internal/report: add test for each type of lint

Ensure that every type of lint has at least one test, to prep for
refactoring.

Change-Id: Ia9eb8b5015fde17d9fb2f74d671bcc9706b6f7cd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/542355
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

internal/report/lint_test.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/google/go-cmp/cmp"
 	"golang.org/x/vulndb/internal/osv"
 	"golang.org/x/vulndb/internal/proxy"
 )
@@ -84,6 +85,7 @@ func TestLint(t *testing.T) {
 	for _, test := range []struct {
 		desc   string
 		report Report
+		pc     *proxy.Client
 		want   []string
 	}{
 		{
@@ -97,6 +99,7 @@ func TestLint(t *testing.T) {
 						},
 					}})
 			}),
+			pc: pc,
 			// No lints.
 		},
 		{
@@ -110,6 +113,7 @@ func TestLint(t *testing.T) {
 						},
 					}})
 			}),
+			pc:   pc,
 			want: []string{`version 0.2.5 does not exist`},
 		},
 		{
@@ -123,12 +127,37 @@ func TestLint(t *testing.T) {
 						},
 					}})
 			}),
+			pc:   pc,
 			want: []string{`module is not canonical`},
 		},
+		{
+			desc: "multiple problems",
+			report: validReport(func(r *Report) {
+				r.Modules = append(r.Modules, &Module{
+					Module: "github.com/golang/vuln",
+					Versions: []VersionRange{
+						{
+							Introduced: "0.1.0",
+							Fixed:      "0.2.5", // does not exist
+						},
+						{
+							Introduced: "0.2.6", // does not exist
+						},
+					}})
+			}),
+			pc:   pc,
+			want: []string{"2 versions do not exist: 0.2.5, 0.2.6 and module is not canonical"},
+		},
+		{
+			desc:   "nil proxy client",
+			report: validReport(noop),
+			pc:     nil,
+			want:   []string{"proxy client is nil"},
+		},
 	} {
 		test := test
 		t.Run(test.desc, func(t *testing.T) {
-			got := test.report.Lint(pc)
+			got := test.report.Lint(test.pc)
 			checkLints(t, got, test.want)
 		})
 	}
@@ -188,6 +217,20 @@ func TestLintOffline(t *testing.T) {
 			}),
 			want: []string{"missing description"},
 		},
+		{
+			desc: "description line length too long",
+			report: validReport(func(r *Report) {
+				r.Description = "This line is too long; it needs to be shortened to less than 80 characters to pass the lint check"
+			}),
+			want: []string{"description contains line > 80 characters long"},
+		},
+		{
+			desc: "description: long word OK",
+			report: validReport(func(r *Report) {
+				r.Description = "http://1234567890.abcdefghijklmnopqrstuvwxyz.1234567890.abcdefghijklmnopqrstuvwxyz" // 82 chars ok if single word
+			}),
+			want: []string{},
+		},
 		{
 			desc: "missing summary",
 			report: validReport(func(r *Report) {
@@ -257,6 +300,15 @@ func TestLintOffline(t *testing.T) {
 			}),
 			want: []string{"vulnerable_at version 2.0.0 is not inside vulnerable range"},
 		},
+		{
+			desc: "unsupported versions",
+			report: validStdReport(func(r *Report) {
+				r.Modules[0].UnsupportedVersions = []UnsupportedVersion{
+					{Version: "1.2.1", Type: "unknown"},
+				}
+			}),
+			want: []string{"version issue: 1 unsupported version(s)"},
+		},
 		{
 			desc: "third party: module is not a prefix of package",
 			report: validReport(func(r *Report) {
@@ -274,12 +326,19 @@ func TestLintOffline(t *testing.T) {
 			want: []string{"malformed import path"},
 		},
 		{
-			desc: "standard library: missing package",
+			desc: "standard library: empty package",
 			report: validStdReport(func(r *Report) {
 				r.Modules[0].Packages[0].Package = ""
 			}),
 			want: []string{"missing package"},
 		},
+		{
+			desc: "standard library: missing packages",
+			report: validStdReport(func(r *Report) {
+				r.Modules[0].Packages = nil
+			}),
+			want: []string{"missing package"},
+		},
 		{
 			desc: "toolchain: wrong module",
 			report: validStdReport(func(r *Report) {
@@ -310,6 +369,20 @@ func TestLintOffline(t *testing.T) {
 			}),
 			want: []string{`range events must be in strictly ascending order (found 1.3.0>=1.2.1)`},
 		},
+		{
+			desc: "versions still checked if no vulnerable_at",
+			report: validStdReport(func(r *Report) {
+				r.Modules[0].VulnerableAt = ""
+				r.Modules[0].Versions = []VersionRange{
+					// Two fixed versions in a row with no introduced.
+					{Fixed: "1.2.1"}, {Fixed: "1.3.2"},
+				}
+			}),
+			want: []string{
+				"introduced and fixed versions must alternate",
+				"missing skip_fix and vulnerable_at",
+			},
+		},
 		{
 			desc: "invalid semantic version",
 			report: validStdReport(func(r *Report) {
@@ -432,9 +505,10 @@ func TestLintOffline(t *testing.T) {
 				`"https://groups.google.com/forum/#!/golang-announce/12345/1/" should be "https://groups.google.com/g/golang-announce/c/12345/m/1/"`},
 		},
 		{
-			desc: "standard library: unfixed/missing links",
+			desc: "standard library: incorrect links",
 			report: validStdReport(func(r *Report) {
 				r.References = []*Reference{
+					{Type: osv.ReferenceTypeAdvisory, URL: "http://www.example.com"},
 					{Type: osv.ReferenceTypeFix, URL: "https://go-review.googlesource.com/c/go/+/12345"},
 					{Type: osv.ReferenceTypeFix, URL: "https://github.com/golang/go/commit/12345"},
 					{Type: osv.ReferenceTypeReport, URL: "https://github.com/golang/go/issues/12345"},
@@ -444,6 +518,7 @@ func TestLintOffline(t *testing.T) {
 			}),
 			want: []string{
 				// Standard library specific errors.
+				"advisory reference should not be set",
 				"fix reference should match",
 				"report reference should match",
 				"references should contain an announcement link",
@@ -453,6 +528,19 @@ func TestLintOffline(t *testing.T) {
 				`"https://github.com/golang/go/issues/12345" should be "https://go.dev/issue/12345"`,
 			},
 		},
+		{
+			desc: "standard library: missing links",
+			report: validStdReport(func(r *Report) {
+				r.References = []*Reference{
+					// no links
+				}
+			}),
+			want: []string{
+				"references should contain at least one report",
+				"references should contain at least one fix",
+				"references should contain an announcement link",
+			},
+		},
 		{
 			desc: "invalid URL",
 			report: validReport(func(r *Report) {
@@ -616,3 +704,28 @@ func TestCheckFilename(t *testing.T) {
 		})
 	}
 }
+
+func TestLintAsNotes(t *testing.T) {
+	// A report with lints.
+	report := validReport(
+		func(r *Report) {
+			r.Summary = ""
+			r.Notes = []*Note{
+				{Body: "an existing lint that will be deleted", Type: NoteTypeLint},
+				{Body: "a note added by a human", Type: NoteTypeNone}}
+		},
+	)
+
+	found := report.LintAsNotes(nil)
+	if !found {
+		t.Error("LintAsNotes() = false, want true")
+	}
+
+	want, got := []*Note{
+		{Body: "a note added by a human", Type: NoteTypeNone}, // preserved
+		{Body: "missing summary", Type: NoteTypeLint},
+		{Body: "proxy client is nil; cannot perform all lint checks", Type: NoteTypeLint}}, report.Notes
+	if diff := cmp.Diff(want, got); diff != "" {
+		t.Errorf("mismatch (-want, +got):\n%s", diff)
+	}
+}

