Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(db): add unit test #140

Merged
merged 10 commits into from
Sep 6, 2024
Merged

test(db): add unit test #140

merged 10 commits into from
Sep 6, 2024

Conversation

Pueringni3
Copy link
Contributor

@Pueringni3 Pueringni3 commented Sep 5, 2024
edited by MaineK00n
Loading

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

Add test code for db/redis

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

by unit test CI

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
@MaineK00n MaineK00n changed the title Add testcode of redis test(db): add unit test Sep 5, 2024
MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 5, 2024
View reviewed changes
@MaineK00n
Copy link
Collaborator

I wrote an RDB (SQLite3) test for GetKEVByMultiCveID.

package db_test

import (
	"testing"
	"time"

	"github.com/google/go-cmp/cmp"
	"github.com/google/go-cmp/cmp/cmpopts"

	"github.com/vulsio/go-kev/db"
	"github.com/vulsio/go-kev/models"
	"github.com/vulsio/go-kev/utils"
)

func TestRDBDriver_GetKEVByMultiCveID(t *testing.T) {
	type args struct {
		cveIDs []string
	}
	tests := []struct {
		name    string
		args    args
		want    map[string]db.Response
		wantErr bool
	}{
		{
			name: "happy",
			args: args{
				cveIDs: []string{"CVE-2021-27104"},
			},
			want: map[string]db.Response{
				"CVE-2021-27104": {
					[]models.KEVuln{
						{
							CveID:                      "CVE-2021-27104",
							VendorProject:              "Accellion",
							Product:                    "FTA",
							VulnerabilityName:          "Accellion FTA OS Command Injection Vulnerability",
							DateAdded:                  time.Date(2021, 11, 3, 0, 0, 0, 0, time.UTC),
							ShortDescription:           "Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.",
							RequiredAction:             "Apply updates per vendor instructions.",
							DueDate:                    time.Date(2021, 11, 17, 0, 0, 0, 0, time.UTC),
							KnownRansomwareCampaignUse: "Known",
							Notes:                      "",
						},
					},
					[]models.VulnCheck{
						{
							VendorProject:              "Accellion",
							Product:                    "FTA",
							Description:                "Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.",
							Name:                       "Accellion FTA OS Command Injection Vulnerability",
							RequiredAction:             "Apply updates per vendor instructions.",
							KnownRansomwareCampaignUse: "Known",
							CVE: []models.VulnCheckCVE{
								{
									CveID: "CVE-2021-27104",
								},
							},
							VulnCheckXDB: []models.VulnCheckXDB{},
							VulnCheckReportedExploitation: []models.VulnCheckReportedExploitation{
								{
									URL:       "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
									DateAdded: time.Date(2021, 11, 3, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://unit42.paloaltonetworks.com/clop-ransomware/",
									DateAdded: time.Date(2021, 4, 13, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-double-extortion-and-beyond-revil-clop-and-conti",
									DateAdded: time.Date(2021, 6, 3, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf",
									DateAdded: time.Date(2022, 1, 26, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf",
									DateAdded: time.Date(2022, 3, 24, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://static.tenable.com/marketing/whitepapers/Whitepaper-Ransomware_Ecosystem.pdf",
									DateAdded: time.Date(2022, 6, 22, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.group-ib.com/resources/research-hub/hi-tech-crime-trends-2022/",
									DateAdded: time.Date(2023, 1, 17, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation",
									DateAdded: time.Date(2023, 6, 3, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/",
									DateAdded: time.Date(2023, 7, 26, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.sentinelone.com/resources/watchtower-end-of-year-report-2023/",
									DateAdded: time.Date(2021, 11, 3, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/defending-the-energy-sector-against-cyber-threats-insights-from-trustwave-spiderlabs/",
									DateAdded: time.Date(2024, 5, 15, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://cisa.gov/news-events/cybersecurity-advisories/aa21-055a",
									DateAdded: time.Date(2021, 6, 17, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a",
									DateAdded: time.Date(2021, 8, 20, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://cisa.gov/news-events/alerts/2022/04/27/2021-top-routinely-exploited-vulnerabilities",
									DateAdded: time.Date(2022, 4, 28, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://cisa.gov/news-events/cybersecurity-advisories/aa22-117a",
									DateAdded: time.Date(2022, 4, 28, 0, 0, 0, 0, time.UTC),
								},
								{
									URL:       "https://www.hhs.gov/sites/default/files/threat-profile-june-2023.pdf",
									DateAdded: time.Date(2023, 06, 13, 0, 0, 0, 0, time.UTC),
								},
							},
							DueDate:       utils.ToPtr(time.Date(2021, 11, 17, 0, 0, 0, 0, time.UTC)),
							CisaDateAdded: utils.ToPtr(time.Date(2021, 11, 3, 0, 0, 0, 0, time.UTC)),
							DateAdded:     time.Date(2021, 4, 13, 0, 0, 0, 0, time.UTC),
						},
					},
				},
			},
		},
	}

	driver, err := db.NewDB("sqlite3", ":memory:", false, db.Option{})
	if err != nil {
		t.Fatalf("Failed to new sqlite3 driver. err: %s", err)
	}
	defer driver.CloseDB()

	if err := prepareTestData(driver); err != nil {
		t.Fatalf("Failed to prepare testdata of KEV. err: %s", err)
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := driver.GetKEVByMultiCveID(tt.args.cveIDs)
			if (err != nil) != tt.wantErr {
				t.Errorf("RDBDriver.GetKEVByMultiCveID() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if diff := cmp.Diff(got, tt.want,
				cmpopts.IgnoreFields(models.KEVuln{}, "ID"),
				cmpopts.IgnoreFields(models.VulnCheck{}, "ID"),
				cmpopts.IgnoreFields(models.VulnCheckCVE{}, "ID", "VulnCheckID"),
				cmpopts.IgnoreFields(models.VulnCheckXDB{}, "ID", "VulnCheckID"),
				cmpopts.IgnoreFields(models.VulnCheckReportedExploitation{}, "ID", "VulnCheckID"),
			); diff != "" {
				t.Errorf("RDBDriver.GetKEVByMultiCveID(): (-got +want)\n%s", diff)
			}
		})
	}
}

Pueringni3 and others added 7 commits September 6, 2024 09:57
@Pueringni3 @MaineK00n
Update db/common.go
ed8f2b2 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
@Pueringni3 @MaineK00n
Update db/redis_test.go
5e70019 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
@Pueringni3 @MaineK00n
Apply suggestions from code review
4a4183c 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
@Pueringni3
fix
635c68f
@Pueringni3
Merge branch 'add/redis-test' of https://github.com/Pueringni3/go-kev
14a5111 
…into add/redis-test
@Pueringni3
fix unexported func
41dffb5
@Pueringni3
add rdb test
d7d70b8
@Pueringni3
Copy link
Contributor Author

thank you for review & comment.

I wrote an RDB (SQLite3) test for GetKEVByMultiCveID.

I added this file

@Pueringni3 Pueringni3 requested a review from MaineK00n September 6, 2024 01:41
MaineK00n
MaineK00n reviewed Sep 6, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 6, 2024
View reviewed changes
MaineK00n
MaineK00n reviewed Sep 6, 2024
View reviewed changes
@MaineK00n MaineK00n merged commit 3312d31 into vulsio:main Sep 6, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaineK00n MaineK00n MaineK00n left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Pueringni3 @MaineK00n