github.com/google/osv-scalibr@v0.4.1/enricher/vex/filter/filter_test.go

github.com/google/osv-scalibr@v0.4.1/enricher/vex/filter/filter_test.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package filter_test
    16  
    17  import (
    18  	"testing"
    19  
    20  	"github.com/google/go-cmp/cmp"
    21  	"github.com/google/osv-scalibr/enricher/vex/filter"
    22  	"github.com/google/osv-scalibr/inventory"
    23  	"github.com/google/osv-scalibr/inventory/vex"
    24  	"github.com/mohae/deepcopy"
    25  	osvpb "github.com/ossf/osv-schema/bindings/go/osvschema"
    26  	"google.golang.org/protobuf/testing/protocmp"
    27  )
    28  
    29  func TestEnrich(t *testing.T) {
    30  	tests := []struct {
    31  		desc string
    32  		inv  *inventory.Inventory
    33  		want *inventory.Inventory
    34  	}{
    35  		{
    36  			desc: "no_vulns",
    37  			inv:  &inventory.Inventory{},
    38  			want: &inventory.Inventory{},
    39  		},
    40  		{
    41  			desc: "PackageVuln_with_VEX",
    42  			inv: &inventory.Inventory{PackageVulns: []*inventory.PackageVuln{{
    43  				Vulnerability:         &osvpb.Vulnerability{Id: "CVE-123"},
    44  				ExploitabilitySignals: []*vex.FindingExploitabilitySignal{{Justification: vex.ComponentNotPresent}},
    45  			}}},
    46  			want: &inventory.Inventory{PackageVulns: []*inventory.PackageVuln{}},
    47  		},
    48  		{
    49  			desc: "PackageVuln_with_no_VEX",
    50  			inv: &inventory.Inventory{PackageVulns: []*inventory.PackageVuln{{
    51  				Vulnerability: &osvpb.Vulnerability{Id: "CVE-123"},
    52  			}}},
    53  			want: &inventory.Inventory{PackageVulns: []*inventory.PackageVuln{{
    54  				Vulnerability: &osvpb.Vulnerability{Id: "CVE-123"},
    55  			}}},
    56  		},
    57  		{
    58  			desc: "GenericFinding_with_VEX",
    59  			inv: &inventory.Inventory{GenericFindings: []*inventory.GenericFinding{{
    60  				Adv:                   &inventory.GenericFindingAdvisory{ID: &inventory.AdvisoryID{Reference: "CVE-123"}},
    61  				ExploitabilitySignals: []*vex.FindingExploitabilitySignal{{Justification: vex.ComponentNotPresent}},
    62  			}}},
    63  			want: &inventory.Inventory{GenericFindings: []*inventory.GenericFinding{}},
    64  		},
    65  		{
    66  			desc: "GenericFinding_with_no_VEX",
    67  			inv: &inventory.Inventory{GenericFindings: []*inventory.GenericFinding{{
    68  				Adv: &inventory.GenericFindingAdvisory{ID: &inventory.AdvisoryID{Reference: "CVE-123"}},
    69  			}}},
    70  			want: &inventory.Inventory{GenericFindings: []*inventory.GenericFinding{{
    71  				Adv: &inventory.GenericFindingAdvisory{ID: &inventory.AdvisoryID{Reference: "CVE-123"}},
    72  			}}},
    73  		},
    74  	}
    75  
    76  	for _, tc := range tests {
    77  		t.Run(tc.desc, func(t *testing.T) {
    78  			inv := deepcopy.Copy(tc.inv).(*inventory.Inventory)
    79  			if err := filter.New().Enrich(t.Context(), nil, inv); err != nil {
    80  				t.Errorf("Enrich(%v) returned error: %v", tc.inv, err)
    81  			}
    82  			if diff := cmp.Diff(tc.want, inv, protocmp.Transform()); diff != "" {
    83  				t.Errorf("Enrich(%v) returned diff (-want +got):\n%s", tc.inv, diff)
    84  			}
    85  		})
    86  	}
    87  }