Skip to content

Commit 10ba3e1

Browse files
committed
test: cover --offline-vulnerabilities transitive scanning
1 parent 1b40e02 commit 10ba3e1

2 files changed

Lines changed: 32 additions & 0 deletions

File tree

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5826,6 +5826,33 @@ No issues found
58265826

58275827
---
58285828

5829+
[TestCommand_Transitive/pom.xml_offline_vulnerabilities_keeps_transitive - 1]
5830+
Scanning dir ./testdata/maven-transitive/pom.xml
5831+
Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package
5832+
Warning: enricher transitivedependency/pomxml may be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts.
5833+
Loaded Maven local db from <tempdir>/osv-scanner/Maven/all.zip
5834+
5835+
Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
5836+
7 vulnerabilities can be fixed.
5837+
5838+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5839+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
5840+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5841+
| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml |
5842+
| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml |
5843+
| https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/pom.xml |
5844+
| https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/pom.xml |
5845+
| https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/pom.xml |
5846+
| https://osv.dev/GHSA-p6xc-xr62-6r2g | 8.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.0 | testdata/maven-transitive/pom.xml |
5847+
| https://osv.dev/GHSA-vc5p-v9hr-52mj | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.3 | testdata/maven-transitive/pom.xml |
5848+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5849+
5850+
---
5851+
5852+
[TestCommand_Transitive/pom.xml_offline_vulnerabilities_keeps_transitive - 2]
5853+
5854+
---
5855+
58295856
[TestCommand_Transitive/pom.xml_transitive_default - 1]
58305857
Scanning dir ./testdata/maven-transitive/pom.xml
58315858
Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package

cmd/osv-scanner/scan/source/command_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1348,6 +1348,11 @@ func TestCommand_Transitive(t *testing.T) {
13481348
// Direct dependencies do not have any vulnerability.
13491349
Exit: 0,
13501350
},
1351+
{
1352+
Name: "pom.xml_offline_vulnerabilities_keeps_transitive",
1353+
Args: []string{"", "source", "--offline-vulnerabilities", "--download-offline-databases", "./testdata/maven-transitive/pom.xml"},
1354+
Exit: 1,
1355+
},
13511356
{
13521357
Name: "pom.xml_enricher_requires_extractor",
13531358
Args: []string{"", "source", "--experimental-disable-plugins=java/pomxml", "./testdata/maven-transitive/abc.xml"},

0 commit comments

Comments
 (0)