fix(python): follow PEP 440 (#816)

* feat(python): replace go-version with go-pep440-version * chore(mod): add go-pep440-version * refactor: add trick for golangci-lint * refactor: rename test functions
2025-12-22 23:26:39 -08:00 · 2021-01-25 14:44:07 +02:00
parent 182cb800a8
commit 6ed03a83a5
7 changed files with 160 additions and 7 deletions
--- a/pkg/detector/library/python/compare_test.go
+++ b/pkg/detector/library/python/compare_test.go
@@ -0,0 +1,118 @@
+package python_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/detector/library/python"
+	"github.com/aquasecurity/trivy/pkg/log"
+)
+
+func TestPep440Comparer_IsVulnerable(t *testing.T) {
+	type args struct {
+		currentVersion string
+		advisory       dbTypes.Advisory
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "happy path",
+			args: args{
+				currentVersion: "1.0.0",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"<=1.0"},
+					PatchedVersions:    []string{">=1.1"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "no patch",
+			args: args{
+				currentVersion: "1.2.3",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"<=99.999.99999"},
+					PatchedVersions:    []string{"<0.0.0"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "no patch with wildcard",
+			args: args{
+				currentVersion: "1.2.3",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"*"},
+					PatchedVersions:    nil,
+				},
+			},
+			want: true,
+		},
+		{
+			name: "pre-release",
+			args: args{
+				currentVersion: "1.2.3a1",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"<=1.2.2"},
+					PatchedVersions:    []string{">=1.2.2"},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "multiple constraints",
+			args: args{
+				currentVersion: "2.0.0",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0b1 <3.0.0b7"},
+					PatchedVersions:    []string{">=3.0.0b7", ">=2.0.8 <3.0.0b1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "exact versions",
+			args: args{
+				currentVersion: "2.1.0.post1",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"2.1.0.post1", "2.0.0"},
+					PatchedVersions:    []string{">=2.1.1"},
+				},
+			},
+			want: true,
+		},
+		{
+			name: "invalid version",
+			args: args{
+				currentVersion: "1.2..4",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"<1.0.0"},
+				},
+			},
+			want: false,
+		},
+		{
+			name: "invalid constraint",
+			args: args{
+				currentVersion: "1.2.4",
+				advisory: dbTypes.Advisory{
+					VulnerableVersions: []string{"!1.0.0"},
+				},
+			},
+			want: false,
+		},
+	}
+	log.InitLogger(false, false)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := python.Pep440Comparer{}
+			got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}