vulndb/internal/audit/vulnerability_test.go - exp - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package audit

 import (
 	"reflect"
 	"testing"

 	"golang.org/x/tools/go/packages"
 	"golang.org/x/vulndb/osv"
 )

 type mockClient struct {
 	ret map[string][]*osv.Entry
 }

 func (mc *mockClient) Get(a []string) ([]*osv.Entry, error) {
 	return mc.ret[a[0]], nil
 }

 func TestFetchVulnerabilities(t *testing.T) {
 	mc := &mockClient{
 		ret: map[string][]*osv.Entry{
 			"example.mod/a": {
 				{ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
 				{ID: "b", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.0.0"}}}},
 			},
 			"example.mod/b": {{ID: "c", Package: osv.Package{Name: "example.mod/b"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.0.0"}}}}},
 			"example.mod/d": {{ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}},
 		},
 	}

 	mv, err := FetchVulnerabilities(mc, []*packages.Module{
 		{Path: "example.mod/a", Version: "v1.0.0"},
 		{Path: "example.mod/b", Version: "v1.0.0"},
 		{Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"},
 	})
 	if err != nil {
 		t.Fatalf("FetchVulnerabilities failed: %s", err)
 	}

 	expected := ModuleVulnerabilities{
 		{
 			mod: &packages.Module{Path: "example.mod/a", Version: "v1.0.0"},
 			vulns: []*osv.Entry{
 				{ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
 			},
 		},
 		{
 			mod: &packages.Module{Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"},
 			vulns: []*osv.Entry{
 				{ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
 			},
 		},
 	}
 	if !reflect.DeepEqual(mv, expected) {
 		t.Fatalf("FetchVulnerabilities returned unexpected results, got:\n%s\nwant:\n%s", moduleVulnerabilitiesToString(mv), moduleVulnerabilitiesToString(expected))
 	}
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package audit

	import (
	"reflect"
	"testing"

	"golang.org/x/tools/go/packages"
	"golang.org/x/vulndb/osv"
	)

	type mockClient struct {
	ret map[string][]*osv.Entry
	}

	func (mc mockClient) Get(a []string) ([]osv.Entry, error) {
	return mc.ret[a[0]], nil
	}

	func TestFetchVulnerabilities(t *testing.T) {
	mc := &mockClient{
	ret: map[string][]*osv.Entry{
	"example.mod/a": {
	{ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
	{ID: "b", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.0.0"}}}},
	},
	"example.mod/b": {{ID: "c", Package: osv.Package{Name: "example.mod/b"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v1.0.0"}}}}},
	"example.mod/d": {{ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}}},
	},
	}

	mv, err := FetchVulnerabilities(mc, []*packages.Module{
	{Path: "example.mod/a", Version: "v1.0.0"},
	{Path: "example.mod/b", Version: "v1.0.0"},
	{Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"},
	})
	if err != nil {
	t.Fatalf("FetchVulnerabilities failed: %s", err)
	}

	expected := ModuleVulnerabilities{
	{
	mod: &packages.Module{Path: "example.mod/a", Version: "v1.0.0"},
	vulns: []*osv.Entry{
	{ID: "a", Package: osv.Package{Name: "example.mod/a"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
	},
	},
	{
	mod: &packages.Module{Path: "example.mod/c", Replace: &packages.Module{Path: "example.mod/d", Version: "v1.0.0"}, Version: "v2.0.0"},
	vulns: []*osv.Entry{
	{ID: "c", Package: osv.Package{Name: "example.mod/d"}, Affects: osv.Affects{Ranges: []osv.AffectsRange{{Type: osv.TypeSemver, Fixed: "v2.0.0"}}}},
	},
	},
	}
	if !reflect.DeepEqual(mv, expected) {
	t.Fatalf("FetchVulnerabilities returned unexpected results, got:\n%s\nwant:\n%s", moduleVulnerabilitiesToString(mv), moduleVulnerabilitiesToString(expected))
	}
	}