Add test for Nasl notus functionality

Author: Kraemii

rust/data/notus/sha256sums

@@ -0,0 +1 @@
+98b0943d0ed58ef00b7ae838bbcb22728475bc910527e1f7f0001d52d7651e96  debian_10.notus

rust/src/nasl/builtin/notus/mod.rs

@@ -2,6 +2,9 @@
 //
 // SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception
 
+#[cfg(test)]
+mod tests;
+
 use std::{
     collections::HashMap,
     io::{Read, Write},
@@ -42,16 +45,18 @@ impl NaslNotus {
     ) -> Result<NaslValue, FnError> {
         let res = notus.scan(product, pkg_list)?;
 
-        let mut ret = HashMap::new();
+        let mut ret = vec![];
         for (oid, vuls) in res {
+            let mut dict = HashMap::new();
             let message = vuls.into_iter().map(|vul| match vul.fixed_version {
-                FixedVersion::Single { version, specifier } => format!("Vulnerable package:   {}\nInstalled version:    {}\nFixed version:       {:2}{}", vul.name, vul.installed_version, specifier.to_string(), version),
-                FixedVersion::Range { start, end } => format!("Vulnerable package:   {}\nInstalled version:    {}\nFixed version:       < {}\nFixed version:       >={}", vul.name, vul.installed_version, start, end),
+                FixedVersion::Single { version, specifier } => format!("Vulnerable package:   {}\nInstalled version:    {}-{}\nFixed version:      {:2}{}-{}", vul.name, vul.name, vul.installed_version, specifier.to_string(), vul.name, version),
+                FixedVersion::Range { start, end } => format!("Vulnerable package:   {}\nInstalled version:    {}-{}\nFixed version:      < {}-{}\nFixed version:      >={}-{}", vul.name, vul.name, vul.installed_version, vul.name, start, vul.name, end),
             }).collect::<Vec<String>>().join("\n\n");
-            ret.insert(oid, NaslValue::String(message));
+            dict.insert("oid".to_string(), NaslValue::String(oid));
+            dict.insert("message".to_string(), NaslValue::String(message));
+            ret.push(NaslValue::Dict(dict))
         }
-
-        Ok(NaslValue::Dict(ret))
+        Ok(NaslValue::Array(ret))
     }
 
     fn notus_extern(
@@ -88,12 +93,15 @@ impl NaslNotus {
         let results: Vec<NotusResult> = serde_json::from_str(body).unwrap();
 
         // Convert to NaslValue (Dict mapping oid -> message)
-        let mut ret = HashMap::new();
+        let mut ret = vec![];
         for result in results {
-            ret.insert(result.oid, NaslValue::String(result.message));
+            let mut dict = HashMap::new();
+            dict.insert("oid".to_string(), NaslValue::String(result.oid));
+            dict.insert("message".to_string(), NaslValue::String(result.message));
+            ret.push(NaslValue::Dict(dict));
         }
 
-        Ok(NaslValue::Dict(ret))
+        Ok(NaslValue::Array(ret))
     }
 
     #[nasl_function]
@@ -153,7 +161,7 @@ pub struct NaslNotus {
 function_set! {
     NaslNotus,
     (
-        NaslNotus::notus_error,
-        NaslNotus::notus,
+        (NaslNotus::notus_error, "notus_error"),
+        (NaslNotus::notus, "notus"),
     )
 }

rust/src/nasl/builtin/notus/tests.rs

@@ -0,0 +1,78 @@
+// SPDX-FileCopyrightText: 2026 Greenbone AG
+//
+// SPDX-License-Identifier: GPL-2.0-or-later WITH x11vnc-openssl-exception
+
+use std::{
+    collections::HashMap,
+    sync::{Arc, Mutex},
+};
+
+use crate::{
+    nasl::{Loader, test_utils::TestBuilder},
+    notus::{HashsumProductLoader, Notus},
+};
+
+fn make_test_path(sub_components: &[&str]) -> std::path::PathBuf {
+    let mut path = std::path::Path::new(env!("CARGO_MANIFEST_DIR")).to_owned();
+    for component in sub_components {
+        path = path.join(component);
+    }
+    path.to_owned()
+}
+
+pub fn setup_loader() -> HashsumProductLoader {
+    HashsumProductLoader::new(Loader::from_feed_path(make_test_path(&["data", "notus"])))
+}
+
+fn setup() -> Arc<Mutex<Notus<HashsumProductLoader>>> {
+    let loader = setup_loader();
+    Arc::new(Mutex::new(Notus::new(loader, false)))
+}
+
+#[test]
+fn test_notus() {
+    let notus = setup();
+    let mut t = TestBuilder::from_notus(notus);
+
+    let mut expected = HashMap::new();
+    expected.insert(
+        "1.3.6.1.4.1.25623.1.1.7.2.2023.10089729899100".to_string(),
+        "Vulnerable package:   gitlab-ce\nInstalled version:    gitlab-ce-16.0.1\nFixed version:      < gitlab-ce-16.0.0\nFixed version:      >=gitlab-ce-16.0.7"
+            .to_string(),
+    );
+    expected.insert(
+        "1.3.6.1.4.1.25623.1.1.7.2.2023.0988598199100".to_string(),
+        "Vulnerable package:   grafana\nInstalled version:    grafana-8.5.23\nFixed version:      >=grafana-8.5.24\n\nVulnerable package:   grafana8\nInstalled version:    grafana8-8.5.23\nFixed version:      >=grafana8-8.5.24"
+            .to_string(),
+    );
+
+    t.run(r#"notus(product: "debian_10", pkg_list: "gitlab-ce-16.0.1, grafana-8.5.23, grafana8-8.5.23");"#);
+
+    t.check_no_errors();
+    let results = t.results();
+    assert_eq!(results.len(), 1);
+    let result = results[0].as_ref().unwrap();
+    match result {
+        crate::nasl::NaslValue::Array(items) => {
+            let mut actual = HashMap::new();
+            for item in items {
+                match item {
+                    crate::nasl::NaslValue::Dict(dict) => {
+                        let oid = match dict.get("oid") {
+                            Some(crate::nasl::NaslValue::String(value)) => value.clone(),
+                            _ => panic!("Expected string oid in notus result"),
+                        };
+                        let message = match dict.get("message") {
+                            Some(crate::nasl::NaslValue::String(value)) => value.clone(),
+                            _ => panic!("Expected string message in notus result"),
+                        };
+                        actual.insert(oid, message);
+                    }
+                    _ => panic!("Expected dict items in notus result array"),
+                }
+            }
+            assert_eq!(actual, expected);
+        }
+        _ => panic!("Expected array result from notus"),
+    }
+}

