diff --git a/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx b/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx
index bde3209eb..a39d8c4ad 100644
--- a/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx
+++ b/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx
@@ -1,6 +1,7 @@
import { render, screen } from '@testing-library/react';
+import moment from 'moment';
-import { SecurityReport } from '../../../types';
+import { SecurityReport, VulnerabilitySeverity } from '../../../types';
import OldVulnerabilitiesWarning from './OldVulnerabilitiesWarning';
const getMockSecurityReport = (fixtureId: string): SecurityReport => {
@@ -8,6 +9,153 @@ const getMockSecurityReport = (fixtureId: string): SecurityReport => {
return require(`./__fixtures__/OldVulnerabilitiesWarning/${fixtureId}.json`) as SecurityReport;
};
+const newVulnerabilities: SecurityReport = {
+ 'quay.io/jetstack/cert-manager-webhook:v1.10.0': {
+ Results: [
+ {
+ Type: 'debian',
+ Target: 'quay.io/jetstack/cert-manager-webhook:v1.10.0 (debian 11.5)',
+ Vulnerabilities: [],
+ },
+ {
+ Type: 'gobinary',
+ Target: 'app/cmd/webhook/webhook',
+ Vulnerabilities: [
+ {
+ CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
+ Layer: {
+ DiffID: 'sha256:002652e5c179500bcb06986020c069b3f699cc4f6f5f9b5108a42e9539d4ee08',
+ Digest: 'sha256:842780859203bdf9901566e980b169740100ae043113776440cd8009adfcc69a',
+ },
+ Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
+ CweIDs: ['CWE-772'],
+ PkgName: 'golang.org/x/text',
+ Severity: VulnerabilitySeverity.High,
+ DataSource: {
+ ID: 'go-vulndb',
+ URL: 'https://github.com/golang/vulndb',
+ Name: 'The Go Vulnerability Database',
+ },
+ PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
+ References: [
+ 'https://access.redhat.com/security/cve/CVE-2022-32149',
+ 'https://go.dev/cl/442235',
+ 'https://go.dev/issue/56152',
+ 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
+ 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
+ 'https://pkg.go.dev/vuln/GO-2022-1059',
+ ],
+ Description:
+ 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
+ FixedVersion: '0.3.8',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
+ SeveritySource: 'nvd',
+ VulnerabilityID: 'CVE-2022-32149',
+ InstalledVersion: 'v0.3.7',
+ LastModifiedDate: '2022-10-18T17:41:00Z',
+ },
+ ],
+ },
+ ],
+ },
+ 'quay.io/jetstack/cert-manager-cainjector:v1.10.0': {
+ Results: [
+ {
+ Type: 'debian',
+ Target: 'quay.io/jetstack/cert-manager-cainjector:v1.10.0 (debian 11.5)',
+ Vulnerabilities: [],
+ },
+ {
+ Type: 'gobinary',
+ Target: 'app/cmd/cainjector/cainjector',
+ Vulnerabilities: [
+ {
+ CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
+ Layer: {
+ DiffID: 'sha256:d7b53b485f3b00ad6ecc5f653b041822132e22e1e0f09132c70c5b1aed5d722f',
+ Digest: 'sha256:967b87101ad2ce0ed54b2d88a6eea4023007934f0de47baa0d8760585d43f6ef',
+ },
+ Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
+ CweIDs: ['CWE-772'],
+ PkgName: 'golang.org/x/text',
+ Severity: VulnerabilitySeverity.High,
+ DataSource: {
+ ID: 'go-vulndb',
+ URL: 'https://github.com/golang/vulndb',
+ Name: 'The Go Vulnerability Database',
+ },
+ PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
+ References: [
+ 'https://access.redhat.com/security/cve/CVE-2022-32149',
+ 'https://go.dev/cl/442235',
+ 'https://go.dev/issue/56152',
+ 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
+ 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
+ 'https://pkg.go.dev/vuln/GO-2022-1059',
+ ],
+ Description:
+ 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
+ FixedVersion: '0.3.8',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
+ SeveritySource: 'nvd',
+ VulnerabilityID: 'CVE-2022-32149',
+ InstalledVersion: 'v0.3.7',
+ LastModifiedDate: '2022-10-18T17:41:00Z',
+ },
+ ],
+ },
+ ],
+ },
+ 'quay.io/jetstack/cert-manager-controller:v1.10.0': {
