add unit test

DependencyTrack · Jan 18, 2024 · c2c52a3 · c2c52a3
1 parent 5435656
commit c2c52a3
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 6 deletions.
diff --git a/src/main/java/org/dependencytrack/parser/github/graphql/GitHubSecurityAdvisoryParser.java b/src/main/java/org/dependencytrack/parser/github/graphql/GitHubSecurityAdvisoryParser.java
@@ -43,7 +43,9 @@ public PageableList parse(final JSONObject object) {
                     for (int i = 0; i < securityAdvisoriesNodes.length(); i++) {
                         final JSONObject securityAdvisory = securityAdvisoriesNodes.getJSONObject(i);
                         final GitHubSecurityAdvisory advisory = parseSecurityAdvisory(securityAdvisory);
-                        advisories.add(advisory);
+                        if (advisory != null) {
+                            advisories.add(advisory);
+                        }
                     }
                 }
                 pageableList.setTotalCount(securityAdvisories.optInt("totalCount"));
@@ -65,10 +67,10 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JSONObject object) {
 
         // initial check if advisory is valid or withdrawn
         String withdrawnAt = object.optString("withdrawnAt", null);
-        if(object == null || withdrawnAt != null) {
+        if (object == null || withdrawnAt != null) {
             return null;
         }
-        
+
         advisory.setDatabaseId(object.getInt("databaseId"));
         advisory.setDescription(object.optString("description", null));
         advisory.setGhsaId(object.optString("ghsaId", null));
@@ -84,7 +86,7 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JSONObject object) {
 
         final JSONArray identifiers = object.optJSONArray("identifiers");
         if (identifiers != null) {
-            for (int i=0; i<identifiers.length(); i++) {
+            for (int i = 0; i < identifiers.length(); i++) {
                 final JSONObject identifier = identifiers.getJSONObject(i);
                 final String type = identifier.optString("type", null);
                 final String value = identifier.optString("value", null);
@@ -97,7 +99,7 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JSONObject object) {
 
         final JSONArray references = object.optJSONArray("references");
         if (references != null) {
-            for (int i=0; i<references.length(); i++) {
+            for (int i = 0; i < references.length(); i++) {
                 final String url = references.optJSONObject(i).optString("url", null);
                 if (url != null) {
                     advisory.addReference(url);
@@ -140,7 +142,7 @@ private List<GitHubVulnerability> parseVulnerabilities(final JSONObject object)
         if (vs != null) {
             final JSONArray edges = vs.optJSONArray("edges");
             if (edges != null) {
-                for (int i=0; i<edges.length(); i++) {
+                for (int i = 0; i < edges.length(); i++) {
                     final JSONObject node = edges.getJSONObject(i).optJSONObject("node");
                     if (node != null) {
                         GitHubVulnerability vulnerability = parseVulnerability(node);

diff --git a/src/test/java/org/dependencytrack/parser/github/GitHubSecurityAdvisoryParserTest.java b/src/test/java/org/dependencytrack/parser/github/GitHubSecurityAdvisoryParserTest.java
@@ -0,0 +1,28 @@
+package org.dependencytrack.parser.github;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.List;
+
+import org.dependencytrack.parser.github.graphql.GitHubSecurityAdvisoryParser;
+import org.dependencytrack.parser.github.graphql.model.GitHubSecurityAdvisory;
+import org.json.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class GitHubSecurityAdvisoryParserTest {
+
+    GitHubSecurityAdvisoryParser parser = new GitHubSecurityAdvisoryParser();
+
+    @Test
+    public void testWithdrawnAdvisory() throws IOException {
+
+        String jsonFile = "src/test/resources/unit/github.jsons/GHSA-8v27-2fg9-7h62.json";
+        String jsonString = new String(Files.readAllBytes(Paths.get(jsonFile)));
+        JSONObject jsonObject = new JSONObject(jsonString);
+        List<GitHubSecurityAdvisory> advisories = parser.parse(jsonObject).getAdvisories();
+        Assert.assertEquals(0, advisories.size());
+    }
+
+}
diff --git a/src/test/resources/unit/github.jsons/GHSA-8v27-2fg9-7h62.json b/src/test/resources/unit/github.jsons/GHSA-8v27-2fg9-7h62.json
@@ -0,0 +1,13 @@
+{
+  "data": {
+    "securityAdvisories": {
+      "pageInfo": {},
+      "nodes": [
+        {
+          "id": "GHSA-8v27-2fg9-7h62",
+          "withdrawnAt": "2021-05-04T20:26:20Z"
+        }
+      ]
+    }
+  }
+}