github.com/quay/claircore@v1.5.28/java/matcher_test.go (about) 1 package java 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/google/go-cmp/cmp" 8 "github.com/quay/claircore" 9 ) 10 11 func TestVulnerable(t *testing.T) { 12 matcher := &Matcher{} 13 14 testcases := []struct { 15 name string 16 record *claircore.IndexRecord 17 vuln *claircore.Vulnerability 18 want bool 19 }{ 20 { 21 name: "pkg0", 22 record: &claircore.IndexRecord{ 23 Package: &claircore.Package{ 24 Name: "org.apache.openmeetings:openmeetings-parent", 25 Version: "3.2.9", 26 Kind: "binary", 27 }, 28 }, 29 vuln: &claircore.Vulnerability{ 30 Updater: "osv", 31 Name: "GHSA-2965-xxg6-3qh5", 32 Description: "Apache OpenMeetings vulnerable to parameter manipulation attacks", 33 Package: &claircore.Package{ 34 Name: "org.apache.openmeetings:openmeetings-parent", 35 RepositoryHint: "Maven", 36 }, 37 FixedInVersion: "fixed=3.3.0&introduced=3.2.0", 38 }, 39 want: true, 40 }, 41 { 42 name: "pkg1", 43 record: &claircore.IndexRecord{ 44 Package: &claircore.Package{ 45 Name: "org.apache.openmeetings:openmeetings-parent", 46 Version: "3.3.0", 47 Kind: "binary", 48 }, 49 }, 50 vuln: &claircore.Vulnerability{ 51 Updater: "osv", 52 Name: "GHSA-2965-xxg6-3qh5", 53 Description: "Apache OpenMeetings vulnerable to parameter manipulation attacks", 54 Package: &claircore.Package{ 55 Name: "org.apache.openmeetings:openmeetings-parent", 56 RepositoryHint: "Maven", 57 }, 58 FixedInVersion: "fixed=3.3.0&introduced=3.2.0", 59 }, 60 want: false, 61 }, 62 { 63 name: "pkg2", 64 record: &claircore.IndexRecord{ 65 Package: &claircore.Package{ 66 Name: "com.jfinal:jfinal", 67 Version: "4.9.0", 68 Kind: "binary", 69 }, 70 }, 71 vuln: &claircore.Vulnerability{ 72 Updater: "osv", 73 Name: "GHSA-2c25-xfpq-8n9r", 74 Description: "Cross-site scripting in ¡final", 75 Package: &claircore.Package{ 76 Name: "com.jfinal:jfinal", 77 RepositoryHint: "Maven", 78 }, 79 FixedInVersion: "fixed=4.9.11", 80 }, 81 want: true, 82 }, 83 { 84 name: "pkg3", 85 record: &claircore.IndexRecord{ 86 Package: &claircore.Package{ 87 Name: "com.gitblit:gitblit", 88 Version: "1.9.3", 89 Kind: "binary", 90 }, 91 }, 92 vuln: &claircore.Vulnerability{ 93 Updater: "osv", 94 Name: "GHSA-265-ra62-fahg", 95 Description: "Path traversal in Gitblit", 96 Package: &claircore.Package{ 97 Name: "com.gitblit:gitblit", 98 RepositoryHint: "Maven", 99 }, 100 FixedInVersion: "lastAffected=1.9.3", 101 }, 102 want: true, 103 }, 104 { 105 name: "pkg4", 106 record: &claircore.IndexRecord{ 107 Package: &claircore.Package{ 108 Name: "com.gitblit:gitblit", 109 Version: "1.9.4", 110 Kind: "binary", 111 }, 112 }, 113 vuln: &claircore.Vulnerability{ 114 Updater: "osv", 115 Name: "GHSA-265-ra62-fahg", 116 Description: "Path traversal in Gitblit", 117 Package: &claircore.Package{ 118 Name: "com.gitblit:gitblit", 119 RepositoryHint: "Maven", 120 }, 121 FixedInVersion: "lastAffected=1.9.3", 122 }, 123 want: false, 124 }, 125 { 126 name: "pkg5", 127 record: &claircore.IndexRecord{ 128 Package: &claircore.Package{ 129 Name: "org.apache.openmeetings:openmeetings-parent", 130 Version: "3.3.0", 131 Kind: "binary", 132 }, 133 }, 134 vuln: &claircore.Vulnerability{ 135 Updater: "osv", 136 Name: "GHSA-2965-xxg6-3qh5", 137 Description: "Apache OpenMeetings vulnerable to parameter manipulation attacks", 138 Package: &claircore.Package{ 139 Name: "org.apache.openmeetings:openmeetings-parent", 140 RepositoryHint: "Maven", 141 }, 142 FixedInVersion: "lastAffected=3.3.0&introduced=3.2.0", 143 }, 144 want: true, 145 }, 146 { 147 name: "pkg6", 148 record: &claircore.IndexRecord{ 149 Package: &claircore.Package{ 150 Name: "org.apache.openmeetings:openmeetings-parent", 151 Version: "3.1.9", 152 Kind: "binary", 153 }, 154 }, 155 vuln: &claircore.Vulnerability{ 156 Updater: "osv", 157 Name: "GHSA-2965-xxg6-3qh5", 158 Description: "Apache OpenMeetings vulnerable to parameter manipulation attacks", 159 Package: &claircore.Package{ 160 Name: "org.apache.openmeetings:openmeetings-parent", 161 RepositoryHint: "Maven", 162 }, 163 FixedInVersion: "lastAffected=3.3.0&introduced=3.2.0", 164 }, 165 want: false, 166 }, 167 { 168 name: "pkg7", 169 record: &claircore.IndexRecord{ 170 Package: &claircore.Package{ 171 Name: "org.apache.tiles:tiles-core", 172 Version: "3.0.7", 173 Kind: "binary", 174 }, 175 }, 176 vuln: &claircore.Vulnerability{ 177 Updater: "osv", 178 Name: "GHSA-qw4h-3xjj-84cc", 179 Description: "Go look it up: https://osv.dev/vulnerability/GHSA-qw4h-3xjj-84cc", 180 Package: &claircore.Package{ 181 Name: "org.apache.tiles:tiles-core", 182 RepositoryHint: "Maven", 183 }, 184 FixedInVersion: "introduced=2.0.0", 185 }, 186 want: true, 187 }, 188 } 189 190 for _, testcase := range testcases { 191 t.Run(testcase.name, func(t *testing.T) { 192 got, err := matcher.Vulnerable(context.Background(), testcase.record, testcase.vuln) 193 if err != nil { 194 t.Fatal(err) 195 } 196 if !cmp.Equal(got, testcase.want) { 197 t.Error(cmp.Diff(got, testcase.want)) 198 } 199 }) 200 } 201 }