vulndb/internal/audit/vulnerability_test.go - exp - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package audit

 import (
 	"os"
 	"path"
 	"reflect"
 	"testing"

 	"golang.org/x/vulndb/osv"
 )

 // Testing utility function that simplifies vulns by projecting each vulnerability
 // to Path, and Symbol fields only.
 func vulnProject(vulns []*osv.Entry) map[string][]osv.Entry {
 	projVulns := make(map[string][]osv.Entry)
 	for _, vuln := range vulns {
 		projVulns[vuln.Package.Name] = append(projVulns[vuln.Package.Name],
 			osv.Entry{Package: osv.Package{Name: vuln.Package.Name}, EcosystemSpecific: osv.GoSpecific{Symbols: vuln.EcosystemSpecific.Symbols}})
 	}
 	return projVulns
 }

 func TestLoadVulnerabilities(t *testing.T) {
 	cd, err := os.Getwd()
 	if err != nil {
 		t.Fatal(err)
 	}

 	vulns, err := LoadVulnerabilities([]string{"file://" + path.Join(cd, "testdata/dbs/bogus.db.org"), "file://" + path.Join(cd, "testdata/dbs/golang.deepgo.org")},
 		[]string{"thirdparty.org/vulnerabilities", "bogus.org/module"})
 	if err != nil {
 		t.Fatal(err)
 	}

 	testVulnDb := make(map[string][]osv.Entry)
 	testVulnDb["thirdparty.org/vulnerabilities/vuln"] = []osv.Entry{
 		{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"},
 			EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VulnData.Vuln", "VulnData.VulnOnPtr"}},
 		},
 		{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"}},
 		{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"},
 			EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VG"}},
 		},
 	}
 	testVulnDb["bogus.org/module/vuln"] = []osv.Entry{
 		{Package: osv.Package{Name: "bogus.org/module/vuln"},
 			EcosystemSpecific: osv.GoSpecific{Symbols: []string{"Bogus"}},
 		},
 	}

 	projVulnDb := vulnProject(vulns)
 	if !reflect.DeepEqual(testVulnDb, projVulnDb) {
 		t.Errorf("want %v vulnerability database; got (simplified) %v", testVulnDb, projVulnDb)
 	}
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package audit

	import (
	"os"
	"path"
	"reflect"
	"testing"

	"golang.org/x/vulndb/osv"
	)

	// Testing utility function that simplifies vulns by projecting each vulnerability
	// to Path, and Symbol fields only.
	func vulnProject(vulns []*osv.Entry) map[string][]osv.Entry {
	projVulns := make(map[string][]osv.Entry)
	for _, vuln := range vulns {
	projVulns[vuln.Package.Name] = append(projVulns[vuln.Package.Name],
	osv.Entry{Package: osv.Package{Name: vuln.Package.Name}, EcosystemSpecific: osv.GoSpecific{Symbols: vuln.EcosystemSpecific.Symbols}})
	}
	return projVulns
	}

	func TestLoadVulnerabilities(t *testing.T) {
	cd, err := os.Getwd()
	if err != nil {
	t.Fatal(err)
	}

	vulns, err := LoadVulnerabilities([]string{"file://" + path.Join(cd, "testdata/dbs/bogus.db.org"), "file://" + path.Join(cd, "testdata/dbs/golang.deepgo.org")},
	[]string{"thirdparty.org/vulnerabilities", "bogus.org/module"})
	if err != nil {
	t.Fatal(err)
	}

	testVulnDb := make(map[string][]osv.Entry)
	testVulnDb["thirdparty.org/vulnerabilities/vuln"] = []osv.Entry{
	{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"},
	EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VulnData.Vuln", "VulnData.VulnOnPtr"}},
	},
	{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"}},
	{Package: osv.Package{Name: "thirdparty.org/vulnerabilities/vuln"},
	EcosystemSpecific: osv.GoSpecific{Symbols: []string{"VG"}},
	},
	}
	testVulnDb["bogus.org/module/vuln"] = []osv.Entry{
	{Package: osv.Package{Name: "bogus.org/module/vuln"},
	EcosystemSpecific: osv.GoSpecific{Symbols: []string{"Bogus"}},
	},
	}

	projVulnDb := vulnProject(vulns)
	if !reflect.DeepEqual(testVulnDb, projVulnDb) {
	t.Errorf("want %v vulnerability database; got (simplified) %v", testVulnDb, projVulnDb)
	}
	}