From 684849897d689ffd5cd96c7383b26e4940c1dbc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cintia=20S=C3=A1nchez=20Garc=C3=ADa?= Date: Tue, 15 Oct 2024 17:49:52 +0200 Subject: [PATCH] Fix some frontend tests (#4102) --- .../OldVulnerabilitiesWarning.test.tsx | 153 +++++++++++++++++- .../utils/checkIfOldVulnerabilities.test.tsx | 32 ++-- 2 files changed, 167 insertions(+), 18 deletions(-) diff --git a/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx b/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx index bde3209eb..a39d8c4ad 100644 --- a/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx +++ b/web/src/layout/package/securityReport/OldVulnerabilitiesWarning.test.tsx @@ -1,6 +1,7 @@ import { render, screen } from '@testing-library/react'; +import moment from 'moment'; -import { SecurityReport } from '../../../types'; +import { SecurityReport, VulnerabilitySeverity } from '../../../types'; import OldVulnerabilitiesWarning from './OldVulnerabilitiesWarning'; const getMockSecurityReport = (fixtureId: string): SecurityReport => { @@ -8,6 +9,153 @@ const getMockSecurityReport = (fixtureId: string): SecurityReport => { return require(`./__fixtures__/OldVulnerabilitiesWarning/${fixtureId}.json`) as SecurityReport; }; +const newVulnerabilities: SecurityReport = { + 'quay.io/jetstack/cert-manager-webhook:v1.10.0': { + Results: [ + { + Type: 'debian', + Target: 'quay.io/jetstack/cert-manager-webhook:v1.10.0 (debian 11.5)', + Vulnerabilities: [], + }, + { + Type: 'gobinary', + Target: 'app/cmd/webhook/webhook', + Vulnerabilities: [ + { + CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } }, + Layer: { + DiffID: 'sha256:002652e5c179500bcb06986020c069b3f699cc4f6f5f9b5108a42e9539d4ee08', + Digest: 'sha256:842780859203bdf9901566e980b169740100ae043113776440cd8009adfcc69a', + }, + Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags', + CweIDs: ['CWE-772'], + PkgName: 'golang.org/x/text', + Severity: VulnerabilitySeverity.High, + DataSource: { + ID: 'go-vulndb', + URL: 'https://github.com/golang/vulndb', + Name: 'The Go Vulnerability Database', + }, + PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149', + References: [ + 'https://access.redhat.com/security/cve/CVE-2022-32149', + 'https://go.dev/cl/442235', + 'https://go.dev/issue/56152', + 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ', + 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU', + 'https://pkg.go.dev/vuln/GO-2022-1059', + ], + Description: + 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', + FixedVersion: '0.3.8', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), + SeveritySource: 'nvd', + VulnerabilityID: 'CVE-2022-32149', + InstalledVersion: 'v0.3.7', + LastModifiedDate: '2022-10-18T17:41:00Z', + }, + ], + }, + ], + }, + 'quay.io/jetstack/cert-manager-cainjector:v1.10.0': { + Results: [ + { + Type: 'debian', + Target: 'quay.io/jetstack/cert-manager-cainjector:v1.10.0 (debian 11.5)', + Vulnerabilities: [], + }, + { + Type: 'gobinary', + Target: 'app/cmd/cainjector/cainjector', + Vulnerabilities: [ + { + CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } }, + Layer: { + DiffID: 'sha256:d7b53b485f3b00ad6ecc5f653b041822132e22e1e0f09132c70c5b1aed5d722f', + Digest: 'sha256:967b87101ad2ce0ed54b2d88a6eea4023007934f0de47baa0d8760585d43f6ef', + }, + Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags', + CweIDs: ['CWE-772'], + PkgName: 'golang.org/x/text', + Severity: VulnerabilitySeverity.High, + DataSource: { + ID: 'go-vulndb', + URL: 'https://github.com/golang/vulndb', + Name: 'The Go Vulnerability Database', + }, + PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149', + References: [ + 'https://access.redhat.com/security/cve/CVE-2022-32149', + 'https://go.dev/cl/442235', + 'https://go.dev/issue/56152', + 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ', + 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU', + 'https://pkg.go.dev/vuln/GO-2022-1059', + ], + Description: + 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', + FixedVersion: '0.3.8', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), + SeveritySource: 'nvd', + VulnerabilityID: 