mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
c9f22f4e55
* refactor(server): remove Detect endpoint * refactor(library): do not use interface * refactor: add dbtest package * test: add bolt fixtures * feat: support jar scanning * refactor: rename node to npm * refactor: fix lint issues * test(maven): remove some tests * chore(mod): update fanal * docs: update README * chore(mod): update trivy-db * fix(library/drive): add ecosystem * fix: do not display 0 vulnerabilities * refactor(table): split method * Update README.md (#838) * fix(app): increase the default value of timeout (#842) * feat(maven): use go-mvn-version * test(maven): update tests * fix(scan): skip files and dirs before vulnerability detection * fix: display log messages only once per type * docs(README): add file suffixes * chore(mod): update go-mvn-version * feat(log): set go-dep-parser logger * chore(mod): update fanal * docs: update README * docs(README): add java source * test(maven): fix invalid case
84 lines
1.8 KiB
Go
84 lines
1.8 KiB
Go
package composer_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/aquasecurity/trivy-db/pkg/db"
|
|
"github.com/aquasecurity/trivy/pkg/dbtest"
|
|
"github.com/aquasecurity/trivy/pkg/detector/library/composer"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
)
|
|
|
|
func TestAdvisory_DetectVulnerabilities(t *testing.T) {
|
|
type args struct {
|
|
pkgName string
|
|
pkgVer string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
fixtures []string
|
|
want []types.DetectedVulnerability
|
|
wantErr string
|
|
}{
|
|
{
|
|
name: "detected",
|
|
args: args{
|
|
pkgName: "aws/aws-sdk-php",
|
|
pkgVer: "3.2.0",
|
|
},
|
|
fixtures: []string{"testdata/fixtures/composer.yaml"},
|
|
want: []types.DetectedVulnerability{
|
|
{
|
|
PkgName: "aws/aws-sdk-php",
|
|
InstalledVersion: "3.2.0",
|
|
VulnerabilityID: "CVE-2015-5723",
|
|
FixedVersion: "3.2.1",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "not detected",
|
|
args: args{
|
|
pkgName: "guzzlehttp/guzzle",
|
|
pkgVer: "5.3.1",
|
|
},
|
|
fixtures: []string{"testdata/fixtures/composer.yaml"},
|
|
want: nil,
|
|
},
|
|
{
|
|
name: "malformed JSON",
|
|
args: args{
|
|
pkgName: "aws/aws-sdk-php",
|
|
pkgVer: "3.2.0",
|
|
},
|
|
fixtures: []string{"testdata/fixtures/invalid-type.yaml"},
|
|
wantErr: "failed to unmarshal advisory JSON",
|
|
},
|
|
}
|
|
|
|
log.InitLogger(false, true)
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
_ = dbtest.InitDB(t, tt.fixtures)
|
|
defer db.Close()
|
|
|
|
a := composer.NewAdvisory()
|
|
got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer)
|
|
if tt.wantErr != "" {
|
|
require.NotNil(t, err)
|
|
assert.Contains(t, err.Error(), tt.wantErr)
|
|
return
|
|
} else {
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|