Skip to content

Commit aef1a4c

Browse files
homoluctushomoluctus
authored
Merge pull request #36 from homoluctus/feature/validate_trivy_option
Modify a validation for trivy options
2 parents 57170cd + e8c23ae commit aef1a4c

File tree

5 files changed

+219
-125
lines changed

5 files changed

+219
-125
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ name: Vulnerability Scan
4141

4242
on:
4343
schedule:
44-
- cron: '00 9 * * *'
44+
- cron: '0 9 * * *'
4545

4646
jobs:
4747
scan:
@@ -51,7 +51,7 @@ jobs:
5151
- name: Pull docker image
5252
run: docker pull sample
5353

54-
- uses: homoluctus/gitrivy@v0.0.1
54+
- uses: homoluctus/gitrivy@v1.0.0
5555
with:
5656
token: ${{ secrets.GITHUB_TOKEN }}
5757
image: sample

__tests__/trivy.test.ts

Lines changed: 88 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ import { unlinkSync, writeFileSync } from 'fs';
33
import { Vulnerability, TrivyOption } from '../src/interface';
44

55
const downloader = new Downloader();
6+
const trivy = new Trivy();
67

78
function removeTrivyCmd(path: string) {
89
path = path.replace(/\/trivy$/, '');
@@ -54,7 +55,7 @@ describe('getDownloadUrl', () => {
5455
await expect(
5556
downloader['getDownloadUrl'](version, os)
5657
).rejects.toThrowError(
57-
'The Trivy version that you specified does not exist.'
58+
'Cloud not be found a Trivy asset that you specified.'
5859
);
5960
});
6061

@@ -64,7 +65,7 @@ describe('getDownloadUrl', () => {
6465
await expect(
6566
downloader['getDownloadUrl'](version, os)
6667
).rejects.toThrowError(
67-
'Cloud not be found Trivy asset that You specified.'
68+
'Cloud not be found a Trivy asset that you specified.'
6869
);
6970
});
7071
});
@@ -109,7 +110,7 @@ describe('Trivy command', () => {
109110
});
110111
});
111112

112-
describe('Scan', () => {
113+
describe('Trivy scan', () => {
113114
let trivyPath: string;
114115
const image: string = 'alpine:3.10';
115116

@@ -123,49 +124,49 @@ describe('Scan', () => {
123124
removeTrivyCmd(trivyPath);
124125
});
125126

126-
test('with valid options', () => {
127-
const options: TrivyOption = {
127+
test('with valid option', () => {
128+
const option: TrivyOption = {
128129
severity: 'HIGH,CRITICAL',
129130
vulnType: 'os,library',
130131
ignoreUnfixed: true,
131132
format: 'json',
132133
};
133-
const result: Vulnerability[] | string = Trivy.scan(
134+
const result: Vulnerability[] | string = trivy.scan(
134135
trivyPath,
135136
image,
136-
options
137+
option
137138
);
138139
expect(result.length).toBeGreaterThanOrEqual(1);
139140
expect(result).toBeInstanceOf(Object);
140141
});
141142

142143
test('without ignoreUnfixed', () => {
143-
const options: TrivyOption = {
144+
const option: TrivyOption = {
144145
severity: 'HIGH,CRITICAL',
145146
vulnType: 'os,library',
146147
ignoreUnfixed: false,
147148
format: 'json',
148149
};
149-
const result: Vulnerability[] | string = Trivy.scan(
150+
const result: Vulnerability[] | string = trivy.scan(
150151
trivyPath,
151152
image,
152-
options
153+
option
153154
);
154155
expect(result.length).toBeGreaterThanOrEqual(1);
155156
expect(result).toBeInstanceOf(Object);
156157
});
157158

158159
test('with table format', () => {
159-
const options: TrivyOption = {
160+
const option: TrivyOption = {
160161
severity: 'HIGH,CRITICAL',
161162
vulnType: 'os,library',
162163
ignoreUnfixed: false,
163164
format: 'table',
164165
};
165-
const result: Vulnerability[] | string = Trivy.scan(
166+
const result: Vulnerability[] | string = trivy.scan(
166167
trivyPath,
167168
image,
168-
options
169+
option
169170
);
170171
expect(result.length).toBeGreaterThanOrEqual(1);
171172
expect(result).toMatch(/alpine:3\.10/);
@@ -179,8 +180,8 @@ describe('Scan', () => {
179180
format: 'json',
180181
};
181182
expect(() => {
182-
Trivy.scan(trivyPath, image, invalidOption);
183-
}).toThrowError('severity option error: INVALID is unknown severity');
183+
trivy.scan(trivyPath, image, invalidOption);
184+
}).toThrowError('Trivy option error: INVALID is unknown severity');
184185
});
185186

