gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
84dd33f7e9b22f2fa355c8a9b63f40765f819eb7
trivy/pkg/detector/library/npm/advisory_test.go
Teppei Fukuda 50bb938a21 feat(lang-pkg): add data sources (#1625)
2022-01-27 14:22:06 +02:00

97 lines
2.1 KiB
Go
Raw Blame History

package npm_test
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy-db/pkg/db"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/dbtest"
"github.com/aquasecurity/trivy/pkg/detector/library/npm"
"github.com/aquasecurity/trivy/pkg/types"
)
func TestAdvisory_DetectVulnerabilities(t *testing.T) {
type args struct {
pkgName string
pkgVer string
}
tests := []struct {
name string
args args
fixtures []string
want []types.DetectedVulnerability
wantErr string
}{
{
name: "detected",
args: args{
pkgName: "electron",
pkgVer: "2.0.17",
},
fixtures: []string{
"testdata/fixtures/npm.yaml",
"testdata/fixtures/data-source.yaml",
},
want: []types.DetectedVulnerability{
{
PkgName: "electron",
InstalledVersion: "2.0.17",
VulnerabilityID: "CVE-2019-5786",
FixedVersion: "^2.0.18, ^3.0.16, ^3.1.6, ^4.0.8, ^5.0.0-beta.5",
DataSource: &dbTypes.DataSource{
Name: "Node.js Ecosystem Security Working Group",
URL: "https://github.com/nodejs/security-wg",
},
},
},
},
{
name: "not detected",
args: args{
pkgName: "electron",
pkgVer: "2.0.18",
},
fixtures: []string{"testdata/fixtures/npm.yaml"},
want: nil,
},
{
name: "empty value",
args: args{
pkgName: "electron",
pkgVer: "2.0.18",
},
fixtures: []string{"testdata/fixtures/no-value.yaml"},
want: nil,
},
{name: "malformed JSON",
args: args{
pkgName: "electron",
pkgVer: "2.0.18",
},
fixtures: []string{"testdata/fixtures/invalid-type.yaml"},
wantErr: "failed to unmarshal advisory JSON",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_ = dbtest.InitDB(t, tt.fixtures)
defer db.Close()
a := npm.NewAdvisory()
got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer)
if tt.wantErr != "" {
require.NotNil(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
return
}
assert.NoError(t, err)
assert.Equal(t, tt.want, got)
})
}
}
Reference in New Issue View Git Blame Copy Permalink