Skip to content

Commit

Permalink
test: add qualified purl assertion to the osv test
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctron
ctron committed Oct 7, 2024
1 parent 5d02060 commit 0d35ee5
Showing 1 changed file with 65 additions and 5 deletions.
70 changes: 65 additions & 5 deletions modules/fundamental/tests/advisory/osv/reingest.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ use test_context::test_context;
use test_log::test;
use trustify_common::purl::Purl;
use trustify_module_fundamental::{
purl::service::PurlService, vulnerability::service::VulnerabilityService,
purl::{model::details::purl::PurlStatus, service::PurlService},
vulnerability::{model::VulnerabilityHead, service::VulnerabilityService},
};
use trustify_module_ingestor::common::Deprecation;
use trustify_test_context::TrustifyContext;
Expand Down Expand Up @@ -72,15 +73,17 @@ async fn withdrawn(ctx: &TrustifyContext) -> anyhow::Result<()> {

let service = PurlService::new(ctx.db.clone());
let purls = service
.base_purls(Default::default(), Default::default(), ())
.purls(Default::default(), Default::default(), ())
.await?;

println!("PURLs: {purls:#?}");

let purl = purls
.items
.iter()
.find(|purl| purl.head.purl.name == "commonmark")
.find(|purl| {
purl.head.purl.name == "commonmark" || purl.head.purl.version.as_deref() == Some("1.0")
})
.expect("must find one");

assert_eq!(
Expand All @@ -89,12 +92,69 @@ async fn withdrawn(ctx: &TrustifyContext) -> anyhow::Result<()> {
ty: "cran".to_string(),
namespace: None,
name: "commonmark".to_string(),
version: None,
version: Some("1.0".to_string()),
qualifiers: Default::default(),
}
);

// TODO: check status via purl version ranges
// get vuln by purl

let mut purl = service
.purl_by_uuid(&purl.head.uuid, Deprecation::Consider, ())
.await?
.expect("must find something");

// must be 2, as we consider deprecated ones too

assert_eq!(purl.advisories.len(), 2);
purl.advisories
.sort_unstable_by(|a, b| a.head.modified.cmp(&b.head.modified));
let adv1 = &purl.advisories[0];
let adv2 = &purl.advisories[1];

assert_eq!(adv1.head.identifier, "RSEC-2023-6");
assert_eq!(adv2.head.identifier, "RSEC-2023-6");

// now check the details

assert_eq!(
adv1.status,
vec![PurlStatus {
vulnerability: VulnerabilityHead {
normative: true,
identifier: "CVE-2020-5238".to_string(),
title: None,
description: None,
published: None,
modified: None,
withdrawn: None,
discovered: None,
released: None,
cwes: vec![],
},
status: "affected".to_string(),
context: None,
}]
);
assert_eq!(
adv2.status,
vec![PurlStatus {
vulnerability: VulnerabilityHead {
normative: true,
identifier: "CVE-2020-5238".to_string(),
title: None,
description: None,
published: None,
modified: None,
withdrawn: None,
discovered: None,
released: None,
cwes: vec![],
},
status: "affected".to_string(),
context: None,
}]
);

// done

Expand Down

0 comments on commit 0d35ee5

Please sign in to comment.