github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/rubygems/compare_test.go (about)

     1  package rubygems_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  
     8  	"github.com/aquasecurity/trivy-db/pkg/types"
     9  	"github.com/devseccon/trivy/pkg/detector/library/compare/rubygems"
    10  )
    11  
    12  func TestRubyGemsComparer_IsVulnerable(t *testing.T) {
    13  	type args struct {
    14  		currentVersion string
    15  		advisory       types.Advisory
    16  	}
    17  	tests := []struct {
    18  		name string
    19  		args args
    20  		want bool
    21  	}{
    22  		{
    23  			name: "happy path",
    24  			args: args{
    25  				currentVersion: "1.2.3",
    26  				advisory: types.Advisory{
    27  					PatchedVersions: []string{">=1.2.0"},
    28  				},
    29  			},
    30  			want: false,
    31  		},
    32  		{
    33  			name: "pre-release",
    34  			args: args{
    35  				currentVersion: "1.2.3.a",
    36  				advisory: types.Advisory{
    37  					PatchedVersions: []string{">=1.2.3"},
    38  				},
    39  			},
    40  			want: true,
    41  		},
    42  		{
    43  			name: "pre-release without dot",
    44  			args: args{
    45  				currentVersion: "4.1a",
    46  				advisory: types.Advisory{
    47  					UnaffectedVersions: []string{"< 4.2b1"},
    48  				},
    49  			},
    50  			want: false,
    51  		},
    52  		{
    53  			// https://github.com/devseccon/trivy/issues/108
    54  			name: "hyphen",
    55  			args: args{
    56  				currentVersion: "1.9.25-x86-mingw32",
    57  				advisory: types.Advisory{
    58  					PatchedVersions: []string{">=1.9.24"},
    59  				},
    60  			},
    61  			want: false,
    62  		},
    63  		{
    64  			// https://github.com/devseccon/trivy/issues/108
    65  			name: "pessimistic",
    66  			args: args{
    67  				currentVersion: "1.8.6-java",
    68  				advisory: types.Advisory{
    69  					PatchedVersions: []string{"~> 1.5.5", "~> 1.6.8", ">= 1.7.7"},
    70  				},
    71  			},
    72  			want: false,
    73  		},
    74  		{
    75  			name: "invalid version",
    76  			args: args{
    77  				currentVersion: "1.2..4",
    78  				advisory: types.Advisory{
    79  					PatchedVersions: []string{">=1.2.3"},
    80  				},
    81  			},
    82  			want: false,
    83  		},
    84  		{
    85  			name: "invalid constraint",
    86  			args: args{
    87  				currentVersion: "1.2.4",
    88  				advisory: types.Advisory{
    89  					PatchedVersions: []string{"!1.2.0"},
    90  				},
    91  			},
    92  			want: false,
    93  		},
    94  	}
    95  	for _, tt := range tests {
    96  		t.Run(tt.name, func(t *testing.T) {
    97  			r := rubygems.Comparer{}
    98  			got := r.IsVulnerable(tt.args.currentVersion, tt.args.advisory)
    99  			assert.Equal(t, tt.want, got)
   100  		})
   101  	}
   102  }