rust/src/nasl/test_utils.rs

@@ -8,10 +8,15 @@ use std::{
     fmt::{self, Display, Formatter},
     panic::Location,
     path::PathBuf,
+    sync::{Arc, Mutex},
 };
 
-use crate::storage::{ScanID, inmemory::InMemoryStorage};
-use crate::{nasl::prelude::*, scanner::preferences::preference::ScanPrefs};
+use crate::{nasl::prelude::*, notus::Notus, scanner::preferences::preference::ScanPrefs};
+use crate::{
+    nasl::utils::scan_ctx::NotusCtx,
+    notus::HashsumProductLoader,
+    storage::{ScanID, inmemory::InMemoryStorage},
+};
 use futures::{Stream, StreamExt};
 
 use super::{
@@ -129,6 +134,7 @@ pub struct TestBuilder<S: ContextStorage> {
     storage: S,
     executor: Executor,
     version: NaslVersion,
+    notus: Option<Arc<Mutex<Notus<HashsumProductLoader>>>>,
 }
 
 pub type DefaultTestBuilder = TestBuilder<InMemoryStorage>;
@@ -147,6 +153,7 @@ impl Default for TestBuilder<InMemoryStorage> {
             storage: InMemoryStorage::default(),
             executor: nasl_std_functions(),
             version: NaslVersion::default(),
+            notus: None,
         }
     }
 }
@@ -172,6 +179,7 @@ where
             storage,
             executor: nasl_std_functions(),
             version: NaslVersion::default(),
+            notus: None,
         }
     }
 }
@@ -194,11 +202,10 @@ impl TestBuilder<InMemoryStorage> {
             storage: InMemoryStorage::default(),
             executor: nasl_std_functions(),
             version: NaslVersion::default(),
+            notus: None,
         }
     }
-}
 
-impl TestBuilder<InMemoryStorage> {
     /// Construct a `TestBuilder`, immediately run the
     /// given code on it and return it.
     pub fn from_code(code: impl AsRef<str>) -> Self {
@@ -212,6 +219,23 @@ impl TestBuilder<InMemoryStorage> {
         t.run_all(code.as_ref());
         t
     }
+
+    pub fn from_notus(notus: Arc<Mutex<Notus<HashsumProductLoader>>>) -> Self {
+        Self {
+            lines: vec![],
+            results: vec![],
+            scan_id: Default::default(),
+            filename: Default::default(),
+            target: Default::default(),
+            variables: vec![],
+            should_verify: true,
+            loader: Loader::test_empty(),
+            storage: InMemoryStorage::default(),
+            executor: nasl_std_functions(),
+            version: NaslVersion::default(),
+            notus: Some(notus),
+        }
+    }
 }
 
 impl<S> TestBuilder<S>
@@ -355,7 +379,7 @@ where
             filename: self.filename.clone(),
             scan_preferences: ScanPrefs::new(),
             alive_test_methods: Vec::default(),
-            notus: None,
+            notus: self.notus.as_ref().map(|x| NotusCtx::Direct(x.clone())),
         }
         .build()
     }

rust/src/scannerctl/interpret/mod.rs

@@ -124,6 +124,7 @@ fn load_feed_by_json(store: &InMemoryStorage, path: &PathBuf) -> Result<(), CliE
     Ok(())
 }
 
+#[allow(clippy::too_many_arguments)]
 async fn run_on_storage<S: ContextStorage>(
     storage: S,
     loader: Loader,