'CVE-2022-32149', + InstalledVersion: 'v0.3.7', + LastModifiedDate: '2022-10-18T17:41:00Z', + }, + ], + }, + ], + }, + 'quay.io/jetstack/cert-manager-controller:v1.10.0': { + Results: [ + { + Type: 'debian', + Target: 'quay.io/jetstack/cert-manager-controller:v1.10.0 (debian 11.5)', + Vulnerabilities: [], + }, + { + Type: 'gobinary', + Target: 'app/cmd/controller/controller', + Vulnerabilities: [ + { + CVSS: { nvd: { V3Score: 7.5, V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H' } }, + Layer: { + DiffID: 'sha256:06a3a97a7b63241e5595f04c73e83ac21499a236e33360e5b0ace3534505db11', + Digest: 'sha256:73a5853f02715f2dc1eb75e31714bc6a8038b749d179990c576fcda7c060af2d', + }, + Title: 'golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags', + CweIDs: ['CWE-772'], + PkgName: 'golang.org/x/text', + Severity: VulnerabilitySeverity.High, + DataSource: { + ID: 'go-vulndb', + URL: 'https://github.com/golang/vulndb', + Name: 'The Go Vulnerability Database', + }, + PrimaryURL: 'https://avd.aquasec.com/nvd/cve-2022-32149', + References: [ + 'https://access.redhat.com/security/cve/CVE-2022-32149', + 'https://go.dev/cl/442235', + 'https://go.dev/issue/56152', + 'https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ', + 'https://groups.google.com/g/golang-dev/c/qfPIly0X7aU', + 'https://pkg.go.dev/vuln/GO-2022-1059', + ], + Description: + 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', + FixedVersion: '0.3.8', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), + SeveritySource: 'nvd', + VulnerabilityID: 'CVE-2022-32149', + InstalledVersion: 'v0.3.7', + LastModifiedDate: '2022-10-18T17:41:00Z', + }, + ], + }, + ], + }, +}; + describe('OldVulnerabilitiesWarning', () => { // eslint-disable-next-line @typescript-eslint/no-explicit-any let dateNowSpy: any; @@ -43,8 +191,7 @@ describe('OldVulnerabilitiesWarning', () => { describe('does not render warning', () => { it('when vulnerabilities are not older than 2 years', () => { - const report = getMockSecurityReport('3'); - const { container } = render(); + const { container } = render(); expect(container).toBeEmptyDOMElement(); }); diff --git a/web/src/utils/checkIfOldVulnerabilities.test.tsx b/web/src/utils/checkIfOldVulnerabilities.test.tsx index 6e41ffb5a..8fde570e8 100644 --- a/web/src/utils/checkIfOldVulnerabilities.test.tsx +++ b/web/src/utils/checkIfOldVulnerabilities.test.tsx @@ -1,3 +1,5 @@ +import moment from 'moment'; + import { SecurityReport, VulnerabilitySeverity } from '../types'; import checkIfOldVulnerabilities from './checkIfOldVulnerabilities'; @@ -55,7 +57,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -104,7 +106,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -153,7 +155,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -211,7 +213,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -260,7 +262,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2020-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -309,7 +311,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -367,7 +369,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -416,7 +418,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2020-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -465,7 +467,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -523,7 +525,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2020-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -572,7 +574,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2020-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -621,7 +623,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -679,7 +681,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -728,7 +730,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-10-14T15:15:00Z', + PublishedDate: moment().subtract(6, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7', @@ -777,7 +779,7 @@ const tests: Test[] = [ Description: 'An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.', FixedVersion: '0.3.8', - PublishedDate: '2022-08-14T15:15:00Z', + PublishedDate: moment().subtract(26, 'months').format('YYYY-MM-DDTHH:mm:ss[Z]'), SeveritySource: 'nvd', VulnerabilityID: 'CVE-2022-32149', InstalledVersion: 'v0.3.7',