github.com/safedep/dry@v0.0.0-20241016050132-a15651f0548b/cvss/cvss_test.go

github.com/safedep/dry@v0.0.0-20241016050132-a15651f0548b/cvss/cvss_test.go (about)

     1  package cvss
     2  
     3  import (
     4  	"errors"
     5  	"testing"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  )
     9  
    10  func TestBaseStringParsing(t *testing.T) {
    11  	cases := []struct {
    12  		name    string
    13  		version CvssVersion
    14  		base    string
    15  		err     error
    16  	}{
    17  		{
    18  			name:    "valid v2",
    19  			version: CVSS_V2,
    20  			base:    "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    21  			err:     nil,
    22  		},
    23  		{
    24  			name:    "valid v3",
    25  			version: CVSS_V3,
    26  			base:    "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
    27  			err:     nil,
    28  		},
    29  		{
    30  			name:    "invalid v2",
    31  			version: CVSS_V2,
    32  			base:    "<invalid>",
    33  			err:     errors.New("invalid vector"),
    34  		},
    35  		{
    36  			name:    "invalid v3",
    37  			version: CVSS_V3,
    38  			base:    "<invalid>",
    39  			err:     errors.New("invalid vector"),
    40  		},
    41  	}
    42  
    43  	for _, test := range cases {
    44  		t.Run(test.name, func(t *testing.T) {
    45  			_, err := NewCvssBaseString(test.base, test.version)
    46  
    47  			if test.err == nil {
    48  				assert.NoError(t, err)
    49  			} else {
    50  				assert.ErrorContains(t, err, test.err.Error())
    51  			}
    52  		})
    53  	}
    54  }
    55  
    56  func TestBaseSeverity(t *testing.T) {
    57  	cases := []struct {
    58  		name    string
    59  		version CvssVersion
    60  		base    string
    61  		risk    CvssRisk
    62  	}{
    63  		{
    64  			name:    "v2 high",
    65  			version: CVSS_V2,
    66  			base:    "AV:N/AC:L/Au:N/C:C/I:C/A:C",
    67  			risk:    HIGH,
    68  		},
    69  		{
    70  			name:    "v2 medium",
    71  			version: CVSS_V2,
    72  			base:    "AV:N/AC:H/Au:S/C:C/I:N/A:N",
    73  			risk:    MEDIUM,
    74  		},
    75  		{
    76  			name:    "v2 low",
    77  			version: CVSS_V2,
    78  			base:    "AV:N/AC:L/Au:N/C:N/I:N/A:N",
    79  			risk:    LOW,
    80  		},
    81  		{
    82  			name:    "v3 critical",
    83  			version: CVSS_V3,
    84  			base:    "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
    85  			risk:    CRITICAL,
    86  		},
    87  		{
    88  			name:    "v3 high",
    89  			version: CVSS_V3,
    90  			base:    "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
    91  			risk:    HIGH,
    92  		},
    93  		{
    94  			name:    "v3 medium",
    95  			version: CVSS_V3,
    96  			base:    "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
    97  			risk:    MEDIUM,
    98  		},
    99  		{
   100  			name:    "v3 low",
   101  			version: CVSS_V3,
   102  			base:    "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
   103  			risk:    LOW,
   104  		},
   105  		{
   106  			name:    "v3 none",
   107  			version: CVSS_V3,
   108  			base:    "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
   109  			risk:    NONE,
   110  		},
   111  	}
   112  
   113  	for _, test := range cases {
   114  		t.Run(test.name, func(t *testing.T) {
   115  			c, err := NewCvssBaseString(test.base, test.version)
   116  			assert.NoError(t, err)
   117  
   118  			assert.Equal(t, test.risk, c.Severity())
   119  		})
   120  	}
   121  
   122  }