internal/frontend/vulns_test.go - pkgsite - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package frontend

 import (
 	"context"
 	"errors"
 	"fmt"
 	"testing"

 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	vulnc "golang.org/x/vuln/client"
 	"golang.org/x/vuln/osv"
 )

 func TestVulnsForPackage(t *testing.T) {
 	ctx := context.Background()
 	e := osv.Entry{
 		Details: "bad",
 		Affected: []osv.Affected{{
 			Package: osv.Package{Name: "bad.com"},
 			Ranges: []osv.AffectsRange{{
 				Type:   osv.TypeSemver,
 				Events: []osv.RangeEvent{{Introduced: "0"}, {Fixed: "1.2.3"}},
 			}},
 			EcosystemSpecific: osv.EcosystemSpecific{
 				Imports: []osv.EcosystemSpecificImport{{
 					Path: "bad.com",
 				}},
 			},
 		}},
 	}

 	get := func(_ context.Context, modulePath string) ([]*osv.Entry, error) {
 		switch modulePath {
 		case "good.com":
 			return nil, nil
 		case "bad.com":
 			return []*osv.Entry{&e}, nil
 		default:
 			return nil, fmt.Errorf("unknown module %q", modulePath)
 		}
 	}

 	got := VulnsForPackage(ctx, "good.com", "v1.0.0", "good.com", get)
 	if got != nil {
 		t.Errorf("got %v, want nil", got)
 	}
 	got = VulnsForPackage(ctx, "bad.com", "v1.0.0", "bad.com", get)
 	want := []Vuln{{
 		Details: "bad",
 	}}
 	if diff := cmp.Diff(want, got); diff != "" {
 		t.Errorf("mismatch (-want, +got):\n%s", diff)
 	}

 	got = VulnsForPackage(ctx, "bad.com", "v1.3.0", "bad.com", get)
 	if got != nil {
 		t.Errorf("got %v, want nil", got)
 	}
 }

 var testEntries = []*osv.Entry{
 	{ID: "GO-1990-01", Details: "a", Aliases: []string{"CVE-2000-1", "GHSA-aaaa-bbbb-cccc"}},
 	{ID: "GO-1990-02", Details: "b", Aliases: []string{"CVE-2000-1", "GHSA-1111-2222-3333"}},
 	{ID: "GO-1990-10", Details: "c"},
 	{ID: "GO-1991-01", Details: "d"},
 	{ID: "GO-1991-05", Details: "e"},
 	{ID: "GO-1991-23", Details: "f"},
 	{ID: "GO-1991-30", Details: "g"},
 }

 func TestNewVulnListPage(t *testing.T) {
 	ctx := context.Background()
 	c := newVulndbTestClient(testEntries)
 	got, err := newVulnListPage(ctx, c)
 	if err != nil {
 		t.Fatal(err)
 	}
 	// testEntries is already sorted by ID, but it should be reversed.
 	var wantEntries []OSVEntry
 	for i := len(testEntries) - 1; i >= 0; i-- {
 		wantEntries = append(wantEntries, OSVEntry{testEntries[i]})
 	}
 	want := &VulnListPage{Entries: wantEntries}
 	if diff := cmp.Diff(want, got, cmpopts.IgnoreUnexported(VulnListPage{})); diff != "" {
 		t.Errorf("mismatch (-want, +got):\n%s", diff)
 	}
 }

 func TestNewVulnPage(t *testing.T) {
 	ctx := context.Background()
 	c := &vulndbTestClient{entries: testEntries}
 	got, err := newVulnPage(ctx, c, "GO-1990-02")
 	if err != nil {
 		t.Fatal(err)
 	}
 	want := &VulnPage{
 		Entry:      OSVEntry{testEntries[1]},
 		AliasLinks: aliasLinks(testEntries[1]),
 	}
 	if diff := cmp.Diff(want, got, cmpopts.IgnoreUnexported(VulnPage{})); diff != "" {
 		t.Errorf("mismatch (-want, +got):\n%s", diff)
 	}
 }

