Skip to content

Commit 6848498

Browse files
cynthia-sgcynthia-sg
authored
Fix some frontend tests (#4102)
1 parent bfc113c commit 6848498

File tree

2 files changed

+167
-18
lines changed

2 files changed

+167
-18
lines changed

web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx

+150-3
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,161 @@
11
import { render, screen } from '@testing-library/react';
2+
import moment from 'moment';
23

3-
import { SecurityReport } from '../../../types';
4+
import { SecurityReport, VulnerabilitySeverity } from '../../../types';
45
import OldVulnerabilitiesWarning from './OldVulnerabilitiesWarning';
56

67
const getMockSecurityReport = (fixtureId: string): SecurityReport => {
78
// eslint-disable-next-line @typescript-eslint/no-require-imports
89
return require(`./__fixtures__/OldVulnerabilitiesWarning/${fixtureId}.json`) as SecurityReport;
910
};
1011

12+
const newVulnerabilities: SecurityReport = {
13+
'quay.io/jetstack/cert-manager-webhook:v1.10.0': {
14+
Results: [
15+
{
16+
Type: 'debian',
17+
Target: 'quay.io/jetstack/cert-manager-webhook:v1.10.0 (debian 11.5)',
18+
Vulnerabilities: [],
19+
},
20+
{
21+
Type: 'gobinary',
22+
Target: 'app/cmd/webhook/webhook',
23+
Vulnerabilities: [
24+
{
25+
CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
26+
Layer: {
27+
DiffID: 'sha256:002652e5c179500bcb06986020c069b3f699cc4f6f5f9b5108a42e9539d4ee08',
28+
Digest: 'sha256:842780859203bdf9901566e980b169740100ae043113776440cd8009adfcc69a',
29+
},
30+
Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
31+
CweIDs: ['CWE-772'],
32+
PkgName: 'golang.org/x/text',
33+
Severity: VulnerabilitySeverity.High,
34+
DataSource: {
35+
ID: 'go-vulndb',
36+
URL: 'https://github.com/golang/vulndb',
37+
Name: 'The Go Vulnerability Database',
38+
},
39+
PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
40+
References: [
41+
'https://access.redhat.com/security/cve/CVE-2022-32149',
42+
'https://go.dev/cl/442235',
43+
'https://go.dev/issue/56152',
44+
'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
45+
'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
46+
'https://pkg.go.dev/vuln/GO-2022-1059',
47+
],
48+
Description:
49+
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
50+
FixedVersion: '0.3.8',
51+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
52+
SeveritySource: 'nvd',
53+
VulnerabilityID: 'CVE-2022-32149',
54+
InstalledVersion: 'v0.3.7',
55+
LastModifiedDate: '2022-10-18T17:41:00Z',
56+
},
57+
],
58+
},
59+
],
60+
},
61+
'quay.io/jetstack/cert-manager-cainjector:v1.10.0': {
62+
Results: [
63+
{
64+
Type: 'debian',
65+
Target: 'quay.io/jetstack/cert-manager-cainjector:v1.10.0 (debian 11.5)',
66+
Vulnerabilities: [],
67+
},
68+
{
69+
Type: 'gobinary',
70+
Target: 'app/cmd/cainjector/cainjector',
71+
Vulnerabilities: [
72+
{
73+
CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
74+
Layer: {
75+
DiffID: 'sha256:d7b53b485f3b00ad6ecc5f653b041822132e22e1e0f09132c70c5b1aed5d722f',
