blob: 40931e80255f09d682a91642be6f96e760555f00 [file]
// Copyright 2022 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ghsa
import (
"context"
"flag"
"os"
"strings"
"testing"
"time"
)
var githubTokenFile = flag.String("ghtokenfile", "",
"path to file containing GitHub access token")
var githubToken = flag.String("ghtoken", os.Getenv("VULN_GITHUB_ACCESS_TOKEN"), "GitHub access token")
func mustGetAccessToken(t *testing.T) string {
var token string
switch {
case *githubToken != "":
token = *githubToken
case *githubTokenFile != "":
bytes, err := os.ReadFile(*githubTokenFile)
if err != nil {
t.Fatal(err)
}
token = string(bytes)
default:
t.Skip("neither -ghtokenfile nor -ghtoken provided")
}
return strings.TrimSpace(string(token))
}
func TestList(t *testing.T) {
accessToken := mustGetAccessToken(t)
// There were at least three relevant SAs since this date.
since := time.Date(2022, 9, 1, 0, 0, 0, 0, time.UTC)
got, err := List(context.Background(), accessToken, since)
if err != nil {
t.Fatal(err)
}
want := 3
if len(got) < want {
t.Errorf("got %d, want at least %d", len(got), want)
}
}
func TestFetchGHSA(t *testing.T) {
accessToken := mustGetAccessToken(t)
// Real GHSA that should be found.
const ghsaID string = "GHSA-g9mp-8g3h-3c5c"
got, err := FetchGHSA(context.Background(), accessToken, ghsaID)
if err != nil {
t.Fatal(err)
}
if gotID, want := got.ID, ghsaID; gotID != want {
t.Errorf("got GHSA with id %q, want %q", got.ID, want)
}
}
func TestListForCVE(t *testing.T) {
accessToken := mustGetAccessToken(t)
// Real CVE and GHSA.
const (
cveID string = "CVE-2022-27191"
ghsaID string = "GHSA-8c26-wmh5-6g9v"
)
got, err := ListForCVE(context.Background(), accessToken, cveID)
if err != nil {
t.Fatal(err)
}
want := ghsaID
if len(got) != 1 {
var gotIDs []string
for _, sa := range got {
gotIDs = append(gotIDs, sa.ID)
}
t.Errorf("got %v GHSAs %v, want %v", len(got), gotIDs, want)
} else if gotID := got[0].ID; gotID != want {
t.Errorf("got GHSA %v, want %v", gotID, want)
}
}