 type vulndbTestClient struct {
 	vulnc.Client
 	entries    []*osv.Entry
 	aliasToIDs map[string][]string
 }

 func newVulndbTestClient(entries []*osv.Entry) *vulndbTestClient {
 	c := &vulndbTestClient{
 		entries:    entries,
 		aliasToIDs: map[string][]string{},
 	}
 	for _, e := range entries {
 		for _, a := range e.Aliases {
 			c.aliasToIDs[a] = append(c.aliasToIDs[a], e.ID)
 		}
 	}
 	return c
 }

 func (c *vulndbTestClient) GetByModule(context.Context, string) ([]*osv.Entry, error) {
 	return nil, errors.New("unimplemented")
 }

 func (c *vulndbTestClient) GetByID(_ context.Context, id string) (*osv.Entry, error) {
 	for _, e := range c.entries {
 		if e.ID == id {
 			return e, nil
 		}
 	}
 	return nil, nil
 }

 func (c *vulndbTestClient) ListIDs(context.Context) ([]string, error) {
 	var ids []string
 	for _, e := range c.entries {
 		ids = append(ids, e.ID)
 	}
 	return ids, nil
 }

 func (c *vulndbTestClient) GetByAlias(ctx context.Context, alias string) ([]*osv.Entry, error) {
 	ids := c.aliasToIDs[alias]
 	if len(ids) == 0 {
 		return nil, nil
 	}
 	var es []*osv.Entry
 	for _, id := range ids {
 		e, _ := c.GetByID(ctx, id)
 		es = append(es, e)
 	}
 	return es, nil
 }

 func Test_aliasLinks(t *testing.T) {
 	type args struct {
 		e *osv.Entry
 	}
 	tests := []struct {
 		name string
 		args args
 		want []link
 	}{
 		{
 			"mitre",
 			args{&osv.Entry{Aliases: []string{"CVE-0000-00000"}, References: []osv.Reference{{Type: "ADVISORY", URL: mitreAdvisoryUrlPrefix + "CVE-0000-00000"}}}},
 			[]link{{Body: "CVE-0000-00000", Href: mitreAdvisoryUrlPrefix + "CVE-0000-00000"}},
 		},
 		{
 			"github",
 			args{&osv.Entry{Aliases: []string{"GHSA-zz00-zzz0-0zz0"}}},
 			[]link{{Body: "GHSA-zz00-zzz0-0zz0", Href: githubAdvisoryUrlPrefix + "GHSA-zz00-zzz0-0zz0"}},
 		},
 		{
 			"empty link",
 			args{&osv.Entry{Aliases: []string{"NA-0000"}}},
 			[]link{{Body: "NA-0000"}},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := aliasLinks(tt.args.e)
 			if diff := cmp.Diff(tt.want, got); diff != "" {
 				t.Errorf("mismatch(-want, +got): %s", diff)
 			}
 		})
 	}
 }

 func Test_advisoryLinks(t *testing.T) {
 	type args struct {
 		e *osv.Entry
 	}
 	tests := []struct {
 		name string
 		args args
 		want []link
 	}{
 		{
 			"nist",
 			args{&osv.Entry{Aliases: []string{"CVE-0000-00000"}, References: []osv.Reference{{Type: "ADVISORY", URL: nistAdvisoryUrlPrefix + "CVE-0000-00000"}}}},
 			[]link{{Body: nistAdvisoryUrlPrefix + "CVE-0000-00000", Href: nistAdvisoryUrlPrefix + "CVE-0000-00000"}},
 		},
 		{
 			"empty link",
 			args{&osv.Entry{Aliases: []string{"NA-0000"}}},
 			nil,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := advisoryLinks(tt.args.e)
 			if diff := cmp.Diff(tt.want, got); diff != "" {
 				t.Errorf("mismatch(-want, +got): %s", diff)
 			}
 		})
 	}
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package frontend

	import (
	"context"
	"errors"
	"fmt"
	"testing"