76+
Digest: 'sha256:967b87101ad2ce0ed54b2d88a6eea4023007934f0de47baa0d8760585d43f6ef',
77+
},
78+
Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
79+
CweIDs: ['CWE-772'],
80+
PkgName: 'golang.org/x/text',
81+
Severity: VulnerabilitySeverity.High,
82+
DataSource: {
83+
ID: 'go-vulndb',
84+
URL: 'https://github.com/golang/vulndb',
85+
Name: 'The Go Vulnerability Database',
86+
},
87+
PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
88+
References: [
89+
'https://access.redhat.com/security/cve/CVE-2022-32149',
90+
'https://go.dev/cl/442235',
91+
'https://go.dev/issue/56152',
92+
'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
93+
'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
94+
'https://pkg.go.dev/vuln/GO-2022-1059',
95+
],
96+
Description:
97+
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
98+
FixedVersion: '0.3.8',
99+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
100+
SeveritySource: 'nvd',
101+
VulnerabilityID: 'CVE-2022-32149',
102+
InstalledVersion: 'v0.3.7',
103+
LastModifiedDate: '2022-10-18T17:41:00Z',
104+
},
105+
],
106+
},
107+
],
108+
},
109+
'quay.io/jetstack/cert-manager-controller:v1.10.0': {
110+
Results: [
111+
{
112+
Type: 'debian',
113+
Target: 'quay.io/jetstack/cert-manager-controller:v1.10.0 (debian 11.5)',
114+
Vulnerabilities: [],
115+
},
116+
{
117+
Type: 'gobinary',
118+
Target: 'app/cmd/controller/controller',
119+
Vulnerabilities: [
120+
{
121+
CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
122+
Layer: {
123+
DiffID: 'sha256:06a3a97a7b63241e5595f04c73e83ac21499a236e33360e5b0ace3534505db11',
124+
Digest: 'sha256:73a5853f02715f2dc1eb75e31714bc6a8038b749d179990c576fcda7c060af2d',
125+
},
126+
Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
127+
CweIDs: ['CWE-772'],
128+
PkgName: 'golang.org/x/text',
129+
Severity: VulnerabilitySeverity.High,
130+
DataSource: {
131+
ID: 'go-vulndb',
132+
URL: 'https://github.com/golang/vulndb',
133+
Name: 'The Go Vulnerability Database',
134+
},
135+
PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
136+
References: [
137+
'https://access.redhat.com/security/cve/CVE-2022-32149',
138+
'https://go.dev/cl/442235',
139+
'https://go.dev/issue/56152',
140+
'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
141+
'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
142+
'https://pkg.go.dev/vuln/GO-2022-1059',
143+
],
144+
Description:
145+
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
146+
FixedVersion: '0.3.8',
147+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
148+
SeveritySource: 'nvd',
149+
VulnerabilityID: 'CVE-2022-32149',
150+
InstalledVersion: 'v0.3.7',
151+
LastModifiedDate: '2022-10-18T17:41:00Z',
152+
},
153+
],
154+
},
155+
],
156+
},
157+
};
158+
11159
describe('OldVulnerabilitiesWarning', () => {
12160
// eslint-disable-next-line @typescript-eslint/no-explicit-any
13161
let dateNowSpy: any;
@@ -43,8 +191,7 @@ describe('OldVulnerabilitiesWarning', () => {
43191

