complete test assertion for new matcher

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
anchore · Apr 13, 2022 · 5522623 · 5522623
1 parent c498a27
commit 5522623
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 11 deletions.
diff --git a/grype/matcher/dpkg/matcher_test.go b/grype/matcher/dpkg/matcher_test.go
@@ -35,6 +35,7 @@ func TestMatcherDpkg_matchBySourceIndirection(t *testing.T) {
 
 	store := newMockProvider()
 	actual, err := matcher.matchUpstreamPackages(store, d, p)
+	assert.NoError(t, err, "unexpected err from matchUpstreamPackages", err)
 
 	assert.Len(t, actual, 2, "unexpected indirect matches count")
 

diff --git a/grype/matcher/java/matcher_mocks_test.go b/grype/matcher/java/matcher_mocks_test.go
@@ -3,20 +3,43 @@ package java
 import (
 	"github.com/anchore/grype/grype/distro"
 	"github.com/anchore/grype/grype/pkg"
+	"github.com/anchore/grype/grype/version"
 	"github.com/anchore/grype/grype/vulnerability"
 	syftPkg "github.com/anchore/syft/syft/pkg"
 )
 
 type mockProvider struct {
-	data map[string]map[string][]vulnerability.Vulnerability
+	data map[syftPkg.Language]map[string][]vulnerability.Vulnerability
+}
+
+func (mp *mockProvider) populateData() {
+	mp.data[syftPkg.Java] = map[string][]vulnerability.Vulnerability{
+		"org.springframework.spring-webmvc": {
+			{
+				Constraint: version.MustGetConstraint(">=5.0.0,<5.1.7", version.UnknownFormat),
+				ID:         "CVE-2014-fake-2",
+			},
+			{
+				Constraint: version.MustGetConstraint(">=5.0.1,<5.1.7", version.UnknownFormat),
+				ID:         "CVE-2013-fake-3",
+			},
+			// unexpected...
+			{
+				Constraint: version.MustGetConstraint(">=5.0.0,<5.0.7", version.UnknownFormat),
+				ID:         "CVE-2013-fake-BAD",
+			},
+		},
+	}
 }
 
 func newMockProvider() *mockProvider {
-	pr := mockProvider{
-		data: make(map[string]map[string][]vulnerability.Vulnerability),
+	mp := mockProvider{
+		data: make(map[syftPkg.Language]map[string][]vulnerability.Vulnerability),
 	}
 
-	return &pr
+	mp.populateData()
+
+	return &mp
 }
 
 type mockMavenSearcher struct {
@@ -33,14 +56,14 @@ func newMockSearcher(pkg pkg.Package) MavenSearcher {
 	}
 }
 
-func (pr *mockProvider) GetByCPE(p syftPkg.CPE) ([]vulnerability.Vulnerability, error) {
+func (mp *mockProvider) GetByCPE(p syftPkg.CPE) ([]vulnerability.Vulnerability, error) {
 	return []vulnerability.Vulnerability{}, nil
 }
 
-func (pr *mockProvider) GetByDistro(d *distro.Distro, p pkg.Package) ([]vulnerability.Vulnerability, error) {
+func (mp *mockProvider) GetByDistro(d *distro.Distro, p pkg.Package) ([]vulnerability.Vulnerability, error) {
 	return []vulnerability.Vulnerability{}, nil
 }
 
-func (pr *mockProvider) GetByLanguage(l syftPkg.Language, p pkg.Package) ([]vulnerability.Vulnerability, error) {
-	return []vulnerability.Vulnerability{}, nil
+func (mp *mockProvider) GetByLanguage(l syftPkg.Language, p pkg.Package) ([]vulnerability.Vulnerability, error) {
+	return mp.data[l][p.Name], nil
 }
diff --git a/grype/matcher/java/matcher_test.go b/grype/matcher/java/matcher_test.go
@@ -1,6 +1,9 @@
 package java
 
 import (
+	"github.com/anchore/grype/grype/match"
+	"github.com/anchore/grype/internal"
+	"github.com/stretchr/testify/require"
 	"testing"
 
 	"github.com/google/uuid"
@@ -13,8 +16,9 @@ import (
 func TestMatcherJava_matchUpstreamMavenPackage(t *testing.T) {
 	p := pkg.Package{
 		ID:           pkg.ID(uuid.NewString()),
-		Name:         "spring-webmvc",
+		Name:         "org.springframework.spring-webmvc",
 		Version:      "5.1.5.RELEASE",
+		Language:     syftPkg.Java,
 		Type:         syftPkg.JavaPkg,
 		MetadataType: pkg.JavaMetadataType,
 		Metadata: pkg.JavaMetadata{
@@ -30,10 +34,29 @@ func TestMatcherJava_matchUpstreamMavenPackage(t *testing.T) {
 		SearchMavenUpstream: true,
 		MavenSearcher:       newMockSearcher(p),
 	}
-
 	store := newMockProvider()
 	actual, _ := matcher.matchUpstreamMavenPackages(store, p)
 
-	assert.Len(t, actual, 0, "unexpected indirect matches count")
+	assert.Len(t, actual, 2, "unexpected matches count")
+
+	foundCVEs := internal.NewStringSet()
+	for _, v := range actual {
+		foundCVEs.Add(v.Vulnerability.ID)
+
+		require.NotEmpty(t, v.Details)
+		for _, d := range v.Details {
+			assert.Equal(t, match.ExactIndirectMatch, d.Type, "indirect match not indicated")
+			assert.Equal(t, matcher.Type(), d.Matcher, "failed to capture matcher type")
+		}
+		assert.Equal(t, p.Name, v.Package.Name, "failed to capture original package name")
+	}
 
+	for _, id := range []string{"CVE-2014-fake-2", "CVE-2013-fake-3"} {
+		if !foundCVEs.Contains(id) {
+			t.Errorf("missing discovered CVE: %s", id)
+		}
+	}
+	if t.Failed() {
+		t.Logf("discovered CVES: %+v", foundCVEs)
+	}
 }