Work on test cases

.devcontainer/devcontainer.json

@@ -5,7 +5,6 @@
         "ghcr.io/devcontainers-contrib/features/starship:1": {},
         "ghcr.io/azutake/devcontainer-features/go-packages-install:0": {
             "packages": [
-                "github.com/devops-kung-fu/hookz@latest",
                 "github.com/jandelgado/gcov2lcov@latest",
                 "github.com/kisielk/errcheck@latest",
                 "github.com/fzipp/gocyclo/cmd/gocyclo@latest",

.vscode/launch.json

@@ -216,6 +216,8 @@
             "args": [
                 "--provider=ossindex",
                 "--debug=true",
+                "--enrich=epss",
+                "--output=html",
                 "scan",
                 "./_TESTDATA_/sbom/railsgoat.cyclonedx.json"
             ]

enrichers/epss/epss_test.go

@@ -25,6 +25,13 @@ func TestEnrich(t *testing.T) {
 			Cve: "sonatype-2020-1214",
 		},
 	}
+
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+
+	httpmock.RegisterResponder("GET", "https://api.first.org/data/v1/epss",
+		httpmock.NewBytesResponder(200, epssTestResponse()))
+
 	enriched, err := enricher.Enrich(vulnerabilities, nil)
 
 	assert.NoError(t, err)
@@ -48,3 +55,34 @@ func TestEnrich_Error(t *testing.T) {
 	assert.Error(t, err)
 	assert.Contains(t, err.Error(), "EPSS API request failed with status code")
 }
+
+func epssTestResponse() []byte {
+	response := `
+	[
+		// {
+		// 	"coordinates": "pkg:gem/[email protected]",
+		// 	"description": "TZInfo provides daylight savings aware transformations between times in different time zones.",
+		// 	"reference": "https://ossindex.sonatype.org/component/pkg:gem/[email protected]?utm_source=mozilla&utm_medium=integration&utm_content=5.0",
+		// 	"vulnerabilities": [
+		// 	{
+		// 		"id": "CVE-2022-31163",
+		// 		"displayName": "CVE-2022-31163",
+		// 		"title": "[CVE-2022-31163] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+		// 		"description": "TZInfo... ",
+		// 		"cvssScore": 8.1,
+		// 		"cvssVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+		// 		"cwe": "CWE-22",
+		// 		"cve": "CVE-2022-31163",
+		// 		"reference": "https://ossindex.sonatype.org/vulnerability/CVE-2022-31163?component-type=gem&component-name=tzinfo&utm_source=mozilla&utm_medium=integration&utm_content=5.0",
+		// 		"externalReferences": [
+		// 			"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31163",
+		// 			"https://github.com/tzinfo/tzinfo/releases/tag/v0.3.61",
+		// 			"https://github.com/tzinfo/tzinfo/releases/tag/v1.2.10",
+		// 			"https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
+		// 		]
+		// 	}
+		// 	]
+		// }
+	]`
+	return []byte(response)
+}

lib/loader_test.go

@@ -163,7 +163,7 @@ func TestLoad_multiple_cyclonedx(t *testing.T) {
 
 func Test_LoadIgnore(t *testing.T) {
 	SetupTest()
-	afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644)
+	_ = afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644)
 
 	cves, err := l.LoadIgnore("test.ignore")
 	assert.NoError(t, err)

lib/scanner.go

@@ -99,7 +99,7 @@ func (s *Scanner) scanPackages(purls []string) (response []models.Package, err e
 
 	for k, p := range response {
 		if len(p.Vulnerabilities) == 0 {
-			slices.Delete(response, k, k)
+			_ = slices.Delete(response, k, k)
 		}
 	}
 

lib/scanner_test.go

@@ -103,6 +103,7 @@ func TestScanner_enrichVulnerabilities(t *testing.T) {
 		},
 	}
 
+	//TODO: MOCK THIS OUT.
 	scanner.enrichVulnerabilities(response)
 
 	assert.Len(t, response[0].Vulnerabilities, 2)

providers/providerfactory.go

@@ -20,7 +20,6 @@ func NewProvider(name string) (provider models.Provider, err error) {
 	case "snyk":
 		provider = snyk.Provider{}
 	default:
-
 		err = fmt.Errorf("%s is not a valid provider type", name)
 	}
 	return