github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/npm/compare_test.go (about) 1 package npm_test 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 8 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 9 "github.com/devseccon/trivy/pkg/detector/library/compare/npm" 10 ) 11 12 func TestNpmComparer_IsVulnerable(t *testing.T) { 13 type args struct { 14 currentVersion string 15 advisory dbTypes.Advisory 16 } 17 tests := []struct { 18 name string 19 args args 20 want bool 21 }{ 22 { 23 name: "happy path", 24 args: args{ 25 currentVersion: "1.0.0", 26 advisory: dbTypes.Advisory{ 27 VulnerableVersions: []string{"<=1.0"}, 28 PatchedVersions: []string{">=1.1"}, 29 }, 30 }, 31 want: true, 32 }, 33 { 34 name: "no patch", 35 args: args{ 36 currentVersion: "1.2.3", 37 advisory: dbTypes.Advisory{ 38 VulnerableVersions: []string{"<=99.999.99999"}, 39 PatchedVersions: []string{"<0.0.0"}, 40 }, 41 }, 42 want: true, 43 }, 44 { 45 name: "no patch with wildcard", 46 args: args{ 47 currentVersion: "1.2.3", 48 advisory: dbTypes.Advisory{ 49 VulnerableVersions: []string{"*"}, 50 PatchedVersions: nil, 51 }, 52 }, 53 want: true, 54 }, 55 { 56 name: "pre-release", 57 args: args{ 58 currentVersion: "1.2.3-alpha", 59 advisory: dbTypes.Advisory{ 60 VulnerableVersions: []string{"<=1.2.2"}, 61 PatchedVersions: []string{">=1.2.2"}, 62 }, 63 }, 64 want: false, 65 }, 66 { 67 name: "multiple constraints", 68 args: args{ 69 currentVersion: "2.0.0", 70 advisory: dbTypes.Advisory{ 71 VulnerableVersions: []string{">=1.7.0 <1.7.16", ">=1.8.0 <1.8.8", ">=2.0.0 <2.0.8", ">=3.0.0-beta.1 <3.0.0-beta.7"}, 72 PatchedVersions: []string{">=3.0.0-beta.7", ">=2.0.8 <3.0.0-beta.1", ">=1.8.8 <2.0.0", ">=1.7.16 <1.8.0"}, 73 }, 74 }, 75 want: true, 76 }, 77 { 78 name: "x", 79 args: args{ 80 currentVersion: "2.0.1", 81 advisory: dbTypes.Advisory{ 82 VulnerableVersions: []string{"2.0.x", "2.1.x"}, 83 PatchedVersions: []string{">=2.2.x"}, 84 }, 85 }, 86 want: true, 87 }, 88 { 89 name: "exact versions", 90 args: args{ 91 currentVersion: "2.1.0-M1", 92 advisory: dbTypes.Advisory{ 93 VulnerableVersions: []string{"2.1.0-M1", "2.1.0-M2"}, 94 PatchedVersions: []string{">=2.1.0"}, 95 }, 96 }, 97 want: true, 98 }, 99 { 100 name: "caret", 101 args: args{ 102 currentVersion: "2.0.18", 103 advisory: dbTypes.Advisory{ 104 VulnerableVersions: []string{"<2.0.18", "<3.0.16"}, 105 PatchedVersions: []string{"^2.0.18", "^3.0.16"}, 106 }, 107 }, 108 want: false, 109 }, 110 { 111 name: "invalid version", 112 args: args{ 113 currentVersion: "1.2..4", 114 advisory: dbTypes.Advisory{ 115 VulnerableVersions: []string{"<1.0.0"}, 116 }, 117 }, 118 want: false, 119 }, 120 { 121 name: "invalid constraint", 122 args: args{ 123 currentVersion: "1.2.4", 124 advisory: dbTypes.Advisory{ 125 VulnerableVersions: []string{"!1.0.0"}, 126 }, 127 }, 128 want: false, 129 }, 130 } 131 for _, tt := range tests { 132 t.Run(tt.name, func(t *testing.T) { 133 c := npm.Comparer{} 134 got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory) 135 assert.Equal(t, tt.want, got) 136 }) 137 } 138 }