches: map[Package]Statuses{
|
|
Package("libonig"): {
|
|
"upstream": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"artful": Status{
|
|
Status: "ignored",
|
|
Note: "reached end-of-life",
|
|
},
|
|
"bionic": Status{
|
|
Status: "released",
|
|
Note: "6.3.0-1",
|
|
},
|
|
},
|
|
Package("php5"): {
|
|
"upstream": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "released",
|
|
Note: "5.3.10-1ubuntu3.28",
|
|
},
|
|
"devel": Status{
|
|
Status: "DNE",
|
|
},
|
|
},
|
|
Package("php7.0"): {
|
|
"upstream": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"zesty": Status{
|
|
Status: "released",
|
|
Note: "7.0.22-0ubuntu0.17.04.1",
|
|
},
|
|
"artful": Status{
|
|
Status: "DNE",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{
|
|
"libonig": {"https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b"},
|
|
"php5": {"https://github.com/php/php-src/commit/703be4f77e662837b64499b0d046a5c8d06a98b9"},
|
|
"php7.0": {"https://github.com/php/php-src/commit/1c845d295037702d63097e2216b3c5db53f79273"},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no space before status",
|
|
args: args{
|
|
filePath: "./testdata/no_space_before_status",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2019-15903",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903",
|
|
"https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43",
|
|
"https://github.com/libexpat/libexpat/issues/317",
|
|
"https://github.com/libexpat/libexpat/pull/318",
|
|
"https://usn.ubuntu.com/usn/usn-4132-1",
|
|
"https://usn.ubuntu.com/usn/usn-4132-2",
|
|
"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903",
|
|
"https://usn.ubuntu.com/usn/usn-4165-1",
|
|
"https://usn.ubuntu.com/usn/usn-4202-1",
|
|
"https://usn.ubuntu.com/usn/usn-4335-1",
|
|
},
|
|
Description: "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
|
|
UbuntuDescription: "A heap overflow was discovered in the expat library in XXX-PACKAGE-NAME-HERE-XXX. If a user were tricked into opening a specially crafted XML file, an attacker could potentially exploit this to cause a denial of service or execute arbitrary code.",
|
|
Priority: "medium",
|
|
Bugs: []string{
|
|
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394",
|
|
},
|
|
PublicDateAtUSN: time.Date(2019, 9, 4, 0, 0, 0, 0, time.UTC),
|
|
PublicDate: time.Date(2019, 9, 4, 6, 15, 0, 0, time.UTC),
|
|
Patches: map[Package]Statuses{
|
|
Package("vnc4"): {
|
|
"upstream": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"trusty": Status{
|
|
Status: "ignored",
|
|
Note: "out of standard support",
|
|
},
|
|
"trusty/esm": Status{
|
|
Status: "needed",
|
|
},
|
|
"xenial": Status{
|
|
Status: "needed",
|
|
},
|
|
"bionic": Status{
|
|
Status: "needed",
|
|
},
|
|
"disco": Status{
|
|
Status: "not-affected",
|
|
Note: "code not present",
|
|
},
|
|
"eoan": Status{
|
|
Status: "not-affected",
|
|
Note: "code not present",
|
|
},
|
|
"focal": Status{
|
|
Status: "DNE",
|
|
},
|
|
"devel": Status{
|
|
Status: "DNE",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{},
|
|
},
|
|
},
|
|
{
|
|
name: "Patches with status",
|
|
args: args{
|
|
filePath: "./testdata/patches_with_status",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2020-9925",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9925",
|
|
"https://webkitgtk.org/security/WSA-2020-0007.html",
|
|
"https://usn.ubuntu.com/usn/usn-4444-1",
|
|
},
|
|
Description: "A logic issue was addressed with improved state management. Processing maliciously crafted web content may lead to universal cross site scripting.",
|
|
Priority: "medium",
|
|
PublicDateAtUSN: time.Date(2020, 7, 29, 0, 0, 0, 0, time.UTC),
|
|
PublicDate: time.Date(2020, 7, 29, 0, 0, 0, 0, time.UTC),
|
|
Notes: []string{
|
|
"jdstrand> webkit receives limited support. For details, see",
|
|
