diff --git a/internal/output/__snapshots__/githubannotation_test.snap b/internal/output/__snapshots__/githubannotation_test.snap new file mode 100755 index 00000000000..591ce3d5725 --- /dev/null +++ b/internal/output/__snapshots__/githubannotation_test.snap @@ -0,0 +1,132 @@ + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/multiple_sources_with_no_packages - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/no_sources - 1] + +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_no_packages - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-5 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.2 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A| mine3 | https://osv.dev/OSV-3 | | 0.4.1 | |%0A| mine3 | https://osv.dev/OSV-5 | | 0.4.1 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-5 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.2 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A| mine3 | https://osv.dev/OSV-3 | | 0.4.1 | |%0A| mine3 | https://osv.dev/OSV-5 | | 0.4.1 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-5 | | 1.2.3 | |%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.2 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine2 | https://osv.dev/OSV-2 | | 3.2.5 | |%0A| mine3 | https://osv.dev/OSV-3 | | 0.4.1 | |%0A| mine3 | https://osv.dev/OSV-5 | | 0.4.1 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/multiple_sources_with_no_packages - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+::error file=path/to/my/third/lockfile::path/to/my/third/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/no_sources - 1] + +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_no_packages - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+--------------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+--------------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| | https://osv.dev/GHSA-123 | | | |%0A+---------+--------------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A| mine3 | https://osv.dev/OSV-2 | | 0.10.2-rc | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+------------------+------+-----------------+---------------+%0A+---------+------------------+------+-----------------+---------------+ +--- + +[TestPrintGHAnnotationReport_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +::error file=path/to/my/first/lockfile::path/to/my/first/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+::error file=path/to/my/second/lockfile::path/to/my/second/lockfile%0A+---------+-----------------------+------+-----------------+---------------+%0A| PACKAGE | VULNERABILITY ID | CVSS | CURRENT VERSION | FIXED VERSION |%0A+---------+-----------------------+------+-----------------+---------------+%0A| mine1 | https://osv.dev/OSV-1 | | 1.2.3 | |%0A+---------+-----------------------+------+-----------------+---------------+ +--- diff --git a/internal/output/__snapshots__/machinejson_test.snap b/internal/output/__snapshots__/machinejson_test.snap new file mode 100755 index 00000000000..ff1db9f942c --- /dev/null +++ b/internal/output/__snapshots__/machinejson_test.snap @@ -0,0 +1,2415 @@ + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "licenses": [ + "Apache-2.0" + ], + "license_violations": [ + "Apache-2.0" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT", + "Apache-2.0" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "licenses": [ + "UNKNOWN" + ], + "license_violations": [ + "UNKNOWN" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "Apache-2.0" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + }, + "licenses": [ + "Apache-2.0" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "Packagist" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "licenses": [ + "Apache-2.0" + ], + "license_violations": [ + "Apache-2.0" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "NuGet" + }, + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "Packagist" + }, + "dependency_groups": [ + "dev" + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev", + "optional" + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev", + "optional" + ], + "licenses": [ + "Apache-2.0" + ], + "license_violations": [ + "Apache-2.0" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "build" + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/multiple_sources_with_no_packages - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/no_sources - 1] +{ + "results": [], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_no_packages - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + } + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "UNKNOWN" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT", + "Apache-2.0" + ], + "license_violations": [ + "MIT", + "Apache-2.0" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev" + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "5.9.0", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2", + "summary": "Something less scary!", + "severity": [ + { + "type": "low", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ], + "licenses": [ + "ISC" + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ], + "licenses": [ + "Apache-2.0" + ], + "license_violations": [ + "Apache-2.0" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ], + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ], + "licenses": [ + "ISC" + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "5.9.0", + "ecosystem": "npm" + }, + "licenses": [ + "MIT" + ], + "license_violations": [ + "MIT" + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": [ + "ISC" + ] + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev", + "optional" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.2", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2", + "summary": "Something less scary!", + "severity": [ + { + "type": "low", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "dependency_groups": [ + "build" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-3", + "summary": "Something mildly scary!", + "severity": [ + { + "type": "medium", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-3" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.2", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2", + "summary": "Something less scary!", + "severity": [ + { + "type": "low", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-3", + "summary": "Something mildly scary!", + "severity": [ + { + "type": "medium", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-3" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + } + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + } + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + } + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + } + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + } + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2", + "summary": "Something less scary!", + "severity": [ + { + "type": "low", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "npm" + } + } + ] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.3.5", + "ecosystem": "npm" + } + }, + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "Packagist" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine1", + "version": "1.2.2", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "3.2.5", + "ecosystem": "NuGet" + }, + "dependency_groups": [ + "dev" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2", + "summary": "Something less scary!", + "severity": [ + { + "type": "low", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine3", + "version": "0.4.1", + "ecosystem": "Packagist" + }, + "dependency_groups": [ + "build" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-3", + "summary": "Something mildly scary!", + "severity": [ + { + "type": "medium", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-5", + "summary": "Something scarier!", + "severity": [ + { + "type": "extreme", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-3" + ], + "aliases": null, + "max_severity": "" + }, + { + "ids": [ + "OSV-5" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/multiple_sources_with_no_packages - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [] + }, + { + "source": { + "path": "path/to/my/third/lockfile", + "type": "" + }, + "packages": [] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/no_sources - 1] +{ + "results": [], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_no_packages - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + } + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + }, + { + "modified": "0001-01-01T00:00:00Z", + "id": "GHSA-123", + "aliases": [ + "OSV-1" + ], + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1", + "GHSA-123" + ], + "aliases": [ + "OSV-1", + "GHSA-123" + ], + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "details": "This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!" + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + }, + { + "package": { + "name": "mine3", + "version": "0.10.2-rc", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-2" + } + ], + "groups": [ + { + "ids": [ + "OSV-2" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine2", + "version": "5.9.0", + "ecosystem": "npm" + } + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- + +[TestPrintJSONResults_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +{ + "results": [ + { + "source": { + "path": "path/to/my/first/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + }, + { + "source": { + "path": "path/to/my/second/lockfile", + "type": "" + }, + "packages": [ + { + "package": { + "name": "mine1", + "version": "1.2.3", + "ecosystem": "npm" + }, + "dependency_groups": [ + "dev" + ], + "vulnerabilities": [ + { + "modified": "0001-01-01T00:00:00Z", + "id": "OSV-1", + "summary": "Something scary!", + "severity": [ + { + "type": "high", + "score": "1" + } + ] + } + ], + "groups": [ + { + "ids": [ + "OSV-1" + ], + "aliases": null, + "max_severity": "" + } + ] + } + ] + } + ], + "experimental_config": { + "licenses": { + "summary": false, + "allowlist": null + } + } +} + +--- diff --git a/internal/output/__snapshots__/markdowntable_test.snap b/internal/output/__snapshots__/markdowntable_test.snap new file mode 100755 index 00000000000..423fbb45fc0 --- /dev/null +++ b/internal/output/__snapshots__/markdowntable_test.snap @@ -0,0 +1,230 @@ + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | Packagist | mine1 | 1.2.3 | path/to/my/third/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/no_sources - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_no_packages - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT, Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| MIT | npm | mine1 | 1.3.5 | path/to/my/third/lockfile | +| Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| License Violation | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | +| MIT | npm | mine2 | 5.9.0 | path/to/my/second/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 (dev) | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | NuGet | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/no_sources - 1] + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_no_packages - 1] + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1
https://osv.dev/GHSA-123 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine3 | 0.10.2-rc | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | + +--- + +[TestPrintMarkdownTableResults_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +| OSV URL | CVSS | Ecosystem | Package | Version | Source | +| --- | --- | --- | --- | --- | --- | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/second/lockfile | + +--- diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index 4d0023be11a..82dc2e44ff3 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -137,3 +137,1920 @@ } --- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/multiple_sources_with_no_packages - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/no_sources - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_no_packages - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/third/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/third/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/third/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/third/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2: Something less scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/third/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/third/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2: Something less scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-3", + "name": "OSV-3", + "shortDescription": { + "text": "OSV-3: Something mildly scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-3" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-5", + "name": "OSV-5", + "shortDescription": { + "text": "OSV-5: Something scarier!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-5" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-3", + "ruleIndex": 2, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-3'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2: Something less scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-3", + "name": "OSV-3", + "shortDescription": { + "text": "OSV-3: Something mildly scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-3" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-5", + "name": "OSV-5", + "shortDescription": { + "text": "OSV-5: Something scarier!