github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/report/json_test.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/report/json_test.go (about)

     1  package report_test
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"testing"
     7  
     8  	"github.com/stretchr/testify/assert"
     9  
    10  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
    11  	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
    12  	"github.com/devseccon/trivy/pkg/report"
    13  	"github.com/devseccon/trivy/pkg/types"
    14  )
    15  
    16  func TestReportWriter_JSON(t *testing.T) {
    17  	testCases := []struct {
    18  		name          string
    19  		detectedVulns []types.DetectedVulnerability
    20  		want          types.Report
    21  	}{
    22  		{
    23  			name: "happy path",
    24  			detectedVulns: []types.DetectedVulnerability{
    25  				{
    26  					VulnerabilityID:  "CVE-2020-0001",
    27  					PkgName:          "foo",
    28  					InstalledVersion: "1.2.3",
    29  					FixedVersion:     "3.4.5",
    30  					PrimaryURL:       "https://avd.aquasec.com/nvd/cve-2020-0001",
    31  					Vulnerability: dbTypes.Vulnerability{
    32  						Title:       "foobar",
    33  						Description: "baz",
    34  						Severity:    "HIGH",
    35  						VendorSeverity: map[dbTypes.SourceID]dbTypes.Severity{
    36  							vulnerability.NVD: dbTypes.SeverityHigh,
    37  						},
    38  					},
    39  				},
    40  			},
    41  			want: types.Report{
    42  				SchemaVersion: 2,
    43  				ArtifactName:  "alpine:3.14",
    44  				Results: types.Results{
    45  					types.Result{
    46  						Target: "foojson",
    47  						Vulnerabilities: []types.DetectedVulnerability{
    48  							{
    49  								VulnerabilityID:  "CVE-2020-0001",
    50  								PkgName:          "foo",
    51  								InstalledVersion: "1.2.3",
    52  								FixedVersion:     "3.4.5",
    53  								PrimaryURL:       "https://avd.aquasec.com/nvd/cve-2020-0001",
    54  								Vulnerability: dbTypes.Vulnerability{
    55  									Title:       "foobar",
    56  									Description: "baz",
    57  									Severity:    "HIGH",
    58  								},
    59  							},
    60  						},
    61  					},
    62  				},
    63  			},
    64  		},
    65  	}
    66  
    67  	for _, tc := range testCases {
    68  		t.Run(tc.name, func(t *testing.T) {
    69  			jsonWritten := bytes.NewBuffer(nil)
    70  			jw := report.JSONWriter{
    71  				Output: jsonWritten,
    72  			}
    73  
    74  			inputResults := types.Report{
    75  				SchemaVersion: 2,
    76  				ArtifactName:  "alpine:3.14",
    77  				Results: types.Results{
    78  					{
    79  						Target:          "foojson",
    80  						Vulnerabilities: tc.detectedVulns,
    81  					},
    82  				},
    83  			}
    84  
    85  			err := jw.Write(inputResults)
    86  			assert.NoError(t, err)
    87  
    88  			var got types.Report
    89  			err = json.Unmarshal(jsonWritten.Bytes(), &got)
    90  			assert.NoError(t, err, "invalid json written")
    91  
    92  			assert.Equal(t, tc.want, got, tc.name)
    93  		})
    94  	}
    95  }