"https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit",
|
|
"jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8",
|
|
},
|
|
Patches: map[Package]Statuses{
|
|
Package("qtwebkit-opensource-src"): {
|
|
"upstream": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"trusty": Status{
|
|
Status: "ignored",
|
|
Note: "out of standard support",
|
|
},
|
|
"trusty/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"xenial": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"bionic": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"focal": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
"devel": Status{
|
|
Status: "needs-triage",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{},
|
|
},
|
|
},
|
|
{
|
|
name: "include pending",
|
|
args: args{
|
|
filePath: "./testdata/include_pending",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2020-0009",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0009",
|
|
},
|
|
Description: "test",
|
|
Priority: "low",
|
|
PublicDate: time.Date(2020, 1, 8, 16, 15, 0, 0, time.UTC),
|
|
Notes: []string{
|
|
"cascardo> possible fix is 6d67b0290b4b84c477e6a2fc6e005e174d3c7786",
|
|
},
|
|
Patches: map[Package]Statuses{
|
|
Package("linux-oem"): {
|
|
"upstream": Status{
|
|
Status: "released",
|
|
Note: "5.6~rc3",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"trusty": Status{
|
|
Status: "DNE",
|
|
},
|
|
"trusty/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"xenial": Status{
|
|
Status: "ignored",
|
|
Note: "was needs-triage now end-of-life",
|
|
},
|
|
"bionic": Status{
|
|
Status: "released",
|
|
Note: "4.15.0-1080.90",
|
|
},
|
|
"eoan": Status{
|
|
Status: "pending",
|
|
Note: "4.15.0-1087.97",
|
|
},
|
|
"focal": Status{
|
|
Status: "DNE",
|
|
},
|
|
"devel": Status{
|
|
Status: "DNE",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{},
|
|
},
|
|
},
|
|
{
|
|
name: "multiple upstreams",
|
|
args: args{
|
|
filePath: "./testdata/multiple_upstreams",
|
|
},
|
|
want: &Vulnerability{
|
|
Candidate: "CVE-2020-0556",
|
|
References: []string{
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556",
|
|
"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html",
|
|
"https://www.openwall.com/lists/oss-security/2020/03/12/4",
|
|
"https://usn.ubuntu.com/usn/usn-4311-1",
|
|
},
|
|
Description: "dummy",
|
|
Priority: "medium",
|
|
PublicDateAtUSN: time.Date(2020, 3, 12, 21, 15, 0, 0, time.UTC),
|
|
PublicDate: time.Date(2020, 3, 12, 21, 15, 0, 0, time.UTC),
|
|
Bugs: []string{
|
|
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770",
|
|
},
|
|
AssignedTo: "mdeslaur",
|
|
Patches: map[Package]Statuses{
|
|
Package("bluez"): {
|
|
"upstream": Status{
|
|
Status: "released",
|
|
Note: "5.54",
|
|
},
|
|
"precise/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"trusty": Status{
|
|
Status: "ignored",
|
|
Note: "out of standard support",
|
|
},
|
|
"trusty/esm": Status{
|
|
Status: "DNE",
|
|
},
|
|
"xenial": Status{
|
|
Status: "released",
|
|
Note: "5.37-0ubuntu5.3",
|
|
},
|
|
"bionic": Status{
|
|
Status: "released",
|
|
Note: "5.48-0ubuntu3.4",
|
|
},
|
|
"eoan": Status{
|
|
Status: "released",
|
|
Note: "5.50-0ubuntu5.1",
|
|
},
|
|
"devel": Status{
|
|
Status: "released",
|
|
Note: "5.53-0ubuntu2",
|
|
},
|
|
},
|
|
},
|
|
UpstreamLinks: map[Package][]string{
|
|
Package("bluez"): {
|
|
"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1",
|
|
"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787",
|
|
"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519",
|
|
"https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
f, err := os.Open(tc.args.filePath)
|
|
require.NoError(t, err)
|
|
defer f.Close()
|
|
|
|
got, gotErr := parse(f)
|
|
assert.Equal(t, tc.wantErr, gotErr)
|
|
assert.Equal(t, tc.want, got)
|
|
})
|
|
}
|
|
}
|