safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-10 13:43:01 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity

Merge pull request #517 from safedep/chore/updateDeps

Browse Source 
Updated deps and minor refactoring
This commit is contained in:
Omkar Phansopkar 2025-06-24 15:21:47 +05:30 committed by GitHub
commit 200257bab3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 75 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/ci.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
with:
go-version: 1.24
go-version: 1.24.3
check-latest: true
- name: Build and Test
@ -52,7 +52,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
with:
go-version: 1.24
go-version: 1.24.3
check-latest: true
- name: Build vet

2
.github/workflows/codeql.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
with:
go-version: 1.24
go-version: 1.24.3
check-latest: true
- name: Initialize CodeQL

2
.github/workflows/golangci-lint.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
steps:
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
with:
go-version: 1.24
go-version: 1.24.3
cache: false
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- name: golangci-lint

2
.github/workflows/goreleaser.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
with:
go-version: 1.24
go-version: 1.24.3
check-latest: true
- name: ghcr-login
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1

3
.gitignore vendored
View File

@ -23,3 +23,6 @@
dist/
/.env.dev
.vscode/
# MacOS specific files
**/.DS_Store

2
.tool-versions
View File

@ -1,2 +1,2 @@
golang 1.24.1
golang 1.24.3
gitleaks 8.16.4

2
CONTRIBUTING.md
View File

@ -33,7 +33,7 @@ When contributing changes to repository, follow these steps:
### Requirements
* Go 1.22+
* Go 1.24.3+
### Install Dependencies

4
Dockerfile
View File

@ -1,5 +1,5 @@
FROM --platform=$BUILDPLATFORM golang:1.24.2-bullseye@sha256:f50ff25f8331682b44c1582974eb9e620fcb08052fc6ed434f93ca24636fc4d6 AS build
# Original: golang:1.24-bullseye
FROM --platform=$BUILDPLATFORM golang:1.24.3-bullseye@sha256:abe2e2bb9bc0342dd1ba2f719af5c6b3859ca9ad93a7d9bcdd21310bda0327e1 AS build
# Original: golang:1.24.3-bullseye
WORKDIR /build

10
go.mod
View File

@ -1,10 +1,10 @@
module github.com/safedep/vet
go 1.24.2
go 1.24.3
require (
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1
entgo.io/ent v0.14.4
github.com/AlecAivazis/survey/v2 v2.3.7
github.com/BurntSushi/toml v1.5.0
@ -37,8 +37,8 @@ require (
github.com/package-url/packageurl-go v0.1.3
github.com/pandatix/go-cvss v0.6.2
github.com/posthog/posthog-go v1.5.11
github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53
github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f
github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c
github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c
github.com/sirupsen/logrus v1.9.3
github.com/smacker/go-tree-sitter v0.0.0-20240827094217-dd81d9e9be82
github.com/spdx/tools-golang v0.5.5

