github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/maven/compare_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/maven/compare_test.go (about)

     1  package maven_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  
     8  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
     9  	"github.com/devseccon/trivy/pkg/detector/library/compare/maven"
    10  )
    11  
    12  func TestComparer_IsVulnerable(t *testing.T) {
    13  	type args struct {
    14  		currentVersion string
    15  		advisory       dbTypes.Advisory
    16  	}
    17  	tests := []struct {
    18  		name string
    19  		args args
    20  		want bool
    21  	}{
    22  		{
    23  			name: "happy path",
    24  			args: args{
    25  				currentVersion: "1.0.0",
    26  				advisory: dbTypes.Advisory{
    27  					VulnerableVersions: []string{"<=1.0"},
    28  					PatchedVersions:    []string{">=1.1"},
    29  				},
    30  			},
    31  			want: true,
    32  		},
    33  		{
    34  			name: "final release",
    35  			args: args{
    36  				currentVersion: "1.2.3.final",
    37  				advisory: dbTypes.Advisory{
    38  					VulnerableVersions: []string{"<1.2.3"},
    39  					PatchedVersions:    []string{"1.2.3"},
    40  				},
    41  			},
    42  			want: false,
    43  		},
    44  		{
    45  			name: "pre-release",
    46  			args: args{
    47  				currentVersion: "1.2.3-a1",
    48  				advisory: dbTypes.Advisory{
    49  					VulnerableVersions: []string{"<1.2.3"},
    50  					PatchedVersions:    []string{">=1.2.3"},
    51  				},
    52  			},
    53  			want: true,
    54  		},
    55  		{
    56  			name: "multiple constraints",
    57  			args: args{
    58  				currentVersion: "2.0.0",
    59  				advisory: dbTypes.Advisory{
    60  					VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0-beta.1 <3.0.0-beta.7"},
    61  					PatchedVersions:    []string{">=3.0.0-beta.7", ">=2.0.8 <3.0.0-beta.1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"},
    62  				},
    63  			},
    64  			want: true,
    65  		},
    66  		{
    67  			name: "version requirements",
    68  			args: args{
    69  				currentVersion: "1.2.3",
    70  				advisory: dbTypes.Advisory{
    71  					VulnerableVersions: []string{"(,1.2.3]"},
    72  					PatchedVersions:    []string{"1.2.4"},
    73  				},
    74  			},
    75  			want: true,
    76  		},
    77  		{
    78  			name: "version soft requirements happy",
    79  			args: args{
    80  				currentVersion: "1.2.3",
    81  				advisory: dbTypes.Advisory{
    82  					VulnerableVersions: []string{"1.2.3"},
    83  					PatchedVersions:    []string{"1.2.4"},
    84  				},
    85  			},
    86  			want: true,
    87  		},
    88  		{
    89  			name: "version soft requirements",
    90  			args: args{
    91  				currentVersion: "1.2.3",
    92  				advisory: dbTypes.Advisory{
    93  					VulnerableVersions: []string{"1.2.2"},
    94  					PatchedVersions:    []string{"1.2.4"},
    95  				},
    96  			},
    97  			want: false,
    98  		},
    99  		{
   100  			name: "invalid constraint",
   101  			args: args{
   102  				currentVersion: "1.2.3",
   103  				advisory: dbTypes.Advisory{
   104  					VulnerableVersions: []string{`<1.0\.0`},
   105  				},
   106  			},
   107  			want: false,
   108  		},
   109  	}
   110  	for _, tt := range tests {
   111  		t.Run(tt.name, func(t *testing.T) {
   112  			c := maven.Comparer{}
   113  			got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
   114  			assert.Equal(t, tt.want, got)
   115  		})
   116  	}
   117  }