From 99bd0db9e2be1da3d3144bc5aedf23b9f7447e24 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Mon, 7 Feb 2022 07:59:05 -0500 Subject: cvss/v2scores_test.go: add TestNewV2SCoresFromFloats, add TestNewV2Scores test vectors --- cvss/v2scores_test.go | 99 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 64 insertions(+), 35 deletions(-) diff --git a/cvss/v2scores_test.go b/cvss/v2scores_test.go index b47cf05..cc54ba4 100644 --- a/cvss/v2scores_test.go +++ b/cvss/v2scores_test.go @@ -5,55 +5,84 @@ import ( "testing" ) -// build v2scores from slice of floats -func getTestScores(vals []float64) (v2Scores, error) { - // build expected score list - scores := make([]v2Score, 3) - for i, val := range(vals) { - if score, err := newV2Score(val); err != nil { - return v2Scores{}, err - } else { - scores[i] = score - } - } +func TestNewV2ScoresFromFloats(t *testing.T) { + // test out of bound errors + failTests := []struct { + name string // test name + vals []float64 // invalid base, temporal, and env scores + } {{ + name: "invalid base", + vals: []float64 { 11.0, 0.0, 0.0 }, + }, { + name: "invalid temporal", + vals: []float64 { 0.0, 11.0, 0.0 }, + }, { + name: "invalid env", + vals: []float64 { 0.0, 0.0, 11.0 }, + }} - // build expected scores - return v2Scores { - scores[0], - scores[1], - scores[2], - }, nil + for _, test := range(failTests) { + t.Run(test.name, func(t *testing.T) { + got, err := newV2ScoresFromFloats(test.vals[0], test.vals[1], test.vals[2]) + if err == nil { + t.Errorf("got %v, exp error", got) + } + }) + } } func TestNewV2Scores(t *testing.T) { + // test vectors from section 3.3 passTests := []struct { name string // test name val string // test cvss v2 vector exps []float64 // expected base, temporal, and env scores } {{ - name: "CVE-2002-0392", + name: "CVE-2002-0392/base", // 3.3.1 val: "AV:N/AC:L/Au:N/C:N/I:N/A:C", + exps: []float64 { 7.8, 0.0, 0.0 }, + }, { + name: "CVE-2002-0392/temporal", // 3.3.1 + val: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C", + exps: []float64 { 7.8, 6.4, 0.0 }, + }, { + name: "CVE-2002-0392/all", // 3.3.1 + val: "AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:H", exps: []float64 { 7.8, 6.4, 9.2 }, + }, { + name: "CVE-2003-0818/base", // 3.3.2 + val: "AV:N/AC:L/Au:N/C:C/I:C/A:C", + exps: []float64 { 10.0, 0.0, 0.0 }, + }, { + name: "CVE-2003-0818/temporal", // 3.3.2 + val: "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C", + exps: []float64 { 10.0, 8.3, 0.0 }, + }, { + name: "CVE-2003-0818/all", // 3.3.2 + val: "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:L", + exps: []float64 { 10.0, 8.3, 9.0 }, + }, { + name: "CVE-2003-0062/base", // 3.3.3 + val: "AV:L/AC:H/Au:N/C:C/I:C/A:C", + exps: []float64 { 6.2, 0.0, 0.0 }, + }, { + name: "CVE-2003-0062/temporal", // 3.3.3 + val: "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C", + exps: []float64 { 6.2, 4.9, 0.0 }, + }, { + name: "CVE-2003-0062/all", // 3.3.3 + val: "AV:L/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C/CDP:H/TD:H/CR:M/IR:M/AR:M", + exps: []float64 { 6.2, 4.9, 7.5 }, }} + // TODO: add additional test vectors using v2 calc for _, test := range(passTests) { t.Run(test.name, func(t *testing.T) { - // build expected score list - expScores := make([]v2Score, 3) - for i, val := range(test.exps) { - if s, err := newV2Score(val); err != nil { - t.Error(err) - return - } else { - expScores[i] = s - } - } - - // build expected scores - exp := v2Scores { - expScores[0], - expScores[1], - expScores[2], + // build expected result + exp, err := newV2ScoresFromFloats(test.exps[0], test.exps[1], test.exps[2]) + if err != nil { + t.Error(err) + return } // create vector, check for error @@ -70,7 +99,7 @@ func TestNewV2Scores(t *testing.T) { return } - + // compare to expected scores if !reflect.DeepEqual(got, exp) { t.Errorf("got %v, exp %v", got, exp) return -- cgit v1.2.3