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-5" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-3", + "ruleIndex": 2, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-3'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/third/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/third/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/third/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/third/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2: Something less scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/third/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/third/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.2 |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2: Something less scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine2 | 3.2.5 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-3", + "name": "OSV-3", + "shortDescription": { + "text": "OSV-3: Something mildly scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-3" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-3](https://osv.dev/list?q=OSV-3)**.\n\n## [OSV-3](https://osv.dev/vulnerability/OSV-3)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-3\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-5", + "name": "OSV-5", + "shortDescription": { + "text": "OSV-5: Something scarier!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-5" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-5](https://osv.dev/list?q=OSV-5)**.\n\n## [OSV-5](https://osv.dev/vulnerability/OSV-5)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine3 | 0.4.1 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-5\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.2' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine2@3.2.5' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-3", + "ruleIndex": 2, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-3'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-5", + "ruleIndex": 3, + "level": "warning", + "message": { + "text": "Package 'mine3@0.4.1' is vulnerable to 'OSV-5'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/multiple_sources_with_no_packages - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/no_sources - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_no_packages - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [], + "version": "1.7.2" + } + }, + "results": [] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1", + "GHSA-123" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**\n(Also published as: [GHSA-123](https://osv.dev/vulnerability/GHSA-123), ).\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n## [GHSA-123](https://osv.dev/vulnerability/GHSA-123)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**\n(Also published as: [GHSA-123](https://osv.dev/vulnerability/GHSA-123), ).\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n## [GHSA-123](https://osv.dev/vulnerability/GHSA-123)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1' (also known as 'GHSA-123')." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1" + }, + "fullDescription": { + "text": "This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!", + "markdown": "This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!\n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!\n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + }, + { + "id": "OSV-2", + "name": "OSV-2", + "shortDescription": { + "text": "OSV-2" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-2" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine3 | 0.10.2-rc |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-2](https://osv.dev/list?q=OSV-2)**.\n\n## [OSV-2](https://osv.dev/vulnerability/OSV-2)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine3 | 0.10.2-rc |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-2\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-2", + "ruleIndex": 1, + "level": "warning", + "message": { + "text": "Package 'mine3@0.10.2-rc' is vulnerable to 'OSV-2'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- + +[TestPrintSARIFReport_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "informationUri": "https://github.com/google/osv-scanner", + "name": "osv-scanner", + "rules": [ + { + "id": "OSV-1", + "name": "OSV-1", + "shortDescription": { + "text": "OSV-1: Something scary!" + }, + "fullDescription": { + "text": "", + "markdown": "" + }, + "deprecatedIds": [ + "OSV-1" + ], + "help": { + "text": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n", + "markdown": "**Your dependency is vulnerable to [OSV-1](https://osv.dev/list?q=OSV-1)**.\n\n## [OSV-1](https://osv.dev/vulnerability/OSV-1)\n\n\u003cdetails\u003e\n\u003csummary\u003eDetails\u003c/summary\u003e\n\n\u003e \n\n\u003c/details\u003e\n\n---\n\n### Affected Packages\n\n| Source | Package Name | Package Version |\n| --- | --- | --- |\n| :path/to/my/first/lockfile | mine1 | 1.2.3 |\n| :path/to/my/second/lockfile | mine1 | 1.2.3 |\n\n## Remediation\n\nIf you believe these vulnerabilities do not affect your code and wish to ignore them, add them to the ignore list in an\n`osv-scanner.toml` file located in the same directory as the lockfile containing the vulnerable dependency.\n\nSee the format and more options in our documentation here: https://google.github.io/osv-scanner/configuration/\n\nAdd or append these values to the following config files to ignore this vulnerability:\n\n`path/to/my/first/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n`path/to/my/second/osv-scanner.toml`\n\n```\n[[IgnoredVulns]]\nid = \"OSV-1\"\nreason = \"Your reason for ignoring this vulnerability\"\n```\n" + } + } + ], + "version": "1.7.2" + } + }, + "artifacts": [ + { + "location": { + "uri": "path/to/my/first/lockfile" + }, + "length": -1 + }, + { + "location": { + "uri": "path/to/my/second/lockfile" + }, + "length": -1 + } + ], + "results": [ + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/first/lockfile" + } + } + } + ] + }, + { + "ruleId": "OSV-1", + "ruleIndex": 0, + "level": "warning", + "message": { + "text": "Package 'mine1@1.2.3' is vulnerable to 'OSV-1'." