feat(java): support jar/war/ear (#837)

* refactor(server): remove Detect endpoint * refactor(library): do not use interface * refactor: add dbtest package * test: add bolt fixtures * feat: support jar scanning * refactor: rename node to npm * refactor: fix lint issues * test(maven): remove some tests * chore(mod): update fanal * docs: update README * chore(mod): update trivy-db * fix(library/drive): add ecosystem * fix: do not display 0 vulnerabilities * refactor(table): split method * Update README.md (#838) * fix(app): increase the default value of timeout (#842) * feat(maven): use go-mvn-version * test(maven): update tests * fix(scan): skip files and dirs before vulnerability detection * fix: display log messages only once per type * docs(README): add file suffixes * chore(mod): update go-mvn-version * feat(log): set go-dep-parser logger * chore(mod): update fanal * docs: update README * docs(README): add java source * test(maven): fix invalid case
2025-12-22 07:10:41 -08:00 · 2021-02-14 18:19:42 +02:00
parent 3047c524d9
commit c9f22f4e55
43 changed files with 455 additions and 2695 deletions
--- a/pkg/detector/library/npm/advisory_test.go
+++ b/pkg/detector/library/npm/advisory_test.go
@@ -0,0 +1,91 @@
+package npm_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/trivy-db/pkg/db"
+	"github.com/aquasecurity/trivy/pkg/dbtest"
+	"github.com/aquasecurity/trivy/pkg/detector/library/npm"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/types"
+)
+
+func TestAdvisory_DetectVulnerabilities(t *testing.T) {
+	type args struct {
+		pkgName string
+		pkgVer  string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		fixtures []string
+		want     []types.DetectedVulnerability
+		wantErr  string
+	}{
+		{
+			name: "detected",
+			args: args{
+				pkgName: "electron",
+				pkgVer:  "2.0.17",
+			},
+			fixtures: []string{"testdata/fixtures/npm.yaml"},
+			want: []types.DetectedVulnerability{
+				{
+					PkgName:          "electron",
+					InstalledVersion: "2.0.17",
+					VulnerabilityID:  "CVE-2019-5786",
+					FixedVersion:     "^2.0.18, ^3.0.16, ^3.1.6, ^4.0.8, ^5.0.0-beta.5",
+				},
+			},
+		},
+		{
+			name: "not detected",
+			args: args{
+				pkgName: "electron",
+				pkgVer:  "2.0.18",
+			},
+			fixtures: []string{"testdata/fixtures/npm.yaml"},
+			want:     nil,
+		},
+		{
+			name: "empty value",
+			args: args{
+				pkgName: "electron",
+				pkgVer:  "2.0.18",
+			},
+			fixtures: []string{"testdata/fixtures/no-value.yaml"},
+			want:     nil,
+		},
+		{name: "malformed JSON",
+			args: args{
+				pkgName: "electron",
+				pkgVer:  "2.0.18",
+			},
+			fixtures: []string{"testdata/fixtures/invalid-type.yaml"},
+			wantErr:  "failed to unmarshal advisory JSON",
+		},
+	}
+
+	log.InitLogger(false, true)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_ = dbtest.InitDB(t, tt.fixtures)
+			defer db.Close()
+
+			a := npm.NewAdvisory()
+			got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer)
+			if tt.wantErr != "" {
+				require.NotNil(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				return
+			} else {
+				assert.NoError(t, err)
+			}
+
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}