122 lines
2.9 KiB
Go
122 lines
2.9 KiB
Go
package query
|
|
|
|
import (
|
|
"archive/zip"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"git.quad4.io/quad4-software/osv-server/internal/indexer"
|
|
)
|
|
|
|
func TestQueryDatabase(t *testing.T) {
|
|
tmpDir, _ := os.MkdirTemp("", "query-test-*")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
idx, _ := indexer.New(tmpDir)
|
|
defer idx.Close()
|
|
|
|
// Index some test data
|
|
zipPath := filepath.Join(tmpDir, "test.zip")
|
|
f, _ := os.Create(zipPath)
|
|
zw := zip.NewWriter(f)
|
|
w, _ := zw.Create("v1.json")
|
|
_, _ = w.Write([]byte(`{"id":"V1","summary":"S1","affected":[{"package":{"name":"p1","ecosystem":"e1"},"versions":["1.0.0"]}]}`))
|
|
zw.Close()
|
|
f.Close()
|
|
_ = idx.IndexZip(zipPath)
|
|
|
|
// Test simple package query
|
|
req := &QueryRequest{
|
|
Package: &PackageQuery{
|
|
Name: "p1",
|
|
Ecosystem: "e1",
|
|
},
|
|
}
|
|
resp, err := QueryDatabase(idx, req)
|
|
if err != nil {
|
|
t.Fatalf("Query failed: %v", err)
|
|
}
|
|
if len(resp.Vulns) != 1 || resp.Vulns[0].ID != "V1" {
|
|
t.Errorf("Expected V1, got %+v", resp)
|
|
}
|
|
|
|
// Test version query
|
|
req.Version = "1.0.0"
|
|
resp, _ = QueryDatabase(idx, req)
|
|
if len(resp.Vulns) != 1 {
|
|
t.Errorf("Expected 1 vuln for version 1.0.0, got %d", len(resp.Vulns))
|
|
}
|
|
|
|
req.Version = "2.0.0"
|
|
resp, _ = QueryDatabase(idx, req)
|
|
if len(resp.Vulns) != 0 {
|
|
t.Errorf("Expected 0 vulns for version 2.0.0, got %d", len(resp.Vulns))
|
|
}
|
|
}
|
|
|
|
func TestMatches(t *testing.T) {
|
|
vuln := &Vulnerability{
|
|
ID: "V1",
|
|
Affected: []Affected{
|
|
{
|
|
Package: PackageInfo{Name: "p1", Ecosystem: "e1"},
|
|
Versions: []string{"1.0.0"},
|
|
Ranges: []Range{
|
|
{
|
|
Type: "SEMVER",
|
|
Events: []Event{
|
|
{Introduced: "2.0.0", Fixed: "2.1.0"},
|
|
},
|
|
},
|
|
{
|
|
Type: "GIT",
|
|
Events: []Event{
|
|
{Introduced: "commit1"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
tests := []struct {
|
|
req *QueryRequest
|
|
want bool
|
|
}{
|
|
{&QueryRequest{Package: &PackageQuery{Name: "p1", Ecosystem: "e1"}}, true},
|
|
{&QueryRequest{Package: &PackageQuery{Name: "p1", Ecosystem: "e1"}, Version: "1.0.0"}, true},
|
|
{&QueryRequest{Package: &PackageQuery{Name: "p1", Ecosystem: "e1"}, Version: "2.0.5"}, true},
|
|
{&QueryRequest{Package: &PackageQuery{Name: "p1", Ecosystem: "e1"}, Version: "2.1.0"}, false},
|
|
{&QueryRequest{Commit: "commit1"}, true},
|
|
{&QueryRequest{Commit: "unknown"}, false},
|
|
{&QueryRequest{Package: &PackageQuery{Name: "unknown", Ecosystem: "e1"}}, false},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
if got := matches(tt.req, vuln); got != tt.want {
|
|
t.Errorf("matches(%+v) = %v, want %v", tt.req, got, tt.want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestCompareVersions(t *testing.T) {
|
|
tests := []struct {
|
|
v1, v2 string
|
|
want int
|
|
}{
|
|
{"1.0.0", "1.0.0", 0},
|
|
{"1.0.0", "1.1.0", -1},
|
|
{"1.1.0", "1.0.0", 1},
|
|
{"v1.0.0", "1.0.0", 0},
|
|
{"1.2", "1.10", -1}, // String comparison behavior in current implementation
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
got := compareVersions(tt.v1, tt.v2)
|
|
if got != tt.want {
|
|
t.Errorf("compareVersions(%s, %s) = %d, want %d", tt.v1, tt.v2, got, tt.want)
|
|
}
|
|
}
|
|
}
|