github.com/google/osv-scalibr@v0.4.1/guidedremediation/internal/vulnenrichertest/mock_vulnerability_enricher.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package vulnenrichertest provides mock vulmatch/enricher for testing. 16 // 17 //nolint:plugger // For testing only. 18 package vulnenrichertest 19 20 import ( 21 "context" 22 "encoding/json" 23 "os" 24 "testing" 25 26 "github.com/google/osv-scalibr/enricher" 27 "github.com/google/osv-scalibr/guidedremediation/internal/vulns" 28 "github.com/google/osv-scalibr/inventory" 29 "github.com/google/osv-scalibr/plugin" 30 osvpb "github.com/ossf/osv-schema/bindings/go/osvschema" 31 "google.golang.org/protobuf/encoding/protojson" 32 ) 33 34 const ( 35 // Name is the unique name of this Enricher. 36 Name = "vulnmatch/mockvuln" 37 version = 0 38 ) 39 40 var _ enricher.Enricher = MockVulnerabilityEnricher{} 41 42 // MockVulnerabilityEnricher is a mock vulnmatch/enricher for testing. 43 type MockVulnerabilityEnricher []*osvpb.Vulnerability 44 45 // NewMockVulnerabilityEnricher creates a mock vulnerability enricher for testing. 46 // It loads vulnerability data from a JSON file specified by vulnsJSON. 47 func NewMockVulnerabilityEnricher(t *testing.T, vulnsJSON string) MockVulnerabilityEnricher { 48 t.Helper() 49 f, err := os.Open(vulnsJSON) 50 if err != nil { 51 t.Fatalf("failed opening mock vulns: %v", err) 52 } 53 defer f.Close() 54 var vulns mockVulns 55 if err := json.NewDecoder(f).Decode(&vulns); err != nil { 56 t.Fatalf("failed decoding mock vulns: %v", err) 57 } 58 return MockVulnerabilityEnricher(vulns.Vulns) 59 } 60 61 // Name of the Enricher. 62 func (MockVulnerabilityEnricher) Name() string { 63 return Name 64 } 65 66 // Version of the Enricher. 67 func (MockVulnerabilityEnricher) Version() int { 68 return version 69 } 70 71 // Requirements of the Enricher. 72 func (MockVulnerabilityEnricher) Requirements() *plugin.Capabilities { 73 return &plugin.Capabilities{} 74 } 75 76 // RequiredPlugins of the Enricher. 77 func (MockVulnerabilityEnricher) RequiredPlugins() []string { 78 return []string{} 79 } 80 81 // Enrich finds vulnerabilities in the inventory from the mock vulnerability list. 82 func (e MockVulnerabilityEnricher) Enrich(ctx context.Context, _ *enricher.ScanInput, inv *inventory.Inventory) error { 83 for _, vuln := range e { 84 for _, pkg := range inv.Packages { 85 if vulns.IsAffected(vuln, pkg) { 86 inv.PackageVulns = append(inv.PackageVulns, &inventory.PackageVuln{ 87 Package: pkg, 88 Vulnerability: vuln, 89 }) 90 } 91 } 92 } 93 return nil 94 } 95 96 type mockVulns struct { 97 Vulns []*osvpb.Vulnerability `json:"vulns"` 98 } 99 100 // UnmarshalJSON unmarshals the mock vulns. The Vulnerability field is a proto 101 // message, so it needs to be unmarshaled with protojson. 102 func (m *mockVulns) UnmarshalJSON(data []byte) error { 103 var raw map[string][]json.RawMessage 104 if err := json.Unmarshal(data, &raw); err != nil { 105 return err 106 } 107 for _, v := range raw["vulns"] { 108 var vuln osvpb.Vulnerability 109 if err := protojson.Unmarshal(v, &vuln); err != nil { 110 return err 111 } 112 m.Vulns = append(m.Vulns, &vuln) 113 } 114 return nil 115 }