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "path/to/my/second/lockfile" + } + } + } + ] + } + ] + } + ] +} + +--- diff --git a/internal/output/__snapshots__/table_test.snap b/internal/output/__snapshots__/table_test.snap new file mode 100755 index 00000000000..cc77791a0c2 --- /dev/null +++ b/internal/output/__snapshots__/table_test.snap @@ -0,0 +1,831 @@ + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ MIT │ Packagist │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ MIT │ Packagist │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/no_sources - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT, Apache-2.0 │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────────────────────╯ +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ MIT │ npm │ mine1 │ 1.3.5 │ path/to/my/third/lockfile │ +│ Apache-2.0 │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴───────────────────────────╯ +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴───────────────────────────╯ +╭───────────────────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ MIT │ npm │ mine2 │ 5.9.0 │ path/to/my/second/lockfile │ +╰───────────────────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-5 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 (dev) │ 3.2.5 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-3 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-5 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-5 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-3 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-5 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ Packagist │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-5 │ │ Packagist │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ NuGet │ mine2 │ 3.2.5 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-3 │ │ Packagist │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +│ https://osv.dev/OSV-5 │ │ Packagist │ mine3 │ 0.4.1 │ path/to/my/second/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/no_sources - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +╭──────────────────────────┬──────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├──────────────────────────┼──────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/GHSA-123 │ │ │ │ │ │ +╰──────────────────────────┴──────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +╭───────────────────────┬──────┬───────────┬─────────┬───────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼───────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-2 │ │ npm │ mine3 │ 0.10.2-rc │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴───────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬───────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼───────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴───────────────────────────╯ + +--- + +[TestPrintTableResults_LongTerminalWidth_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬────────────────────────────╮ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE │ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼────────────────────────────┤ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfile │ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/my/second/lockfile │ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴────────────────────────────╯ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] ++-------------------+-----------+---------+---------+----------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+----------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-------------------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] ++-------------------+-----------+---------+---------+----------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+----------------------------+ +| MIT | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | Packagist | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-------------------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] ++-------------------+-----------+---------+---------+----------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+----------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| Apache-2.0 | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| MIT | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-------------------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/no_sources - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT, Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] ++-----------------------+------+-----------+---------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-----------------------+------+-----------+---------+---------+----------------------------+ ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| MIT | npm | mine1 | 1.3.5 | path/to/my/third/lockfile | +| Apache-2.0 | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] ++-----------------------+------+-----------+---------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-----------------------+------+-----------+---------+---------+---------------------------+ ++-------------------+-----------+---------+---------+---------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+---------------------------+ +| MIT | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-------------------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] ++-----------------------+------+-----------+---------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-----------------------+------+-----------+---------+---------+---------------------------+ ++-------------------+-----------+---------+---------+----------------------------+ +| LICENSE VIOLATION | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-------------------+-----------+---------+---------+----------------------------+ +| MIT | npm | mine2 | 5.9.0 | path/to/my/second/lockfile | ++-------------------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] ++-----------------------+------+-----------+-------------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+-------------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 (dev) | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | ++-----------------------+------+-----------+-------------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] ++-----------------------+------+-----------+---------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | npm | mine3 | 0.4.1 | path/to/my/second/lockfile | ++-----------------------+------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] ++-----------------------+------+-----------+---------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/third/lockfile | ++-----------------------+------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] ++-----------------------+------+-----------+---------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-5 | | Packagist | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.2 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | NuGet | mine2 | 3.2.5 | path/to/my/second/lockfile | +| https://osv.dev/OSV-3 | | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile | +| https://osv.dev/OSV-5 | | Packagist | mine3 | 0.4.1 | path/to/my/second/lockfile | ++-----------------------+------+-----------+---------+---------+----------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/no_sources - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] ++-----------------------+------+-----------+---------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-----------------------+------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] ++-----------------------+------+-----------+-------------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+-------------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/first/lockfile | ++-----------------------+------+-----------+-------------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] ++--------------------------+------+-----------+---------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++--------------------------+------+-----------+---------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/GHSA-123 | | | | | | ++--------------------------+------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] ++-----------------------+------+-----------+---------+-----------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+-----------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-2 | | npm | mine3 | 0.10.2-rc | path/to/my/first/lockfile | ++-----------------------+------+-----------+---------+-----------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] ++-----------------------+------+-----------+---------+---------+---------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+---------+---------+---------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | ++-----------------------+------+-----------+---------+---------+---------------------------+ + +--- + +[TestPrintTableResults_NoTerminalWidth_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] ++-----------------------+------+-----------+-------------+---------+----------------------------+ +| OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | SOURCE | ++-----------------------+------+-----------+-------------+---------+----------------------------+ +| https://osv.dev/OSV-1 | | npm | mine1 | 1.2.3 | path/to/my/first/lockfile | +| https://osv.dev/OSV-1 | | npm | mine1 (dev) | 1.2.3 | path/to/my/second/lockfile | ++-----------------------+------+-----------+-------------+---------+----------------------------+ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_no_license_violations - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfi ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages,_some_license_violations#01 - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ Packagist │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfi ≈ +│ MIT │ Packagist │ mine1 │ 1.2.3 │ path/to/my/third/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_a_mixed_count_of_packages_and_groups,_some_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +│ Apache-2.0 │ npm │ mine2 │ 3.2.5 │ path/to/my/second/lockfi ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/no_sources - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_license_violations - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package,_no_licenses - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_an_unknown_license - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_multiple_license_violations - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT, Apache-2.0 │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/one_source_with_one_package_and_one_license_violation_(dev) - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations/two_sources_with_packages,_one_license_violation - 1] +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithMixedIssues/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities_and_license_violations - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/se ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/th ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +│ MIT │ npm │ mine1 │ 1.3.5 │ path/to/my/third/lockfil ≈ +│ Apache-2.0 │ npm │ mine1 │ 1.2.3 │ path/to/my/third/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithMixedIssues/one_source_with_one_package,_one_vulnerability,_and_one_license_violation - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine1 │ 1.2.3 │ path/to/my/first/lockfil ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithMixedIssues/two_sources_with_packages,_one_vulnerability,_one_license_violation - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ +╭───────────────────┬───────────┬─────────┬─────────┬───────────────────────── ≈ +│ LICENSE VIOLATION │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────┼───────────┼─────────┼─────────┼───────────────────────── ≈ +│ MIT │ npm │ mine2 │ 5.9.0 │ path/to/my/second/lockfi ≈ +╰───────────────────┴───────────┴─────────┴─────────┴───────────────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_grouped_packages,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/m ≈ +│ https://osv.dev/OSV-5 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/m ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/m ≈ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 (dev) │ 3.2.5 │ path/to/m ≈ +│ https://osv.dev/OSV-3 │ │ npm │ mine3 │ 0.4.1 │ path/to/m ≈ +│ https://osv.dev/OSV-5 │ │ npm │ mine3 │ 0.4.1 │ path/to/m ≈ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-5 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/se ≈ +│ https://osv.dev/OSV-3 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/se ≈ +│ https://osv.dev/OSV-5 │ │ npm │ mine3 │ 0.4.1 │ path/to/my/se ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages,_some_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-2 │ │ npm │ mine2 │ 3.2.5 │ path/to/my/se ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/th ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_a_mixed_count_of_packages_across_ecosystems,_and_multiple_vulnerabilities - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ Packagist │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-5 │ │ Packagist │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.2 │ path/to/my/fi ≈ +│ https://osv.dev/OSV-2 │ │ NuGet │ mine2 │ 3.2.5 │ path/to/my/se ≈ +│ https://osv.dev/OSV-3 │ │ Packagist │ mine3 │ 0.4.1 │ path/to/my/se ≈ +│ https://osv.dev/OSV-5 │ │ Packagist │ mine3 │ 0.4.1 │ path/to/my/se ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/multiple_sources_with_no_packages - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/no_sources - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_no_packages - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_one_package,_no_vulnerabilities - 1] + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_one_vulnerability_(dev) - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/m ≈ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_one_package_and_two_aliases_of_a_single_vulnerability - 1] +╭──────────────────────────┬──────┬───────────┬─────────┬─────────┬─────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├──────────────────────────┼──────┼───────────┼─────────┼─────────┼─────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my ≈ +│ https://osv.dev/GHSA-123 │ │ │ │ │ ≈ +╰──────────────────────────┴──────┴───────────┴─────────┴─────────┴─────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/one_source_with_vulnerabilities,_some_missing_content - 1] +╭───────────────────────┬──────┬───────────┬─────────┬───────────┬──────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼───────────┼──────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/ ≈ +│ https://osv.dev/OSV-2 │ │ npm │ mine3 │ 0.10.2-rc │ path/to/my/ ≈ +╰───────────────────────┴──────┴───────────┴─────────┴───────────┴──────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/two_sources_with_packages,_one_vulnerability - 1] +╭───────────────────────┬──────┬───────────┬─────────┬─────────┬────────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────┼─────────┼────────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/my/fi ≈ +╰───────────────────────┴──────┴───────────┴─────────┴─────────┴────────────── ≈ + +--- + +[TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities/two_sources_with_the_same_vulnerable_package - 1] +╭───────────────────────┬──────┬───────────┬─────────────┬─────────┬────────── ≈ +│ OSV URL │ CVSS │ ECOSYSTEM │ PACKAGE │ VERSION │ SOURCE ≈ +├───────────────────────┼──────┼───────────┼─────────────┼─────────┼────────── ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 │ 1.2.3 │ path/to/m ≈ +│ https://osv.dev/OSV-1 │ │ npm │ mine1 (dev) │ 1.2.3 │ path/to/m ≈ +╰───────────────────────┴──────┴───────────┴─────────────┴─────────┴────────── ≈ + +--- diff --git a/internal/output/githubannotation_test.go b/internal/output/githubannotation_test.go new file mode 100644 index 00000000000..568426b1036 --- /dev/null +++ b/internal/output/githubannotation_test.go @@ -0,0 +1,60 @@ +package output_test + +import ( + "bytes" + "testing" + + "github.com/google/osv-scanner/internal/output" + "github.com/google/osv-scanner/internal/testutility" +) + +func TestPrintGHAnnotationReport_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintGHAnnotationReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing GH annotation output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintGHAnnotationReport_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintGHAnnotationReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing GH annotation output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintGHAnnotationReport_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintGHAnnotationReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing GH annotation output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} diff --git a/internal/output/helpers_test.go b/internal/output/helpers_test.go new file mode 100644 index 00000000000..5f570eca8b4 --- /dev/null +++ b/internal/output/helpers_test.go @@ -0,0 +1,1556 @@ +package output_test + +import ( + "testing" + + "github.com/google/osv-scanner/pkg/models" +) + +type outputTestCaseArgs struct { + vulnResult *models.VulnerabilityResults +} + +type outputTestCase struct { + name string + args outputTestCaseArgs +} + +type outputTestRunner = func(t *testing.T, args outputTestCaseArgs) + +func testOutputWithVulnerabilities(t *testing.T, run outputTestRunner) { + t.Helper() + + tests := []outputTestCase{ + { + name: "no sources", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{}, + }, + }, + }, + { + name: "one source with no packages", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{}, + }, + }, + }, + }, + }, + { + name: "multiple sources with no packages", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{}, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{}, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{}, + }, + }, + }, + }, + }, + { + name: "one source with one package, no vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, no vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and one vulnerability", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and one vulnerability (dev)", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"dev"}, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "two sources with the same vulnerable package", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"dev"}, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and two aliases of a single vulnerability", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{ + IDs: []string{"OSV-1", "GHSA-123"}, + Aliases: []string{"OSV-1", "GHSA-123"}, + }}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + { + ID: "GHSA-123", + Summary: "Something scary!", + Aliases: []string{"OSV-1"}, + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "two sources with packages, one vulnerability", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "5.9.0", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, some vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-2", + Summary: "Something less scary!", + Severity: []models.Severity{{Type: "low", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, and multiple vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-1"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.2", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-2", + Summary: "Something less scary!", + Severity: []models.Severity{{Type: "low", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-3"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-3", + Summary: "Something mildly scary!", + Severity: []models.Severity{{Type: "medium", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of grouped packages, and multiple vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"dev", "optional"}, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-1"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.2", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + DepGroups: []string{"dev"}, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-2", + Summary: "Something less scary!", + Severity: []models.Severity{{Type: "low", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + DepGroups: []string{"build"}, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-3"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-3", + Summary: "Something mildly scary!", + Severity: []models.Severity{{Type: "medium", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages across ecosystems, and multiple vulnerabilities", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "Packagist", + }, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-1"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.2", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "NuGet", + }, + DepGroups: []string{"dev"}, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-2", + Summary: "Something less scary!", + Severity: []models.Severity{{Type: "low", Score: "1"}}, + }, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "Packagist", + }, + DepGroups: []string{"build"}, + Groups: []models.GroupInfo{ + {IDs: []string{"OSV-3"}}, + {IDs: []string{"OSV-5"}}, + }, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-3", + Summary: "Something mildly scary!", + Severity: []models.Severity{{Type: "medium", Score: "1"}}, + }, + { + ID: "OSV-5", + Summary: "Something scarier!", + Severity: []models.Severity{{Type: "extreme", Score: "1"}}, + }, + }, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with vulnerabilities, some missing content", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + {ID: "OSV-1", Details: "This vulnerability allows for some very scary stuff to happen - seriously, you'd not believe it!"}, + }, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.10.2-rc", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + {ID: "OSV-2"}, + }, + }, + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + run(t, tt.args) + }) + } +} + +func testOutputWithLicenseViolations(t *testing.T, run outputTestRunner) { + t.Helper() + + experimentalAnalysisConfig := models.ExperimentalAnalysisConfig{ + Licenses: models.ExperimentalLicenseConfig{Summary: false, Allowlist: []models.License{"ISC"}}, + } + + tests := []outputTestCase{ + { + name: "no sources", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{}, + }, + }, + }, + { + name: "one source with no packages", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{}, + }, + }, + }, + }, + }, + { + name: "multiple sources with no packages", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{}, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{}, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{}, + }, + }, + }, + }, + }, + { + name: "one source with one package, no licenses", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{}, + LicenseViolations: []models.License{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and an unknown license", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"UNKNOWN"}, + LicenseViolations: []models.License{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package, no license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, no license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and one license violation", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and one license violation (dev)", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"dev"}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "two sources with packages, one license violation", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "5.9.0", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, some license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{"Apache-2.0"}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages and groups, some license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"dev", "optional"}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + DepGroups: []string{"dev", "optional"}, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{"Apache-2.0"}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + DepGroups: []string{"build"}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages across ecosystems, some license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "Packagist", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{"Apache-2.0"}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "NuGet", + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "Packagist", + }, + DepGroups: []string{"dev"}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "one source with one package and multiple license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT", "Apache-2.0"}, + LicenseViolations: []models.License{"MIT", "Apache-2.0"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, some license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT", "Apache-2.0"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"UNKNOWN"}, + LicenseViolations: []models.License{"UNKNOWN"}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + run(t, tt.args) + }) + } +} + +func testOutputWithMixedIssues(t *testing.T, run outputTestRunner) { + t.Helper() + + experimentalAnalysisConfig := models.ExperimentalAnalysisConfig{ + Licenses: models.ExperimentalLicenseConfig{Summary: false, Allowlist: []models.License{"ISC"}}, + } + + tests := []outputTestCase{ + { + name: "one source with one package, one vulnerability, and one license violation", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "two sources with packages, one vulnerability, one license violation", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "5.9.0", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{}, + Vulnerabilities: models.Vulnerabilities{}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + }, + }, + }, + }, + { + name: "multiple sources with a mixed count of packages, some vulnerabilities and license violations", + args: outputTestCaseArgs{ + vulnResult: &models.VulnerabilityResults{ + ExperimentalAnalysisConfig: experimentalAnalysisConfig, + Results: []models.PackageSource{ + { + Source: models.SourceInfo{Path: "path/to/my/first/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/second/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine2", + Version: "3.2.5", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-2"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-2", + Summary: "Something less scary!", + Severity: []models.Severity{{Type: "low", Score: "1"}}, + }, + }, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + { + Package: models.PackageInfo{ + Name: "mine3", + Version: "0.4.1", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + Licenses: []models.License{"ISC"}, + LicenseViolations: []models.License{}, + }, + }, + }, + { + Source: models.SourceInfo{Path: "path/to/my/third/lockfile"}, + Packages: []models.PackageVulns{ + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.3.5", + Ecosystem: "npm", + }, + Vulnerabilities: models.Vulnerabilities{}, + Licenses: []models.License{"MIT"}, + LicenseViolations: []models.License{"MIT"}, + }, + { + Package: models.PackageInfo{ + Name: "mine1", + Version: "1.2.3", + Ecosystem: "npm", + }, + Groups: []models.GroupInfo{{IDs: []string{"OSV-1"}}}, + Vulnerabilities: models.Vulnerabilities{ + { + ID: "OSV-1", + Summary: "Something scary!", + Severity: []models.Severity{{Type: "high", Score: "1"}}, + }, + }, + Licenses: []models.License{"Apache-2.0"}, + LicenseViolations: []models.License{"Apache-2.0"}, + }, + }, + }, + }, + }, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + run(t, tt.args) + }) + } +} diff --git a/internal/output/machinejson_test.go b/internal/output/machinejson_test.go new file mode 100644 index 00000000000..c0225ead7bb --- /dev/null +++ b/internal/output/machinejson_test.go @@ -0,0 +1,60 @@ +package output_test + +import ( + "bytes" + "testing" + + "github.com/google/osv-scanner/internal/output" + "github.com/google/osv-scanner/internal/testutility" +) + +func TestPrintJSONResults_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintJSONResults(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing JSON output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintJSONResults_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintJSONResults(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing JSON output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintJSONResults_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintJSONResults(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing JSON output: %s", err) + } + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} diff --git a/internal/output/markdowntable_test.go b/internal/output/markdowntable_test.go new file mode 100644 index 00000000000..046fc94d019 --- /dev/null +++ b/internal/output/markdowntable_test.go @@ -0,0 +1,48 @@ +package output_test + +import ( + "bytes" + "testing" + + "github.com/google/osv-scanner/internal/output" + "github.com/google/osv-scanner/internal/testutility" +) + +func TestPrintMarkdownTableResults_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintMarkdownTableResults(args.vulnResult, outputWriter) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintMarkdownTableResults_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintMarkdownTableResults(args.vulnResult, outputWriter) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintMarkdownTableResults_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintMarkdownTableResults(args.vulnResult, outputWriter) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} diff --git a/internal/output/sarif_test.go b/internal/output/sarif_test.go index 1181a0701dc..7773e664d88 100644 --- a/internal/output/sarif_test.go +++ b/internal/output/sarif_test.go @@ -86,3 +86,69 @@ func TestPrintSARIFReport(t *testing.T) { }) } } + +func TestPrintSARIFReport_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintSARIFReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing SARIF output: %s", err) + } + + testutility.NewSnapshot().WithWindowsReplacements( + map[string]string{ + "path\\\\to\\\\my\\\\first/osv-scanner.toml": "path/to/my/first/osv-scanner.toml", + "path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml", + "path\\\\to\\\\my\\\\third/osv-scanner.toml": "path/to/my/third/osv-scanner.toml", + }).MatchText(t, outputWriter.String()) + }) +} + +func TestPrintSARIFReport_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintSARIFReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing SARIF output: %s", err) + } + + testutility.NewSnapshot().WithWindowsReplacements( + map[string]string{ + "path\\\\to\\\\my\\\\first/osv-scanner.toml": "path/to/my/first/osv-scanner.toml", + "path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml", + "path\\\\to\\\\my\\\\third/osv-scanner.toml": "path/to/my/third/osv-scanner.toml", + }).MatchText(t, outputWriter.String()) + }) +} + +func TestPrintSARIFReport_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + err := output.PrintSARIFReport(args.vulnResult, outputWriter) + + if err != nil { + t.Errorf("Error writing SARIF output: %s", err) + } + + testutility.NewSnapshot().WithWindowsReplacements( + map[string]string{ + "path\\\\to\\\\my\\\\first/osv-scanner.toml": "path/to/my/first/osv-scanner.toml", + "path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml", + "path\\\\to\\\\my\\\\third/osv-scanner.toml": "path/to/my/third/osv-scanner.toml", + }).MatchText(t, outputWriter.String()) + }) +} diff --git a/internal/output/table_test.go b/internal/output/table_test.go new file mode 100644 index 00000000000..45774bc08b2 --- /dev/null +++ b/internal/output/table_test.go @@ -0,0 +1,127 @@ +package output_test + +import ( + "bytes" + "testing" + + "github.com/google/osv-scanner/internal/output" + "github.com/google/osv-scanner/internal/testutility" + "github.com/jedib0t/go-pretty/v6/text" +) + +func TestPrintTableResults_StandardTerminalWidth_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 80) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_StandardTerminalWidth_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 80) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_StandardTerminalWidth_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 80) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_LongTerminalWidth_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 800) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_LongTerminalWidth_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 800) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_LongTerminalWidth_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, 800) + + testutility.NewSnapshot().MatchText(t, text.StripEscape(outputWriter.String())) + }) +} + +func TestPrintTableResults_NoTerminalWidth_WithVulnerabilities(t *testing.T) { + t.Parallel() + + testOutputWithVulnerabilities(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, -1) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintTableResults_NoTerminalWidth_WithLicenseViolations(t *testing.T) { + t.Parallel() + + testOutputWithLicenseViolations(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, -1) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +} + +func TestPrintTableResults_NoTerminalWidth_WithMixedIssues(t *testing.T) { + t.Parallel() + + testOutputWithMixedIssues(t, func(t *testing.T, args outputTestCaseArgs) { + t.Helper() + + outputWriter := &bytes.Buffer{} + output.PrintTableResults(args.vulnResult, outputWriter, -1) + + testutility.NewSnapshot().MatchText(t, outputWriter.String()) + }) +}