private static FormattedCell VulnerabilityToSeverityFormattedCell(PackageVulnerabilityMetadata vulnerability)
{
switch (vulnerability?.Severity ?? -1)
{
case 0: return(new FormattedCell("Low", foregroundColor: null)); // default color for low severity
case 1: return(new FormattedCell("Moderate", foregroundColor: ConsoleColor.Yellow));
case 2: return(new FormattedCell("High", foregroundColor: ConsoleColor.Red));
case 3: return(new FormattedCell("Critical", foregroundColor: ConsoleColor.Red));
}
return(new FormattedCell(string.Empty, foregroundColor: null));
}
public async Task GetLocalPackageMetadataAsync_WhenMultipleSourcesHavePackage_WithVulnerabilityMetadata()
{
// Arrange
var vulnerabilities1 = new PackageVulnerabilityMetadata[]
{
new PackageVulnerabilityMetadata()
{
AdvisoryUrl = new Uri("https://example/advisory/1"), Severity = 2
},
new PackageVulnerabilityMetadata()
{
AdvisoryUrl = new Uri("https://example/advisory/2"), Severity = 1
}
};
var vulnerabilities2 = new PackageVulnerabilityMetadata[]
{
new PackageVulnerabilityMetadata()
{
AdvisoryUrl = new Uri("https://example/advisory/3"), Severity = 0
},
new PackageVulnerabilityMetadata()
{
AdvisoryUrl = new Uri("https://example/advisory/4"), Severity = 1
}
};
IPackageSearchMetadata metadata1 = new MockPackageSearchMetadata()
{
Identity = TestPackageIdentity, Vulnerabilities = vulnerabilities1
};
IPackageSearchMetadata metadata2 = new MockPackageSearchMetadata()
{
Identity = TestPackageIdentity, Vulnerabilities = vulnerabilities2
};
Mock.Get(_globalMetadataResource)
.Setup(x => x.GetMetadataAsync(TestPackageIdentity.Id, true, true, It.IsAny <SourceCacheContext>(), It.IsAny <Common.ILogger>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(new[] { metadata1 });
Mock.Get(_metadataResource)
.Setup(x => x.GetMetadataAsync(TestPackageIdentity.Id, true, false, It.IsAny <SourceCacheContext>(), It.IsAny <Common.ILogger>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(new[] { metadata2 });
// Act
var metadata = await _target.GetLocalPackageMetadataAsync(
TestPackageIdentity,
includePrerelease : true,
cancellationToken : CancellationToken.None);
// Assert
Mock.Get(_metadataResource).Verify(
x => x.GetMetadataAsync(TestPackageIdentity.Id, true, false, It.IsAny <SourceCacheContext>(), It.IsAny <Common.ILogger>(), It.IsAny <CancellationToken>()),
Times.Once);
Assert.NotNull(metadata.Vulnerabilities);
Assert.Collection(metadata.Vulnerabilities,
item =>
{
Assert.Equal(item.AdvisoryUrl, new Uri("https://example/advisory/1"));
Assert.Equal(item.Severity, 2);
},
item =>
{
Assert.Equal(item.AdvisoryUrl, new Uri("https://example/advisory/2"));
Assert.Equal(item.Severity, 1);
});
}
