mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
c9f22f4e55
* refactor(server): remove Detect endpoint * refactor(library): do not use interface * refactor: add dbtest package * test: add bolt fixtures * feat: support jar scanning * refactor: rename node to npm * refactor: fix lint issues * test(maven): remove some tests * chore(mod): update fanal * docs: update README * chore(mod): update trivy-db * fix(library/drive): add ecosystem * fix: do not display 0 vulnerabilities * refactor(table): split method * Update README.md (#838) * fix(app): increase the default value of timeout (#842) * feat(maven): use go-mvn-version * test(maven): update tests * fix(scan): skip files and dirs before vulnerability detection * fix: display log messages only once per type * docs(README): add file suffixes * chore(mod): update go-mvn-version * feat(log): set go-dep-parser logger * chore(mod): update fanal * docs: update README * docs(README): add java source * test(maven): fix invalid case
88 lines
1.9 KiB
Go
88 lines
1.9 KiB
Go
package maven_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/aquasecurity/trivy/pkg/detector/library/maven"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
)
|
|
|
|
func TestComparer_IsVulnerable(t *testing.T) {
|
|
type args struct {
|
|
currentVersion string
|
|
advisory dbTypes.Advisory
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want bool
|
|
}{
|
|
{
|
|
name: "happy path",
|
|
args: args{
|
|
currentVersion: "1.0.0",
|
|
advisory: dbTypes.Advisory{
|
|
VulnerableVersions: []string{"<=1.0"},
|
|
PatchedVersions: []string{">=1.1"},
|
|
},
|
|
},
|
|
want: true,
|
|
},
|
|
{
|
|
name: "final release",
|
|
args: args{
|
|
currentVersion: "1.2.3.final",
|
|
advisory: dbTypes.Advisory{
|
|
VulnerableVersions: []string{"<1.2.3"},
|
|
PatchedVersions: []string{"1.2.3"},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
{
|
|
name: "pre-release",
|
|
args: args{
|
|
currentVersion: "1.2.3-a1",
|
|
advisory: dbTypes.Advisory{
|
|
VulnerableVersions: []string{"<1.2.3"},
|
|
PatchedVersions: []string{">=1.2.3"},
|
|
},
|
|
},
|
|
want: true,
|
|
},
|
|
{
|
|
name: "multiple constraints",
|
|
args: args{
|
|
currentVersion: "2.0.0",
|
|
advisory: dbTypes.Advisory{
|
|
VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0-beta.1 <3.0.0-beta.7"},
|
|
PatchedVersions: []string{">=3.0.0-beta.7", ">=2.0.8 <3.0.0-beta.1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"},
|
|
},
|
|
},
|
|
want: true,
|
|
},
|
|
{
|
|
name: "invalid constraint",
|
|
args: args{
|
|
currentVersion: "1.2.3",
|
|
advisory: dbTypes.Advisory{
|
|
VulnerableVersions: []string{`<1.0\.0`},
|
|
},
|
|
},
|
|
want: false,
|
|
},
|
|
}
|
|
log.InitLogger(false, false)
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
c := maven.Comparer{}
|
|
got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|