From ffabf375e7ac41ed06cb443ebc0fed65788cf0e5 Mon Sep 17 00:00:00 2001
From: Ross Tannenbaum <rtannenb@redhat.com>
Date: Thu, 12 Oct 2023 18:10:57 -0700
Subject: [PATCH] update e2e tests (#1290)

---
 e2etests/node_scan_rhcos_test.go   | 14 +++++++++-----
 e2etests/orchestrator_scan_test.go |  4 ++--
 e2etests/testcase_test.go          | 17 +++++++++--------
 3 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/e2etests/node_scan_rhcos_test.go b/e2etests/node_scan_rhcos_test.go
index 6043f67ec..c3a2f779f 100644
--- a/e2etests/node_scan_rhcos_test.go
+++ b/e2etests/node_scan_rhcos_test.go
@@ -22,9 +22,9 @@ var vulnLibksba = &v1.Vulnerability{
 		LastModifiedDateTime: "",
 		CvssV2:               nil,
 		CvssV3: &v1.CVSSMetadata{
-			Score:               8.1,
-			Vector:              "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
-			ExploitabilityScore: 2.2,
+			Score:               9.8,
+			Vector:              "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+			ExploitabilityScore: 3.9,
 			ImpactScore:         5.9,
 		},
 	},
@@ -188,11 +188,15 @@ func assertEquals(t *testing.T, name, version string, expected, got []*v1.Vulner
 // assertExists asserts that all 'needles' exist in 'haystack'
 func assertExists(t *testing.T, name, version string, needles, haystack []*v1.Vulnerability) {
 	assert.GreaterOrEqual(t, len(haystack), len(needles), "Expected to find at least %d vulnerabilities for feature '%s:%s'", len(needles), name, version)
-	// Prune last modified time
+	// Create a map to check haystack, and prune last modified time.
+	haystackByName := make(map[string]*v1.Vulnerability)
 	for _, v := range haystack {
 		v.MetadataV2.LastModifiedDateTime = ""
+		haystackByName[v.Name] = v
 	}
 	for _, v := range needles {
-		assert.Contains(t, haystack, v)
+		h, ok := haystackByName[v.Name]
+		assert.True(t, ok, "vulnerabilities for %s-%s does not contain %s", name, version, v.Name)
+		assert.Exactly(t, v, h, "vulnerability %s for %s-%s is different from expected", v.Name, name, version)
 	}
 }
diff --git a/e2etests/orchestrator_scan_test.go b/e2etests/orchestrator_scan_test.go
index 59da17a98..0e910848d 100644
--- a/e2etests/orchestrator_scan_test.go
+++ b/e2etests/orchestrator_scan_test.go
@@ -99,9 +99,9 @@ func TestGRPCGetOpenShiftVulnerabilities(t *testing.T) {
 		},
 		{
 			addressFamily: "4.7",
-			maxPatch:      12,
+			maxPatch:      32,
 			step:          1,
-			knownFixed:    3,
+			knownFixed:    4,
 		},
 	}
 
diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go
index d5f8879b1..4df52ddd3 100644
--- a/e2etests/testcase_test.go
+++ b/e2etests/testcase_test.go
@@ -543,6 +543,7 @@ var testCases = []testCase{
 		// This image is older than June 2020, so we need to explicitly request for an uncertified scan.
 		uncertifiedRHEL:          true,
 		checkProvidedExecutables: true,
+		onlyCheckSpecifiedVulns:  true,
 		expectedFeatures: []apiV1.Feature{
 			{
 				Name:          "procps-ng",
@@ -1139,7 +1140,7 @@ var testCases = []testCase{
 				VersionFormat: component.DotNetCoreRuntimeSourceType.String(),
 				Location:      "usr/share/dotnet/shared/Microsoft.NETCore.App/3.1.2/",
 				AddedBy:       "sha256:b48f8e1b0b06887c382543e23275911a388c1010e3436dc9b708ef29885bb594",
-				FixedBy:       "3.1.23",
+				FixedBy:       "3.1.32",
 				Vulnerabilities: []apiV1.Vulnerability{
 					{
 						Name:        "CVE-2020-1108",
@@ -1720,7 +1721,7 @@ var testCases = []testCase{
 				},
 				AddedBy:  "sha256:5bd47e7e8ad7786db14c79827b543615728f0e27567f5b05d4c13db29bb24c7a",
 				Location: "usr/share/dotnet/shared/Microsoft.NETCore.App/3.1.0/",
-				FixedBy:  "3.1.23",
+				FixedBy:  "3.1.32",
 			},
 		},
 	},
@@ -3501,7 +3502,7 @@ var testCases = []testCase{
 				NamespaceName: "rhel:9",
 				Version:       "1:3.0.1-23.el9_0.x86_64",
 				VersionFormat: "rpm",
-				FixedBy:       "1:3.0.1-43.el9_0",
+				FixedBy:       "1:3.0.7-16.el9_2",
 				Vulnerabilities: []apiV1.Vulnerability{
 					{
 						Name:          "RHSA-2022:7288",
@@ -3543,7 +3544,7 @@ For more details about the security issue(s), including the impact, a CVSS score
 				NamespaceName: "rhel:9",
 				Version:       "1:3.0.1-23.el9_0.x86_64",
 				VersionFormat: "rpm",
-				FixedBy:       "1:3.0.1-43.el9_0",
+				FixedBy:       "1:3.0.7-16.el9_2",
 				Vulnerabilities: []apiV1.Vulnerability{
 					{
 						Name:          "RHSA-2022:7288",
@@ -3588,7 +3589,7 @@ For more details about the security issue(s), including the impact, a CVSS score
 			},
 			{
 				AddedBy:       "sha256:2412e60e610160d090f7e974a208c6ffd26b2d530361b7c9aa8967e160ac7996",
-				FixedBy:       "2:8.2.2637-16.el9_0.3",
+				FixedBy:       "2:8.2.2637-20.el9_1",
 				Name:          "vim-minimal",
 				NamespaceName: "rhel:9",
 				Version:       "2:8.2.2637-16.el9_0.2.x86_64",
@@ -3677,7 +3678,7 @@ Bug Fix(es) and Enhancement(s):
 						FixedBy: "0:6.0.7-1.el8_6",
 					},
 				},
-				FixedBy: "6.0.13-1.el8_7",
+				FixedBy: "6.0.22-1.el8_8",
 				AddedBy: "sha256:16e1dc59de605089610e3be2c77f3cde5eed99b523a0d7a3e3a2f65fa7c60723",
 			},
 			{
@@ -3716,7 +3717,7 @@ Bug Fix(es) and Enhancement(s):
 						FixedBy: "0:6.0.7-1.el8_6",
 					},
 				},
-				FixedBy: "6.0.13-1.el8_7",
+				FixedBy: "6.0.22-1.el8_8",
 				AddedBy: "sha256:16e1dc59de605089610e3be2c77f3cde5eed99b523a0d7a3e3a2f65fa7c60723",
 			},
 		},
@@ -3873,7 +3874,7 @@ Applications using RegexRequestMatcher with '.' in the regular expression are po
 				VersionFormat: "rpm",
 				Version:       "4.10.1650890594-1.el8.noarch",
 				AddedBy:       "sha256:3fa3f612bdcb92746bf76be1b9c9e1c1c80de777aedaf48b7068f4a129ded3c2",
-				FixedBy:       "4.10.1670851835-1.el8",
+				FixedBy:       "4.10.1685679861-1.el8",
 				Vulnerabilities: []apiV1.Vulnerability{
 					{
 						Name:          "CVE-2021-26291",