Skip to content

Commit ee57ce6

Browse files
committed
test: cover --offline-vulnerabilities transitive scanning
1 parent cbffafe commit ee57ce6

2 files changed

Lines changed: 32 additions & 0 deletions

File tree

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5718,6 +5718,33 @@ No issues found
57185718

57195719
---
57205720

5721+
[TestCommand_Transitive/pom.xml_offline_vulnerabilities_keeps_transitive - 1]
5722+
Scanning dir ./testdata/maven-transitive/pom.xml
5723+
Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package
5724+
Warning: enricher transitivedependency/pomxml may be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts.
5725+
Loaded Maven local db from <tempdir>/osv-scanner/Maven/all.zip
5726+
5727+
Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
5728+
7 vulnerabilities can be fixed.
5729+
5730+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5731+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
5732+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5733+
| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml |
5734+
| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml |
5735+
| https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/pom.xml |
5736+
| https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/pom.xml |
5737+
| https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/pom.xml |
5738+
| https://osv.dev/GHSA-p6xc-xr62-6r2g | 8.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.0 | testdata/maven-transitive/pom.xml |
5739+
| https://osv.dev/GHSA-vc5p-v9hr-52mj | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.3 | testdata/maven-transitive/pom.xml |
5740+
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+
5741+
5742+
---
5743+
5744+
[TestCommand_Transitive/pom.xml_offline_vulnerabilities_keeps_transitive - 2]
5745+
5746+
---
5747+
57215748
[TestCommand_Transitive/pom.xml_transitive_default - 1]
57225749
Scanning dir ./testdata/maven-transitive/pom.xml
57235750
Scanned <rootdir>/testdata/maven-transitive/pom.xml file and found 1 package

cmd/osv-scanner/scan/source/command_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1343,6 +1343,11 @@ func TestCommand_Transitive(t *testing.T) {
13431343
// Direct dependencies do not have any vulnerability.
13441344
Exit: 0,
13451345
},
1346+
{
1347+
Name: "pom.xml_offline_vulnerabilities_keeps_transitive",
1348+
Args: []string{"", "source", "--offline-vulnerabilities", "--download-offline-databases", "./testdata/maven-transitive/pom.xml"},
1349+
Exit: 1,
1350+
},
13461351
{
13471352
Name: "pom.xml_enricher_requires_extractor",
13481353
Args: []string{"", "source", "--experimental-disable-plugins=java/pomxml", "./testdata/maven-transitive/abc.xml"},

0 commit comments

Comments
 (0)