2021-12-19 15:02:42 +03:00
package osv_test
import (
"fmt"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
2023-09-20 09:23:39 +03:00
"github.com/aquasecurity/vuln-list-update/osv"
2021-12-19 15:02:42 +03:00
)
func Test_Update ( t * testing . T ) {
tests := [ ] struct {
name string
path string
ecosystem map [ string ] string
wantFiles [ ] string
wantErr string
} {
{
name : "happy path python" ,
ecosystem : map [ string ] string {
"PyPI" : "python" ,
} ,
wantFiles : [ ] string {
filepath . Join ( "python" , "cherrypy" , "PYSEC-2006-1.json" ) ,
filepath . Join ( "python" , "trac" , "PYSEC-2005-1.json" ) ,
filepath . Join ( "python" , "trac" , "PYSEC-2006-2.json" ) ,
2023-08-03 16:06:44 +03:00
filepath . Join ( "python" , "aiohttp" , "PYSEC-2023-120.json" ) ,
2021-12-19 15:02:42 +03:00
} ,
} ,
{
name : "happy path Go" ,
ecosystem : map [ string ] string {
"Go" : "go" ,
} ,
wantFiles : [ ] string {
filepath . Join ( "go" , "github.com" , "gin-gonic" , "gin" , "GO-2020-0001.json" ) ,
filepath . Join ( "go" , "github.com" , "seccomp" , "libseccomp-golang" , "GO-2020-0007.json" ) ,
filepath . Join ( "go" , "github.com" , "tidwall" , "gjson" , "GO-2021-0059.json" ) ,
} ,
} ,
{
name : "happy path python+rust" ,
ecosystem : map [ string ] string {
"PyPI" : "python" ,
"crates.io" : "rust" ,
} ,
wantFiles : [ ] string {
// Python
filepath . Join ( "python" , "cherrypy" , "PYSEC-2006-1.json" ) ,
filepath . Join ( "python" , "trac" , "PYSEC-2005-1.json" ) ,
filepath . Join ( "python" , "trac" , "PYSEC-2006-2.json" ) ,
// Rust
filepath . Join ( "rust" , "openssl" , "RUSTSEC-2016-0001.json" ) ,
filepath . Join ( "rust" , "smallvec" , "RUSTSEC-2019-0009.json" ) ,
filepath . Join ( "rust" , "tar" , "RUSTSEC-2018-0002.json" ) ,
} ,
} ,
{
name : "sad path, unable to download archive" ,
path : "/%s/unknown.zip" ,
ecosystem : map [ string ] string {
"PyPI" : "python" ,
} ,
wantErr : "bad response code: 404" ,
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
mux := http . NewServeMux ( )
for name , dir := range tt . ecosystem {
b , err := os . ReadFile ( filepath . Join ( "testdata" , dir , "all.zip" ) )
require . NoError ( t , err )
mux . HandleFunc ( fmt . Sprintf ( "/%s/all.zip" , name ) , func ( w http . ResponseWriter , r * http . Request ) {
_ , err = w . Write ( b )
require . NoError ( t , err )
} )
}
ts := httptest . NewServer ( mux )
defer ts . Close ( )
// build test settings
testDir := t . TempDir ( )
testURL := ts . URL + "/%s/all.zip"
if tt . path != "" {
testURL = ts . URL + tt . path
fmt . Println ( testURL )
}
c := osv . NewOsv ( osv . WithURL ( testURL ) , osv . WithDir ( testDir ) , osv . WithEcosystem ( tt . ecosystem ) )
err := c . Update ( )
if tt . wantErr != "" {
require . Error ( t , err )
assert . Contains ( t , err . Error ( ) , tt . wantErr )
return
}
assert . NoError ( t , err )
for _ , wantFile := range tt . wantFiles {
got , err := os . ReadFile ( filepath . Join ( testDir , wantFile ) )
require . NoError ( t , err )
want , err := os . ReadFile ( filepath . Join ( "testdata" , "golden" , wantFile ) )
require . NoError ( t , err )
assert . JSONEq ( t , string ( want ) , string ( got ) )
}
} )
}
}