186187
test('with invalid vulnType', () => {
@@ -191,8 +192,8 @@ describe('Scan', () => {
191192
format: 'json',
192193
};
193194
expect(() => {
194-
Trivy.scan(trivyPath, image, invalidOption);
195-
}).toThrowError('vuln-type option error: INVALID is unknown vuln-type');
195+
trivy.scan(trivyPath, image, invalidOption);
196+
}).toThrowError('Trivy option error: INVALID is unknown vuln-type');
196197
});
197198
});
198199

@@ -204,7 +205,7 @@ describe('Parse', () => {
204205
Vulnerabilities: null,
205206
},
206207
];
207-
const result = Trivy.parse(vulnerabilities);
208+
const result = trivy.parse(vulnerabilities);
208209
expect(result).toBe('');
209210
});
210211

@@ -247,9 +248,77 @@ describe('Parse', () => {
247248
],
248249
},
249250
];
250-
const result = Trivy.parse(vulnerabilities);
251+
const result = trivy.parse(vulnerabilities);
251252
expect(result).toMatch(
252253
/\|Title\|Severity\|CVE\|Package Name\|Installed Version\|Fixed Version\|References\|/
253254
);
254255
});
255256
});
257+
258+
describe('Validate trivy option', () => {
259+
test('with a valid severity', () => {
260+
const options: string[] = ['HIGH'];
261+
const result = trivy['validateSeverity'](options);
262+
expect(result).toBeTruthy();
263+
});
264+
265+
test('with two valid severities', () => {
266+
const options: string[] = ['HIGH', 'CRITICAL'];
267+
const result = trivy['validateSeverity'](options);
268+
expect(result).toBeTruthy();
269+
});
270+
271+
test('with an invalid severity', () => {
272+
const options: string[] = ['INVALID'];
273+
expect(() => {
274+
trivy['validateSeverity'](options);
275+
}).toThrowError('Trivy option error: INVALID is unknown severity');
276+
});
277+
278+
test('with two invalid severities', () => {
279+
const options: string[] = ['INVALID', 'ERROR'];
280+
expect(() => {
281+
trivy['validateSeverity'](options);
282+
}).toThrowError('Trivy option error: INVALID,ERROR is unknown severity');
283+
});
284+
285+
test('with an invalid and a valid severities', () => {
286+
const options: string[] = ['INVALID', 'HIGH'];
287+
expect(() => {
288+
trivy['validateSeverity'](options);
289+
}).toThrowError('Trivy option error: INVALID,HIGH is unknown severity');
290+
});
291+
292+
test('with a valid vuln-type', () => {
293+
const options: string[] = ['os'];
294+
const result = trivy['validateVulnType'](options);
295+
expect(result).toBeTruthy();
296+
});
297+
298+
test('with two valid vuln-types', () => {
299+
const options: string[] = ['os', 'library'];
300+
const result = trivy['validateVulnType'](options);
301+
expect(result).toBeTruthy();
302+
});
303+
304+
test('with an invalid vuln-type', () => {
305+
const options: string[] = ['INVALID'];
306+
expect(() => {
307+
trivy['validateVulnType'](options);
308+
}).toThrowError('Trivy option error: INVALID is unknown vuln-type');
309+
});
310+
311+
test('with two invalid vuln-types', () => {
312+
const options: string[] = ['INVALID', 'ERROR'];
313+
expect(() => {
314+
trivy['validateVulnType'](options);
315+
}).toThrowError('Trivy option error: INVALID,ERROR is unknown vuln-type');
316+
});
317+
318+
test('with a valid and an invalid vuln-types', () => {
319+
const options: string[] = ['INVALID', 'os'];
320+
expect(() => {
321+
trivy['validateVulnType'](options);
322+
}).toThrowError('Trivy option error: INVALID,os is unknown vuln-type');
323+
});
324+
});

0 commit comments

Comments
 (0)