mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 23:26:39 -08:00
b6d5b82c48
* feat: add comparer * refactor: rename lang with ecosystem * feat(bundler): add comparer * feat(node): add comparer * feat(bundler): integrate comparer * feat(cargo): integrate comparer * feat(composer): add comparer * feat(ghsa): integrate comparer * feat(node): integrate comparer * feat(python): integrate comparer * test(bundler): add tests * test(cargo): add tests * test(composer): add tests * test(ghsa): add tests * test(node): add tests * test(python): add tests * refactor(utils): remove unnecessary functions * test(utils): add tests * test: rename bucket prefixes * fix(detect): use string * chore: update dependencies * docs: add comments * fix(cargo): handle unpatched vulnerability * test(db): update trivy-db for integration tests * test(integration): update a golden file * test(cargo): Add a case for missing patched version Signed-off-by: Simarpreet Singh <simar@linux.com> * refactor(advisory): update comments * refactor(node/advisory): change the receiver * chore(mod): update dependencies * refactor(comparer): unexport MatchVersion * refactor: fix maligned structs * test(node): add empty value * refactor * refactor: sort imports * chore(mod): update trivy-db Co-authored-by: Simarpreet Singh <simar@linux.com>
105 lines
2.1 KiB
Go
105 lines
2.1 KiB
Go
package bundler_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/aquasecurity/trivy-db/pkg/types"
|
|
"github.com/aquasecurity/trivy/pkg/detector/library/bundler"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
)
|
|
|
|
func TestRubyGemsComparer_IsVulnerable(t *testing.T) {
|
|
type args struct {
|
|
currentVersion string
|
|
advisory types.Advisory
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want bool
|
|
}{
|
|
{
|
|
name: "happy path",
|
|
args: args{
|
|
currentVersion: "1.2.3",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{">=1.2.0"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
name: "pre-release",
|
|
args: args{
|
|
currentVersion: "1.2.3.a",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{">=1.2.3"},
|
|
},
|
|
},
|
|
want: true,
|
|
},
|
|
{
|
|
name: "pre-release without dot",
|
|
args: args{
|
|
currentVersion: "4.1a",
|
|
advisory: types.Advisory{
|
|
UnaffectedVersions: []string{"< 4.2b1"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
// https://github.com/aquasecurity/trivy/issues/108
|
|
name: "hyphen",
|
|
args: args{
|
|
currentVersion: "1.9.25-x86-mingw32",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{">=1.9.24"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
// https://github.com/aquasecurity/trivy/issues/108
|
|
name: "pessimistic",
|
|
args: args{
|
|
currentVersion: "1.8.6-java",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{"~> 1.5.5", "~> 1.6.8", ">= 1.7.7"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
name: "invalid version",
|
|
args: args{
|
|
currentVersion: "1.2..4",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{">=1.2.3"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
name: "invalid constraint",
|
|
args: args{
|
|
currentVersion: "1.2.4",
|
|
advisory: types.Advisory{
|
|
PatchedVersions: []string{"!1.2.0"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
}
|
|
log.InitLogger(false, false)
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := bundler.RubyGemsComparer{}
|
|
got := r.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|