Google Git
Sign in
go / vulndb / 5da7e3174dba9ae7a7d20a7153205713fa578ec8 / . / all_test.go
blob: 2e16df40732e8cbb0425607d4c17149b173f28da [file] [log] [blame]
Julie Qiu60403662021-12-17 18:11:51 -0500[diff] [blame]1// Copyright 2021 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5//go:build go1.17 && !windows
6// +build go1.17,!windows
7
8package main
9
10import (
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]11 "errors"
Julie Qiu60403662021-12-17 18:11:51 -0500[diff] [blame]12 "os"
13 "os/exec"
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]14 "path/filepath"
15 "runtime"
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]16 "sort"
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]17 "strings"
Julie Qiu60403662021-12-17 18:11:51 -0500[diff] [blame]18 "testing"
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]19 "time"
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]20
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]21 "github.com/google/go-cmp/cmp"
22 "github.com/google/go-cmp/cmp/cmpopts"
Maceo Thompsonb8b87b12022-10-20 15:14:42 -0400[diff] [blame]23 "golang.org/x/vulndb/internal/cveschema5"
Tatiana Bradley0cbf4ff2023-05-12 16:14:27 -0400[diff] [blame]24 "golang.org/x/vulndb/internal/osvutils"
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]25 "golang.org/x/vulndb/internal/report"
Julie Qiu60403662021-12-17 18:11:51 -0500[diff] [blame]26)
27
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]28func TestChecksBash(t *testing.T) {
Julie Qiu60403662021-12-17 18:11:51 -0500[diff] [blame]29 bash, err := exec.LookPath("bash")
30 if err != nil {
31 t.Skipf("skipping: %v", err)
32 }
33
34 cmd := exec.Command(bash, "./checks.bash")
35 cmd.Stdout = os.Stdout
36 cmd.Stderr = os.Stderr
37 if err := cmd.Run(); err != nil {
38 t.Fatal(err)
39 }
40}
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]41
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]42func TestLintReports(t *testing.T) {
43 if runtime.GOOS == "js" {
44 t.Skipf("wasm builder does not have network access")
45 }
46 if runtime.GOOS == "android" {
47 t.Skipf("android builder does not have access to reports/")
48 }
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]49 allFiles := make(map[string]string)
50 var reports []string
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]51 for _, dir := range []string{report.YAMLDir, report.ExcludedDir} {
cui fliterc957d8f2022-09-14 06:13:32 +0000[diff] [blame]52 files, err := os.ReadDir(dir)
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]53 if err != nil && !errors.Is(err, os.ErrNotExist) {
54 t.Fatalf("unable to read %v/: %s", dir, err)
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]55 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]56 for _, file := range files {
57 if file.IsDir() {
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]58 continue
59 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]60 if filepath.Ext(file.Name()) != ".yaml" {
Jonathan Amsterdam90283d92022-08-22 15:01:49 -0400[diff] [blame]61 continue
62 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]63 filename := filepath.Join(dir, file.Name())
64 if allFiles[file.Name()] != "" {
65 t.Errorf("report appears in multiple locations: %v, %v", allFiles[file.Name()], filename)
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]66 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]67 allFiles[file.Name()] = filename
68 reports = append(reports, filename)
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]69 }
70 }
Maceo Thompsone2eba222022-11-18 13:35:03 -0500[diff] [blame]71 // Map from aliases (CVEs/GHSAS) to report paths, used to check for duplicate aliases.
72 aliases := make(map[string]string)
Damien Neil74a8e012022-08-10 14:26:13 -0700[diff] [blame]73 sort.Strings(reports)
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]74 for _, filename := range reports {
75 t.Run(filename, func(t *testing.T) {
76 r, err := report.Read(filename)
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]77 if err != nil {
Julie Qiue508e322022-01-04 15:12:43 -0500[diff] [blame]78 t.Fatal(err)
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]79 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]80 lints := r.Lint(filename)
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]81 if len(lints) > 0 {
82 t.Errorf(strings.Join(lints, "\n"))
83 }
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]84 goID := report.GetGoIDFromFilename(filename)
Maceo Thompsone2eba222022-11-18 13:35:03 -0500[diff] [blame]85 for _, alias := range r.GetAliases() {
86 if report, ok := aliases[alias]; ok {
87 t.Errorf("report %s shares duplicate alias %s with report %s", filename, alias, report)
88 } else {
89 aliases[alias] = filename
90 }
91 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]92 // Check that a correct OSV file was generated for each YAML report.
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]93 if r.Excluded == "" {
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]94 generated := r.GenerateOSVEntry(goID, time.Time{})
95 osvFilename := report.GetOSVFilename(goID)
96 current, err := report.ReadOSV(osvFilename)
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]97 if err != nil {
98 t.Fatal(err)
99 }
Tatiana Bradley2551a342022-09-26 12:18:29 -0400[diff] [blame]100 if diff := cmp.Diff(generated, current, cmpopts.EquateEmpty()); diff != "" {
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]101 t.Errorf("%s does not match report:\n%v", osvFilename, diff)
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]102 }
Tatiana Bradley0cbf4ff2023-05-12 16:14:27 -0400[diff] [blame]103 if err := osvutils.ValidateExceptTimestamps(&current); err != nil {
104 t.Error(err)
105 }
Damien Neil2c15bf72022-09-13 16:09:01 -0700[diff] [blame]106 }
Maceo Thompsonb8b87b12022-10-20 15:14:42 -0400[diff] [blame]107 if r.CVEMetadata != nil {
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]108 generated, err := r.ToCVE5(goID)
Maceo Thompsonb8b87b12022-10-20 15:14:42 -0400[diff] [blame]109 if err != nil {
110 t.Fatal(err)
111 }
Tatiana Bradleydefb5802022-11-18 16:26:39 -0500[diff] [blame]112 cvePath := report.GetCVEFilename(goID)
Maceo Thompsonb8b87b12022-10-20 15:14:42 -0400[diff] [blame]113 current, err := cveschema5.Read(cvePath)
114 if err != nil {
115 t.Fatal(err)
116 }
117 if diff := cmp.Diff(generated, current, cmpopts.EquateEmpty()); diff != "" {
118 t.Errorf("%s does not match report:\n%v", cvePath, diff)
119 }
120
121 }
Julie Qiu733040a2021-12-20 17:14:01 -0500[diff] [blame]122 })
123 }
124}