44192
describe('does not render warning', () => {
45193
it('when vulnerabilities are not older than 2 years', () => {
46-
const report = getMockSecurityReport('3');
47-
const { container } = render(<OldVulnerabilitiesWarning fixableReport={report} />);
194+
const { container } = render(<OldVulnerabilitiesWarning fixableReport={newVulnerabilities} />);
48195

49196
expect(container).toBeEmptyDOMElement();
50197
});

web/src/utils/checkIfOldVulnerabilities.test.tsx

+17-15
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
import moment from 'moment';
2+
13
import { SecurityReport, VulnerabilitySeverity } from '../types';
24
import checkIfOldVulnerabilities from './checkIfOldVulnerabilities';
35

@@ -55,7 +57,7 @@ const tests: Test[] = [
5557
Description:
5658
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
5759
FixedVersion: '0.3.8',
58-
PublishedDate: '2022-10-14T15:15:00Z',
60+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
5961
SeveritySource: 'nvd',
6062
VulnerabilityID: 'CVE-2022-32149',
6163
InstalledVersion: 'v0.3.7',
@@ -104,7 +106,7 @@ const tests: Test[] = [
104106
Description:
105107
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
106108
FixedVersion: '0.3.8',
107-
PublishedDate: '2022-10-14T15:15:00Z',
109+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
108110
SeveritySource: 'nvd',
109111
VulnerabilityID: 'CVE-2022-32149',
110112
InstalledVersion: 'v0.3.7',
@@ -153,7 +155,7 @@ const tests: Test[] = [
153155
Description:
154156
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
155157
FixedVersion: '0.3.8',
156-
PublishedDate: '2022-10-14T15:15:00Z',
158+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
157159
SeveritySource: 'nvd',
158160
VulnerabilityID: 'CVE-2022-32149',
159161
InstalledVersion: 'v0.3.7',
@@ -211,7 +213,7 @@ const tests: Test[] = [
211213
Description:
212214
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
213215
FixedVersion: '0.3.8',
214-
PublishedDate: '2022-10-14T15:15:00Z',
216+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
215217
SeveritySource: 'nvd',
216218
VulnerabilityID: 'CVE-2022-32149',
217219
InstalledVersion: 'v0.3.7',
@@ -260,7 +262,7 @@ const tests: Test[] = [
260262
Description:
261263
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
262264
FixedVersion: '0.3.8',
263-
PublishedDate: '2020-10-14T15:15:00Z',
265+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
264266
SeveritySource: 'nvd',
265267
VulnerabilityID: 'CVE-2022-32149',
266268
InstalledVersion: 'v0.3.7',
@@ -309,7 +311,7 @@ const tests: Test[] = [
309311
Description:
310312
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
311313
FixedVersion: '0.3.8',
312-
PublishedDate: '2022-10-14T15:15:00Z',
314+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
313315
SeveritySource: 'nvd',
314316
VulnerabilityID: 'CVE-2022-32149',
315317
InstalledVersion: 'v0.3.7',
@@ -367,7 +369,7 @@ const tests: Test[] = [
367369
Description:
368370
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
369371
FixedVersion: '0.3.8',
370-
PublishedDate: '2022-10-14T15:15:00Z',
372+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
371373
SeveritySource: 'nvd',
372374
VulnerabilityID: 'CVE-2022-32149',
373375
InstalledVersion: 'v0.3.7',
@@ -416,7 +418,7 @@ const tests: Test[] = [
416418
Description:
417419
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
418420
FixedVersion: '0.3.8',
419-
PublishedDate: '2020-10-14T15:15:00Z',
421+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
420422
SeveritySource: 'nvd',
421423
VulnerabilityID: 'CVE-2022-32149',
422424
InstalledVersion: 'v0.3.7',
@@ -465,7 +467,7 @@ const tests: Test[] = [
465467
Description:
466468
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
467469
FixedVersion: '0.3.8',
468-
PublishedDate: '2022-10-14T15:15:00Z',
470+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
469471
SeveritySource: 'nvd',
470472
VulnerabilityID: 'CVE-2022-32149',
471473
InstalledVersion: 'v0.3.7',
@@ -523,7 +525,7 @@ const tests: Test[] = [
523525
Description:
524526
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
525527
FixedVersion: '0.3.8',
526-
PublishedDate: '2020-10-14T15:15:00Z',
528+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
527529
SeveritySource: 'nvd',
528530
VulnerabilityID: 'CVE-2022-32149',
529531
InstalledVersion: 'v0.3.7',
@@ -572,7 +574,7 @@ const tests: Test[] = [
572574
Description:
573575
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
574576
FixedVersion: '0.3.8',
575-
PublishedDate: '2020-10-14T15:15:00Z',
577+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
576578
SeveritySource: 'nvd',
577579
VulnerabilityID: 'CVE-2022-32149',
578580
InstalledVersion: 'v0.3.7',
@@ -621,7 +623,7 @@ const tests: Test[] = [
621623
Description:
622624
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
623625
FixedVersion: '0.3.8',
624-
PublishedDate: '2022-10-14T15:15:00Z',
626+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
625627
SeveritySource: 'nvd',
626628
VulnerabilityID: 'CVE-2022-32149',
627629
InstalledVersion: 'v0.3.7',
@@ -679,7 +681,7 @@ const tests: Test[] = [
679681
Description:
680682
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
681683
FixedVersion: '0.3.8',
682-
PublishedDate: '2022-10-14T15:15:00Z',
684+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
683685
SeveritySource: 'nvd',
684686
VulnerabilityID: 'CVE-2022-32149',
685687
InstalledVersion: 'v0.3.7',
@@ -728,7 +730,7 @@ const tests: Test[] = [
728730
Description:
729731
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
730732
FixedVersion: '0.3.8',
731-
PublishedDate: '2022-10-14T15:15:00Z',
733+
PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
732734
SeveritySource: 'nvd',
733735
VulnerabilityID: 'CVE-2022-32149',
734736
InstalledVersion: 'v0.3.7',
@@ -777,7 +779,7 @@ const tests: Test[] = [
777779
Description:
778780
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
779781
FixedVersion: '0.3.8',
780-
PublishedDate: '2022-08-14T15:15:00Z',
782+
PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
781783
SeveritySource: 'nvd',
782784
VulnerabilityID: 'CVE-2022-32149',
783785
InstalledVersion: 'v0.3.7',

0 commit comments

Comments
 (0)