github.com/jaylevin/jenkins-library@v1.230.4/pkg/protecode/analysis_test.go (about) 1 package protecode 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 ) 8 9 func TestIsSevere(t *testing.T) { 10 t.Run("with severe cvss v3 vulnerability", func(t *testing.T) { 11 // init 12 vulnerability := Vulnerability{ 13 Exact: true, 14 Triage: []Triage{}, 15 Vuln: Vuln{ 16 Cve: "Cve2", 17 Cvss: 8.0, 18 Cvss3Score: "7.3", 19 }, 20 } 21 // test && assert 22 assert.True(t, isSevere(vulnerability)) 23 }) 24 t.Run("with severe cvss v2 vulnerability", func(t *testing.T) { 25 // init 26 vulnerability := Vulnerability{ 27 Exact: true, 28 Triage: []Triage{}, 29 Vuln: Vuln{ 30 Cve: "Cve2", 31 Cvss: 8.0, 32 Cvss3Score: "0.0", 33 }, 34 } 35 // test && assert 36 assert.True(t, isSevere(vulnerability)) 37 }) 38 t.Run("with non-severe cvss v3 vulnerability", func(t *testing.T) { 39 // init 40 vulnerability := Vulnerability{ 41 Exact: true, 42 Triage: []Triage{}, 43 Vuln: Vuln{ 44 Cve: "Cve2", 45 Cvss: 4.0, 46 Cvss3Score: "4.0", 47 }, 48 } 49 // test && assert 50 assert.False(t, isSevere(vulnerability)) 51 }) 52 t.Run("with non-severe cvss v2 vulnerability", func(t *testing.T) { 53 // init 54 vulnerability := Vulnerability{ 55 Exact: true, 56 Triage: []Triage{}, 57 Vuln: Vuln{ 58 Cve: "Cve2", 59 Cvss: 4.0, 60 Cvss3Score: "0.0", 61 }, 62 } 63 // test && assert 64 assert.False(t, isSevere(vulnerability)) 65 }) 66 t.Run("with non-severe vulnerability with missing cvss v3 rating", func(t *testing.T) { 67 // init 68 vulnerability := Vulnerability{ 69 Exact: true, 70 Triage: []Triage{}, 71 Vuln: Vuln{ 72 Cve: "Cve2", 73 Cvss: 4.0, 74 Cvss3Score: "", 75 }, 76 } 77 // test && assert 78 assert.False(t, isSevere(vulnerability)) 79 }) 80 } 81 82 func TestHasSevereVulnerabilities(t *testing.T) { 83 severeV3 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: 4.0, Cvss3Score: "8.0"}} 84 severeV2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2", Cvss: 8.0, Cvss3Score: "0.0"}} 85 nonSevere1 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: 4.0, Cvss3Score: "4.0"}} 86 nonSevere2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: 4.0, Cvss3Score: "4.0"}} 87 excluded := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve5", Cvss: 8.0, Cvss3Score: "8.0"}} 88 triaged := Vulnerability{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve6", Cvss: 8.0, Cvss3Score: "8.0"}} 89 historic := Vulnerability{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve7", Cvss: 8.0, Cvss3Score: "8.0"}} 90 91 t.Run("with severe v3 vulnerabilities", func(t *testing.T) { 92 // init 93 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, severeV3}}}} 94 // test && assert 95 assert.True(t, HasSevereVulnerabilities(data, "")) 96 }) 97 t.Run("with severe v2 vulnerabilities", func(t *testing.T) { 98 // init 99 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, severeV2}}}} 100 // test && assert 101 assert.True(t, HasSevereVulnerabilities(data, "")) 102 }) 103 t.Run("without severe vulnerabilities", func(t *testing.T) { 104 // init 105 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, nonSevere2}}}} 106 // test && assert 107 assert.False(t, HasSevereVulnerabilities(data, "")) 108 }) 109 t.Run("with historic vulnerabilities", func(t *testing.T) { 110 // init 111 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, triaged}}}} 112 // test && assert 113 assert.False(t, HasSevereVulnerabilities(data, "")) 114 }) 115 t.Run("with excluded vulnerabilities", func(t *testing.T) { 116 // init 117 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, excluded}}}} 118 // test && assert 119 assert.False(t, HasSevereVulnerabilities(data, "Cve5,Cve14")) 120 }) 121 t.Run("with historic vulnerabilities", func(t *testing.T) { 122 // init 123 data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, historic}}}} 124 // test && assert 125 assert.False(t, HasSevereVulnerabilities(data, "")) 126 }) 127 }