diff options
| author | Ethan Lee <ethanalee@google.com> | 2026-03-11 21:30:08 +0000 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2026-03-30 13:36:55 -0700 |
| commit | ed9f544b260433d32a59bb7e9b52d7cafda78eec (patch) | |
| tree | 48cb3a336a7a16de3f777f836ad2be1b57591a65 /internal/api/api_test.go | |
| parent | 8514eebca6ca7b3213e879faa2a83c7e9ea6e181 (diff) | |
| download | go-x-pkgsite-ed9f544b260433d32a59bb7e9b52d7cafda78eec.tar.xz | |
internal/api: implement vulnerabilities endpoint
- Create vulnerabilities endpoint using server vuln client.
Change-Id: I234c96851f7682a13bda97aa3e5018d0439e05da
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/754866
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ethan Lee <ethanalee@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
kokoro-CI: kokoro <noreply+kokoro@google.com>
Diffstat (limited to 'internal/api/api_test.go')
| -rw-r--r-- | internal/api/api_test.go | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/internal/api/api_test.go b/internal/api/api_test.go index a0ded1d2..0bc409c5 100644 --- a/internal/api/api_test.go +++ b/internal/api/api_test.go @@ -16,8 +16,10 @@ import ( "github.com/google/go-cmp/cmp" "golang.org/x/pkgsite/internal" + "golang.org/x/pkgsite/internal/osv" "golang.org/x/pkgsite/internal/testing/fakedatasource" "golang.org/x/pkgsite/internal/testing/sample" + "golang.org/x/pkgsite/internal/vuln" ) func TestServePackage(t *testing.T) { @@ -768,6 +770,69 @@ func TestServePackageImportedBy(t *testing.T) { } } +func TestServeVulnerabilities(t *testing.T) { + ds := fakedatasource.New() + vc, err := vuln.NewInMemoryClient([]*osv.Entry{ + { + ID: "VULN-1", + Summary: "Vulnerability 1", + Affected: []osv.Affected{ + { + Module: osv.Module{Path: "example.com"}, + Ranges: []osv.Range{{Type: osv.RangeTypeSemver, Events: []osv.RangeEvent{{Introduced: "0"}, {Fixed: "1.1.0"}}}}, + }, + }, + }, + }) + if err != nil { + t.Fatal(err) + } + + for _, test := range []struct { + name string + url string + wantStatus int + wantCount int + }{ + { + name: "all vulns", + url: "/v1/vulns/example.com?version=v1.0.0", + wantStatus: http.StatusOK, + wantCount: 1, + }, + { + name: "no vulns", + url: "/v1/vulns/example.com?version=v1.2.0", + wantStatus: http.StatusOK, + wantCount: 0, + }, + } { + t.Run(test.name, func(t *testing.T) { + r := httptest.NewRequest("GET", test.url, nil) + w := httptest.NewRecorder() + + err := ServeVulnerabilities(vc)(w, r, ds) + if err != nil && w.Code != test.wantStatus { + t.Fatalf("ServeVulnerabilities returned error: %v", err) + } + + if w.Code != test.wantStatus { + t.Errorf("status = %d, want %d", w.Code, test.wantStatus) + } + + if test.wantStatus == http.StatusOK { + var got PaginatedResponse[Vulnerability] + if err := json.Unmarshal(w.Body.Bytes(), &got); err != nil { + t.Fatalf("json.Unmarshal: %v", err) + } + if len(got.Items) != test.wantCount { + t.Errorf("count = %d, want %d", len(got.Items), test.wantCount) + } + } + }) + } +} + // unmarshalResponse unmarshals an API response into either // a *T or an *Error. func unmarshalResponse[T any](data []byte) (any, error) { |