Skip to content

Commit

Permalink
test: add output fixtures for call analysis (#1093)
Browse files Browse the repository at this point in the history 
These fixtures were based on the output from the
`cmd/osv-scanner/fixtures/call-analysis-go-project` fixture, though from
the struct I think it's pretty complete; the most notable thing is it
looks like call analysis does play favorites unlike most of the scanner:
only one advisory of a vulnerability will be marked as called/uncalled
regardless of how many aliases that vulnerability has.
  • Loading branch information
@G-Rath
G-Rath authored Jul 9, 2024
1 parent 1460154 commit e35bd05
Show file tree
Hide file tree
Showing 6 changed files with 2,922 additions and 451 deletions.
32 changes: 32 additions & 0 deletions internal/output/__snapshots__/githubannotation_test.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,22 @@
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_called_vulnerabilities_and_license_violations - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithMixedIssues/one_source_with_one_package,_one_called_vulnerability,_and_one_license_violation - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithMixedIssues/one_source_with_one_package,_one_uncalled_vulnerability,_and_one_license_violation - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---
Expand Down Expand Up @@ -91,6 +103,10 @@
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-5 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.2 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A| mine3 | https://osv.dev/OSV-3 | | 0.4.1 | |%0A| mine3 | https://osv.dev/OSV-5 | | 0.4.1 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities,_but_some_uncalled - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-5 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.2 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A| mine3 | https://osv.dev/OSV-3 | | 0.4.1 | |%0A| mine3 | https://osv.dev/OSV-5 | | 0.4.1 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_no_packages - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+
---
Expand All @@ -107,6 +123,18 @@
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package,_one_uncalled_vulnerability,_and_one_called_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+--------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+--------------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/GHSA-123 | | 1.2.3 | |%0A+---------+--------------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_one_called_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_one_uncalled_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---
Expand All @@ -115,6 +143,10 @@
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_uncalled_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+--------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+--------------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| | https://osv.dev/GHSA-123 | | | |%0A+---------+--------------------------+------+-----------------+---------------+
---

[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1]
::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+--------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+--------------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| | https://osv.dev/GHSA-123 | | | |%0A+---------+--------------------------+------+-----------------+---------------+
---
Expand Down
Loading

0 comments on commit e35bd05

Please sign in to comment.