90 lines
1.7 KiB
Go
90 lines
1.7 KiB
Go
package vulnscan
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
)
|
|
|
|
func TestParseCVSS(t *testing.T) {
|
|
v := OSVVuln{
|
|
ID: "CVE-2024-0001",
|
|
Severity: []Severity{
|
|
{Type: "CVSS_V3", Score: "7.5"},
|
|
},
|
|
}
|
|
score := parseCVSS(v)
|
|
if score != 7.5 {
|
|
t.Errorf("expected 7.5, got %f", score)
|
|
}
|
|
}
|
|
|
|
func TestParseCVSS_NoScore(t *testing.T) {
|
|
v := OSVVuln{
|
|
ID: "GHSA-xxxx",
|
|
}
|
|
score := parseCVSS(v)
|
|
if score != 0 {
|
|
t.Errorf("expected 0 for no severity, got %f", score)
|
|
}
|
|
}
|
|
|
|
func TestExtractFixedVersion(t *testing.T) {
|
|
v := OSVVuln{
|
|
Affected: []Affected{
|
|
{
|
|
Ranges: []AffectedRange{
|
|
{
|
|
Events: []RangeEvent{
|
|
{Introduced: "0"},
|
|
{Fixed: "1.2.3"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
fixed := extractFixedVersion(v)
|
|
if fixed != "1.2.3" {
|
|
t.Errorf("expected 1.2.3, got %s", fixed)
|
|
}
|
|
}
|
|
|
|
func TestExtractFixedVersion_None(t *testing.T) {
|
|
v := OSVVuln{}
|
|
fixed := extractFixedVersion(v)
|
|
if fixed != "" {
|
|
t.Errorf("expected empty, got %s", fixed)
|
|
}
|
|
}
|
|
|
|
func TestTruncateStr(t *testing.T) {
|
|
if truncateStr("short", 10) != "short" {
|
|
t.Error("should not truncate short strings")
|
|
}
|
|
if truncateStr("this is a long string", 10) != "this is a ..." {
|
|
t.Errorf("got %q", truncateStr("this is a long string", 10))
|
|
}
|
|
}
|
|
|
|
func TestNewClient(t *testing.T) {
|
|
c := NewClient()
|
|
if c.baseURL != defaultOSVAPI {
|
|
t.Errorf("baseURL = %s, want %s", c.baseURL, defaultOSVAPI)
|
|
}
|
|
}
|
|
|
|
func TestQueryRequest_Marshal(t *testing.T) {
|
|
body := QueryRequest{
|
|
Package: PackageID{PURL: "pkg:golang/github.com/foo/bar@v1.0.0"},
|
|
Version: "v1.0.0",
|
|
}
|
|
data, err := json.Marshal(body)
|
|
if err != nil {
|
|
t.Fatalf("marshal: %v", err)
|
|
}
|
|
// Ensure it produces valid JSON.
|
|
if len(data) == 0 {
|
|
t.Error("empty JSON")
|
|
}
|
|
}
|