	"github.com/google/go-cmp/cmp"
	"github.com/google/go-cmp/cmp/cmpopts"
	vulnc "golang.org/x/vuln/client"
	"golang.org/x/vuln/osv"
	)

	func TestVulnsForPackage(t *testing.T) {
	ctx := context.Background()
	e := osv.Entry{
	Details: "bad",
	Affected: []osv.Affected{{
	Package: osv.Package{Name: "bad.com"},
	Ranges: []osv.AffectsRange{{
	Type: osv.TypeSemver,
	Events: []osv.RangeEvent{{Introduced: "0"}, {Fixed: "1.2.3"}},
	}},
	EcosystemSpecific: osv.EcosystemSpecific{
	Imports: []osv.EcosystemSpecificImport{{
	Path: "bad.com",
	}},
	},
	}},
	}

	get := func(_ context.Context, modulePath string) ([]*osv.Entry, error) {
	switch modulePath {
	case "good.com":
	return nil, nil
	case "bad.com":
	return []*osv.Entry{&e}, nil
	default:
	return nil, fmt.Errorf("unknown module %q", modulePath)
	}
	}

	got := VulnsForPackage(ctx, "good.com", "v1.0.0", "good.com", get)
	if got != nil {
	t.Errorf("got %v, want nil", got)
	}
	got = VulnsForPackage(ctx, "bad.com", "v1.0.0", "bad.com", get)
	want := []Vuln{{
	Details: "bad",
	}}
	if diff := cmp.Diff(want, got); diff != "" {
	t.Errorf("mismatch (-want, +got):\n%s", diff)
	}

	got = VulnsForPackage(ctx, "bad.com", "v1.3.0", "bad.com", get)
	if got != nil {
	t.Errorf("got %v, want nil", got)
	}
	}

	var testEntries = []*osv.Entry{
	{ID: "GO-1990-01", Details: "a", Aliases: []string{"CVE-2000-1", "GHSA-aaaa-bbbb-cccc"}},
	{ID: "GO-1990-02", Details: "b", Aliases: []string{"CVE-2000-1", "GHSA-1111-2222-3333"}},
	{ID: "GO-1990-10", Details: "c"},
	{ID: "GO-1991-01", Details: "d"},
	{ID: "GO-1991-05", Details: "e"},
	{ID: "GO-1991-23", Details: "f"},
	{ID: "GO-1991-30", Details: "g"},
	}

	func TestNewVulnListPage(t *testing.T) {
	ctx := context.Background()
	c := newVulndbTestClient(testEntries)
	got, err := newVulnListPage(ctx, c)
	if err != nil {
	t.Fatal(err)
	}
	// testEntries is already sorted by ID, but it should be reversed.
	var wantEntries []OSVEntry
	for i := len(testEntries) - 1; i >= 0; i-- {
	wantEntries = append(wantEntries, OSVEntry{testEntries[i]})
	}
	want := &VulnListPage{Entries: wantEntries}
	if diff := cmp.Diff(want, got, cmpopts.IgnoreUnexported(VulnListPage{})); diff != "" {
	t.Errorf("mismatch (-want, +got):\n%s", diff)
	}
	}

	func TestNewVulnPage(t *testing.T) {
	ctx := context.Background()
	c := &vulndbTestClient{entries: testEntries}
	got, err := newVulnPage(ctx, c, "GO-1990-02")
	if err != nil {
	t.Fatal(err)
	}
	want := &VulnPage{
	Entry: OSVEntry{testEntries[1]},
	AliasLinks: aliasLinks(testEntries[1]),
	}
	if diff := cmp.Diff(want, got, cmpopts.IgnoreUnexported(VulnPage{})); diff != "" {
	t.Errorf("mismatch (-want, +got):\n%s", diff)
	}
	}