+ Results: [
+ {
+ Type: 'debian',
+ Target: 'quay.io/jetstack/cert-manager-controller:v1.10.0 (debian 11.5)',
+ Vulnerabilities: [],
+ },
+ {
+ Type: 'gobinary',
+ Target: 'app/cmd/controller/controller',
+ Vulnerabilities: [
+ {
+ CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } },
+ Layer: {
+ DiffID: 'sha256:06a3a97a7b63241e5595f04c73e83ac21499a236e33360e5b0ace3534505db11',
+ Digest: 'sha256:73a5853f02715f2dc1eb75e31714bc6a8038b749d179990c576fcda7c060af2d',
+ },
+ Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags',
+ CweIDs: ['CWE-772'],
+ PkgName: 'golang.org/x/text',
+ Severity: VulnerabilitySeverity.High,
+ DataSource: {
+ ID: 'go-vulndb',
+ URL: 'https://github.com/golang/vulndb',
+ Name: 'The Go Vulnerability Database',
+ },
+ PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149',
+ References: [
+ 'https://access.redhat.com/security/cve/CVE-2022-32149',
+ 'https://go.dev/cl/442235',
+ 'https://go.dev/issue/56152',
+ 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ',
+ 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU',
+ 'https://pkg.go.dev/vuln/GO-2022-1059',
+ ],
+ Description:
+ 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
+ FixedVersion: '0.3.8',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
+ SeveritySource: 'nvd',
+ VulnerabilityID: 'CVE-2022-32149',
+ InstalledVersion: 'v0.3.7',
+ LastModifiedDate: '2022-10-18T17:41:00Z',
+ },
+ ],
+ },
+ ],
+ },
+};
+
describe('OldVulnerabilitiesWarning', () => {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
let dateNowSpy: any;
@@ -43,8 +191,7 @@ describe('OldVulnerabilitiesWarning', () => {
describe('does not render warning', () => {
it('when vulnerabilities are not older than 2 years', () => {
- const report = getMockSecurityReport('3');
- const { container } = render();
+ const { container } = render();
expect(container).toBeEmptyDOMElement();
});
diff --git a/web/src/utils/checkIfOldVulnerabilities.test.tsx b/web/src/utils/checkIfOldVulnerabilities.test.tsx
index 6e41ffb5a..8fde570e8 100644
--- a/web/src/utils/checkIfOldVulnerabilities.test.tsx
+++ b/web/src/utils/checkIfOldVulnerabilities.test.tsx
@@ -1,3 +1,5 @@
+import moment from 'moment';
+
import { SecurityReport, VulnerabilitySeverity } from '../types';
import checkIfOldVulnerabilities from './checkIfOldVulnerabilities';
@@ -55,7 +57,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -104,7 +106,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -153,7 +155,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -211,7 +213,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -260,7 +262,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2020-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -309,7 +311,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -367,7 +369,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -416,7 +418,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2020-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -465,7 +467,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -523,7 +525,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2020-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -572,7 +574,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2020-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -621,7 +623,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -679,7 +681,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -728,7 +730,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-10-14T15:15:00Z',
+ PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',
@@ -777,7 +779,7 @@ const tests: Test[] = [
Description:
'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.',
FixedVersion: '0.3.8',
- PublishedDate: '2022-08-14T15:15:00Z',
+ PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'),
SeveritySource: 'nvd',
VulnerabilityID: 'CVE-2022-32149',
InstalledVersion: 'v0.3.7',