org.owasp.dependencytrack.model.VulnerabilityTest.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.owasp.dependencytrack.model.VulnerabilityTest.java

Introduction

Here is the source code for org.owasp.dependencytrack.model.VulnerabilityTest.java

Source

/*
 * This file is part of Dependency-Track.
 *
 * Dependency-Track is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation, either version 3 of the License, or (at your option) any
 * later version.
 *
 * Dependency-Track is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * Dependency-Track. If not, see http://www.gnu.org/licenses/.
 *
 * Copyright (c) Axway. All Rights Reserved.
 */

package org.owasp.dependencytrack.model;

import static org.junit.Assert.assertEquals;

import org.junit.Test;
import org.springframework.transaction.annotation.Transactional;

import java.math.BigDecimal;

/**
 * JUnit test for the {@link Vulnerability} class.
 */
public class VulnerabilityTest {

    @Test
    @Transactional
    public void testObject() throws Exception {
        Vulnerability vulnerability = new Vulnerability();
        vulnerability.setId(1);
        vulnerability.setName("CVE-YYYY-XXXX");
        vulnerability.setMatchedCPE("cpe:/a/vendor:name:version");
        vulnerability.setDescription("CVE description");
        vulnerability.setCvssScore(new BigDecimal(5.5));
        vulnerability.setMatchedAllPreviousCPE("cpe:/a/previous:name:version");

        assertEquals(new Integer(1), vulnerability.getId());
        assertEquals("CVE-YYYY-XXXX", vulnerability.getName());
        assertEquals("cpe:/a/vendor:name:version", vulnerability.getMatchedCPE());
        assertEquals("CVE description", vulnerability.getDescription());
        assertEquals(new BigDecimal(5.5), vulnerability.getCvssScore());
        assertEquals("cpe:/a/previous:name:version", vulnerability.getMatchedAllPreviousCPE());
    }

    @Test
    @Transactional
    public void testSeverity() throws Exception {
        Vulnerability vulnerability = new Vulnerability();

        vulnerability.setCvssScore(new BigDecimal(0));
        assertEquals(Vulnerability.Severity.INFO, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(1));
        assertEquals(Vulnerability.Severity.LOW, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(3.9));
        assertEquals(Vulnerability.Severity.LOW, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(4.0));
        assertEquals(Vulnerability.Severity.MEDIUM, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(6.9));
        assertEquals(Vulnerability.Severity.MEDIUM, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(7.0));
        assertEquals(Vulnerability.Severity.HIGH, vulnerability.getSeverity());

        vulnerability.setCvssScore(new BigDecimal(10.0));
        assertEquals(Vulnerability.Severity.HIGH, vulnerability.getSeverity());
    }

}