github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bundler/bundler_test.go

github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bundler/bundler_test.go (about)

     1  package bundler_test
     2  
     3  import (
     4  	"path/filepath"
     5  	"testing"
     6  
     7  	"github.com/khulnasoft-lab/tunnel-db/pkg/types"
     8  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/bundler"
     9  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability"
    10  	"github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest"
    11  )
    12  
    13  func TestVulnSrc_Update(t *testing.T) {
    14  	tests := []struct {
    15  		name       string
    16  		dir        string
    17  		wantValues []vulnsrctest.WantValues
    18  		wantErr    string
    19  	}{
    20  		{
    21  			name: "happy path",
    22  			dir:  filepath.Join("testdata", "happy"),
    23  			wantValues: []vulnsrctest.WantValues{
    24  				{
    25  					Key: []string{"data-source", "rubygems::Ruby Advisory Database"},
    26  					Value: types.DataSource{
    27  						ID:   vulnerability.RubySec,
    28  						Name: "Ruby Advisory Database",
    29  						URL:  "https://github.com/rubysec/ruby-advisory-db",
    30  					},
    31  				},
    32  				{
    33  					Key: []string{"advisory-detail", "CVE-2019-9837", "rubygems::Ruby Advisory Database", "doorkeeper-openid_connect"},
    34  					Value: types.Advisory{
    35  						PatchedVersions:    []string{">= 1.5.4"},
    36  						UnaffectedVersions: []string{"< 1.4.0"},
    37  					},
    38  				},
    39  				{
    40  					Key: []string{"vulnerability-detail", "CVE-2019-9837", string(vulnerability.RubySec)},
    41  					Value: types.VulnerabilityDetail{
    42  						CvssScoreV3: 6.1,
    43  						References:  []string{"https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/master/CHANGELOG.md#v154-2019-02-15"},
    44  						Title:       "Doorkeeper::OpenidConnect Open Redirect",
    45  						Description: "Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.",
    46  					},
    47  				},
    48  				{
    49  					Key:   []string{"vulnerability-id", "CVE-2019-9837"},
    50  					Value: map[string]interface{}{},
    51  				},
    52  			},
    53  		},
    54  		{
    55  			name:    "sad path",
    56  			dir:     filepath.Join("testdata", "sad"),
    57  			wantErr: "failed to unmarshal YAML",
    58  		},
    59  	}
    60  	for _, tt := range tests {
    61  		t.Run(tt.name, func(t *testing.T) {
    62  			vs := bundler.NewVulnSrc()
    63  			vulnsrctest.TestUpdate(t, vs, vulnsrctest.TestUpdateArgs{
    64  				Dir:        tt.dir,
    65  				WantValues: tt.wantValues,
    66  				WantErr:    tt.wantErr,
    67  			})
    68  		})
    69  	}
    70  }