From e7890f86d097862d66e89bbf110f4074d5e41311 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sun, 27 Aug 2023 05:41:38 +0100 Subject: [PATCH 01/20] Reboot --- cmd/wordfence.go | 37 - cmd/wordfence_gen.go | 180 --- cmd/wpsecadvi/.gitignore | 1 + main.go => cmd/wpsecadvi/main.go | 7 +- cmd/{ => wpsecadvi}/root.go | 55 +- composer/data/packagist_org.yml | 14 - composer/json.go | 77 - composer/json_test.go | 270 ---- composer/marshal.go | 85 -- composer/marshal_test.go | 106 -- composer/searcher.go | 112 -- composer/searcher_test.go | 97 -- go.mod | 28 +- go.sum | 486 +------ semver/constraints.go | 169 --- semver/constraints_test.go | 1244 ----------------- wordfence/client.go | 65 - wordfence/client_test.go | 70 - wordfence/fixture_test.go | 225 --- wordfence/generator.go | 85 -- wordfence/generator_test.go | 110 -- .../testdata/production.composer.json.golden | 12 - wordfence/testdata/production.json | 182 --- wordfence/vulnerability.go | 121 -- wordfence/vulnerability_test.go | 344 ----- 25 files changed, 26 insertions(+), 4156 deletions(-) delete mode 100644 cmd/wordfence.go delete mode 100644 cmd/wordfence_gen.go create mode 100644 cmd/wpsecadvi/.gitignore rename main.go => cmd/wpsecadvi/main.go (94%) rename cmd/{ => wpsecadvi}/root.go (56%) delete mode 100644 composer/data/packagist_org.yml delete mode 100644 composer/json.go delete mode 100644 composer/json_test.go delete mode 100644 composer/marshal.go delete mode 100644 composer/marshal_test.go delete mode 100644 composer/searcher.go delete mode 100644 composer/searcher_test.go delete mode 100644 semver/constraints.go delete mode 100644 semver/constraints_test.go delete mode 100644 wordfence/client.go delete mode 100644 wordfence/client_test.go delete mode 100644 wordfence/fixture_test.go delete mode 100644 wordfence/generator.go delete mode 100644 wordfence/generator_test.go delete mode 100644 wordfence/testdata/production.composer.json.golden delete mode 100644 wordfence/testdata/production.json delete mode 100644 wordfence/vulnerability.go delete mode 100644 wordfence/vulnerability_test.go diff --git a/cmd/wordfence.go b/cmd/wordfence.go deleted file mode 100644 index fa1db3a..0000000 --- a/cmd/wordfence.go +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package cmd - -import ( - "github.com/spf13/cobra" -) - -// wordfenceCmd represents the wordfence command -var wordfenceCmd = &cobra.Command{ - Use: "wordfence", - Short: "Commands for Wordfence", -} - -func init() { - rootCmd.AddCommand(wordfenceCmd) -} diff --git a/cmd/wordfence_gen.go b/cmd/wordfence_gen.go deleted file mode 100644 index ae8b2ad..0000000 --- a/cmd/wordfence_gen.go +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package cmd - -import ( - "fmt" - "github.com/spf13/cobra" - "github.com/spf13/viper" - "github.com/typisttech/wpsecadvi/composer" - "github.com/typisttech/wpsecadvi/wordfence" - "net/http" - "os" -) - -var ( - scanner bool - production bool - - baseContent []byte - - wordfenceGenCmd = &cobra.Command{ - Use: "gen {--scanner|--production}", - Example: ` - - $ wpsecadvi wordfence gen --scanner - - Generate from Wordfence scanner feed - - $ wpsecadvi wordfence gen --production - - Generate from Wordfence production feed - - $ wpsecadvi wordfence gen --base /path/to/composer.base.json - - Merge with a base JSON file - - $ wpsecadvi wordfence gen --ignore UUID1 --ignore CVE-2099-0001 - - Skip vulnerabilities by CVEs (production feed only) or UUIDs - - $ wpsecadvi wordfence gen --plugin-vendor foo --plugin-vendor wpackagist-plugin - - Use custom plugin vendor names. - - $ wpsecadvi wordfence gen --theme-vendor foo --theme-vendor wpackagist-theme - - Use custom theme vendor names. -`, - Short: "Generate composer conflicts from vulnerability data feed", - PreRunE: func(cmd *cobra.Command, args []string) error { - if !scanner && !production { - return fmt.Errorf("error: missing feed selection. Excatly one of %s flags required", []string{"scanner", "production"}) - } - - if err := readBaseContent(); err != nil { - return err - } - - return nil - }, - Run: func(cmd *cobra.Command, args []string) { - g := wordfence.NewGenerator( - newClient(), - newSearcher(), - ) - - j, err := g.Generate( - viper.GetStringSlice("wordfence.gen.ignore"), - ) - cobra.CheckErr(err) - - jBytes, err := j.Merge(baseContent) - cobra.CheckErr(err) - - fmt.Fprintln(os.Stdout, string(jBytes)) - }, - } -) - -func init() { - wordfenceCmd.AddCommand(wordfenceGenCmd) - - // Feed selection. - wordfenceGenCmd.Flags().BoolVar(&scanner, "scanner", false, "Generate from Wordfence scanner feed") - wordfenceGenCmd.Flags().BoolVar(&production, "production", false, "Generate from Wordfence production feed") - wordfenceGenCmd.MarkFlagsMutuallyExclusive("scanner", "production") - - // Ignore UUIDs and