16
go.sum
View File

@ -6,10 +6,10 @@ ariga.io/atlas v0.34.0 h1:4hdy+2x+xNs6Lx2anuJ/4Q7lCaqddbEj5CtRDVOBu0M=
ariga.io/atlas v0.34.0/go.mod h1:WJesu2UCpGQvgUh3oVP94EiRT61nNy1W/VN5g+vqP1I=
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1 h1:YhMSc48s25kr7kv31Z8vf7sPUIq5YJva9z1mn/hAt0M=
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1/go.mod h1:avRlCjnFzl98VPaeCtJ24RrV/wwHFzB8sWXhj26+n/U=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2 h1:khFSrG4NF9wz662s5yH5Pxwmg44vmzTLNkeCGNd/DfM=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2/go.mod h1:CKCKo/PyDeai5cwR5zakoEopQ2lnTJx1hlt3TdtqCZw=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1 h1:qDRO2meiZIFPJwAQQCxy0LemE70XlmjvR+pfh1tGrEY=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2 h1:ENbt9SmU2gh4YhjcFqzceJRlg80hsD28M+Oon9l752A=
buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2/go.mod h1:WDOWZglnweQ4njVEJpLYYpLMx9fD+e94KbKdt8oJrxY=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1 h1:wOZtKj81Wq5fvHf4STR0vxEl8/peoEJkRzuQI+zwE2I=
buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I=
cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@ -1099,10 +1099,10 @@ github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkq
github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU=
github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53 h1:FU3m6LEBDUaHTBbTNpTXGRV8W26F3JxSPwCUJL6hY08=
github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53/go.mod h1:a6jPH1Yy0jLg5C1Ud/1GjGoqzH9gMg7WFdxGvbBAmVA=
github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f h1:wlUDnDSp1wPAXrv88eCYd7UlcQGWM7Umogr18n6q2ew=
github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f/go.mod h1:nU5w9Xb5Ja2wq5PU/K8r8r1Dc25ApJXKKqvwju99G2w=
github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c h1:ao6OCJyNomRFgpRtVbTEa5KetcPlinf/3rJEkL0Pgz8=
github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c/go.mod h1:5gnHWxq6kbun+r3qf52UHD5f9bd36sWhkDLXvPRd4ZA=
github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c h1:xr6P3xzQqxPx93qbH/LPjyK46oEEA6N0nYyiQSjikkI=
github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c/go.mod h1:8GbUOzdf46FT4j5h9lw9DdA3wM9NgIVEZjTfkzNe+Cw=
github.com/saferwall/pe v1.5.6 h1:DrRLnoQFxHWJ5lJUmrH7X2L0xeUu6SUS95Dc61eW2Yc=
github.com/saferwall/pe v1.5.6/go.mod h1:mJx+PuptmNpoPFBNhWs/uDMFL/kTHVZIkg0d4OUJFbQ=
github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=

7
internal/ui/progress.go
View File

@ -44,8 +44,11 @@ func SetPinnedMessageOnProgressWriter(msg string) {
}
func TrackProgress(message string, total int) any {
tracker := progress.Tracker{Message: message, Total: int64(total),
Units: progress.UnitsDefault}
tracker := progress.Tracker{
Message: message,
Total: int64(total),
Units: progress.UnitsDefault,
}
if progressWriter != nil {
progressWriter.AppendTracker(&tracker)

2
main.go
View File

@ -30,7 +30,7 @@ var (
const (
vetName = "vet"
vetInformationURI = "https://github.com/safedep/vet"
vetVendorName = "Safedep"
vetVendorName = "SafeDep"
vetVendorInformationURI = "https://safedep.io"
)

