github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/osv/osv_test.go (about) 1 package osv_test 2 3 import ( 4 "path/filepath" 5 "testing" 6 7 "github.com/khulnasoft-lab/tunnel-db/pkg/types" 8 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/osv" 9 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrc/vulnerability" 10 "github.com/khulnasoft-lab/tunnel-db/pkg/vulnsrctest" 11 ) 12 13 func TestVulnSrc_Update(t *testing.T) { 14 tests := []struct { 15 name string 16 dir string 17 wantValues []vulnsrctest.WantValues 18 noBuckets [][]string 19 wantErr string 20 }{ 21 { 22 name: "happy path", 23 dir: filepath.Join("testdata", "happy"), 24 wantValues: []vulnsrctest.WantValues{ 25 { 26 Key: []string{ 27 "data-source", 28 "pip::Python Packaging Advisory Database", 29 }, 30 Value: types.DataSource{ 31 ID: vulnerability.OSV, 32 Name: "Python Packaging Advisory Database", 33 URL: "https://github.com/pypa/advisory-db", 34 }, 35 }, 36 { 37 Key: []string{ 38 "advisory-detail", 39 "CVE-2018-10895", 40 "pip::Python Packaging Advisory Database", 41 "qutebrowser", 42 }, 43 Value: types.Advisory{ 44 VendorIDs: []string{ 45 "GHSA-wgmx-52ph-qqcw", 46 "PYSEC-2018-27", 47 }, 48 VulnerableVersions: []string{"<1.4.1"}, 49 PatchedVersions: []string{"1.4.1"}, 50 }, 51 }, 52 { 53 Key: []string{ 54 "vulnerability-detail", 55 "CVE-2018-10895", 56 string(vulnerability.OSV), 57 }, 58 Value: types.VulnerabilityDetail{ 59 Description: "qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.", 60 References: []string{ 61 "https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660", 62 "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10895", 63 "http://www.openwall.com/lists/oss-security/2018/07/11/7", 64 "https://github.com/advisories/GHSA-wgmx-52ph-qqcw", 65 }, 66 }, 67 }, 68 { 69 Key: []string{ 70 "vulnerability-id", 71 "CVE-2018-10895", 72 }, 73 Value: map[string]interface{}{}, 74 }, 75 { 76 Key: []string{ 77 "vulnerability-id", 78 "CVE-2013-4251", 79 }, 80 Value: map[string]interface{}{}, 81 }, 82 { 83 Key: []string{ 84 "advisory-detail", 85 "CVE-2023-37276", 86 "pip::Python Packaging Advisory Database", 87 "aiohttp", 88 }, 89 Value: types.Advisory{ 90 VendorIDs: []string{ 91 "GHSA-45c4-8wx5-qw6w", 92 "PYSEC-2023-120", 93 }, 94 VulnerableVersions: []string{ 95 "<=3.8.4", 96 "=4.0.1", 97 }, 98 }, 99 }, 100 }, 101 noBuckets: [][]string{ 102 // skip withdrawn 103 { 104 "vulnerability-id", 105 "CVE-2023-31655", 106 }, 107 { 108 "advisory-detail", 109 "CVE-2023-31655", 110 }, 111 { 112 "vulnerability-detail", 113 "CVE-2023-31655", 114 }, 115 }, 116 }, 117 { 118 name: "sad path", 119 dir: filepath.Join("testdata", "sad"), 120 wantErr: "JSON decode error", 121 }, 122 } 123 124 for _, tt := range tests { 125 t.Run(tt.name, func(t *testing.T) { 126 dataSources := map[types.Ecosystem]types.DataSource{ 127 vulnerability.Pip: { 128 ID: vulnerability.OSV, 129 Name: "Python Packaging Advisory Database", 130 URL: "https://github.com/pypa/advisory-db", 131 }, 132 } 133 o := osv.New(".", vulnerability.OSV, dataSources, nil) 134 vulnsrctest.TestUpdate(t, o, vulnsrctest.TestUpdateArgs{ 135 Dir: tt.dir, 136 WantValues: tt.wantValues, 137 WantErr: tt.wantErr, 138 NoBuckets: tt.noBuckets, 139 }) 140 }) 141 } 142 }