Fix TestCreateVulnerabilitiesMap tests

[eyalk007]

• All tests passed. If this feature is not already covered by the tests, I added new tests.
• This pull request is on the dev branch.
• I used gofmt for formatting the code before submitting the pull request.
• Update documentation about new features / new supported technologies

---

• Fix all test cases that were corrupted due to V3 changes
• Update vulnerability tests to use real SBOM structure from testdata files
• Add SBOM testdata files with proper JFrog catalog format:
  • sbom_with_vulnerabilities.json: Main vulnerability test with axios CVEs
  • sbom_multiple_vulns_same_pkg.json: Tests max version selection logic
  • sbom_no_fix_version.json: Tests that vulns without fixes are excluded
• Update violations test to use SecurityCommandResults.Violations field
• Add support for loading SBOM from testdata files in test runner

Test cases now properly validate:

• Vulnerabilities processed from SBOM format
• Violations processed from Violations field
• Max fix version selection when multiple CVEs affect same package
• Vulnerabilities without fix versions are not added to map

[github-actions]

📗 Scan Summary

• Frogbot scanned for vulnerabilities and found 1 issues

Scan Category	Status	Security Issues
Software Composition Analysis	ℹ️ Not Scanned	-
Contextual Analysis	✅ Done	-
Static Application Security Testing (SAST)	✅ Done	1 Issues Found 1 Medium
Secrets	✅ Done	-
Infrastructure as Code (IaC)	✅ Done	Not Found

---

🐸 JFrog Frogbot

[github-actions]

file

at file:///C:/Users/runneradmin/AppData/Local/Temp/jfrog.cli.temp.-1768822706-2146104482/scanrepository/scanrepository_test.go (line 929)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Medium	Untrusted stored value is included in web page content

Full description

Vulnerability Details

Rule ID:	go-stored-xss

Overview

Stored Cross-Site Scripting (XSS) is a type of vulnerability where malicious
scripts are injected into a web application and stored in a persistent state,
such as a database. When other users access the affected page, the stored
scripts are executed in their browsers, leading to various attacks.

Vulnerable example

func serveMessage(w http.ResponseWriter, r *http.Request) {
    db, _ := sql.Open("sqlite3", "test.db")
    message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
    fmt.Fprintf(w, "<h1>%s</h1>", message)
}

In this example, the serveMessage function retrieves a message from the
database and directly embeds it into an HTML response without proper escaping.
If the message contains malicious scripts, it can lead to Stored XSS attacks
when other users view the page.

Remediation

To mitigate Stored XSS vulnerabilities, always sanitize and encode user
input before storing it in a persistent state and before displaying it
to other users:

func serveMessage(w http.ResponseWriter, r *http.Request) {
    db, _ := sql.Open("sqlite3", "test.db")
    message := db.QueryRow("SELECT message FROM messages WHERE id = 1")
-   fmt.Fprintf(w, "<h1>%s</h1>", message)
+   fmt.Fprintf(w, "<h1>%s</h1>", html.EscapeString(message))
}

In the remediation, we've used the html.EscapeString function to escape
the message before embedding it into the HTML response. This helps prevent
the execution of malicious scripts and mitigates the Stored XSS vulnerability.

Code Flows

Vulnerable data flow analysis result

↘️ os.ReadFile(fmt.Sprintf("%s.tar.gz", projectName)) (at file:///C:/Users/runneradmin/AppData/Local/Temp/jfrog.cli.temp.-1768822706-2146104482/scanrepository/scanrepository_test.go line 927)

↘️ file (at file:///C:/Users/runneradmin/AppData/Local/Temp/jfrog.cli.temp.-1768822706-2146104482/scanrepository/scanrepository_test.go line 927)

↘️ file (at file:///C:/Users/runneradmin/AppData/Local/Temp/jfrog.cli.temp.-1768822706-2146104482/scanrepository/scanrepository_test.go line 929)

---

🐸 JFrog Frogbot