Skip to content

Commit 81dc7a9

Browse files
raisa2010raisa2010
authored
feat: Add JSON marshal tests for dependabot alerts (#3480)
1 parent 6c46d71 commit 81dc7a9

File tree

1 file changed

+210
-0
lines changed

1 file changed

+210
-0
lines changed

github/dependabot_alerts_test.go

Lines changed: 210 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import (
1010
"fmt"
1111
"net/http"
1212
"testing"
13+
"time"
1314

1415
"github.com/google/go-cmp/cmp"
1516
)
@@ -177,3 +178,212 @@ func TestDependabotService_UpdateAlert(t *testing.T) {
177178
return resp, err
178179
})
179180
}
181+
182+
func TestDependency_Marshal(t *testing.T) {
183+
t.Parallel()
184+
testJSONMarshal(t, &Dependency{}, "{}")
185+
186+
h := &Dependency{
187+
Package: &VulnerabilityPackage{
188+
Ecosystem: Ptr("pip"),
189+
Name: Ptr("django"),
190+
},
191+
ManifestPath: Ptr("path/to/requirements.txt"),
192+
Scope: Ptr("runtime"),
193+
}
194+
195+
want := `{
196+
"package": {
197+
"ecosystem": "pip",
198+
"name": "django"
199+
},
200+
"manifest_path": "path/to/requirements.txt",
201+
"scope": "runtime"
202+
}`
203+
204+
testJSONMarshal(t, h, want)
205+
}
206+
207+
func TestAdvisoryCVSS_Marshal(t *testing.T) {
208+
t.Parallel()
209+
testJSONMarshal(t, &AdvisoryCVSS{}, "{}")
210+
211+
h := &AdvisoryCVSS{
212+
Score: Ptr(7.5),
213+
VectorString: Ptr("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"),
214+
}
215+
216+
want := `{
217+
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
218+
"score": 7.5
219+
}`
220+
221+
testJSONMarshal(t, h, want)
222+
}
223+
224+
func TestAdvisoryCWEs_Marshal(t *testing.T) {
225+
t.Parallel()
226+
testJSONMarshal(t, &AdvisoryCWEs{}, "{}")
227+
228+
h := &AdvisoryCWEs{
229+
CWEID: Ptr("CWE-200"),
230+
Name: Ptr("Exposure of Sensitive Information to an Unauthorized Actor"),
231+
}
232+
233+
want := `{
234+
"cwe_id": "CWE-200",
235+
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
236+
}`
237+
238+
testJSONMarshal(t, h, want)
239+
}
240+
241+
func TestDependabotSecurityAdvisory_Marshal(t *testing.T) {
242+
t.Parallel()
243+
testJSONMarshal(t, &DependabotSecurityAdvisory{}, "{}")
244+
245+
publishedAt, _ := time.Parse(time.RFC3339, "2018-10-03T21:13:54Z")
246+
updatedAt, _ := time.Parse(time.RFC3339, "2022-04-26T18:35:37Z")
247+
248+
h := &DependabotSecurityAdvisory{
249+
GHSAID: Ptr("GHSA-rf4j-j272-fj86"),
250+
CVEID: Ptr("CVE-2018-6188"),
251+
Summary: Ptr("Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive"),
252+
Description: Ptr("django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive."),
253+
Vulnerabilities: []*AdvisoryVulnerability{
254+
{
255+
Package: &VulnerabilityPackage{
256+
Ecosystem: Ptr("pip"),
257+
Name: Ptr("django"),
258+
},
259+
Severity: Ptr("high"),
260+
VulnerableVersionRange: Ptr(">= 2.0.0, < 2.0.2"),
261+
FirstPatchedVersion: &FirstPatchedVersion{Identifier: Ptr("2.0.2")},
262+
},
263+
{
264+
Package: &VulnerabilityPackage{
265+
Ecosystem: Ptr("pip"),
266+
Name: Ptr("django"),
267+
},
268+
Severity: Ptr("high"),