5
pkg/common/utils/pointers.go
View File

@ -1,5 +0,0 @@
package utils
func PtrTo[T any](v T) *T {
return &v
}

43
pkg/reporter/cyclonedx.go
View File

@ -13,7 +13,6 @@ import (
"github.com/safedep/vet/gen/insightapi"
"github.com/safedep/vet/pkg/analyzer"
"github.com/safedep/vet/pkg/common/logger"
commonUtils "github.com/safedep/vet/pkg/common/utils"
"github.com/safedep/vet/pkg/common/utils/regex"
sbomUtils "github.com/safedep/vet/pkg/common/utils/sbom"
"github.com/safedep/vet/pkg/malysis"
@ -58,13 +57,13 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
if utils.IsEmptyString(config.SerialNumber) {
generatedSerialNumber, err := uuid.NewUUID()
if err != nil {
return nil, fmt.Errorf("Failed to generate UUID for CycloneDX serial number: %v", err)
return nil, fmt.Errorf("failed to generate UUID for CycloneDX serial number: %v", err)
}
bom.SerialNumber = fmt.Sprintf("urn:uuid:%s", generatedSerialNumber.String())
} else {
if !cdxUUIDRegexp.MatchString(config.SerialNumber) {
return nil, fmt.Errorf("Serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber)
return nil, fmt.Errorf("serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber)
}
bom.SerialNumber = config.SerialNumber
@ -74,7 +73,7 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
Type: cdx.ComponentTypeApplication,
Manufacturer: &cdx.OrganizationalEntity{
Name: config.Tool.VendorName,
URL: commonUtils.PtrTo([]string{config.Tool.VendorInformationURI}),
URL: utils.PtrTo([]string{config.Tool.VendorInformationURI}),
},
Group: config.Tool.VendorName,
Name: config.Tool.Name,
@ -90,18 +89,18 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) {
BOMRef: rootComponentBomref,
Type: cdx.ComponentTypeApplication,
Name: config.ApplicationComponentName,
Components: commonUtils.PtrTo([]cdx.Component{}),
Components: utils.PtrTo([]cdx.Component{}),
},
Tools: &cdx.ToolsChoice{
Components: commonUtils.PtrTo([]cdx.Component{
Components: utils.PtrTo([]cdx.Component{
toolComponent,
}),
},
}
bom.Components = commonUtils.PtrTo([]cdx.Component{})
bom.Vulnerabilities = commonUtils.PtrTo([]cdx.Vulnerability{})
bom.Dependencies = commonUtils.PtrTo([]cdx.Dependency{})
bom.Components = utils.PtrTo([]cdx.Component{})
bom.Vulnerabilities = utils.PtrTo([]cdx.Vulnerability{})
bom.Dependencies = utils.PtrTo([]cdx.Dependency{})
return &cycloneDXReporter{
config: config,
@ -123,7 +122,7 @@ func (r *cycloneDXReporter) AddManifest(manifest *models.PackageManifest) {
r.bomEcosystems[manifest.Ecosystem] = true
r.bom.Metadata.Component.Components = commonUtils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{
r.bom.Metadata.Component.Components = utils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{
Type: cdx.ComponentTypeApplication,
Group: manifest.Ecosystem,
BOMRef: manifest.Source.GetPath(),
@ -150,16 +149,16 @@ func (r *cycloneDXReporter) addPackage(pkg *models.Package) {
Version: pkg.GetVersion(),
PackageURL: pkgPurl,
BOMRef: pkgPurl,
Licenses: commonUtils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))),
Licenses: utils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))),
Evidence: &cdx.Evidence{
Identity: commonUtils.PtrTo([]cdx.EvidenceIdentity{
Identity: utils.PtrTo([]cdx.EvidenceIdentity{
{
Field: cdx.EvidenceIdentityFieldTypePURL,
Confidence: commonUtils.PtrTo(float32(0.7)),
Methods: commonUtils.PtrTo([]cdx.EvidenceIdentityMethod{
Confidence: utils.PtrTo(float32(0.7)),
Methods: utils.PtrTo([]cdx.EvidenceIdentityMethod{
{
Technique: cdx.EvidenceIdentityTechniqueManifestAnalysis,
Confidence: commonUtils.PtrTo(float32(0.7)),
Confidence: utils.PtrTo(float32(0.7)),
Value: pkg.Manifest.GetSource().GetPath(),
},
}),
@ -274,7 +273,7 @@ func (r *cycloneDXReporter) recordVulnerabilities(pkg *models.Package) {
Description: utils.SafelyGetValue(vuln.Summary),
Ratings: &ratings,
Recommendation: recommendation,
Affects: commonUtils.PtrTo([]cdx.Affects{
Affects: utils.PtrTo([]cdx.Affects{
{
Ref: pkgPurl,
},
@ -312,15 +311,15 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) {
BOMRef: malwareBomref,
Description: malwareSummary,
Credits: &cdx.Credits{
Organizations: commonUtils.PtrTo([]cdx.OrganizationalEntity{
Organizations: utils.PtrTo([]cdx.OrganizationalEntity{
{
BOMRef: r.config.Tool.VendorName,
Name: r.config.Tool.VendorName,
URL: commonUtils.PtrTo([]string{r.config.Tool.VendorInformationURI}),
URL: utils.PtrTo([]string{r.config.Tool.VendorInformationURI}),
},
}),
},
Properties: commonUtils.PtrTo([]cdx.Property{
Properties: utils.PtrTo([]cdx.Property{
{
Name: "report-url",
Value: malysis.ReportURL(malwareAnalysis.AnalysisId),
@ -330,7 +329,7 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) {
Name: r.config.Tool.Name,
URL: r.config.Tool.InformationURI,
},
Affects: commonUtils.PtrTo([]cdx.Affects{
Affects: utils.PtrTo([]cdx.Affects{
{
Ref: pkgPurl,
},
@ -351,10 +350,10 @@ func (r *cycloneDXReporter) finaliseBom() {
r.bom.Metadata.Timestamp = bomGenerationTime.Format(time.RFC3339)
r.bom.Annotations = commonUtils.PtrTo([]cdx.Annotation{
r.bom.Annotations = utils.PtrTo([]cdx.Annotation{
{
BOMRef: "metadata-annotations",
Subjects: commonUtils.PtrTo([]cdx.BOMReference{
Subjects: utils.PtrTo([]cdx.BOMReference{
cdx.BOMReference(r.rootComponentBomref),
}),
Annotator: &cdx.Annotator{

