github.com/anchore/syft@v1.38.2/syft/cpe/by_source_then_specificity_test.go (about) 1 package cpe 2 3 import ( 4 "sort" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 ) 9 10 func TestBySourceThenSpecificity(t *testing.T) { 11 tests := []struct { 12 name string 13 input []CPE 14 want []CPE 15 }{ 16 { 17 name: "empty case", 18 }, 19 { 20 name: "nvd before generated", 21 input: []CPE{ 22 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", GeneratedSource), 23 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 24 }, 25 want: []CPE{ 26 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 27 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", GeneratedSource), 28 }, 29 }, 30 { 31 name: "declared before generated", 32 input: []CPE{ 33 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", GeneratedSource), 34 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", DeclaredSource), 35 }, 36 want: []CPE{ 37 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", DeclaredSource), 38 Must("cpe:2.3:a:alpine:alpine_keys:2.3-r1:*:*:*:*:*:*:*", GeneratedSource), 39 }, 40 }, 41 { 42 name: "most specific attributes of equal sources", 43 input: []CPE{ 44 Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 45 Must("cpe:2.3:a:some:package:1:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 46 Must("cpe:2.3:a:some:package:1:*:*:*:*:some:*:*", NVDDictionaryLookupSource), 47 }, 48 want: []CPE{ 49 Must("cpe:2.3:a:some:package:1:*:*:*:*:some:*:*", NVDDictionaryLookupSource), 50 Must("cpe:2.3:a:some:package:1:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 51 Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", NVDDictionaryLookupSource), 52 }, 53 }, 54 { 55 name: "most specific attributes of unknown sources", 56 input: []CPE{ 57 Must("cpe:2.3:a:some:package:1:*:*:*:*:*:*:*", ""), 58 Must("cpe:2.3:a:some:package:1:*:*:*:*:some:*:*", "some-other-unknown-source"), 59 Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", "some-unknown-source"), 60 }, 61 want: []CPE{ 62 Must("cpe:2.3:a:some:package:1:*:*:*:*:some:*:*", "some-other-unknown-source"), 63 Must("cpe:2.3:a:some:package:1:*:*:*:*:*:*:*", ""), 64 Must("cpe:2.3:a:some:package:*:*:*:*:*:*:*:*", "some-unknown-source"), 65 }, 66 }, 67 { 68 name: "lexical sorting on equal sources puts escaped characters later", 69 input: []CPE{ 70 Must("cpe:2.3:a:jenkins:pipeline\\\\:_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 71 Must("cpe:2.3:a:jenkins:pipeline_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 72 }, 73 want: []CPE{ 74 Must("cpe:2.3:a:jenkins:pipeline_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 75 Must("cpe:2.3:a:jenkins:pipeline\\\\:_supporting_apis:865.v43e78cc44e0d:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 76 }, 77 }, 78 { 79 name: "lexical sorting on equal sources puts more specific attributes earlier", 80 input: []CPE{ 81 Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:*:*:*", "nvd-cpe-dictionary"), 82 Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 83 }, 84 want: []CPE{ 85 Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:jenkins:*:*", "nvd-cpe-dictionary"), 86 Must("cpe:2.3:a:jenkins:mailer:472.vf7c289a_4b_420:*:*:*:*:*:*:*", "nvd-cpe-dictionary"), 87 }, 88 }, 89 } 90 for _, tt := range tests { 91 t.Run(tt.name, func(t *testing.T) { 92 sort.Sort(BySourceThenSpecificity(tt.input)) 93 assert.Equal(t, tt.want, tt.input) 94 }) 95 } 96 }