| // Copyright 2021 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package audit |
| |
| import ( |
| "os" |
| "path" |
| "reflect" |
| "testing" |
| |
| "golang.org/x/vulndb/osv" |
| ) |
| |
| // Testing utility function that simplifies vulns by projecting each vulnerability |
| // to Path, and Symbol fields only. |
| func vulnProject(vulns []*osv.Entry) map[string][]osv.Entry { |
| projVulns := make(map[string][]osv.Entry) |
| for _, vuln := range vulns { |
| projVulns[vuln.Package.Name] = append(projVulns[vuln.Package.Name], |
| osv.Entry{Package: osv.Package{Name: vuln.Package.Name}, EcosystemSpecific: osv.GoSpecific{Symbols: vuln.EcosystemSpecific.Symbols}}) |
| } |
| return projVulns |
| } |
| |
| func TestLoadVulnerabilities(t *testing.T) { |
| cd, err := os.Getwd() |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| vulns, err := LoadVulnerabilities([]string{"file://" + path.Join(cd, "testdata/dbs/bogus.db.org"), "file://" + path.Join(cd, "testdata/dbs/golang.deepgo.org")}, |
| []string{"thirdparty.org/vulnerabilities", "bogus.org/module"}) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| testVulnDb := make(map[string][]osv.Entry) |
| testVulnDb["thirdparty.org/vulnerabilities/vuln"] = []osv.Entry{ |
| {Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"}, |
| EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VulnData.Vuln", "VulnData.VulnOnPtr"}}, |
| }, |
| {Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"}}, |
| {Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"}, |
| EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VG"}}, |
| }, |
| } |
| testVulnDb["bogus.org/module/vuln"] = []osv.Entry{ |
| {Package: osv.Package{Name: "bogus.org/module/vuln"}, |
| EcosystemSpecific: osv.GoSpecific{Symbols: []string{"Bogus"}}, |
| }, |
| } |
| |
| projVulnDb := vulnProject(vulns) |
| if !reflect.DeepEqual(testVulnDb, projVulnDb) { |
| t.Errorf("want %v vulnerability database; got (simplified) %v", testVulnDb, projVulnDb) |
| } |
| } |