gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
49fdd584ba2ff457b14aa273de070a8c78157c27
trivy/pkg/vex/vex_test.go
Teppei Fukuda 49fdd584ba feat: PURL matching with qualifiers in OpenVEX (#5061) 
* feat: PURL match in OpenVEX

* test: fix fixture

* Update docs/docs/supply-chain/vex.md

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>

* docs: add a comment about overriding statements

---------

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
2023-08-30 07:48:32 +00:00

158 lines
3.8 KiB
Go
Raw Blame History

package vex_test
import (
"os"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/vex"
)
func TestMain(m *testing.M) {
log.InitLogger(false, true)
os.Exit(m.Run())
}
func TestVEX_Filter(t *testing.T) {
type fields struct {
filePath string
report types.Report
}
type args struct {
vulns []types.DetectedVulnerability
}
tests := []struct {
name string
fields fields
args args
want []types.DetectedVulnerability
}{
{
name: "OpenVEX",
fields: fields{
filePath: "testdata/openvex.json",
},
args: args{
vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2021-44228",
PkgName: "spring-boot",
InstalledVersion: "2.6.0",
PkgRef: "pkg:maven/org.springframework.boot/spring-boot@2.6.0?type=pom",
},
},
},
want: []types.DetectedVulnerability{},
},
{
name: "OpenVEX, multiple statements",
fields: fields{
filePath: "testdata/openvex-multiple.json",
},
args: args{
vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2021-44228",
PkgName: "spring-boot",
InstalledVersion: "2.6.0",
PkgRef: "pkg:maven/org.springframework.boot/spring-boot@2.6.0?type=pom",
},
{
VulnerabilityID: "CVE-2021-0001",
PkgName: "spring-boot",
InstalledVersion: "2.6.0",
PkgRef: "pkg:maven/org.springframework.boot/spring-boot@2.6.0?type=pom",
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2021-0001",
PkgName: "spring-boot",
InstalledVersion: "2.6.0",
PkgRef: "pkg:maven/org.springframework.boot/spring-boot@2.6.0?type=pom",
},
},
},
{
name: "CycloneDX SBOM with CycloneDX VEX",
fields: fields{
filePath: "testdata/cyclonedx.json",
report: types.Report{
CycloneDX: &ftypes.CycloneDX{
SerialNumber: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
Version: 1,
},
},
},
args: args{
vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2018-7489",
PkgName: "jackson-databind",
InstalledVersion: "2.8.0",
PkgRef: "jackson-databind-2.8.0",
},
{
VulnerabilityID: "CVE-2018-7490",
PkgName: "jackson-databind",
InstalledVersion: "2.8.0",
PkgRef: "jackson-databind-2.8.0",
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2018-7490",
PkgName: "jackson-databind",
InstalledVersion: "2.8.0",
PkgRef: "jackson-databind-2.8.0",
},
},
},
{
name: "CycloneDX VEX wrong URN",
fields: fields{
filePath: "testdata/cyclonedx.json",
report: types.Report{
CycloneDX: &ftypes.CycloneDX{
SerialNumber: "urn:uuid:wrong",
Version: 1,
},
},
},
args: args{
vulns: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2018-7489",
PkgName: "jackson-databind",
InstalledVersion: "2.8.0",
PkgRef: "jackson-databind-2.8.0",
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2018-7489",
PkgName: "jackson-databind",
InstalledVersion: "2.8.0",
PkgRef: "jackson-databind-2.8.0",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
v, err := vex.New(tt.fields.filePath, tt.fields.report)
require.NoError(t, err)
assert.Equal(t, tt.want, v.Filter(tt.args.vulns))
})
}
}
Reference in New Issue View Git Blame Copy Permalink