Skip to content

Commit f064b53

Browse files
G-RathG-Rath
committed
test: expand case
1 parent 9bf6f70 commit f064b53

2 files changed

Lines changed: 40 additions & 18 deletions

File tree

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

Lines changed: 21 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1695,18 +1695,18 @@ Total 0 packages affected by 0 known vulnerabilities (0 Critical, 0 High, 0 Medi
16951695

16961696
---
16971697

1698-
[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_nothing - 1]
16991698
[TestCommand_CommitSupport/offline_uses_git_tags - 1]
1700-
Scanned <rootdir>/testdata/locks-git/osv-scanner.json file as a osv-scanner and found 2 packages
1699+
Scanned <rootdir>/testdata/locks-git/osv-scanner.json file as a osv-scanner and found 4 packages
17011700
Skipping commit scanning for: 45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0
17021701
Loaded GIT local db from <tempdir>/osv-scanner/GIT/all.zip
1703-
Total 1 package affected by 4 known vulnerabilities (2 Critical, 1 High, 0 Medium, 0 Low, 1 Unknown) from 1 ecosystem.
1702+
Total 2 packages affected by 5 known vulnerabilities (2 Critical, 1 High, 0 Medium, 0 Low, 2 Unknown) from 1 ecosystem.
17041703
0 vulnerabilities can be fixed.
17051704

17061705

17071706
+--------------------------------+------+-----------+--------------------------+--------------------------+---------------+-------------------------------------+
17081707
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
17091708
+--------------------------------+------+-----------+--------------------------+--------------------------+---------------+-------------------------------------+
1709+
| https://osv.dev/CVE-2025-4575 | | GIT | https://github.com/openssl/openssl@aea7aaf2 | -- | testdata/locks-git/osv-scanner.json |
17101710
| https://osv.dev/CVE-2016-10931 | 8.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
17111711
| https://osv.dev/CVE-2018-20997 | 9.8 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
17121712
| https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
@@ -1720,31 +1720,34 @@ Total 1 package affected by 4 known vulnerabilities (2 Critical, 1 High, 0 Mediu
17201720
---
17211721

17221722
[TestCommand_CommitSupport/online_uses_git_commits - 1]
1723-
Scanned <rootdir>/testdata/locks-git/osv-scanner.json file as a osv-scanner and found 2 packages
1724-
Total 2 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 1 Medium, 0 Low, 4 Unknown) from 1 ecosystem.
1723+
Scanned <rootdir>/testdata/locks-git/osv-scanner.json file as a osv-scanner and found 4 packages
1724+
Total 3 packages affected by 11 known vulnerabilities (3 Critical, 1 High, 2 Medium, 0 Low, 5 Unknown) from 1 ecosystem.
17251725
0 vulnerabilities can be fixed.
17261726

17271727

1728-
+--------------------------------+------+-----------+--------------------------+--------------------------+---------------+-------------------------------------+
1729-
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
1730-
+--------------------------------+------+-----------+--------------------------+--------------------------+---------------+-------------------------------------+
1731-
| https://osv.dev/CVE-2024-12797 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1732-
| https://osv.dev/CVE-2024-13176 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1733-
| https://osv.dev/CVE-2024-9143 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1734-
| https://osv.dev/CVE-2016-10931 | 8.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1735-
| https://osv.dev/CVE-2018-20997 | 9.8 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1736-
| https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1737-
| https://osv.dev/CVE-2023-6180 | 5.3 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1738-
| https://osv.dev/CVE-2025-3416 | | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1739-
+--------------------------------+------+-----------+-----------------------------------------------------+---------------+-------------------------------------+
1728+
+--------------------------------+------+-----------+----------------------------+-----------------------------+---------------+-------------------------------------+
1729+
| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE |
1730+
+--------------------------------+------+-----------+----------------------------+-----------------------------+---------------+-------------------------------------+
1731+
| https://osv.dev/CVE-2024-12797 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1732+
| https://osv.dev/CVE-2024-13176 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1733+
| https://osv.dev/CVE-2024-9143 | | GIT | https://github.com/openssl/openssl@45fda76b | -- | testdata/locks-git/osv-scanner.json |
1734+
| https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json |
1735+
| https://osv.dev/CVE-2023-6180 | 5.3 | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json |
1736+
| https://osv.dev/CVE-2025-3416 | | GIT | https://github.com/sfackler-fork/rust-openssl@3b064fdb | -- | testdata/locks-git/osv-scanner.json |
1737+
| https://osv.dev/CVE-2016-10931 | 8.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1738+
| https://osv.dev/CVE-2018-20997 | 9.8 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1739+
| https://osv.dev/CVE-2023-53159 | 9.1 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1740+
| https://osv.dev/CVE-2023-6180 | 5.3 | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1741+
| https://osv.dev/CVE-2025-3416 | | GIT | https://github.com/sfackler/rust-openssl@0f428d19 | -- | testdata/locks-git/osv-scanner.json |
1742+
+--------------------------------+------+-----------+----------------------------------------------------------+---------------+-------------------------------------+
17401743

17411744
---
17421745

17431746
[TestCommand_CommitSupport/online_uses_git_commits - 2]
17441747

17451748
---
17461749

1747-
[TestCommand_ExplicitExtractors/empty_plugins_flag_does_nothing - 1]
1750+
[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_nothing - 1]
17481751

17491752
---
17501753

cmd/osv-scanner/scan/source/testdata/locks-git/osv-scanner.json

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,17 +3,36 @@
33
{
44
"packages": [
55
{
6+
"//1": "version and commit are the same, so rust-openssl advisories should be reported",
7+
"//2": "note online reports CVE-2023-6180 as well due to matching commits for an implicit fork",
68
"package": {
79
"name": "https://github.com/sfackler/rust-openssl",
810
"commit": "0f428d190410263e4daa65b917c0e84707a9c0ef",
911
"version": "openssl-v0.8.1"
1012
}
1113
},
1214
{
15+
"//1": "repo is different to the advisory, so only online checking will report anything",
16+
"package": {
17+
"name": "https://github.com/sfackler-fork/rust-openssl",
18+
"commit": "3b064fdb022912bbb98f5b8d9d111aeb6fec8f79",
19+
"version": "openssl-v0.10.23"
20+
}
21+
},
22+
{
23+
"//1": "no version, so only online checking will report anything",
1324
"package": {
1425
"name": "https://github.com/openssl/openssl",
1526
"commit": "45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0"
1627
}
28+
},
29+
{
30+
"//1": "version is for 3.5.0 which is vulnerable to CVE-2025-3416, but commit is for 3.5.1 which is not",
31+
"package": {
32+
"name": "https://github.com/openssl/openssl",
33+
"commit": "aea7aaf2abb04789f5868cbabec406ea43aa84bf",
34+
"version": "openssl-3.5.0"
35+
}
1736
}
1837
]
1938
}

0 commit comments

Comments
 (0)