48 lines
1.6 KiB
Python
48 lines
1.6 KiB
Python
"""Real end-to-end test of scan against real ingested data.
|
|
|
|
Each case = (eco, pkg, vulnerable_version, safe_version)
|
|
"""
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
sys.path.insert(0, str(Path(__file__).resolve().parent.parent / "src"))
|
|
|
|
from scan import scan_dependency
|
|
|
|
CASES = [
|
|
# (ecosystem, package, vuln_version, safe_version, expected_min_severity)
|
|
("go", "github.com/daptin/daptin", "0.11.3", "0.12.0", "critical"),
|
|
("npm", "mathjs", "15.1.0", "15.2.0", "high"),
|
|
("npm", "unhead", "3.0.0", "3.0.1", "low"),
|
|
("pip", "rembg", "2.0.74", "2.0.75", "medium"),
|
|
("npm", "paperclipai", "2026.409.0", "2026.410.0", "critical"),
|
|
]
|
|
|
|
|
|
def main():
|
|
failures = 0
|
|
for eco, pkg, vuln_v, safe_v, expected_sev in CASES:
|
|
vh = scan_dependency(eco, pkg, vuln_v)
|
|
sh = scan_dependency(eco, pkg, safe_v)
|
|
vuln_ok = len(vh) > 0
|
|
safe_ok = len(sh) == 0
|
|
status_v = "OK" if vuln_ok else "FAIL"
|
|
status_s = "OK" if safe_ok else "FAIL"
|
|
if not vuln_ok or not safe_ok:
|
|
failures += 1
|
|
sev = vh[0].severity if vh else "—"
|
|
cve = vh[0].cve_id if vh else "—"
|
|
print(
|
|
f" [{status_v}] {eco:5} {pkg:30} {vuln_v:13} → {len(vh)} hit ({sev}, {cve})"
|
|
)
|
|
print(
|
|
f" [{status_s}] {eco:5} {pkg:30} {safe_v:13} → {len(sh)} hit (expected 0)"
|
|
)
|
|
print()
|
|
print(f"=== {len(CASES) * 2 - failures}/{len(CASES) * 2} checks passed ===")
|
|
return 0 if failures == 0 else 1
|
|
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|