diff --git a/vulnfeeds/cmd/nvd-cve-osv/main.go b/vulnfeeds/cmd/nvd-cve-osv/main.go index e4bed073e8d..3881da154e9 100644 --- a/vulnfeeds/cmd/nvd-cve-osv/main.go +++ b/vulnfeeds/cmd/nvd-cve-osv/main.go @@ -197,12 +197,6 @@ func refAcceptable(ref cves.Reference, tagDenyList []string) bool { // Examines the CVE references for a CVE and derives repos for it, optionally caching it. func ReposFromReferences(CVE string, cache VendorProductToRepoMap, vp *VendorProduct, refs []cves.Reference, tagDenyList []string) (repos []string) { - // This currently only gets called for cache misses, but make it not rely on that assumption. - if vp != nil { - if cachedRepos, ok := cache[*vp]; ok { - return cachedRepos - } - } for _, ref := range refs { // If any of the denylist tags are in the ref's tag set, it's out of consideration. if !refAcceptable(ref, tagDenyList) { @@ -225,6 +219,7 @@ func ReposFromReferences(CVE string, cache VendorProductToRepoMap, vp *VendorPro repos = append(repos, repo) maybeUpdateVPRepoCache(cache, vp, repo) } + Logger.Infof("[%s]: Derived %q for %q %q using references", CVE, repos, vp.Vendor, vp.Product) return repos } diff --git a/vulnfeeds/cmd/nvd-cve-osv/main_test.go b/vulnfeeds/cmd/nvd-cve-osv/main_test.go index 3fdba38addb..50a87169a54 100644 --- a/vulnfeeds/cmd/nvd-cve-osv/main_test.go +++ b/vulnfeeds/cmd/nvd-cve-osv/main_test.go @@ -27,7 +27,7 @@ func TestReposFromReferences(t *testing.T) { cache: nil, vp: &VendorProduct{"theradsystem_project", "theradsystem"}, refs: []cves.Reference{ - { + { Source: "cna@vuldb.com", Tags: []string{"Patch", "Third Party Advisory"}, Url: "https://github.com/saemorris/TheRadSystem/commit/bfba26bd34af31648a11af35a0bb66f1948752a6"}, @@ -45,3 +45,80 @@ func TestReposFromReferences(t *testing.T) { }) } } + +func Test_maybeUpdateVPRepoCache(t *testing.T) { + type args struct { + cache VendorProductToRepoMap + vp *VendorProduct + repos []string + } + tests := []struct { + name string + args args + wantCache VendorProductToRepoMap + }{ + { + name: "Test with no cache", + args: args{ + cache: nil, + vp: &VendorProduct{"avendor", "aproduct"}, + repos: []string{"https://github.com/google/osv.dev"}, + }, + wantCache: nil, + }, + { + name: "Test with an empty cache", + args: args{ + cache: VendorProductToRepoMap{}, + vp: &VendorProduct{"avendor", "aproduct"}, + repos: []string{"https://github.com/google/osv.dev"}, + }, + wantCache: VendorProductToRepoMap{ + VendorProduct{"avendor", "aproduct"}: []string{"https://github.com/google/osv.dev"}, + }, + }, + { + name: "Test with an empty cache and an unusable repo", + args: args{ + cache: VendorProductToRepoMap{}, + vp: &VendorProduct{"avendor", "aproduct"}, + repos: []string{"https://github.com/vendor/repo"}, + }, + wantCache: VendorProductToRepoMap{}, + }, + { + name: "Test with an existing cache", + args: args{ + cache: VendorProductToRepoMap{ + VendorProduct{"avendor", "aproduct"}: []string{"https://github.com/google/osv.dev"}, + }, + vp: &VendorProduct{"avendor", "aproduct"}, + repos: []string{"https://github.com/google/osv-scanner"}, + }, + wantCache: VendorProductToRepoMap{ + VendorProduct{"avendor", "aproduct"}: []string{"https://github.com/google/osv.dev", "https://github.com/google/osv-scanner"}, + }, + }, + { + name: "Test with an empty cache adding two values", + args: args{ + cache: VendorProductToRepoMap{}, + vp: &VendorProduct{"avendor", "aproduct"}, + repos: []string{"https://github.com/google/osv.dev", "https://github.com/google/osv-scanner"}, + }, + wantCache: VendorProductToRepoMap{ + VendorProduct{"avendor", "aproduct"}: []string{"https://github.com/google/osv.dev", "https://github.com/google/osv-scanner"}, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for _, repo := range tt.args.repos { + maybeUpdateVPRepoCache(tt.args.cache, tt.args.vp, repo) + } + if !reflect.DeepEqual(tt.args.cache, tt.wantCache) { + t.Errorf("maybeUpdateVPRepoCache() have %#v, wanted %#v", tt.args.cache, tt.wantCache) + } + }) + } +}