This repository has been archived by the owner on Aug 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main_test.go
70 lines (66 loc) · 2.43 KB
/
main_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package main
import (
"net/http"
"os"
"path/filepath"
"testing"
"github.com/tjgurwara99/mixtape"
"github.com/tjgurwara99/mixtape/player"
"golang.org/x/tools/go/packages"
"golang.org/x/vuln/client"
)
func setTestBuildDir(elems ...string) cfgOpts {
return func(c *packages.Config) error {
wd, err := os.Getwd()
if err != nil {
return err
}
data := []string{wd}
data = append(data, elems...)
c.Dir = filepath.Join(data...)
return nil
}
}
func TestRunVulnny(t *testing.T) {
cassette, err := mixtape.Load("testdata/vuln/cassette")
if err != nil {
t.Fatal(err)
}
transport := player.New(cassette, player.Record, http.DefaultTransport)
c := &http.Client{
Transport: transport,
}
sarif, err := runVulnny(client.Options{
HTTPClient: c,
}, setTestBuildDir("testdata", "vuln"))
if err != nil {
t.Fatal(err)
}
if len(sarif.Runs) != 1 {
t.Fatalf("expected 1 run, got %d", len(sarif.Runs))
}
if len(sarif.Runs[0].Results) != 1 {
t.Fatalf("expected 1 result, got %d", len(sarif.Runs[0].Results))
}
if sarif.Runs[0].Results[0].RuleID != "GO-2021-0113" {
t.Fatalf("expected rule ID to be GO-2021-0113, got %s", sarif.Runs[0].Results[0].RuleID)
}
if sarif.Runs[0].Results[0].Level != "error" {
t.Fatalf("expected level to be error, got %s", sarif.Runs[0].Results[0].Level)
}
if sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.ArtifactLocation.URI != "testdata/vuln/vuln.go" {
t.Fatalf("expected URI to be testdata/vuln/vuln.go, got %s", sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.ArtifactLocation.URI)
}
if sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.ArtifactLocation.URIBaseID != "%SRCROOT%" {
t.Fatalf("expected URI to be testdata/vuln/vuln.go, got %s", sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.ArtifactLocation.URI)
}
if sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.StartLine != 12 {
t.Fatalf("expected start line to be 12, got %d", sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.StartLine)
}
if sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.StartColumn != 16 {
t.Fatalf("expected start column to be 16, got %d", sarif.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.StartColumn)
}
if sarif.Runs[0].Results[0].Message.Text != "Vulnerable package golang.org/x/text is being used" {
t.Fatalf("expected message to be Vulnerable package golang.org/x/text is being used, got %s", sarif.Runs[0].Results[0].Message.Text)
}
}