gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b6d5b82c48c1ac12176555ef3039705ff0aa7850
trivy/pkg/detector/library/driver_test.go
Teppei Fukuda b6d5b82c48 fix: version comparison (#740) 
* feat: add comparer

* refactor: rename lang with ecosystem

* feat(bundler): add comparer

* feat(node): add comparer

* feat(bundler): integrate comparer

* feat(cargo): integrate comparer

* feat(composer): add comparer

* feat(ghsa): integrate comparer

* feat(node): integrate comparer

* feat(python): integrate comparer

* test(bundler): add tests

* test(cargo): add tests

* test(composer): add tests

* test(ghsa): add tests

* test(node): add tests

* test(python): add tests

* refactor(utils): remove unnecessary functions

* test(utils): add tests

* test: rename bucket prefixes

* fix(detect): use string

* chore: update dependencies

* docs: add comments

* fix(cargo): handle unpatched vulnerability

* test(db): update trivy-db for integration tests

* test(integration): update a golden file

* test(cargo): Add a case for missing patched version

Signed-off-by: Simarpreet Singh <simar@linux.com>

* refactor(advisory): update comments

* refactor(node/advisory): change the receiver

* chore(mod): update dependencies

* refactor(comparer): unexport MatchVersion

* refactor: fix maligned structs

* test(node): add empty value

* refactor

* refactor: sort imports

* chore(mod): update trivy-db

Co-authored-by: Simarpreet Singh <simar@linux.com>
2020-11-17 11:38:58 +02:00

135 lines
3.1 KiB
Go
Raw Blame History

package library_test
import (
"os"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/detector/library"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/utils"
)
func TestDriver_Detect(t *testing.T) {
type fields struct {
fileName string
}
type args struct {
pkgName string
pkgVer string
}
tests := []struct {
name string
fixtures []string
fields fields
args args
want []types.DetectedVulnerability
wantErr string
}{
{
name: "happy path",
fixtures: []string{"testdata/fixtures/php.yaml"},
fields: fields{fileName: "composer.lock"},
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.2.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-10909",
PkgName: "symfony/symfony",
InstalledVersion: "4.2.6",
FixedVersion: "4.2.7",
},
},
},
{
name: "non-prefix buckets",
fixtures: []string{"testdata/fixtures/php-without-prefix.yaml"},
fields: fields{fileName: "composer.lock"},
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.2.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-10909",
PkgName: "symfony/symfony",
InstalledVersion: "4.2.6",
FixedVersion: "4.2.7",
},
},
},
{
name: "no patched versions in the advisory",
fixtures: []string{"testdata/fixtures/php.yaml"},
fields: fields{fileName: "composer.lock"},
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.4.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2020-5275",
PkgName: "symfony/symfony",
InstalledVersion: "4.4.6",
FixedVersion: "4.4.7",
},
},
},
{
name: "no vulnerable versions in the advisory",
fixtures: []string{"testdata/fixtures/ruby.yaml"},
fields: fields{fileName: "Gemfile.lock"},
args: args{
pkgName: "activesupport",
pkgVer: "4.1.1",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2015-3226",
PkgName: "activesupport",
InstalledVersion: "4.1.1",
FixedVersion: ">= 4.2.2, ~> 4.1.11",
},
},
},
{
name: "no vulnerability",
fixtures: []string{"testdata/fixtures/php.yaml"},
fields: fields{fileName: "composer.lock"},
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.4.7",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Initialize DB
dir := utils.InitTestDB(t, tt.fixtures)
defer os.RemoveAll(dir)
defer db.Close()
factory := library.DriverFactory{}
driver, err := factory.NewDriver(tt.fields.fileName)
require.NoError(t, err)
got, err := driver.Detect(tt.args.pkgName, tt.args.pkgVer)
switch {
case tt.wantErr != "":
require.NotNil(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
default:
assert.NoError(t, err)
}
// Compare
assert.Equal(t, tt.want, got)
})
}
}
Reference in New Issue View Git Blame Copy Permalink