github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/compare_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/compare_test.go (about)

     1  package compare_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  
     8  	"github.com/aquasecurity/trivy-db/pkg/types"
     9  	"github.com/devseccon/trivy/pkg/detector/library/compare"
    10  )
    11  
    12  func TestGenericComparer_IsVulnerable(t *testing.T) {
    13  	type args struct {
    14  		ver      string
    15  		advisory types.Advisory
    16  	}
    17  	tests := []struct {
    18  		name string
    19  		args args
    20  		want bool
    21  	}{
    22  		{
    23  			name: "happy path",
    24  			args: args{
    25  				ver: "1.2.3",
    26  				advisory: types.Advisory{
    27  					VulnerableVersions: []string{"<=1.0"},
    28  					PatchedVersions:    []string{">=1.1"},
    29  				},
    30  			},
    31  		},
    32  		{
    33  			name: "no patch",
    34  			args: args{
    35  				ver: "1.2.3",
    36  				advisory: types.Advisory{
    37  					VulnerableVersions: []string{"<=99.999.99999"},
    38  					PatchedVersions:    []string{"<0.0.0"},
    39  				},
    40  			},
    41  			want: true,
    42  		},
    43  		{
    44  			name: "pre-release",
    45  			args: args{
    46  				ver: "1.2.2-alpha",
    47  				advisory: types.Advisory{
    48  					VulnerableVersions: []string{"<=1.2.2"},
    49  					PatchedVersions:    []string{">=1.2.2"},
    50  				},
    51  			},
    52  			want: true,
    53  		},
    54  		{
    55  			name: "multiple constraints",
    56  			args: args{
    57  				ver: "2.0.0",
    58  				advisory: types.Advisory{
    59  					VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0-beta.1 <3.0.0-beta.7"},
    60  					PatchedVersions:    []string{">=3.0.0-beta.7", ">=2.0.8 <3.0.0-beta.1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"},
    61  				},
    62  			},
    63  			want: true,
    64  		},
    65  		{
    66  			name: "invalid version",
    67  			args: args{
    68  				ver: "1.2..4",
    69  				advisory: types.Advisory{
    70  					VulnerableVersions: []string{"<1.0.0"},
    71  				},
    72  			},
    73  			want: false,
    74  		},
    75  		{
    76  			name: "improper constraint",
    77  			args: args{
    78  				ver: "1.2.3",
    79  				advisory: types.Advisory{
    80  					VulnerableVersions: []string{"*"},
    81  					PatchedVersions:    nil,
    82  				},
    83  			},
    84  			want: false,
    85  		},
    86  		{
    87  			name: "empty patched version",
    88  			args: args{
    89  				ver: "1.2.3",
    90  				advisory: types.Advisory{
    91  					VulnerableVersions: []string{"<=99.999.99999"},
    92  					PatchedVersions:    []string{""},
    93  				},
    94  			},
    95  			want: true,
    96  		},
    97  		{
    98  			name: "empty vulnerable & patched version",
    99  			args: args{
   100  				ver: "1.2.3",
   101  				advisory: types.Advisory{
   102  					VulnerableVersions: []string{""},
   103  					PatchedVersions:    []string{""},
   104  				},
   105  			},
   106  			want: true,
   107  		},
   108  	}
   109  	for _, tt := range tests {
   110  		t.Run(tt.name, func(t *testing.T) {
   111  			v := compare.GenericComparer{}
   112  			got := v.IsVulnerable(tt.args.ver, tt.args.advisory)
   113  			assert.Equal(t, tt.want, got)
   114  		})
   115  	}
   116  }