dropped the ref check from the enricher (#65)

* dropped the ref check from the enricher * and the actual test
thought-machine · Oct 23, 2020 · 59b4fb2 · 59b4fb2
1 parent e1acad0
commit 59b4fb2
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 2 deletions.
diff --git a/pkg/enrichment/BUILD b/pkg/enrichment/BUILD
@@ -10,3 +10,18 @@ go_library(
         "//third_party/go:protobuf",
     ],
 )
+
+go_test(
+    name = "enrichment_test",
+    srcs = [
+        "issue.go",
+        "issue_test.go"
+    ],
+    deps = [
+        "//api/proto:v1",
+        "//third_party/go:stretchr_testify",
+        "//pkg/enrichment/db",
+        "//api/proto:v1",
+        "//third_party/go:protobuf",
+    ],
+)
diff --git a/pkg/enrichment/db/BUILD b/pkg/enrichment/db/BUILD
@@ -6,7 +6,7 @@ go_library(
     ],
     visibility = [
         "//cmd/enricher",
-        "//pkg/enrichment",
+        "//pkg/enrichment/...",
     ],
     deps = [
         "//pkg/enrichment/db/migrations",

diff --git a/pkg/enrichment/issue.go b/pkg/enrichment/issue.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"strings"
 
 	v1 "github.com/thought-machine/dracon/api/proto/v1"
 
@@ -18,10 +19,12 @@ import (
 // GetHash returns the hash of an issue
 func GetHash(i *v1.Issue) string {
 	h := md5.New()
+	sourceNoRef := strings.Split(i.GetSource(), "?ref=")
+
 	io.WriteString(h, i.GetTarget())
 	io.WriteString(h, i.GetType())
 	io.WriteString(h, i.GetTitle())
-	io.WriteString(h, i.GetSource())
+	io.WriteString(h, sourceNoRef[0])
 	io.WriteString(h, i.GetSeverity().String())
 	io.WriteString(h, fmt.Sprintf("%f", i.GetCvss()))
 	io.WriteString(h, i.GetConfidence().String())

diff --git a/pkg/enrichment/issue_test.go b/pkg/enrichment/issue_test.go
@@ -0,0 +1,34 @@
+package enrichment
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	v1 "github.com/thought-machine/dracon/api/proto/v1"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetHash(t *testing.T) {
+	expectedIssues := &v1.Issue{
+		Target:     "pkg:golang/github.com/coreos/[email protected]",
+		Type:       "Vulnerable Dependency",
+		Title:      "[CVE-2018-1099]  Improper Input Validation",
+		Source:     "git.foo.com/repo.git?ref=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+		Severity:   v1.Severity_SEVERITY_MEDIUM,
+		Cvss:       5.5,
+		Confidence: v1.Confidence_CONFIDENCE_HIGH,
+		Description: fmt.Sprintf("CVSS Score: %v\nCvssVector: %s\nCve: %s\nCwe: %s\nReference: %s\n",
+			"5.5", "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "CVE-2018-1099",
+			"", "https://ossindex.sonatype.org/vuln/8a190129-526c-4ee0-b663-92f38139c165"),
+	}
+	assert.Equal(t, GetHash(expectedIssues), "ccc217a4c2fd348bc5c6c4d73ad4311a")
+
+	expectedIssues.Source = strings.NewReplacer("aa", "bc").Replace(expectedIssues.Source)
+	// Test for regression on Bug where we would calculate ?ref=<> value for enrichment
+	assert.Equal(t, GetHash(expectedIssues), "ccc217a4c2fd348bc5c6c4d73ad4311a")
+
+	expectedIssues.Source = strings.NewReplacer("git.foo.com/repo.git", "https://example.com/foo/bar").Replace(expectedIssues.Source)
+	assert.NotEqual(t, GetHash(expectedIssues), "3c73dcc2f7c647a4ff460249074a8d50")
+}