	type vulndbTestClient struct {
	vulnc.Client
	entries []*osv.Entry
	aliasToIDs map[string][]string
	}

	func newVulndbTestClient(entries []osv.Entry) vulndbTestClient {
	c := &vulndbTestClient{
	entries: entries,
	aliasToIDs: map[string][]string{},
	}
	for _, e := range entries {
	for _, a := range e.Aliases {
	c.aliasToIDs[a] = append(c.aliasToIDs[a], e.ID)
	}
	}
	return c
	}

	func (c vulndbTestClient) GetByModule(context.Context, string) ([]osv.Entry, error) {
	return nil, errors.New("unimplemented")
	}

	func (c vulndbTestClient) GetByID(_ context.Context, id string) (osv.Entry, error) {
	for _, e := range c.entries {
	if e.ID == id {
	return e, nil
	}
	}
	return nil, nil
	}

	func (c *vulndbTestClient) ListIDs(context.Context) ([]string, error) {
	var ids []string
	for _, e := range c.entries {
	ids = append(ids, e.ID)
	}
	return ids, nil
	}

	func (c vulndbTestClient) GetByAlias(ctx context.Context, alias string) ([]osv.Entry, error) {
	ids := c.aliasToIDs[alias]
	if len(ids) == 0 {
	return nil, nil
	}
	var es []*osv.Entry
	for _, id := range ids {
	e, _ := c.GetByID(ctx, id)
	es = append(es, e)
	}
	return es, nil
	}

	func Test_aliasLinks(t *testing.T) {
	type args struct {
	e *osv.Entry
	}
	tests := []struct {
	name string
	args args
	want []link
	}{
	{
	"mitre",
	args{&osv.Entry{Aliases: []string{"CVE-0000-00000"}, References: []osv.Reference{{Type: "ADVISORY", URL: mitreAdvisoryUrlPrefix + "CVE-0000-00000"}}}},
	[]link{{Body: "CVE-0000-00000", Href: mitreAdvisoryUrlPrefix + "CVE-0000-00000"}},
	},
	{
	"github",
	args{&osv.Entry{Aliases: []string{"GHSA-zz00-zzz0-0zz0"}}},
	[]link{{Body: "GHSA-zz00-zzz0-0zz0", Href: githubAdvisoryUrlPrefix + "GHSA-zz00-zzz0-0zz0"}},
	},
	{
	"empty link",
	args{&osv.Entry{Aliases: []string{"NA-0000"}}},
	[]link{{Body: "NA-0000"}},
	},
	}
	for _, tt := range tests {
	t.Run(tt.name, func(t *testing.T) {
	got := aliasLinks(tt.args.e)
	if diff := cmp.Diff(tt.want, got); diff != "" {
	t.Errorf("mismatch(-want, +got): %s", diff)
	}
	})
	}
	}

	func Test_advisoryLinks(t *testing.T) {
	type args struct {
	e *osv.Entry
	}
	tests := []struct {
	name string
	args args
	want []link
	}{
	{
	"nist",
	args{&osv.Entry{Aliases: []string{"CVE-0000-00000"}, References: []osv.Reference{{Type: "ADVISORY", URL: nistAdvisoryUrlPrefix + "CVE-0000-00000"}}}},
	[]link{{Body: nistAdvisoryUrlPrefix + "CVE-0000-00000", Href: nistAdvisoryUrlPrefix + "CVE-0000-00000"}},
	},
	{
	"empty link",
	args{&osv.Entry{Aliases: []string{"NA-0000"}}},
	nil,
	},
	}
	for _, tt := range tests {
	t.Run(tt.name, func(t *testing.T) {
	got := advisoryLinks(tt.args.e)
	if diff := cmp.Diff(tt.want, got); diff != "" {
	t.Errorf("mismatch(-want, +got): %s", diff)
	}
	})
	}
	}