added artifacts

internal/domain/vulnscan/osv_test.go

@@ -0,0 +1,89 @@
+package vulnscan
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func TestParseCVSS(t *testing.T) {
+	v := OSVVuln{
+		ID: "CVE-2024-0001",
+		Severity: []Severity{
+			{Type: "CVSS_V3", Score: "7.5"},
+		},
+	}
+	score := parseCVSS(v)
+	if score != 7.5 {
+		t.Errorf("expected 7.5, got %f", score)
+	}
+}
+
+func TestParseCVSS_NoScore(t *testing.T) {
+	v := OSVVuln{
+		ID: "GHSA-xxxx",
+	}
+	score := parseCVSS(v)
+	if score != 0 {
+		t.Errorf("expected 0 for no severity, got %f", score)
+	}
+}
+
+func TestExtractFixedVersion(t *testing.T) {
+	v := OSVVuln{
+		Affected: []Affected{
+			{
+				Ranges: []AffectedRange{
+					{
+						Events: []RangeEvent{
+							{Introduced: "0"},
+							{Fixed: "1.2.3"},
+						},
+					},
+				},
+			},
+		},
+	}
+	fixed := extractFixedVersion(v)
+	if fixed != "1.2.3" {
+		t.Errorf("expected 1.2.3, got %s", fixed)
+	}
+}
+
+func TestExtractFixedVersion_None(t *testing.T) {
+	v := OSVVuln{}
+	fixed := extractFixedVersion(v)
+	if fixed != "" {
+		t.Errorf("expected empty, got %s", fixed)
+	}
+}
+
+func TestTruncateStr(t *testing.T) {
+	if truncateStr("short", 10) != "short" {
+		t.Error("should not truncate short strings")
+	}
+	if truncateStr("this is a long string", 10) != "this is a ..." {
+		t.Errorf("got %q", truncateStr("this is a long string", 10))
+	}
+}
+
+func TestNewClient(t *testing.T) {
+	c := NewClient()
+	if c.baseURL != defaultOSVAPI {
+		t.Errorf("baseURL = %s, want %s", c.baseURL, defaultOSVAPI)
+	}
+}
+
+func TestQueryRequest_Marshal(t *testing.T) {
+	body := QueryRequest{
+		Package: PackageID{PURL: "pkg:golang/github.com/foo/bar@v1.0.0"},
+		Version: "v1.0.0",
+	}
+	data, err := json.Marshal(body)
+	if err != nil {
+		t.Fatalf("marshal: %v", err)
+	}
+	// Ensure it produces valid JSON.
+	if len(data) == 0 {
+		t.Error("empty JSON")
+	}
+}