github.com/google/osv-scalibr@v0.4.1/guidedremediation/internal/severity/severity_test.go

github.com/google/osv-scalibr@v0.4.1/guidedremediation/internal/severity/severity_test.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package severity_test
    16  
    17  import (
    18  	"math"
    19  	"testing"
    20  
    21  	"github.com/google/osv-scalibr/guidedremediation/internal/severity"
    22  	osvpb "github.com/ossf/osv-schema/bindings/go/osvschema"
    23  )
    24  
    25  func TestSeverity_CalculateScore(t *testing.T) {
    26  	tests := []struct {
    27  		name string
    28  		sev  *osvpb.Severity
    29  		want float64
    30  	}{
    31  		{
    32  			name: "Empty_Severity_Type",
    33  			sev:  &osvpb.Severity{},
    34  			want: -1,
    35  		},
    36  		{
    37  			name: "CVSS_v2.0",
    38  			sev: &osvpb.Severity{
    39  				Type:  osvpb.Severity_CVSS_V2,
    40  				Score: "AV:L/AC:M/Au:N/C:N/I:P/A:C/E:H/RL:U/RC:C/CDP:LM/TD:M/CR:L/IR:M/AR:H",
    41  			},
    42  			want: 5.4,
    43  		},
    44  		{
    45  			name: "CVSS_v3.0",
    46  			sev: &osvpb.Severity{
    47  				Type:  osvpb.Severity_CVSS_V3,
    48  				Score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:U/CR:L/IR:L/AR:H/MAV:P/MAC:H/MPR:H/MUI:R/MS:C/MC:H/MI:H/MA:H",
    49  			},
    50  			want: 10.0,
    51  		},
    52  		{
    53  			name: "CVSS_v3.1",
    54  			sev: &osvpb.Severity{
    55  				Type:  osvpb.Severity_CVSS_V3,
    56  				Score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:U/CR:L/IR:L/AR:H/MAV:P/MAC:H/MPR:H/MUI:R/MS:C/MC:H/MI:H/MA:H",
    57  			},
    58  			want: 10.0,
    59  		},
    60  		{
    61  			name: "CVSS_v4.0",
    62  			sev: &osvpb.Severity{
    63  				Type:  osvpb.Severity_CVSS_V4,
    64  				Score: "CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:L/IR:L/AR:L/MAV:P/MAC:H/MAT:P/MPR:H/MUI:A/MVC:N/MVI:N/MVA:N/MSC:N/MSI:N/MSA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
    65  			},
    66  			want: 0.0,
    67  		},
    68  	}
    69  
    70  	for _, tt := range tests {
    71  		t.Run(tt.name, func(t *testing.T) {
    72  			got, err := severity.CalculateScore(tt.sev)
    73  			if err != nil {
    74  				t.Errorf("CalculateScore() error: %v", err)
    75  			}
    76  			// CVSS scores are only supposed to be to 1 decimal place.
    77  			// Multiply and round to get around potential precision issues.
    78  			if math.Round(10*got) != math.Round(10*tt.want) {
    79  				t.Errorf("CalculateScore() = %.1f, want %.1f", got, tt.want)
    80  			}
    81  		})
    82  	}
    83  }