37
pkg/reporter/cyclonedx_test.go
View File

@ -8,9 +8,8 @@ import (
malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1"
cdx "github.com/CycloneDX/cyclonedx-go"
dryUtils "github.com/safedep/dry/utils"
"github.com/safedep/dry/utils"
"github.com/safedep/vet/gen/insightapi"
"github.com/safedep/vet/pkg/common/utils"
"github.com/safedep/vet/pkg/models"
"github.com/stretchr/testify/assert"
)
@ -68,12 +67,12 @@ func TestNewCycloneDxReporter(t *testing.T) {
assert.Equal(t, cdxAppName, generatedBom.Metadata.Component.Name)
// Verify tool metadata component
assert.Len(t, dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1)
toolComponent := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0]
assert.Len(t, utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1)
toolComponent := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0]
assert.Equal(t, cdx.ComponentTypeApplication, toolComponent.Type)
assert.NotNil(t, toolComponent.Manufacturer)
assert.Equal(t, toolComponent.Manufacturer.Name, cdxTestToolMetaData.VendorName)
assert.ElementsMatch(t, dryUtils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI})
assert.ElementsMatch(t, utils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI})
assert.Equal(t, cdxTestToolMetaData.VendorName, toolComponent.Group)
assert.Equal(t, cdxTestToolMetaData.Name, toolComponent.Name)
assert.Equal(t, cdxTestToolMetaData.Version, toolComponent.Version)
@ -208,14 +207,14 @@ func TestCycloneDxReporterManifestWithDeps(t *testing.T) {
assert.NoError(t, err)
assert.NotNil(t, generatedBom)
assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1)
manifestComponent := dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0]
assert.Len(t, utils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1)
manifestComponent := utils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0]
assert.Equal(t, cdx.ComponentTypeApplication, manifestComponent.Type)
assert.Equal(t, string(models.EcosystemNpm), manifestComponent.Group)
assert.Equal(t, "test/package-lock.json", manifestComponent.BOMRef)
assert.Equal(t, "test/package-lock.json", manifestComponent.Name)
components := dryUtils.SafelyGetValue(generatedBom.Components)
components := utils.SafelyGetValue(generatedBom.Components)
assert.NotNil(t, components)
assert.Len(t, components, 4)
@ -281,8 +280,8 @@ func TestCycloneDxReporterLicenses(t *testing.T) {
assert.NoError(t, err)
assert.NotNil(t, generatedBom)
assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Components), 1)
licenses := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Components)[0].Licenses)
assert.Len(t, utils.SafelyGetValue(generatedBom.Components), 1)
licenses := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Components)[0].Licenses)
assert.Len(t, licenses, 1)
assert.Equal(t, "MIT", licenses[0].License.ID)
assert.Equal(t, "MIT License", licenses[0].License.Name)
@ -346,7 +345,7 @@ func TestCycloneDxReporterVuln(t *testing.T) {
assert.NoError(t, err)
assert.NotNil(t, generatedBom)
vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities)
vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities)
assert.NotNil(t, vulns)
assert.Len(t, vulns, 1)
@ -356,14 +355,14 @@ func TestCycloneDxReporterVuln(t *testing.T) {
assert.Equal(t, "Test vulnerability", vuln.Description)
assert.Equal(t, "Upgrade to version 1.2.0 or later", vuln.Recommendation)
ratings := dryUtils.SafelyGetValue(vuln.Ratings)
ratings := utils.SafelyGetValue(vuln.Ratings)
assert.Len(t, ratings, 1)
assert.Equal(t, cdx.SeverityHigh, ratings[0].Severity)
assert.Equal(t, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", ratings[0].Vector)
assert.Equal(t, cdx.ScoringMethodCVSSv3, ratings[0].Method)
assert.Equal(t, utils.PtrTo(7.5), ratings[0].Score)
affects := dryUtils.SafelyGetValue(vuln.Affects)
affects := utils.SafelyGetValue(vuln.Affects)
assert.Len(t, affects, 1)
assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref)
}
@ -411,7 +410,7 @@ func TestCycloneDxReporterMalware(t *testing.T) {
assert.NoError(t, err)
assert.NotNil(t, generatedBom)
vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities)
vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities)
assert.NotNil(t, vulns)
assert.Len(t, vulns, 1)
@ -421,19 +420,19 @@ func TestCycloneDxReporterMalware(t *testing.T) {
assert.Equal(t, "Malware detected by malysis", vuln.Description)
assert.Equal(t, "", vuln.Recommendation)
ratings := dryUtils.SafelyGetValue(vuln.Ratings)
ratings := utils.SafelyGetValue(vuln.Ratings)
assert.Len(t, ratings, 0)
affects := dryUtils.SafelyGetValue(vuln.Affects)
affects := utils.SafelyGetValue(vuln.Affects)
assert.Len(t, affects, 1)
assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref)
assert.Equal(t, cdxTestToolMetaData.Name, vuln.Source.Name)
assert.Equal(t, cdxTestToolMetaData.InformationURI, vuln.Source.URL)
assert.Len(t, dryUtils.SafelyGetValue(vuln.Credits.Organizations), 1)
toolOrg := dryUtils.SafelyGetValue(vuln.Credits.Organizations)[0]
assert.Len(t, utils.SafelyGetValue(vuln.Credits.Organizations), 1)
toolOrg := utils.SafelyGetValue(vuln.Credits.Organizations)[0]
assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.BOMRef)
assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.Name)
assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, dryUtils.SafelyGetValue(toolOrg.URL))
assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, utils.SafelyGetValue(toolOrg.URL))
}

