breaking-change(cpescan): Improve Cpe scan (#1290)

* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves() * review comment * chore: go mod update go-cve * feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN * add NvdExactVersionMatch andd NvdRoughVersionMatch * add confidence-over option to report * sort CveContetens * fix integration-test
2021-09-07 16:18:59 +09:00
parent b9416ae062
commit 3e67f04fe4
24 changed files with 766 additions and 158 deletions
--- a/models/cvecontents_test.go
+++ b/models/cvecontents_test.go
@@ -30,9 +30,10 @@ func TestExcept(t *testing.T) {

 func TestSourceLinks(t *testing.T) {
 	type in struct {
-		lang  string
-		cveID string
-		cont  CveContents
+		lang        string
+		cveID       string
+		cont        CveContents
+		confidences Confidences
 	}
 	var tests = []struct {
 		in  in
@@ -128,11 +129,123 @@ func TestSourceLinks(t *testing.T) {
 				},
 			},
 		},
+		// Confidence: JvnVendorProductMatch
+		{
+			in: in{
+				lang:  "en",
+				cveID: "CVE-2017-6074",
+				cont: CveContents{
+					Jvn: []CveContent{{
+						Type:       Jvn,
+						SourceLink: "https://jvn.jp/vu/JVNVU93610402/",
+					}},
+				},
+				confidences: Confidences{
+					Confidence{DetectionMethod: JvnVendorProductMatchStr},
+				},
+			},
+			out: []CveContentStr{
+				{
+					Type:  Jvn,
+					Value: "https://jvn.jp/vu/JVNVU93610402/",
+				},
+			},
+		},
 	}
 	for i, tt := range tests {
-		actual := tt.in.cont.PrimarySrcURLs(tt.in.lang, "redhat", tt.in.cveID)
+		actual := tt.in.cont.PrimarySrcURLs(tt.in.lang, "redhat", tt.in.cveID, tt.in.confidences)
 		if !reflect.DeepEqual(tt.out, actual) {
 			t.Errorf("\n[%d] expected: %v\n  actual: %v\n", i, tt.out, actual)
 		}
 	}
 }
+
+func TestCveContents_Sort(t *testing.T) {
+	tests := []struct {
+		name string
+		v    CveContents
+		want CveContents
+	}{
+		{
+			name: "sorted",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{Cvss3Score: 3},
+					{Cvss3Score: 10},
+				},
+			},
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{Cvss3Score: 10},
+					{Cvss3Score: 3},
+				},
+			},
+		},
+		{
+			name: "sort JVN by cvss3, cvss2, sourceLink",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-001210.html",
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2021/JVNDB-2021-001210.html",
+					},
+				},
+			},
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2021/JVNDB-2021-001210.html",
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 3,
+						SourceLink: "https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-001210.html",
+					},
+				},
+			},
+		},
+		{
+			name: "sort JVN by cvss3, cvss2",
+			v: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 1,
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 10,
+					},
+				},
+			},
+			want: map[CveContentType][]CveContent{
+				"jvn": {
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 10,
+					},
+					{
+						Cvss3Score: 3,
+						Cvss2Score: 1,
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.v.Sort()
+			if !reflect.DeepEqual(tt.v, tt.want) {
+				t.Errorf("\n[%s] expected: %v\n  actual: %v\n", tt.name, tt.want, tt.v)
+			}
+		})
+	}
+}