269+
VulnerableVersionRange: Ptr(">= 1.11.8, < 1.11.10"),
270+
FirstPatchedVersion: &FirstPatchedVersion{Identifier: Ptr("1.11.10")},
271+
},
272+
},
273+
Severity: Ptr("high"),
274+
CVSS: &AdvisoryCVSS{
275+
Score: Ptr(7.5),
276+
VectorString: Ptr("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"),
277+
},
278+
CWEs: []*AdvisoryCWEs{
279+
{
280+
CWEID: Ptr("CWE-200"),
281+
Name: Ptr("Exposure of Sensitive Information to an Unauthorized Actor"),
282+
},
283+
},
284+
Identifiers: []*AdvisoryIdentifier{
285+
{
286+
Type: Ptr("GHSA"),
287+
Value: Ptr("GHSA-rf4j-j272-fj86"),
288+
},
289+
{
290+
Type: Ptr("CVE"),
291+
Value: Ptr("CVE-2018-6188"),
292+
},
293+
},
294+
References: []*AdvisoryReference{
295+
{
296+
URL: Ptr("https://nvd.nist.gov/vuln/detail/CVE-2018-6188"),
297+
},
298+
{
299+
URL: Ptr("https://github.com/advisories/GHSA-rf4j-j272-fj86"),
300+
},
301+
{
302+
URL: Ptr("https://usn.ubuntu.com/3559-1/"),
303+
},
304+
{
305+
URL: Ptr("https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"),
306+
},
307+
{
308+
URL: Ptr("http://www.securitytracker.com/id/1040422"),
309+
},
310+
},
311+
PublishedAt: &Timestamp{publishedAt},
312+
UpdatedAt: &Timestamp{updatedAt},
313+
WithdrawnAt: nil,
314+
}
315+
316+
want := `{
317+
"ghsa_id": "GHSA-rf4j-j272-fj86",
318+
"cve_id": "CVE-2018-6188",
319+
"summary": "Django allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive",
320+
"description": "django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive.",
321+
"vulnerabilities": [
322+
{
323+
"package": {
324+
"ecosystem": "pip",
325+
"name": "django"
326+
},
327+
"severity": "high",
328+
"vulnerable_version_range": ">= 2.0.0, < 2.0.2",
329+
"first_patched_version": {
330+
"identifier": "2.0.2"
331+
}
332+
},
333+
{
334+
"package": {
335+
"ecosystem": "pip",
336+
"name": "django"
337+
},
338+
"severity": "high",
339+
"vulnerable_version_range": ">= 1.11.8, < 1.11.10",
340+
"first_patched_version": {
341+
"identifier": "1.11.10"
342+
}
343+
}
344+
],
345+
"severity": "high",
346+
"cvss": {
347+
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
348+
"score": 7.5
349+
},
350+
"cwes": [
351+
{
352+
"cwe_id": "CWE-200",
353+
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
354+
}
355+
],
356+
"identifiers": [
357+
{
358+
"type": "GHSA",
359+
"value": "GHSA-rf4j-j272-fj86"
360+
},
361+
{
362+
"type": "CVE",
363+
"value": "CVE-2018-6188"
364+
}
365+
],
366+
"references": [
367+
{
368+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6188"
369+
},
370+
{
371+
"url": "https://github.com/advisories/GHSA-rf4j-j272-fj86"
372+
},
373+
{
374+
"url": "https://usn.ubuntu.com/3559-1/"
375+
},
376+
{
377+
"url": "https://www.djangoproject.com/weblog/2018/feb/01/security-releases/"
378+
},
379+
{
380+
"url": "http://www.securitytracker.com/id/1040422"
381+
}
382+
],
383+
"published_at": "2018-10-03T21:13:54Z",
384+
"updated_at": "2022-04-26T18:35:37Z",
385+
"withdrawn_at": null
386+
}`
387+
388+
testJSONMarshal(t, h, want)
389+
}

0 commit comments

Comments
 (0)