CVEs. - defaultIgnore := []string{ - // As of 03rd January 2023, this vulnerability affects all WordPress versions. - // https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-core/wordpress-core-611-unauthenticated-blind-server-side-request-forgery - "CVE-2022-3590", "112ed4f2-fe91-4d83-a3f7-eaf889870af4", - } - wordfenceGenCmd.Flags().StringArrayP("ignore", "i", defaultIgnore, "CVEs or UUIDs to ignore") - viper.BindPFlag("wordfence.gen.ignore", wordfenceGenCmd.Flags().Lookup("ignore")) - viper.SetDefault("wordfence.gen.ignore", defaultIgnore) - - wordfenceGenCmd.Flags().StringP("base", "b", "", "Base composer.json to merge") - viper.BindPFlag("wordfence.gen.base", wordfenceGenCmd.Flags().Lookup("base")) - - pv := []string{composer.WPackagistPluginVendor} - wordfenceGenCmd.Flags().StringArrayP("plugin-vendor", "p", pv, "Plugin vendor") - viper.BindPFlag("wordfence.gen.plugin-vendor", wordfenceGenCmd.Flags().Lookup("plugin-vendor")) - viper.SetDefault("wordfence.gen.plugin-vendor", pv) - - tv := []string{composer.WPackagistThemeVendor} - wordfenceGenCmd.Flags().StringArrayP("theme-vendor", "t", tv, "Theme vendor") - viper.BindPFlag("wordfence.gen.theme-vendor", wordfenceGenCmd.Flags().Lookup("theme-vendor")) - viper.SetDefault("wordfence.gen.theme-vendor", tv) -} - -func readBaseContent() error { - base := viper.GetString("wordfence.gen.base") - if base == "" { - baseContent = []byte(`{}`) - return nil - } - - bc, err := os.ReadFile(base) - if err != nil { - return err - } - - baseContent = bc - - return nil -} - -func newSearcher() composer.CompositedSearcher { - s := composer.NewCompositedSearcher() - - for _, v := range viper.GetStringSlice("wordfence.gen.plugin-vendor") { - if v == "" { - continue - } - s.AddSearcher( - composer.NewPrefixedSearcher(composer.WPPlugin, v), - ) - } - for _, v := range viper.GetStringSlice("wordfence.gen.theme-vendor") { - if v == "" { - continue - } - s.AddSearcher( - composer.NewPrefixedSearcher(composer.WPTheme, v), - ) - } - - return s -} - -func newClient() wordfence.Client { - hc := http.DefaultClient - - if scanner { - return wordfence.NewScannerFeedClient(hc) - } - - return wordfence.NewProductionFeedClient(hc) -} diff --git a/cmd/wpsecadvi/.gitignore b/cmd/wpsecadvi/.gitignore new file mode 100644 index 0000000..477ca7a --- /dev/null +++ b/cmd/wpsecadvi/.gitignore @@ -0,0 +1 @@ +wpsecadvi \ No newline at end of file diff --git a/main.go b/cmd/wpsecadvi/main.go similarity index 94% rename from main.go rename to cmd/wpsecadvi/main.go index 42bcffa..dc24dae 100644 --- a/main.go +++ b/cmd/wpsecadvi/main.go @@ -19,11 +19,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ - package main -import "github.com/typisttech/wpsecadvi/cmd" - func main() { - cmd.Execute() -} + Execute() +} \ No newline at end of file diff --git a/cmd/root.go b/cmd/wpsecadvi/root.go similarity index 56% rename from cmd/root.go rename to cmd/wpsecadvi/root.go index b470d60..eea7c95 100644 --- a/cmd/root.go +++ b/cmd/wpsecadvi/root.go @@ -20,24 +20,27 @@ * THE SOFTWARE. */ -package cmd +package main import ( - "fmt" "os" "github.com/spf13/cobra" - "github.com/spf13/viper" ) -var cfgFile string - // rootCmd represents the base command when called without any subcommands var rootCmd = &cobra.Command{ Use: "wpsecadvi", - Short: "Generate composer conflicts for WordPress-related known security vulnerabilities", - Long: `Generate composer meta packages to ensures WordPress projects don't have -dependencies with known security vulnerabilities installed.`, + Short: "A brief description of your application", + Long: `A longer description that spans multiple lines and likely contains +examples and usage of using your application. For example: + +Cobra is a CLI library for Go that empowers applications. +This application is a tool to generate the needed files +to quickly create a Cobra application.`, + // Uncomment the following line if your bare application + // has an action associated with it: + // Run: func(cmd *cobra.Command, args []string) { }, } // Execute adds all child commands to the root command and sets flags appropriately. @@ -50,33 +53,13 @@ func Execute() { } func init() { - cobra.OnInitialize(initConfig) + // Here you will define your flags and configuration settings. + // Cobra supports persistent flags, which, if defined here, + // will be global for your application. - rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (defaults are $HOME/.wpsecadvi.yaml and $PWD/.wpsecadvi.yaml)") -} + // rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.wpsecadvi.yaml)") -// initConfig reads in config file and ENV variables if set. -func initConfig() { - if cfgFile != "" { - // Use config file from the flag. - viper.SetConfigFile(cfgFile) - } else { - // Find home directory. - home, err := os.UserHomeDir() - cobra.CheckErr(err) - - // Search config in home directory with name ".wpsecadvi" (without extension). - viper.AddConfigPath(home) - // Look for config in the working directory - viper.AddConfigPath(".") - viper.SetConfigType("yaml") - viper.SetConfigName(".wpsecadvi") - } - - viper.AutomaticEnv() // read in environment variables that match - - // If a config file is found, read it in. - if err := viper.ReadInConfig(); err == nil { - fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed()) - } -} + // Cobra also supports local flags, which will only run + // when this action is called directly. + rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") +} \ No newline at end of file diff --git a/composer/data/packagist_org.yml b/composer/data/packagist_org.yml deleted file mode 100644 index fdfa7f0..0000000 --- a/composer/data/packagist_org.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -# https://packagist.org/?type=wordpress-core -# https://packagist.org/providers/wordpress/core-implementation -core: - - johnpbloch/wordpress-core - - pantheon-systems/wordpress-composer - - roots/wordpress-full - - roots/wordpress-no-content - -plugin: - wp-rocket: - # https://docs.wp-rocket.me/article/1301-wp-rocket-installation-from-github-using-composer - - wp-media/wp-rocket \ No newline at end of file diff --git a/composer/json.go b/composer/json.go deleted file mode 100644 index 53670fb..0000000 --- a/composer/json.go +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -type JSON struct { - conflicts map[string]Link -} - -type stringer interface { - String() string -} - -type Link struct { - name string - constraints stringer -} - -func NewLink(name string, constraints stringer) Link { - return Link{ - name: name, - constraints: constraints, - } -} - -func (j *JSON) AddConflict(l Link) { - if j.conflicts == nil { - j.conflicts = make(map[string]Link) - } - - j.conflicts[l.name] = l -} - -type marshallableJSON struct { - Conflict map[string]string `json:"conflicts"` -} - -func (j JSON) MarshalJSON() ([]byte, error) { - conflict := make(map[string]string, len(j.conflicts)) - for _, l := range j.conflicts { - conflict[l.name] = l.constraints.String() - } - - mj := marshallableJSON{ - Conflict: conflict, - } - - return jsonUnescapedMarshal(mj) -} - -func (j JSON) Merge(other []byte) ([]byte, error) { - bs, err := j.MarshalJSON() - if err != nil { - return nil, err - } - - return jsonMerge(bs, other) -} diff --git a/composer/json_test.go b/composer/json_test.go deleted file mode 100644 index 1916ded..0000000 --- a/composer/json_test.go +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -import ( - "encoding/json" - "github.com/stretchr/testify/assert" - "testing" -) - -type mockStringer struct { - str string -} - -func (ms mockStringer) String() string { - return ms.str -} - -func TestJSON_AddConflict(t *testing.T) { - type fields struct { - conflicts map[string]Link - } - type args struct { - l Link - } - tests := []struct { - name string - fields fields - args args - }{ - { - name: "single", - fields: fields{conflicts: nil}, - args: args{l: Link{ - name: "foo", - constraints: mockStringer{str: ">=1.2.3,<2.2.3"}, - }}, - }, - { - name: "multiple", - fields: fields{ - conflicts: map[string]Link{ - "bar": { - name: "bar", - constraints: mockStringer{str: ">=9.8.7"}, - }, - }, - }, - args: args{l: Link{ - name: "foo", - constraints: mockStringer{str: ">=1.2.3,<2.2.3"}, - }}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - j := &JSON{conflicts: tc.fields.conflicts} - - j.AddConflict(tc.args.l) - - assert.Contains(t, j.conflicts, tc.args.l.name) - assert.Equal(t, tc.args.l, j.conflicts[tc.args.l.name]) - }) - } -} - -func TestJSON_AddConflict_repetitive(t *testing.T) { - foo := Link{ - name: "foo", - constraints: mockStringer{str: ">=1.2.3,<2.2.3"}, - } - bar := Link{ - name: "bar", - constraints: mockStringer{str: ">=9.8.7"}, - } - - j := &JSON{} - - j.AddConflict(foo) - j.AddConflict(bar) - - assert.Contains(t, j.conflicts, foo.name) - assert.Equal(t, foo, j.conflicts[foo.name]) - assert.Contains(t, j.conflicts, bar.name) - assert.Equal(t, bar, j.conflicts[bar.name]) -} - -func TestJSON_MarshalJSON(t *testing.T) { - type fields struct { - conflicts map[string]Link - } - tests := []struct { - name string - fields fields - want string - }{ - { - name: "single", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - }}, - want: `{"conflicts": {"foo/bar": ">=1,<2.2"}}`, - }, - { - name: "multiple", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - "bar/bar": { - name: "bar/bar", - constraints: mockStringer{str: ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}, - }, - "baz/bar": { - name: "baz/bar", - constraints: mockStringer{str: "*"}, - }, - }}, - want: `{"conflicts": {"baz/bar": "*", "foo/bar": ">=1,<2.2", "bar/bar": ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}}`, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - j := &JSON{ - conflicts: tc.fields.conflicts, - } - - got, err := json.Marshal(j) - - if err != nil { - t.Errorf("Unexpected error %v", err) - return - } - - assert.JSONEq(t, tc.want, string(got)) - }) - } -} - -func TestJSON_Merge(t *testing.T) { - type fields struct { - conflicts map[string]Link - } - type args struct { - other string - } - tests := []struct { - name string - fields fields - args args - want string - wantErr bool - }{ - { - name: "single merge empty", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - }}, - args: args{other: "{}"}, - want: `{"conflicts": {"foo/bar": ">=1,<2.2"}}`, - wantErr: false, - }, - { - name: "multiple merge empty", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - "bar/bar": { - name: "bar/bar", - constraints: mockStringer{str: ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}, - }, - "baz/bar": { - name: "baz/bar", - constraints: mockStringer{str: "*"}, - }, - }}, - args: args{other: "{}"}, - want: `{"conflicts": {"baz/bar": "*", "foo/bar": ">=1,<2.2", "bar/bar": ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}}`, - wantErr: false, - }, - { - name: "merge", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - "bar/bar": { - name: "bar/bar", - constraints: mockStringer{str: ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}, - }, - "baz/bar": { - name: "baz/bar", - constraints: mockStringer{str: "*"}, - }, - }}, - args: args{other: `{"name": "foo/bar"}`}, - want: `{"name": "foo/bar", "conflicts": {"baz/bar": "*", "foo/bar": ">=1,<2.2", "bar/bar": ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}}`, - wantErr: false, - }, - { - name: "override conflict", - fields: fields{conflicts: map[string]Link{ - "foo/bar": { - name: "foo/bar", - constraints: mockStringer{str: ">=1,<2.2"}, - }, - "bar/bar": { - name: "bar/bar", - constraints: mockStringer{str: ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}, - }, - "baz/bar": { - name: "baz/bar", - constraints: mockStringer{str: "*"}, - }, - }}, - args: args{other: `{"name": "foo/bar", "conflicts": {"baz/bar": "1.2.3"}}`}, - want: `{"name": "foo/bar", "conflicts": {"baz/bar": "*", "foo/bar": ">=1,<2.2", "bar/bar": ">=1.2.3,<2.2.3|>=8.8.8|<=9.9.9"}}`, - wantErr: false, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - j := JSON{ - conflicts: tc.fields.conflicts, - } - got, err := j.Merge([]byte(tc.args.other)) - - if tc.wantErr { - assert.Error(t, err) - return - } - - if !assert.NoError(t, err) { - return - } - - assert.JSONEq(t, tc.want, string(got)) - }) - } -} diff --git a/composer/marshal.go b/composer/marshal.go deleted file mode 100644 index 15ffbc1..0000000 --- a/composer/marshal.go +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -import ( - "bytes" - "encoding/json" -) - -func jsonUnescapedMarshal(v any) ([]byte, error) { - buf := new(bytes.Buffer) - enc := json.NewEncoder(buf) - enc.SetEscapeHTML(false) - - err := enc.Encode(v) - - return buf.Bytes(), err -} - -// jsonMerge merges the two JSON-marshaled []byte -// preferring a over b when the keys from both objects -// are included and their values merged recursively. -// -// It returns an error if a or b cannot be JSON-unmarshalled. -func jsonMerge(a, b []byte) ([]byte, error) { - var j1 interface{} - err := json.Unmarshal(a, &j1) - if err != nil { - return nil, err - } - - var j2 interface{} - err = json.Unmarshal(b, &j2) - if err != nil { - return nil, err - } - - merged := mergeInterfaces(j1, j2) - - return jsonUnescapedMarshal(merged) -} - -func mergeInterfaces(x1, x2 interface{}) interface{} { - switch x1 := x1.(type) { - case map[string]interface{}: - x2, ok := x2.(map[string]interface{}) - if !ok { - return x1 - } - for k, v2 := range x2 { - if v1, ok := x1[k]; ok { - x1[k] = mergeInterfaces(v1, v2) - } else { - x1[k] = v2 - } - } - case nil: - // mergeInterfaces(nil, map[string]interface{...}) -> map[string]interface{...} - x2, ok := x2.(map[string]interface{}) - if ok { - return x2 - } - } - return x1 -} diff --git a/composer/marshal_test.go b/composer/marshal_test.go deleted file mode 100644 index 9c4ea99..0000000 --- a/composer/marshal_test.go +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -import ( - "github.com/stretchr/testify/assert" - "testing" -) - -func Test_jsonMerge(t *testing.T) { - type args struct { - a string - b string - } - tests := []struct { - name string - args args - want string - wantErr bool - }{ - { - name: "empty json", - args: args{a: `{"foo": "bar"}`, b: `{}`}, - want: `{"foo": "bar"}`, - wantErr: false, - }, - { - name: "normal", - args: args{a: `{"foo": "bar"}`, b: `{"baz": "qax"}`}, - want: `{"foo": "bar", "baz":"qax"}`, - wantErr: