cmd/govulncheck: add json and HTML tests on binaries
Change-Id: I99b519e43bfeb93cc55f0bcc0e967b17c0ab56e9
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/400120
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
diff --git a/cmd/govulncheck/testdata/html-binary.ct b/cmd/govulncheck/testdata/html-binary.ct
new file mode 100644
index 0000000..253356f
--- /dev/null
+++ b/cmd/govulncheck/testdata/html-binary.ct
@@ -0,0 +1,56 @@
+$ govulncheck -html ${novuln_binary}
+
+<!DOCTYPE html>
+<html lang="en">
+<meta charset="utf-8">
+<title>govulncheck Results</title>
+<style>
+body {
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu,
+ 'Helvetica Neue', Arial, sans-serif;
+}
+list-style-type: none;
+</style>
+
+
+<body>
+
+ No vulnerabilities found.
+
+</body>
+</html>
+
+
+$ govulncheck -html ${vuln_binary} --> FAIL 3
+
+<!DOCTYPE html>
+<html lang="en">
+<meta charset="utf-8">
+<title>govulncheck Results</title>
+<style>
+body {
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu,
+ 'Helvetica Neue', Arial, sans-serif;
+}
+list-style-type: none;
+</style>
+
+
+<body>
+
+ <h2>GO-2021-0113</h2>
+ <table>
+ <tr><td>Package</td><td>golang.org/x/text/language</td></tr>
+ <tr><td>Your version</td><td>v0.3.0</td></tr>
+ <tr><td>Fixed version</td><td>v0.3.7</td></tr>
+ <tr><td>Reference</td><td>https://pkg.go.dev/vuln/GO-2021-0113</td></tr>
+ <tr><td>Description</td><td>Due to improper index calculation, an incorrectly formatted language tag can cause Parse
+to panic via an out of bounds read. If Parse is used to process untrusted user inputs,
+this may be used as a vector for a denial of service attack.
+</td></tr>
+ </table>
+
+
+
+</body>
+</html>
diff --git a/cmd/govulncheck/testdata/json-binary.ct b/cmd/govulncheck/testdata/json-binary.ct
new file mode 100644
index 0000000..30e6e4b
--- /dev/null
+++ b/cmd/govulncheck/testdata/json-binary.ct
@@ -0,0 +1,92 @@
+$ govulncheck -json ${novuln_binary}
+{
+ "Calls": null,
+ "Imports": null,
+ "Requires": null,
+ "Vulns": null,
+ "Modules": [
+ {
+ "Path": "golang.org/x/text",
+ "Version": "v0.3.7",
+ "Dir": "",
+ "Replace": null
+ }
+ ]
+}
+
+$ govulncheck -json ${vuln_binary} --> FAIL 3
+{
+ "Calls": null,
+ "Imports": null,
+ "Requires": null,
+ "Vulns": [
+ {
+ "OSV": {
+ "id": "GO-2021-0113",
+ "published": "2021-10-06T17:51:21Z",
+ "modified": "2021-10-06T17:51:21Z",
+ "aliases": [
+ "CVE-2021-38561"
+ ],
+ "details": "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n",
+ "affected": [
+ {
+ "package": {
+ "name": "golang.org/x/text/language",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.3.7"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+ },
+ "ecosystem_specific": {
+ "symbols": [
+ "Parse",
+ "MatchStrings",
+ "MustParse",
+ "ParseAcceptLanguage"
+ ]
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "FIX",
+ "url": "https://go-review.googlesource.com/c/text/+/340830"
+ },
+ {
+ "type": "FIX",
+ "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+ }
+ ]
+ },
+ "Symbol": "Parse",
+ "PkgPath": "golang.org/x/text/language",
+ "ModPath": "golang.org/x/text",
+ "CallSink": 0,
+ "ImportSink": 0,
+ "RequireSink": 0
+ }
+ ],
+ "Modules": [
+ {
+ "Path": "golang.org/x/text",
+ "Version": "v0.3.0",
+ "Dir": "",
+ "Replace": null
+ }
+ ]
+}
+
