119 lines
2.9 KiB
Go
119 lines
2.9 KiB
Go
|
package osv_test
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"net/http"
|
||
|
"net/http/httptest"
|
||
|
"os"
|
||
|
"path/filepath"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/aquasecurity/vuln-list-update/osv"
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
"github.com/stretchr/testify/require"
|
||
|
)
|
||
|
|
||
|
func Test_Update(t *testing.T) {
|
||
|
tests := []struct {
|
||
|
name string
|
||
|
path string
|
||
|
ecosystem map[string]string
|
||
|
wantFiles []string
|
||
|
wantErr string
|
||
|
}{
|
||
|
{
|
||
|
name: "happy path python",
|
||
|
ecosystem: map[string]string{
|
||
|
"PyPI": "python",
|
||
|
},
|
||
|
wantFiles: []string{
|
||
|
filepath.Join("python", "cherrypy", "PYSEC-2006-1.json"),
|
||
|
filepath.Join("python", "trac", "PYSEC-2005-1.json"),
|
||
|
filepath.Join("python", "trac", "PYSEC-2006-2.json"),
|
||
|
},
|
||
|
},
|
||
|
{
|
||
|
name: "happy path Go",
|
||
|
ecosystem: map[string]string{
|
||
|
"Go": "go",
|
||
|
},
|
||
|
wantFiles: []string{
|
||
|
filepath.Join("go", "github.com", "gin-gonic", "gin", "GO-2020-0001.json"),
|
||
|
filepath.Join("go", "github.com", "seccomp", "libseccomp-golang", "GO-2020-0007.json"),
|
||
|
filepath.Join("go", "github.com", "tidwall", "gjson", "GO-2021-0059.json"),
|
||
|
},
|
||
|
},
|
||
|
{
|
||
|
name: "happy path python+rust",
|
||
|
ecosystem: map[string]string{
|
||
|
"PyPI": "python",
|
||
|
"crates.io": "rust",
|
||
|
},
|
||
|
wantFiles: []string{
|
||
|
// Python
|
||
|
filepath.Join("python", "cherrypy", "PYSEC-2006-1.json"),
|
||
|
filepath.Join("python", "trac", "PYSEC-2005-1.json"),
|
||
|
filepath.Join("python", "trac", "PYSEC-2006-2.json"),
|
||
|
|
||
|
// Rust
|
||
|
filepath.Join("rust", "openssl", "RUSTSEC-2016-0001.json"),
|
||
|
filepath.Join("rust", "smallvec", "RUSTSEC-2019-0009.json"),
|
||
|
filepath.Join("rust", "tar", "RUSTSEC-2018-0002.json"),
|
||
|
},
|
||
|
},
|
||
|
{
|
||
|
name: "sad path, unable to download archive",
|
||
|
path: "/%s/unknown.zip",
|
||
|
ecosystem: map[string]string{
|
||
|
"PyPI": "python",
|
||
|
},
|
||
|
wantErr: "bad response code: 404",
|
||
|
},
|
||
|
}
|
||
|
|
||
|
for _, tt := range tests {
|
||
|
t.Run(tt.name, func(t *testing.T) {
|
||
|
mux := http.NewServeMux()
|
||
|
for name, dir := range tt.ecosystem {
|
||
|
b, err := os.ReadFile(filepath.Join("testdata", dir, "all.zip"))
|
||
|
require.NoError(t, err)
|
||
|
mux.HandleFunc(fmt.Sprintf("/%s/all.zip", name), func(w http.ResponseWriter, r *http.Request) {
|
||
|
_, err = w.Write(b)
|
||
|
require.NoError(t, err)
|
||
|
})
|
||
|
}
|
||
|
ts := httptest.NewServer(mux)
|
||
|
|
||
|
defer ts.Close()
|
||
|
|
||
|
// build test settings
|
||
|
testDir := t.TempDir()
|
||
|
testURL := ts.URL + "/%s/all.zip"
|
||
|
if tt.path != "" {
|
||
|
testURL = ts.URL + tt.path
|
||
|
fmt.Println(testURL)
|
||
|
}
|
||
|
|
||
|
c := osv.NewOsv(osv.WithURL(testURL), osv.WithDir(testDir), osv.WithEcosystem(tt.ecosystem))
|
||
|
|
||
|
err := c.Update()
|
||
|
if tt.wantErr != "" {
|
||
|
require.Error(t, err)
|
||
|
assert.Contains(t, err.Error(), tt.wantErr)
|
||
|
return
|
||
|
}
|
||
|
assert.NoError(t, err)
|
||
|
|
||
|
for _, wantFile := range tt.wantFiles {
|
||
|
got, err := os.ReadFile(filepath.Join(testDir, wantFile))
|
||
|
require.NoError(t, err)
|
||
|
|
||
|
want, err := os.ReadFile(filepath.Join("testdata", "golden", wantFile))
|
||
|
require.NoError(t, err)
|
||
|
|
||
|
assert.JSONEq(t, string(want), string(got))
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|