github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/report/github/github_test.go (about) 1 package github_test 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "testing" 7 8 "github.com/stretchr/testify/assert" 9 10 dbTypes "github.com/aquasecurity/trivy-db/pkg/types" 11 ftypes "github.com/devseccon/trivy/pkg/fanal/types" 12 "github.com/devseccon/trivy/pkg/report/github" 13 "github.com/devseccon/trivy/pkg/types" 14 ) 15 16 func TestWriter_Write(t *testing.T) { 17 tests := []struct { 18 name string 19 report types.Report 20 want map[string]github.Manifest 21 }{ 22 { 23 name: "os packages", 24 report: types.Report{ 25 SchemaVersion: 2, 26 ArtifactName: "alpine:3.14", 27 Results: types.Results{ 28 { 29 Target: "yarn.lock", 30 Class: "lang-pkgs", 31 Type: "yarn", 32 Packages: []ftypes.Package{ 33 { 34 Name: "@xtuc/ieee754", 35 Version: "1.2.0", 36 }, 37 { 38 Name: "@xtuc/long", 39 Version: "4.2.2", 40 }, 41 { 42 Name: "@xtuc/binaryen", 43 Version: "1.37.33", 44 Indirect: true, 45 }, 46 }, 47 Vulnerabilities: []types.DetectedVulnerability{ 48 { 49 VulnerabilityID: "CVE-2020-0001", 50 PkgName: "foo", 51 InstalledVersion: "1.2.3", 52 FixedVersion: "3.4.5", 53 PrimaryURL: "https://avd.aquasec.com/nvd/cve-2020-0001", 54 Vulnerability: dbTypes.Vulnerability{ 55 Title: "foobar", 56 Description: "baz", 57 Severity: "HIGH", 58 }, 59 }, 60 }, 61 }, 62 }, 63 }, 64 want: map[string]github.Manifest{ 65 "yarn.lock": { 66 Name: "yarn", 67 File: &github.File{ 68 SrcLocation: "yarn.lock", 69 }, 70 Resolved: map[string]github.Package{ 71 "@xtuc/ieee754": { 72 PackageUrl: "pkg:npm/%40xtuc/ieee754@1.2.0", 73 Relationship: "direct", 74 Scope: "runtime", 75 }, 76 "@xtuc/long": { 77 PackageUrl: "pkg:npm/%40xtuc/long@4.2.2", 78 Relationship: "direct", 79 Scope: "runtime", 80 }, 81 "@xtuc/binaryen": { 82 PackageUrl: "pkg:npm/%40xtuc/binaryen@1.37.33", 83 Relationship: "indirect", 84 Scope: "runtime", 85 }, 86 }, 87 }, 88 }, 89 }, 90 { 91 name: "maven", 92 report: types.Report{ 93 SchemaVersion: 2, 94 ArtifactName: "my-java-app", 95 Results: types.Results{ 96 { 97 Target: "pom.xml", 98 Class: "lang-pkgs", 99 Type: "pom", 100 Packages: []ftypes.Package{ 101 { 102 Name: "com.google.code.gson:gson", 103 Version: "2.2.2", 104 }, 105 { 106 Name: "net.sf.opencsv:opencsv", 107 Version: "2.3", 108 }, 109 }, 110 }, 111 }, 112 }, 113 want: map[string]github.Manifest{ 114 "pom.xml": { 115 Name: "pom", 116 File: &github.File{ 117 SrcLocation: "pom.xml", 118 }, 119 Resolved: map[string]github.Package{ 120 "com.google.code.gson:gson": { 121 PackageUrl: "pkg:maven/com.google.code.gson/gson@2.2.2", 122 Relationship: "direct", 123 Scope: "runtime", 124 }, 125 "net.sf.opencsv:opencsv": { 126 PackageUrl: "pkg:maven/net.sf.opencsv/opencsv@2.3", 127 Relationship: "direct", 128 Scope: "runtime", 129 }, 130 }, 131 }, 132 }, 133 }, 134 } 135 136 for _, tt := range tests { 137 t.Run(tt.name, func(t *testing.T) { 138 written := bytes.NewBuffer(nil) 139 w := github.Writer{ 140 Output: written, 141 } 142 143 inputResults := tt.report 144 145 err := w.Write(inputResults) 146 assert.NoError(t, err) 147 148 var got github.DependencySnapshot 149 err = json.Unmarshal(written.Bytes(), &got) 150 assert.NoError(t, err, "invalid github written") 151 assert.Equal(t, tt.want, got.Manifests, tt.name) 152 }) 153 } 154 }