Skip to content

Commit

Permalink
Fixes test cases and ignore loading functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
@djschleen
djschleen committed Feb 27, 2024
1 parent bc7907e commit 124d4ed
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 56 deletions.
5 changes: 2 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,8 @@ require (
)

require (
github.com/kr/pretty v0.3.0 // indirect
github.com/rogpeppe/go-internal v1.8.0 // indirect
golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect
github.com/kr/pretty v0.3.1 // indirect
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
golang.org/x/term v0.17.0 // indirect
)

Expand Down
24 changes: 6 additions & 18 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,9 @@ github.com/jedib0t/go-pretty/v6 v6.5.4 h1:gOGo0613MoqUcf0xCj+h/V3sHDaZasfv152G6/
github.com/jedib0t/go-pretty/v6 v6.5.4/go.mod h1:5LQIxa52oJ/DlDSLv0HEkWOFMDGoWkJb9ss5KqPpJBg=
github.com/kirinlabs/HttpRequest v1.1.1 h1:eBbFzpRd/Y7vQhRY30frHK3yAJiT1wDlB31Ryzyklc0=
github.com/kirinlabs/HttpRequest v1.1.1/go.mod h1:XV38fA4rXZox83tlEV9KIQ7Cdsut319x6NGzVLuRlB8=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
Expand All @@ -55,13 +54,10 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.6 h1:Sovz9sDSwbOz9tgUy8JpT+KgCkPYJEN/oYzlJiYTNLg=
github.com/rivo/uniseg v0.4.6/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
Expand All @@ -81,28 +77,20 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b h1:EqBVA+nNsObCwQoBEHy4wLU0pi7i8a4AL3pbItPdPkE=
golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI=
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
10 changes: 10 additions & 0 deletions lib/loader.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,16 @@ func (l *Loader) processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []mo

// LoadIgnore loads a list of CVEs entered one on each line from the filename
func (l *Loader) LoadIgnore(ignoreFile string) (cves []string, err error) {
if ignoreFile == "" {
return
}
log.Printf("Loading ignore file: %v\n", ignoreFile)
exists, err := l.Afs.Exists(ignoreFile)
if !exists {
log.Printf("ignore file not found: %v\n", ignoreFile)
return nil, fmt.Errorf("ignore file not found: %v", ignoreFile)
}
log.Printf("ignore file found: %v\n", ignoreFile)
f, err := l.Afs.Open(ignoreFile)
if err != nil {
log.Printf("error opening ignore: %v\n", err)
Expand Down
30 changes: 25 additions & 5 deletions lib/loader_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ func SetupTest() {
l = Loader{Afs: afs}
}

func TestLoad_cyclonedx(t *testing.T) {
func Test_Load_cyclonedx(t *testing.T) {
SetupTest()
err := afs.WriteFile("/test-cyclonedx.json", cyclonedx.TestBytes(), 0644)
assert.NoError(t, err)
Expand Down Expand Up @@ -71,7 +71,7 @@ func TestLoad_cyclonedx_stdin(t *testing.T) {
assert.NoError(t, err)
}

func TestLoad_SPDX(t *testing.T) {
func Test_Load_SPDX(t *testing.T) {
SetupTest()
err := afs.WriteFile("/test-spdx.json", spdx.TestBytes(), 0644)
assert.NoError(t, err)
Expand Down Expand Up @@ -109,7 +109,7 @@ func TestLoad_syft(t *testing.T) {
assert.Error(t, err)
}

func TestLoad_BadJSON_SPDX(t *testing.T) {
func Test_Load_BadJSON_SPDX(t *testing.T) {
SetupTest()
fudgedFile := spdx.TestBytes()
bogusString := "bogus"
Expand Down Expand Up @@ -161,7 +161,7 @@ func TestLoad_multiple_cyclonedx(t *testing.T) {
assert.Error(t, err)
}

func TestLoadIgnore(t *testing.T) {
func Test_LoadIgnore(t *testing.T) {
SetupTest()
afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644)

Expand All @@ -173,7 +173,27 @@ func TestLoadIgnore(t *testing.T) {
assert.Error(t, err)
}

func TestProcessCycloneDX_InvalidFormat(t *testing.T) {
func Test_LoadIgnoreData(t *testing.T) {
SetupTest()

err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644)
assert.NoError(t, err)

results, err := l.LoadIgnore("/.bomber.ignore")

assert.NoError(t, err)
assert.Len(t, results, 1)
assert.Equal(t, results[0], "CVE-2022-31163")

_, err = l.LoadIgnore("test")
assert.Error(t, err)

results, err = l.LoadIgnore("")
assert.NoError(t, err)
assert.Len(t, results, 0)
}

func Test_ProcessCycloneDX_InvalidFormat(t *testing.T) {

invalidFile := []byte("{{")

Expand Down
10 changes: 1 addition & 9 deletions lib/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (s *Scanner) scanPackages(purls []string) (response []models.Package, err e
}

// Load ignore data if specified
ignoredCVE, err := s.loadIgnoreData(s.IgnoreFile)
ignoredCVE, err := loader.LoadIgnore(s.IgnoreFile)
if err != nil {
util.PrintWarningf("Ignore flag set, but there was an error: %s", err)
}
Expand Down Expand Up @@ -134,14 +134,6 @@ func (s *Scanner) getProviderInfo() string {
return s.Provider.Info()
}

// loadIgnoreData loads the ignore data from a file if specified.
func (s *Scanner) loadIgnoreData(ignoreFile string) ([]string, error) {
if ignoreFile != "" {
return loader.LoadIgnore(ignoreFile)
}
return nil, nil
}

// filterVulnerabilities filters vulnerabilities based on severity.
func (s *Scanner) filterVulnerabilities(response []models.Package) {
if s.Severity != "" {
Expand Down
21 changes: 0 additions & 21 deletions lib/scanner_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,27 +37,6 @@ func Test_detectEcosystems(t *testing.T) {
assert.ElementsMatch(t, []string{"golang", "npm"}, result, "Detected ecosystems do not match expected result")
}

func Test_loadIgnoreData(t *testing.T) {
afs := &afero.Afero{Fs: afero.NewMemMapFs()}

err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644)
assert.NoError(t, err)

scanner := Scanner{}
results, err := scanner.loadIgnoreData("/.bomber.ignore")

assert.NoError(t, err)
assert.Len(t, results, 1)
assert.Equal(t, results[0], "CVE-2022-31163")

_, err = scanner.loadIgnoreData("test")
assert.Error(t, err)

results, err = scanner.loadIgnoreData("")
assert.NoError(t, err)
assert.Len(t, results, 0)
}

func TestScanner_Scan(t *testing.T) {
output := util.CaptureOutput(func() {
afs := &afero.Afero{Fs: afero.NewMemMapFs()}
Expand Down

0 comments on commit 124d4ed

Please sign in to comment.