internal/vulncheck/utils_test.go - vuln - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package vulncheck

 import (
 	"testing"

 	"golang.org/x/vuln/internal/osv"
 )

 func TestFixedVersion(t *testing.T) {
 	for _, test := range []struct {
 		name    string
 		module  string
 		version string
 		in      []osv.Affected
 		want    string
 	}{
 		{
 			name: "empty",
 			want: "",
 		},
 		{
 			name:    "no semver",
 			module:  "example.com/module",
 			version: "v1.2.0",
 			in: []osv.Affected{
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeType("unspecified"),
 							Events: []osv.RangeEvent{
 								{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
 							},
 						}},
 				},
 			},
 			want: "",
 		},
 		{
 			name:    "one",
 			module:  "example.com/module",
 			version: "v1.0.1",
 			in: []osv.Affected{
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
 							},
 						}},
 				},
 			},
 			want: "v1.2.3",
 		},
 		{
 			name:    "several",
 			module:  "example.com/module",
 			version: "v1.2.0",
 			in: []osv.Affected{
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
 								{Introduced: "v1.5.0"}, {Fixed: "v1.5.6"},
 							},
 						}},
 				},
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "v1.3.0"}, {Fixed: "v1.4.1"},
 							},
 						}},
 				},
 				{
 					// This should be ignored.
 					Module: osv.Module{
 						Path: "example.com/anothermodule",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "0"}, {Fixed: "v1.6.0"},
 							},
 						}},
 				},
 			},
 			want: "v1.2.3",
 		},
 		{
 			name:    "no v prefix",
 			version: "1.18.1",
 			module:  "example.com/module",
 			in: []osv.Affected{
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Fixed: "1.17.2"},
 							},
 						}},
 				},
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "1.18.0"}, {Fixed: "1.18.4"},
 							},
 						}},
 				},
 			},
 			want: "v1.18.4",
 		},
 		{
 			name:   "overlapping",
 			module: "example.com/module",
 			in: []osv.Affected{
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								// v1.2.3 is nominally the earliest fix,
 								// but it is contained in vulnerable range
 								// for the next affected value.
 								{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
 								{Introduced: "v1.5.0"},
 							},
 						}},
 				},
 				{
 					Module: osv.Module{
 						Path: "example.com/module",
 					},
 					Ranges: []osv.Range{
 						{
 							Type: osv.RangeTypeSemver,
 							Events: []osv.RangeEvent{
 								{Introduced: "v1.2.0"}, {Fixed: "v1.4.1"},
 							},
 						}},
 				},
 			},
 			want: "v1.4.1",
 		},
 	} {
 		t.Run(test.name, func(t *testing.T) {
 			got := FixedVersion(test.module, test.version, test.in)
 			if got != test.want {
 				t.Errorf("got %q, want %q", got, test.want)
 			}
 		})
 	}
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package vulncheck

	import (
	"testing"

	"golang.org/x/vuln/internal/osv"
	)

	func TestFixedVersion(t *testing.T) {
	for _, test := range []struct {
	name string
	module string
	version string
	in []osv.Affected
	want string
	}{
	{
	name: "empty",
	want: "",
	},
	{
	name: "no semver",
	module: "example.com/module",
	version: "v1.2.0",
	in: []osv.Affected{
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeType("unspecified"),
	Events: []osv.RangeEvent{
	{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
	},
	}},
	},
	},
	want: "",
	},
	{
	name: "one",
	module: "example.com/module",
	version: "v1.0.1",
	in: []osv.Affected{
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
	},
	}},
	},
	},
	want: "v1.2.3",
	},
	{
	name: "several",
	module: "example.com/module",
	version: "v1.2.0",
	in: []osv.Affected{
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
	{Introduced: "v1.5.0"}, {Fixed: "v1.5.6"},
	},
	}},
	},
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "v1.3.0"}, {Fixed: "v1.4.1"},
	},
	}},
	},
	{
	// This should be ignored.
	Module: osv.Module{
	Path: "example.com/anothermodule",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "0"}, {Fixed: "v1.6.0"},
	},
	}},
	},
	},
	want: "v1.2.3",
	},
	{
	name: "no v prefix",
	version: "1.18.1",
	module: "example.com/module",
	in: []osv.Affected{
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Fixed: "1.17.2"},
	},
	}},
	},
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "1.18.0"}, {Fixed: "1.18.4"},
	},
	}},
	},
	},
	want: "v1.18.4",
	},
	{
	name: "overlapping",
	module: "example.com/module",
	in: []osv.Affected{
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	// v1.2.3 is nominally the earliest fix,
	// but it is contained in vulnerable range
	// for the next affected value.
	{Introduced: "v1.0.0"}, {Fixed: "v1.2.3"},
	{Introduced: "v1.5.0"},
	},
	}},
	},
	{
	Module: osv.Module{
	Path: "example.com/module",
	},
	Ranges: []osv.Range{
	{
	Type: osv.RangeTypeSemver,
	Events: []osv.RangeEvent{
	{Introduced: "v1.2.0"}, {Fixed: "v1.4.1"},
	},
	}},
	},
	},
	want: "v1.4.1",
	},
	} {
	t.Run(test.name, func(t *testing.T) {
	got := FixedVersion(test.module, test.version, test.in)
	if got != test.want {
	t.Errorf("got %q, want %q", got, test.want)
	}
	})
	}
	}