tests/screentest: add a test for a vuln with no affected packages
Adds a test for a vulnerability report that only lists affected module(s),
not affected packages. Package site currently does not display this correctly
(it displays an empty section instead of listing the modules). An upcoming
CL will fix.
Change-Id: Ia9b73ab8ad3f2ec71061bd329ab7497eccb91ee2
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/581179
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
kokoro-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/devtools/snapshot_vulndb_v1.sh b/devtools/snapshot_vulndb_v1.sh
index 650aa38..371d936 100755
--- a/devtools/snapshot_vulndb_v1.sh
+++ b/devtools/snapshot_vulndb_v1.sh
@@ -24,6 +24,7 @@
"ID/GO-2021-0264.json"
"ID/GO-2022-0273.json"
"ID/GO-2024-2730.json"
+ "ID/GO-2024-2659.json"
)
go install golang.org/x/vulndb/cmd/indexdb@latest
diff --git a/tests/screentest/testcases.ci.txt b/tests/screentest/testcases.ci.txt
index 7523578..0858621 100644
--- a/tests/screentest/testcases.ci.txt
+++ b/tests/screentest/testcases.ci.txt
@@ -24,6 +24,11 @@
capture fullscreen
capture fullscreen 540x1080
+test vuln entry no packages
+pathname /vuln/GO-2024-2659
+capture fullscreen
+capture fullscreen 540x1080
+
test vuln stdlib module
pathname /archive/zip@go1.16.4
capture viewport
diff --git a/tests/screentest/testdata/ci/vuln-540x1080.a.png b/tests/screentest/testdata/ci/vuln-540x1080.a.png
index 8c49f5d..08158b4 100644
--- a/tests/screentest/testdata/ci/vuln-540x1080.a.png
+++ b/tests/screentest/testdata/ci/vuln-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png b/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png
new file mode 100644
index 0000000..ddae279
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-entry-no-packages-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png b/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png
new file mode 100644
index 0000000..6f613c7
--- /dev/null
+++ b/tests/screentest/testdata/ci/vuln-entry-no-packages.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-list-540x1080.a.png b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png
index 216721e..ea2d9c6 100644
--- a/tests/screentest/testdata/ci/vuln-list-540x1080.a.png
+++ b/tests/screentest/testdata/ci/vuln-list-540x1080.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln-list.a.png b/tests/screentest/testdata/ci/vuln-list.a.png
index c6ca084..11d84b3 100644
--- a/tests/screentest/testdata/ci/vuln-list.a.png
+++ b/tests/screentest/testdata/ci/vuln-list.a.png
Binary files differ
diff --git a/tests/screentest/testdata/ci/vuln.a.png b/tests/screentest/testdata/ci/vuln.a.png
index 682388e..26651e6 100644
--- a/tests/screentest/testdata/ci/vuln.a.png
+++ b/tests/screentest/testdata/ci/vuln.a.png
Binary files differ
diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json
new file mode 100644
index 0000000..fb560a3
--- /dev/null
+++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json
@@ -0,0 +1 @@
+{"schema_version":"1.3.1","id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","published":"2024-03-22T18:49:03Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"],"summary":"Data exfiltration from internal networks in github.com/docker/docker","details":"dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.","affected":[{"package":{"name":"github.com/docker/docker","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"25.0.0+incompatible"},{"fixed":"25.0.5+incompatible"},{"introduced":"26.0.0-rc1+incompatible"},{"fixed":"26.0.0-rc3+incompatible"}]}],"ecosystem_specific":{}}],"references":[{"type":"ADVISORY","url":"https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"},{"type":"WEB","url":"https://github.com/moby/moby/pull/46609"}],"credits":[{"name":"@robmry"},{"name":"@akerouanton"},{"name":"@neersighted"},{"name":"@gabriellavengeo"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2659"}}
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz
new file mode 100644
index 0000000..eb4407b
--- /dev/null
+++ b/tests/screentest/testdata/vulndb-v1/ID/GO-2024-2659.json.gz
Binary files differ
diff --git a/tests/screentest/testdata/vulndb-v1/index/modules.json b/tests/screentest/testdata/vulndb-v1/index/modules.json
index a9329cd..57fe6c6 100644
--- a/tests/screentest/testdata/vulndb-v1/index/modules.json
+++ b/tests/screentest/testdata/vulndb-v1/index/modules.json
@@ -1 +1 @@
