| // Copyright 2021 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package audit |
| |
| import ( |
| "reflect" |
| "testing" |
| |
| "golang.org/x/tools/go/packages" |
| "golang.org/x/vulndb/osv" |
| ) |
| |
| type mockClient struct { |
| ret map[string][]*osv.Entry |
| } |
| |
| func (mc *mockClient) Get(a []string) ([]*osv.Entry, error) { |
| return mc.ret[a[0]], nil |
| } |
| |
| func TestFetchVulnerabilities(t *testing.T) { |
| mc := &mockClient{ |
| ret: map[string][]*osv.Entry{ |
| "example.mod/a": {{ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}}, |
| "example.mod/b": {{ID: "b", Package: osv.Package{Name: "example.mod/b"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.1.1"}}}}}, |
| "example.mod/d": {{ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}}, |
| }, |
| } |
| |
| mv, err := FetchVulnerabilities(mc, []*packages.Module{ |
| {Path: "example.mod/a", Version: "v1.0.0"}, |
| {Path: "example.mod/b", Version: "v1.0.4"}, |
| {Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"}, |
| }) |
| if err != nil { |
| t.Fatalf("FetchVulnerabilities failed: %s", err) |
| } |
| |
| expected := ModuleVulnerabilities{ |
| { |
| mod: &packages.Module{Path: "example.mod/a", Version: "v1.0.0"}, |
| vulns: []*osv.Entry{ |
| {ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}, |
| }, |
| }, |
| { |
| mod: &packages.Module{Path: "example.mod/b", Version: "v1.0.4"}, |
| vulns: []*osv.Entry{ |
| {ID: "b", Package: osv.Package{Name: "example.mod/b"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.1.1"}}}}, |
| }, |
| }, |
| { |
| mod: &packages.Module{Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"}, |
| vulns: []*osv.Entry{ |
| {ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}, |
| }, |
| }, |
| } |
| if !reflect.DeepEqual(mv, expected) { |
| t.Fatalf("FetchVulnerabilities returned unexpected results, got:\n%s\nwant:\n%s", moduleVulnerabilitiesToString(mv), moduleVulnerabilitiesToString(expected)) |
| } |
| } |