6
pkg/reporter/gitlab_test.go
View File

@ -10,11 +10,11 @@ import (
malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1"
"github.com/google/osv-scanner/pkg/lockfile"
"github.com/safedep/dry/utils"
"github.com/safedep/vet/gen/checks"
"github.com/safedep/vet/gen/filtersuite"
"github.com/safedep/vet/gen/insightapi"
"github.com/safedep/vet/pkg/analyzer"
"github.com/safedep/vet/pkg/common/utils"
"github.com/safedep/vet/pkg/malysis"
"github.com/safedep/vet/pkg/models"
"github.com/stretchr/testify/assert"
@ -28,7 +28,7 @@ func getGitLabReporter(reportPath string) (*gitLabReporter, error) {
Name: "vet",
Version: "latest",
InformationURI: "https://github.com/safedep/vet",
VendorName: "safedep",
VendorName: "SafeDep",
},
})
}
@ -66,7 +66,7 @@ func TestGitLabReporter(t *testing.T) {
assert.Equal(t, "15.2.1", report.Version)
assert.Equal(t, "dependency_scanning", report.Scan.Type)
assert.Equal(t, "vet", report.Scan.Scanner.ID)
assert.Equal(t, "safedep", report.Scan.Scanner.Vendor.Name)
assert.Equal(t, "SafeDep", report.Scan.Scanner.Vendor.Name)
assert.Empty(t, report.Vulnerabilities)
})

2
pkg/reporter/json_report_test.go
View File

@ -104,7 +104,7 @@ func TestJsonRepoGenerator(t *testing.T) {
Name: "vet",
Version: "latest",
InformationURI: "https://github.com/safedep/vet",
VendorName: "safedep",
VendorName: "SafeDep",
},
})

2
pkg/reporter/sarif_builder_test.go
View File

@ -121,7 +121,7 @@ var toolMetadata = ToolMetadata{
Name: "vet",
Version: "latest",
InformationURI: "https://github.com/safedep/vet",
VendorName: "safedep",
VendorName: "SafeDep",
}
func TestSarifBuilderReport(t *testing.T) {