false, - }, - { - name: "merge", - args: args{a: `{"foo": "bar", "baz": "qax"}`, b: `{"foo": "xxx", "baz": "yyy"}`}, - want: `{"foo": "bar", "baz":"qax"}`, - wantErr: false, - }, - { - name: "override array", - args: args{a: `{"foo": ["aaa", "bbb"]}`, b: `{"foo": ["ccc", "ddd"]}`}, - want: `{"foo": ["aaa", "bbb"]}`, - wantErr: false, - }, - { - name: "invalid json a", - args: args{a: `{`, b: `{"foo": "bar"}`}, - want: "", - wantErr: true, - }, - { - name: "invalid json b", - args: args{a: `{"foo": "bar"}`, b: `}`}, - want: "", - wantErr: true, - }, - { - name: "empty a", - args: args{a: "", b: `{"foo": "bar"}`}, - want: "", - wantErr: true, - }, - { - name: "empty b", - args: args{a: `{"foo": "bar"}`, b: ""}, - want: "", - wantErr: true, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - got, err := jsonMerge([]byte(tc.args.a), []byte(tc.args.b)) - - if tc.wantErr { - assert.Error(t, err) - return - } - - if !assert.NoError(t, err) { - return - } - - assert.JSONEq(t, tc.want, string(got)) - }) - } -} diff --git a/composer/searcher.go b/composer/searcher.go deleted file mode 100644 index 85c3954..0000000 --- a/composer/searcher.go +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -import "fmt" - -type PackageType string - -const ( - WPCore PackageType = "wordpress-core" - WPPlugin PackageType = "wordpress-plugin" - WPTheme PackageType = "wordpress-theme" - - WPackagistPluginVendor = "wpackagist-plugin" - WPackagistThemeVendor = "wpackagist-theme" -) - -var ( - // TODO: Read from yaml files. - findPackagistOrgCoreFunc SearcherFunc = func(t PackageType, slug string) []string { - if t != WPCore { - return nil - } - - return []string{ - "johnpbloch/wordpress-core", - "pantheon-systems/wordpress-composer", - "roots/wordpress-full", - "roots/wordpress-no-content", - } - } -) - -type Searcher interface { - Search(t PackageType, slug string) []string -} - -type SearcherFunc func(t PackageType, slug string) []string - -func (f SearcherFunc) Search(t PackageType, slug string) []string { - return f(t, slug) -} - -func NewCompositedSearcher() CompositedSearcher { - cs := CompositedSearcher{} - - cs.AddSearcher(findPackagistOrgCoreFunc) - - return cs -} - -type CompositedSearcher struct { - searchers []Searcher -} - -func (cs CompositedSearcher) Search(t PackageType, slug string) []string { - names := make([]string, 0, len(cs.searchers)) - for _, s := range cs.searchers { - names = append( - names, - s.Search(t, slug)..., - ) - } - - return names -} - -func (cs *CompositedSearcher) AddSearcher(s Searcher) { - cs.searchers = append(cs.searchers, s) -} - -func NewPrefixedSearcher(t PackageType, prefix string) PrefixedSearcher { - return PrefixedSearcher{ - packageType: t, - prefix: prefix, - } -} - -type PrefixedSearcher struct { - packageType PackageType - prefix string -} - -func (ps PrefixedSearcher) Search(t PackageType, slug string) []string { - if t != ps.packageType { - return nil - } - - return []string{ - fmt.Sprintf("%s/%s", ps.prefix, slug), - } -} diff --git a/composer/searcher_test.go b/composer/searcher_test.go deleted file mode 100644 index 31148e4..0000000 --- a/composer/searcher_test.go +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package composer - -import ( - "github.com/stretchr/testify/assert" - "testing" -) - -func TestNewPrefixedSearcher(t *testing.T) { - type args struct { - t PackageType - prefix string - } - tests := []struct { - name string - args args - want PrefixedSearcher - }{ - { - name: "happy_path", - args: args{t: WPPlugin, prefix: "my-prefix"}, - want: PrefixedSearcher{packageType: WPPlugin, prefix: "my-prefix"}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - assert.Equalf( - t, - tc.want, - NewPrefixedSearcher(tc.args.t, tc.args.prefix), - "NewPrefixedSearcher(%v, %v)", - tc.args.t, - tc.args.prefix, - ) - }) - } -} - -func TestPrefixedSearcher_Search(t *testing.T) { - type fields struct { - packageType PackageType - prefix string - } - type args struct { - t PackageType - slug string - } - tests := []struct { - name string - fields fields - args args - want []string - }{ - { - name: "happy_path", - fields: fields{packageType: WPPlugin, prefix: "my-prefix"}, - args: args{t: WPPlugin, slug: "foo-bar"}, - want: []string{"my-prefix/foo-bar"}, - }, - { - name: "bad_package_type", - fields: fields{packageType: WPPlugin, prefix: "my-prefix"}, - args: args{t: WPTheme, slug: "foo-bar"}, - want: nil, // Not expecting errors. - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - ps := PrefixedSearcher{ - packageType: tc.fields.packageType, - prefix: tc.fields.prefix, - } - assert.Equalf(t, tc.want, ps.Search(tc.args.t, tc.args.slug), "Search(%v, %v)", tc.args.t, tc.args.slug) - }) - } -} diff --git a/go.mod b/go.mod index 9decb04..1b505ed 100644 --- a/go.mod +++ b/go.mod @@ -1,33 +1,9 @@ module github.com/typisttech/wpsecadvi -go 1.19 +go 1.21.0 require ( - github.com/Masterminds/semver/v3 v3.2.0 - github.com/spf13/cobra v1.6.1 - github.com/spf13/viper v1.14.0 - github.com/stretchr/testify v1.8.1 - golang.org/x/exp v0.0.0-20221230185412-738e83a70c30 -) - -require ( - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.6 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/spf13/afero v1.9.3 // indirect - github.com/spf13/cast v1.5.0 // indirect - github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/subosito/gotenv v1.4.1 // indirect - golang.org/x/sys v0.3.0 // indirect - golang.org/x/text v0.5.0 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 28edf8f..f3366a9 100644 --- a/go.sum +++ b/go.sum @@ -1,492 +1,10 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= -github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU= -github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk= -github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= -github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= -github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.14.0 h1:Rg7d3Lo706X9tHsJMUjdiwMpHB7W8WnSVOssIY+JElU= -github.com/spf13/viper v1.14.0/go.mod h1:WT//axPky3FdvXHzGw33dNdXXXfFQqmEalje+egj8As= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= -github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20221230185412-738e83a70c30 h1:m9O6OTJ627iFnN2JIWfdqlZCzneRO6EEBsHXI25P8ws= -golang.org/x/exp v0.0.0-20221230185412-738e83a70c30/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/semver/constraints.go b/semver/constraints.go deleted file mode 100644 index 4629e0a..0000000 --- a/semver/constraints.go +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package semver - -import ( - "fmt" - "github.com/Masterminds/semver/v3" - "golang.org/x/exp/slices" - "strings" -) - -type Constraints struct { - ranges []*Range -} - -func (cs *Constraints) Or(r *Range) { - rs := make([]*Range, 0, len(cs.ranges)+1) - for _, csr := range cs.ranges { - if csr.cover(r) { - return - } - - if r.cover(csr) { - continue - } - - rs = append(rs, csr) - } - - cs.ranges = append(rs, r) -} - -func (cs Constraints) String() string { - rs := make([]string, 0, len(cs.ranges)) - for _, r := range cs.ranges { - rStr := r.String() - if rStr == "" { - continue - } - rs = append(rs, r.String()) - } - - // For easier testing assertions. - slices.Sort(rs) - - return strings.Join(rs, "|") -} - -type Range struct { - fromVersion *semver.Version - fromInclusive bool - fromWildcard bool - toVersion *semver.Version - toInclusive bool - toWildcard bool -} - -func NewWildcardRange() (*Range, error) { - return &Range{ - fromWildcard: true, - toWildcard: true, - }, nil -} - -func NewUpperBoundedRange(version string, inclusive bool) (*Range, error) { - v, err := semver.NewVersion(version) - if err != nil { - return nil, err - } - - return &Range{ - fromWildcard: true, - toVersion: v, - toInclusive: inclusive, - }, nil -} - -func NewLowerBoundedRange(version string, inclusive bool) (*Range, error) { - v, err := semver.NewVersion(version) - if err != nil { - return nil, err - } - - return &Range{ - fromVersion: v, - fromInclusive: inclusive, - toWildcard: true, - }, nil -} - -func NewRange(fromVersion string, fromInclusive bool, toVersion string, toInclusive bool) (*Range, error) { - fromV, err := semver.NewVersion(fromVersion) - if err != nil { - return nil, err - } - - toV, err := semver.NewVersion(toVersion) - if err != nil { - return nil, err - } - - return &Range{ - fromVersion: fromV, - fromInclusive: fromInclusive, - toVersion: toV, - toInclusive: toInclusive, - }, nil -} - -func (r Range) String() string { - if r.fromWildcard && r.toWildcard { - return "*" - } - - from := "" - if !r.fromWildcard { - op := ">" - if r.fromInclusive { - op = ">=" - } - - from = fmt.Sprintf("%s%s", op, r.fromVersion) - } - - to := "" - if !r.toWildcard { - op := "<" - if r.toInclusive { - op = "<=" - } - - to = fmt.Sprintf("%s%s", op, r.toVersion) - } - - csStr := strings.Join([]string{from, to}, ",") - return strings.Trim(csStr, ",") -} - -func (r *Range) cover(other *Range) bool { - fromCovered := r.fromWildcard || - (r.fromVersion != nil && other.fromVersion != nil && r.fromVersion.LessThan(other.fromVersion)) || - (r.fromVersion != nil && other.fromVersion != nil && (r.fromInclusive || !other.fromInclusive) && r.fromVersion.Equal(other.fromVersion)) - - toCovered := r.toWildcard || - (r.toVersion != nil && other.toVersion != nil && r.toVersion.GreaterThan(other.toVersion)) || - (r.toVersion != nil && other.toVersion != nil && (r.toInclusive || !other.toInclusive) && r.toVersion.Equal(other.toVersion)) - - return fromCovered && toCovered -} diff --git a/semver/constraints_test.go b/semver/constraints_test.go