-[{"path":"github.com/astaxie/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"1.12.9"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"1.12.11"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego/v2","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"2.0.4"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"}]},{"path":"github.com/gorilla/sessions","vulns":[{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}]},{"path":"golang.org/x/crypto","vulns":[{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"0.0.0-20200124225646-8b5121be2f68"}]},{"path":"stdlib","vulns":[{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","fixed":"1.4.3"},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","fixed":"1.16.5"},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","fixed":"1.17.3"},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"1.13.7"},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","fixed":"1.17.1"}]},{"path":"toolchain","vulns":[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","fixed":"1.15.7"},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"}]}]
\ No newline at end of file
+[{"path":"github.com/astaxie/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"1.12.9"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"1.12.11"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z"}]},{"path":"github.com/beego/beego/v2","vulns":[{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","fixed":"2.0.4"},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","fixed":"2.0.3"}]},{"path":"github.com/docker/docker","vulns":[{"id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","fixed":"26.0.0-rc3+incompatible"}]},{"path":"github.com/gorilla/sessions","vulns":[{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}]},{"path":"golang.org/x/crypto","vulns":[{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"0.0.0-20200124225646-8b5121be2f68"}]},{"path":"stdlib","vulns":[{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","fixed":"1.4.3"},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","fixed":"1.16.5"},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","fixed":"1.17.3"},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","fixed":"1.13.7"},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","fixed":"1.17.1"}]},{"path":"toolchain","vulns":[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","fixed":"1.15.7"},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","fixed":"1.15.5"}]}]
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb-v1/index/modules.json.gz b/tests/screentest/testdata/vulndb-v1/index/modules.json.gz
index b9af784..166b8fc 100644
--- a/tests/screentest/testdata/vulndb-v1/index/modules.json.gz
+++ b/tests/screentest/testdata/vulndb-v1/index/modules.json.gz
Binary files differ
diff --git a/tests/screentest/testdata/vulndb-v1/index/vulns.json b/tests/screentest/testdata/vulndb-v1/index/vulns.json
index 285b338..d6710b4 100644
--- a/tests/screentest/testdata/vulndb-v1/index/vulns.json
+++ b/tests/screentest/testdata/vulndb-v1/index/vulns.json
@@ -1 +1 @@
-[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-3115"]},{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"]},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-33196"]},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-41772"]},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"]},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-39293"]},{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"]},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28366"]},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28367"]},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"]},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"]},{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}]
\ No newline at end of file
+[{"id":"GO-2021-0068","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-3115"]},{"id":"GO-2021-0159","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2015-5739","CVE-2015-5740","CVE-2015-5741"]},{"id":"GO-2021-0240","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-33196"]},{"id":"GO-2021-0264","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-41772"]},{"id":"GO-2022-0229","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-7919","GHSA-cjjc-xp8v-855w"]},{"id":"GO-2022-0273","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2021-39293"]},{"id":"GO-2022-0463","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2022-31259","GHSA-qx32-f6g6-fcfr"]},{"id":"GO-2022-0475","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28366"]},{"id":"GO-2022-0476","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2020-28367"]},{"id":"GO-2022-0569","modified":"2023-06-12T18:45:41Z","aliases":["CVE-2022-31836","GHSA-95f9-94vc-665h"]},{"id":"GO-2022-0572","modified":"2023-12-14T15:51:14Z","aliases":["CVE-2021-30080","GHSA-28r6-jm5h-mrgg"]},{"id":"GO-2024-2659","modified":"2024-03-22T18:49:03Z","aliases":["CVE-2024-29018","GHSA-mq39-4gv4-mvpx"]},{"id":"GO-2024-2730","modified":"2024-04-17T19:55:00Z"}]
\ No newline at end of file
diff --git a/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz b/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz
index 8bd161d..0a832bf 100644
--- a/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz
+++ b/tests/screentest/testdata/vulndb-v1/index/vulns.json.gz
Binary files differ
