github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/protecode/analysis_test.go

github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/protecode/analysis_test.go (about)

     1  //go:build unit
     2  // +build unit
     3  
     4  package protecode
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  )
    11  
    12  func TestIsSevere(t *testing.T) {
    13  	t.Run("with severe cvss v3 vulnerability", func(t *testing.T) {
    14  		// init
    15  		vulnerability := Vulnerability{
    16  			Exact:  true,
    17  			Triage: []Triage{},
    18  			Vuln: Vuln{
    19  				Cve:        "Cve2",
    20  				Cvss:       "8.0",
    21  				Cvss3Score: "7.3",
    22  			},
    23  		}
    24  		// test && assert
    25  		assert.True(t, isSevere(vulnerability))
    26  	})
    27  	t.Run("with severe cvss v2 vulnerability", func(t *testing.T) {
    28  		// init
    29  		vulnerability := Vulnerability{
    30  			Exact:  true,
    31  			Triage: []Triage{},
    32  			Vuln: Vuln{
    33  				Cve:        "Cve2",
    34  				Cvss:       "8.0",
    35  				Cvss3Score: "0.0",
    36  			},
    37  		}
    38  		// test && assert
    39  		assert.True(t, isSevere(vulnerability))
    40  	})
    41  	t.Run("with non-severe cvss v3 vulnerability", func(t *testing.T) {
    42  		// init
    43  		vulnerability := Vulnerability{
    44  			Exact:  true,
    45  			Triage: []Triage{},
    46  			Vuln: Vuln{
    47  				Cve:        "Cve2",
    48  				Cvss:       "4.0",
    49  				Cvss3Score: "4.0",
    50  			},
    51  		}
    52  		// test && assert
    53  		assert.False(t, isSevere(vulnerability))
    54  	})
    55  	t.Run("with non-severe cvss v2 vulnerability", func(t *testing.T) {
    56  		// init
    57  		vulnerability := Vulnerability{
    58  			Exact:  true,
    59  			Triage: []Triage{},
    60  			Vuln: Vuln{
    61  				Cve:        "Cve2",
    62  				Cvss:       "4.0",
    63  				Cvss3Score: "0.0",
    64  			},
    65  		}
    66  		// test && assert
    67  		assert.False(t, isSevere(vulnerability))
    68  	})
    69  	t.Run("with non-severe vulnerability with missing cvss v3 rating", func(t *testing.T) {
    70  		// init
    71  		vulnerability := Vulnerability{
    72  			Exact:  true,
    73  			Triage: []Triage{},
    74  			Vuln: Vuln{
    75  				Cve:        "Cve2",
    76  				Cvss:       "4.0",
    77  				Cvss3Score: "",
    78  			},
    79  		}
    80  		// test && assert
    81  		assert.False(t, isSevere(vulnerability))
    82  	})
    83  }
    84  
    85  func TestHasSevereVulnerabilities(t *testing.T) {
    86  	severeV3 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve1", Cvss: "4.0", Cvss3Score: "8.0"}}
    87  	severeV2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve2", Cvss: "8.0", Cvss3Score: "0.0"}}
    88  	nonSevere1 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve3", Cvss: "4.0", Cvss3Score: "4.0"}}
    89  	nonSevere2 := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve4", Cvss: "4.0", Cvss3Score: "4.0"}}
    90  	excluded := Vulnerability{Exact: true, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve5", Cvss: "8.0", Cvss3Score: "8.0"}}
    91  	triaged := Vulnerability{Exact: true, Triage: []Triage{{ID: 1}}, Vuln: Vuln{Cve: "Cve6", Cvss: "8.0", Cvss3Score: "8.0"}}
    92  	historic := Vulnerability{Exact: false, Triage: []Triage{}, Vuln: Vuln{Cve: "Cve7", Cvss: "8.0", Cvss3Score: "8.0"}}
    93  
    94  	t.Run("with severe v3 vulnerabilities", func(t *testing.T) {
    95  		// init
    96  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, severeV3}}}}
    97  		// test && assert
    98  		assert.True(t, HasSevereVulnerabilities(data, ""))
    99  	})
   100  	t.Run("with severe v2 vulnerabilities", func(t *testing.T) {
   101  		// init
   102  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, severeV2}}}}
   103  		// test && assert
   104  		assert.True(t, HasSevereVulnerabilities(data, ""))
   105  	})
   106  	t.Run("without severe vulnerabilities", func(t *testing.T) {
   107  		// init
   108  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, nonSevere2}}}}
   109  		// test && assert
   110  		assert.False(t, HasSevereVulnerabilities(data, ""))
   111  	})
   112  	t.Run("with historic vulnerabilities", func(t *testing.T) {
   113  		// init
   114  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, triaged}}}}
   115  		// test && assert
   116  		assert.False(t, HasSevereVulnerabilities(data, ""))
   117  	})
   118  	t.Run("with excluded vulnerabilities", func(t *testing.T) {
   119  		// init
   120  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, excluded}}}}
   121  		// test && assert
   122  		assert.False(t, HasSevereVulnerabilities(data, "Cve5,Cve14"))
   123  	})
   124  	t.Run("with historic vulnerabilities", func(t *testing.T) {
   125  		// init
   126  		data := Result{Components: []Component{{Vulns: []Vulnerability{nonSevere1, historic}}}}
   127  		// test && assert
   128  		assert.False(t, HasSevereVulnerabilities(data, ""))
   129  	})
   130  }