gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8b3b5d0290c35581d6b324c2a0a600499fc012dd
trivy/pkg/detector/library/npm/compare_test.go
Teppei Fukuda 8b3b5d0290 feat: support plugins (#878) 
* fix(log): set the default logger

* feat: support plugins

* feat(plugin): add run command

* feat(plugin): add uninstall command

* test(plugin): add tests

* chore(ci): pin go version

* chore(ci): disable G204

* refactor: fix lint issues

* feat(plugin): skip downloading installed plugins

* feat: add TRIVY_RUN_AS_PLUGIN

* support Ubuntu 20.10 (#876)

* docs(README): update ubuntu versions (#877)

* add MkDocs implementation (#870)

* mkdocs: add top level nav

* mkdocs: add installation nav

* mkdocs: add quick-start nav

* mkdocs: add examples nav

* mkdocs: add CI nav

* mkdocs: add vuln-detection nav

* mkdocs: add comparison nav

* mkdocs: add usage nav

* mkdocs: add migration nav

* mkdocs: add FAQ nav

* mkdocs: add mkdocs.yml

* mkdocs: add github workflow

* docs: update documents

* fix links

* chore(ci): use ORG_GITHUB_TOKEN

* chore(mkdocs): use mike

* chore(ci): support dev

* chore(ci): documentation test

Co-authored-by: knqyf263 <knqyf263@gmail.com>

* docs: add plugins

* chore: remove stale workflow

* refactor: fix lint issues

Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: aprp <doelaudi@gmail.com>
2021-03-10 21:44:08 +02:00

139 lines
2.9 KiB
Go
Raw Blame History

package npm_test
import (
"testing"
"github.com/stretchr/testify/assert"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/detector/library/npm"
)
func TestNpmComparer_IsVulnerable(t *testing.T) {
type args struct {
currentVersion string
advisory dbTypes.Advisory
}
tests := []struct {
name string
args args
want bool
}{
{
name: "happy path",
args: args{
currentVersion: "1.0.0",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"<=1.0"},
PatchedVersions: []string{">=1.1"},
},
},
want: true,
},
{
name: "no patch",
args: args{
currentVersion: "1.2.3",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"<=99.999.99999"},
PatchedVersions: []string{"<0.0.0"},
},
},
want: true,
},
{
name: "no patch with wildcard",
args: args{
currentVersion: "1.2.3",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"*"},
PatchedVersions: nil,
},
},
want: true,
},
{
name: "pre-release",
args: args{
currentVersion: "1.2.3-alpha",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"<=1.2.2"},
PatchedVersions: []string{">=1.2.2"},
},
},
want: false,
},
{
name: "multiple constraints",
args: args{
currentVersion: "2.0.0",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0-beta.1 <3.0.0-beta.7"},
PatchedVersions: []string{">=3.0.0-beta.7", ">=2.0.8 <3.0.0-beta.1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"},
},
},
want: true,
},
{
name: "x",
args: args{
currentVersion: "2.0.1",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"2.0.x", "2.1.x"},
PatchedVersions: []string{">=2.2.x"},
},
},
want: true,
},
{
name: "exact versions",
args: args{
currentVersion: "2.1.0-M1",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"2.1.0-M1", "2.1.0-M2"},
PatchedVersions: []string{">=2.1.0"},
},
},
want: true,
},
{
name: "caret",
args: args{
currentVersion: "2.0.18",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"<2.0.18", "<3.0.16"},
PatchedVersions: []string{"^2.0.18", "^3.0.16"},
},
},
want: false,
},
{
name: "invalid version",
args: args{
currentVersion: "1.2..4",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"<1.0.0"},
},
},
want: false,
},
{
name: "invalid constraint",
args: args{
currentVersion: "1.2.4",
advisory: dbTypes.Advisory{
VulnerableVersions: []string{"!1.0.0"},
},
},
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := npm.Comparer{}
got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
assert.Equal(t, tt.want, got)
})
}
}
Reference in New Issue View Git Blame Copy Permalink