internal/report/testdata/proxy/TestLint.json

@@ -3,6 +3,12 @@
 		"body": "module golang.org/x/vuln\n\ngo 1.18\n\nrequire (\n\tgithub.com/client9/misspell v0.3.4\n\tgithub.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786\n\tgithub.com/google/go-cmp v0.5.8\n\tgolang.org/x/mod v0.10.0\n\tgolang.org/x/sync v0.1.0\n\tgolang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47\n\thonnef.co/go/tools v0.4.3\n\tmvdan.cc/unparam v0.0.0-20230312165513-e84e2d14e3b8\n)\n\nrequire (\n\tgithub.com/BurntSushi/toml v1.2.1 // indirect\n\tgithub.com/google/renameio v0.1.0 // indirect\n\tgolang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect\n\tgolang.org/x/sys v0.7.0 // indirect\n)\n",
 		"status_code": 200
 	},
+	"github.com/golang/vuln/@v/v0.2.5.mod": {
+		"status_code": 404
+	},
+	"github.com/golang/vuln/@v/v0.2.6.mod": {
+		"status_code": 404
+	},
 	"golang.org/x/net/@v/v0.2.0.mod": {
 		"body": "module golang.org/x/net\n\ngo 1.17\n\nrequire (\n\tgolang.org/x/sys v0.2.0\n\tgolang.org/x/term v0.2.0\n\tgolang.org/x/text v0.4.0\n)\n",
 		"status_code": 200