Skip to content

Commit

Permalink
test(VulnerableCode): Improve the funTest template
Browse files Browse the repository at this point in the history
Add assertions about severities reported by the NVD. See [1] for
context.

[1]: #7742

Signed-off-by: Sebastian Schuberth <[email protected]>
  • Loading branch information
sschuberth committed Nov 1, 2023
1 parent c95dd74 commit fc10c12
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions advisor/src/funTest/kotlin/VulnerableCodeFunTest.kt
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@ package org.ossreviewtoolkit.advisor

import io.kotest.core.spec.style.StringSpec
import io.kotest.matchers.collections.shouldContainAll
import io.kotest.matchers.shouldBe

import org.ossreviewtoolkit.advisor.advisors.VulnerableCode
import org.ossreviewtoolkit.advisor.advisors.VulnerableCodeConfiguration
import org.ossreviewtoolkit.model.Identifier
import org.ossreviewtoolkit.model.Package
import org.ossreviewtoolkit.model.utils.toPurl
import org.ossreviewtoolkit.utils.test.shouldNotBeNull

class VulnerableCodeFunTest : StringSpec({
// Enter an API key to enable the test.
Expand All @@ -39,10 +41,19 @@ class VulnerableCodeFunTest : StringSpec({

val findings = vc.retrievePackageFindings(setOf(pkg))

findings.values.flatMap { it.vulnerabilities }.map { it.id } shouldContainAll setOf(
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2023-2976"
)
with(findings.values.flatMap { it.vulnerabilities }.associateBy { it.id }) {
keys shouldContainAll setOf(
"CVE-2018-10237",
"CVE-2020-8908",
"CVE-2023-2976"
)

getValue("CVE-2023-2976").references.find {
it.url.toString() == "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
} shouldNotBeNull {
severity shouldBe "7.1"
severityRating shouldBe "HIGH"
}
}
}
})

0 comments on commit fc10c12

Please sign in to comment.