add tests

Signed-off-by: Lukas Hoehl <[email protected]>
guacsec · Oct 27, 2024 · f557457 · f557457
1 parent bc4ab4c
commit f557457
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/internal/testing/testdata/exampledata/certify-vuln.json b/internal/testing/testdata/exampledata/certify-vuln.json
@@ -1,9 +1,9 @@
 {
   "_type": "https://in-toto.io/Statement/v0.1",
   "subject": [
-      {
-        "uri": "pkg:maven/org.apache.logging.log4j/[email protected]"
-      }
+    {
+      "uri": "pkg:maven/org.apache.logging.log4j/[email protected]"
+    }
   ],
   "predicateType": "https://in-toto.io/attestation/vulns/v0.1",
   "predicate": {

diff --git a/pkg/ingestor/parser/vuln/vuln_test.go b/pkg/ingestor/parser/vuln/vuln_test.go
@@ -40,6 +40,7 @@ func TestParser(t *testing.T) {
 		doc     *processor.Document
 		wantCVs []assembler.CertifyVulnIngest
 		wantIVs []assembler.VulnEqualIngest
+		wantVMs []assembler.VulnMetadataIngest
 		wantErr bool
 	}{{
 		name: "valid vulnerability certifier document",
@@ -243,6 +244,18 @@ func TestParser(t *testing.T) {
 				},
 			},
 		},
+		wantVMs: []assembler.VulnMetadataIngest{
+			{
+				Vulnerability: &generated.VulnerabilityInputSpec{
+					Type:            "ghsa",
+					VulnerabilityID: "ghsa-7rjr-3q55-vv33",
+				},
+				VulnMetadata: &generated.VulnerabilityMetadataInputSpec{
+					ScoreType:  generated.VulnerabilityScoreTypeCvssv31,
+					ScoreValue: 10.0,
+				},
+			},
+		},
 		wantErr: false,
 	}, {
 		name: "no vulnerability certifier document with package digest",
@@ -287,6 +300,18 @@ func TestParser(t *testing.T) {
 		})
 		return out
 	})
+
+	vmSortOpt := cmp.Transformer("Sort", func(in []assembler.VulnMetadataIngest) []assembler.VulnMetadataIngest {
+		out := append([]assembler.VulnMetadataIngest(nil), in...)
+		sort.Slice(out, func(i, j int) bool {
+			return strings.Compare(out[i].Vulnerability.VulnerabilityID, out[j].Vulnerability.VulnerabilityID) > 0
+		})
+		return out
+	})
+	vmTimeCompareOpt := cmp.Comparer(func(x time.Time, y time.Time) bool {
+		return true
+	})
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			s := NewVulnCertificationParser()
@@ -304,6 +329,9 @@ func TestParser(t *testing.T) {
 			if diff := cmp.Diff(tt.wantIVs, ip.VulnEqual, ivSortOpt); diff != "" {
 				t.Errorf("Unexpected results. (-want +got):\n%s", diff)
 			}
+			if diff := cmp.Diff(tt.wantVMs, ip.VulnMetadata, vmSortOpt, vmTimeCompareOpt); diff != "" {
+				t.Errorf("Unexpected results. (-want +got):\n%s", diff)
+			}
 		})
 	}
 }