test: add cases for output functions (google#937)

This introduces a set of crafted scanner results that each supported `output` format is run through to showcase how they look across all the different results possible from a scanner run - it originally started life as the tests for google#889 but I realised they could base used more generally for testing and reviewing all the outputters, so here we are. ~It looks like this has also revealed the SARIF output is unstable in its ordering, which I'll aim to address in a dedicated PR~
josieang · Jun 6, 2024 · 2aaea38 · 2aaea38
1 parent 0ebcf43
commit 2aaea38
Show file tree

Hide file tree

Showing 11 changed files with 7,442 additions and 0 deletions.
diff --git a/internal/output/__snapshots__/githubannotation_test.snap b/internal/output/__snapshots__/githubannotation_test.snap
diff --git a/internal/output/__snapshots__/machinejson_test.snap b/internal/output/__snapshots__/machinejson_test.snap
diff --git a/internal/output/__snapshots__/markdowntable_test.snap b/internal/output/__snapshots__/markdowntable_test.snap
@@ -0,0 +1,230 @@
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| MIT | Packagist | mine1 | 1.2.3 | path/to/my/third/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_no_packages - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/no_sources - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_no_packages - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT, Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1]
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/third/lockfile |
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| MIT | npm | mine1 | 1.3.5 | path/to/my/third/lockfile |
+| Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/third/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| License Violation | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- |
+| MIT | npm | mine2 | 5.9.0 | path/to/my/second/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-5 |  | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.2 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | npm | mine2 (dev) | 3.2.5 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-3 |  | npm | mine3 | 0.4.1 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-5 |  | npm | mine3 | 0.4.1 | path/to/my/second/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-5 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.2 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-3 |  | npm | mine3 | 0.4.1 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-5 |  | npm | mine3 | 0.4.1 | path/to/my/second/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | npm | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/third/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-5 |  | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.2 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | NuGet | mine2 | 3.2.5 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-3 |  | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile |
+| https://osv.dev/OSV-5 |  | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_no_packages - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/no_sources - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_no_packages - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1]
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1<br/>https://osv.dev/GHSA-123 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-2 |  | npm | mine3 | 0.10.2-rc | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+
+---
+
+[TestPrintMarkdownTableResults_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1]
+| OSV URL | CVSS | Ecosystem | Package | Version | Source |
+| --- | --- | --- | --- | --- | --- |
+| https://osv.dev/OSV-1 |  | npm | mine1 | 1.2.3 | path/to/my/first/lockfile |
+| https://osv.dev/OSV-1 |  | npm | mine1 (dev) | 1.2.3 | path/to/my/second/lockfile |
+
+---