gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9f22f4e55a67516cc4690dd9afebbdd8cb708b9
trivy/pkg/detector/library/driver_test.go
Teppei Fukuda c9f22f4e55 feat(java): support jar/war/ear (#837) 
* refactor(server): remove Detect endpoint

* refactor(library): do not use interface

* refactor: add dbtest package

* test: add bolt fixtures

* feat: support jar scanning

* refactor: rename node to npm

* refactor: fix lint issues

* test(maven): remove some tests

* chore(mod): update fanal

* docs: update README

* chore(mod): update trivy-db

* fix(library/drive): add ecosystem

* fix: do not display 0 vulnerabilities

* refactor(table): split method

* Update README.md (#838)

* fix(app): increase the default value of timeout (#842)

* feat(maven): use go-mvn-version

* test(maven): update tests

* fix(scan): skip files and dirs before vulnerability detection

* fix: display log messages only once per type

* docs(README): add file suffixes

* chore(mod): update go-mvn-version

* feat(log): set go-dep-parser logger

* chore(mod): update fanal

* docs: update README

* docs(README): add java source

* test(maven): fix invalid case
2021-02-14 18:19:42 +02:00

130 lines
2.9 KiB
Go
Raw Blame History

package library_test
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
lib "github.com/aquasecurity/fanal/analyzer/library"
"github.com/aquasecurity/trivy-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/dbtest"
"github.com/aquasecurity/trivy/pkg/detector/library"
"github.com/aquasecurity/trivy/pkg/types"
)
func TestDriver_Detect(t *testing.T) {
type args struct {
pkgName string
pkgVer string
}
tests := []struct {
name string
fixtures []string
libType string
args args
want []types.DetectedVulnerability
wantErr string
}{
{
name: "happy path",
fixtures: []string{"testdata/fixtures/php.yaml"},
libType: lib.Composer,
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.2.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-10909",
PkgName: "symfony/symfony",
InstalledVersion: "4.2.6",
FixedVersion: "4.2.7",
},
},
},
{
name: "non-prefix buckets",
fixtures: []string{"testdata/fixtures/php-without-prefix.yaml"},
libType: lib.Composer,
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.2.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-10909",
PkgName: "symfony/symfony",
InstalledVersion: "4.2.6",
FixedVersion: "4.2.7",
},
},
},
{
name: "no patched versions in the advisory",
fixtures: []string{"testdata/fixtures/php.yaml"},
libType: lib.Composer,
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.4.6",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2020-5275",
PkgName: "symfony/symfony",
InstalledVersion: "4.4.6",
FixedVersion: "4.4.7",
},
},
},
{
name: "no vulnerable versions in the advisory",
fixtures: []string{"testdata/fixtures/ruby.yaml"},
libType: lib.Bundler,
args: args{
pkgName: "activesupport",
pkgVer: "4.1.1",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2015-3226",
PkgName: "activesupport",
InstalledVersion: "4.1.1",
FixedVersion: ">= 4.2.2, ~> 4.1.11",
},
},
},
{
name: "no vulnerability",
fixtures: []string{"testdata/fixtures/php.yaml"},
libType: lib.Composer,
args: args{
pkgName: "symfony/symfony",
pkgVer: "4.4.7",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Initialize DB
_ = dbtest.InitDB(t, tt.fixtures)
defer db.Close()
driver, err := library.NewDriver(tt.libType)
require.NoError(t, err)
got, err := driver.Detect(tt.args.pkgName, tt.args.pkgVer)
switch {
case tt.wantErr != "":
require.NotNil(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
default:
assert.NoError(t, err)
}
// Compare
assert.Equal(t, tt.want, got)
})
}
}
Reference in New Issue View Git Blame Copy Permalink