deleted file mode 100644 index 88e29b6..0000000 --- a/semver/constraints_test.go +++ /dev/null @@ -1,1244 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package semver - -import ( - "github.com/Masterminds/semver/v3" - "reflect" - "testing" -) - -var ( - wildcardRange = &Range{ - fromWildcard: true, - toWildcard: true, - } - - v123, _ = semver.NewVersion("1.2.3") - v133, _ = semver.NewVersion("1.3.3") - v223, _ = semver.NewVersion("2.2.3") - v233, _ = semver.NewVersion("2.3.3") - v323, _ = semver.NewVersion("3.2.3") - v423, _ = semver.NewVersion("4.2.3") - v523, _ = semver.NewVersion("5.2.3") - v533, _ = semver.NewVersion("5.3.3") - v623, _ = semver.NewVersion("6.2.3") - - v123ToV133 = &Range{fromVersion: v123, toVersion: v133} - v123ToV223 = &Range{fromVersion: v123, toVersion: v223} - v123ToV233 = &Range{fromVersion: v123, toVersion: v233} - v123ToV423 = &Range{fromVersion: v123, toVersion: v423} - v123ToV623 = &Range{fromVersion: v123, toVersion: v623} - v123InclusiveToV623Inclusive = &Range{fromVersion: v123, fromInclusive: true, toVersion: v623, toInclusive: true} - v223ToV323 = &Range{fromVersion: v223, toVersion: v323} - v223InclusiveToV323Inclusive = &Range{fromVersion: v223, fromInclusive: true, toVersion: v323, toInclusive: true} - v223ToV323Inclusive = &Range{fromVersion: v223, toVersion: v323, toInclusive: true} - v223InclusiveToV323 = &Range{fromVersion: v223, fromInclusive: true, toVersion: v323} - v223ToV423 = &Range{fromVersion: v223, toVersion: v423} - v223ToV623 = &Range{fromVersion: v223, toVersion: v623} - v423ToV523 = &Range{fromVersion: v423, toVersion: v523} - v423ToV623 = &Range{fromVersion: v423, toVersion: v623} - v323ToV523 = &Range{fromVersion: v323, toVersion: v523} - v533ToV623 = &Range{fromVersion: v533, toVersion: v623} - - gtV223 = &Range{fromVersion: v223, toWildcard: true} - gtV223Inclusive = &Range{fromVersion: v223, fromInclusive: true, toWildcard: true} - gtV323 = &Range{fromVersion: v323, fromInclusive: false, toWildcard: true} - gtV323Inclusive = &Range{fromVersion: v323, fromInclusive: true, toWildcard: true} - gtV523 = &Range{fromVersion: v523, fromInclusive: false, toWildcard: true} - - ltV223 = &Range{toVersion: v223, fromWildcard: true} - ltV223Inclusive = &Range{toVersion: v223, toInclusive: true, fromWildcard: true} - ltV323 = &Range{toVersion: v323, toInclusive: false, fromWildcard: true} - ltV323Inclusive = &Range{toVersion: v323, toInclusive: true, fromWildcard: true} -) - -func TestConstraints_String(t *testing.T) { - type fields struct { - ranges []*Range - } - tests := []struct { - name string - fields fields - want string - }{ - { - name: "single", - fields: fields{ranges: []*Range{v223ToV323Inclusive}}, - want: ">2.2.3,<=3.2.3", - }, - { - name: "single wildcard", - fields: fields{ranges: []*Range{wildcardRange}}, - want: "*", - }, - { - name: "multiple", - fields: fields{ranges: []*Range{v123ToV223, ltV223, gtV323Inclusive}}, - want: "<2.2.3|>1.2.3,<2.2.3|>=3.2.3", - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - cs := &Constraints{ - ranges: tt.fields.ranges, - } - if got := cs.String(); got != tt.want { - t.Errorf("String() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestConstraints_Or_wildcard(t *testing.T) { - type fields struct { - ranges []*Range - } - tests := []struct { - name string - fields fields - want []*Range - }{ - { - name: "empty", - fields: fields{ranges: []*Range{}}, - want: []*Range{wildcardRange}, - }, - { - name: "wildcard", - fields: fields{ranges: []*Range{ - {fromWildcard: true, toWildcard: true}, - }}, - want: []*Range{wildcardRange}, - }, - { - name: "upper_bounded_non-inclusive", - fields: fields{ranges: []*Range{ltV223}}, - want: []*Range{wildcardRange}, - }, - { - name: "upper_bounded_inclusive", - fields: fields{ranges: []*Range{ltV223Inclusive}}, - want: []*Range{wildcardRange}, - }, - { - name: "lower_bounded_non-inclusive", - fields: fields{ranges: []*Range{gtV223}}, - want: []*Range{wildcardRange}, - }, - { - name: "lower_bounded_inclusive", - fields: fields{ranges: []*Range{gtV223Inclusive}}, - want: []*Range{wildcardRange}, - }, - { - name: "reduce_to_single_wildcard", - fields: fields{ - ranges: []*Range{ - v123ToV223, - { - fromVersion: v323, - fromInclusive: true, - toVersion: v423, - toInclusive: true, - }, - { - fromVersion: v523, - toWildcard: true, - }, - { - fromWildcard: true, - toVersion: v623, - }, - }, - }, - want: []*Range{wildcardRange}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - cs := &Constraints{ - ranges: tc.fields.ranges, - } - - cs.Or(wildcardRange) - - if !reflect.DeepEqual(cs.ranges, tc.want) { - t.Errorf("cs.ranges = %v, want %v", cs.ranges, tc.want) - } - }) - } -} - -func TestConstraints_Or_upper_bounded(t *testing.T) { - type fields struct { - ranges []*Range - } - type args struct { - r *Range - } - tests := []struct { - name string - fields fields - args args - want []*Range - }{ - { - name: "empty", - fields: fields{ranges: []*Range{}}, - args: args{r: ltV323Inclusive}, - want: []*Range{ltV323Inclusive}, - }, - { - name: "one_unrelated", - fields: fields{ranges: []*Range{v423ToV523}}, - args: args{r: ltV323Inclusive}, - want: []*Range{v423ToV523, ltV323Inclusive}, - }, - { - name: "two_unrelated", - fields: fields{ranges: []*Range{v423ToV523, v533ToV623}}, - args: args{r: ltV323}, - want: []*Range{v423ToV523, v533ToV623, ltV323}, - }, - { - name: "wildcard", - fields: fields{ranges: []*Range{wildcardRange}}, - args: args{r: ltV323Inclusive}, - want: []*Range{wildcardRange}, - }, - { - name: "same_inclusive", - fields: fields{ranges: []*Range{ltV323Inclusive}}, - args: args{r: ltV323Inclusive}, - want: []*Range{ltV323Inclusive}, - }, - { - name: "same_non-inclusive", - fields: fields{ranges: []*Range{ltV323}}, - args: args{r: ltV323}, - want: []*Range{ltV323}, - }, - { - name: "same_ranges_inclusive_r_non-inclusive", - fields: fields{ranges: []*Range{ltV323Inclusive}}, - args: args{r: ltV323}, - want: []*Range{ltV323Inclusive}, - }, - { - name: "same ranges_non-inclusive_r_inclusive", - fields: fields{ranges: []*Range{ltV323}}, - args: args{r: ltV323Inclusive}, - want: []*Range{ltV323Inclusive}, - }, - { - name: "superset", - fields: fields{ranges: []*Range{ltV323}}, - args: args{r: ltV223}, - want: []*Range{ltV323}, - }, - { - name: "superset_inclusive", - fields: fields{ranges: []*Range{ltV323Inclusive}}, - args: args{r: ltV223Inclusive}, - want: []*Range{ltV323Inclusive}, - }, - { - name: "superset_with_unrelated", - fields: fields{ranges: []*Range{v423ToV523, ltV323Inclusive}}, - args: args{r: ltV223Inclusive}, - want: []*Range{v423ToV523, ltV323Inclusive}, - }, - { - name: "superset_with_overlap", - fields: fields{ranges: []*Range{v123ToV423, ltV223Inclusive}}, - args: args{r: ltV323Inclusive}, - want: []*Range{v123ToV423, ltV323Inclusive}, - }, - { - name: "one_subset", - fields: fields{ranges: []*Range{ltV223}}, - args: args{r: ltV323}, - want: []*Range{ltV323}, - }, - { - name: "one_subset_both_bounded", - fields: fields{ranges: []*Range{v123ToV233}}, - args: args{r: ltV323}, - want: []*Range{ltV323}, - }, - { - name: "one_subset_with_unrelated", - fields: fields{ranges: []*Range{v423ToV523, ltV223}}, - args: args{r: ltV323}, - want: []*Range{v423ToV523, ltV323}, - }, - { - name: "one_subset_with_overlap", - fields: fields{ranges: []*Range{v123ToV423, ltV223}}, - args: args{r: ltV323}, - want: []*Range{v123ToV423, ltV323}, - }, - - { - name: "lower_bounded_unrelated", - fields: fields{ranges: []*Range{gtV323}}, - args: args{r: ltV223}, - want: []*Range{gtV323, ltV223}, - }, - { - name: "lower_bounded_overlapped", - fields: fields{ranges: []*Range{gtV223}}, - args: args{r: ltV323}, - want: []*Range{gtV223, ltV323}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - cs := &Constraints{ - ranges: tc.fields.ranges, - } - - cs.Or(tc.args.r) - - if !reflect.DeepEqual(cs.ranges, tc.want) { - t.Errorf("cs.ranges = %v, want %v", cs.ranges, tc.want) - } - }) - } -} - -func TestConstraints_Or_lower_bounded(t *testing.T) { - type fields struct { - ranges []*Range - } - type args struct { - r *Range - } - tests := []struct { - name string - fields fields - args args - want []*Range - }{ - { - name: "empty", - fields: fields{ranges: []*Range{}}, - args: args{r: gtV323Inclusive}, - want: []*Range{gtV323Inclusive}, - }, - { - name: "one_unrelated", - fields: fields{ranges: []*Range{v123ToV233}}, - args: args{r: gtV323Inclusive}, - want: []*Range{v123ToV233, gtV323Inclusive}, - }, - { - name: "two_unrelated", - fields: fields{ranges: []*Range{v123ToV133, v123ToV223}}, - args: args{r: gtV323}, - want: []*Range{v123ToV133, v123ToV223, gtV323}, - }, - { - name: "wildcard", - fields: fields{ranges: []*Range{wildcardRange}}, - args: args{r: gtV323Inclusive}, - want: []*Range{wildcardRange}, - }, - { - name: "same_inclusive", - fields: fields{ranges: []*Range{gtV323Inclusive}}, - args: args{r: gtV323Inclusive}, - want: []*Range{gtV323Inclusive}, - }, - { - name: "same_non-inclusive", - fields: fields{ranges: []*Range{gtV323}}, - args: args{r: gtV323}, - want: []*Range{gtV323}, - }, - { - name: "same_ranges_inclusive_r_non-inclusive", - fields: fields{ranges: []*Range{gtV323Inclusive}}, - args: args{r: gtV323}, - want: []*Range{gtV323Inclusive}, - }, - { - name: "same ranges_non-inclusive_r_inclusive", - fields: fields{ranges: []*Range{gtV323}}, - args: args{r: gtV323Inclusive}, - want: []*Range{gtV323Inclusive}, - }, - { - name: "superset", - fields: fields{ranges: []*Range{gtV223}}, - args: args{r: gtV323}, - want: []*Range{gtV223}, - }, - { - name: "superset_inclusive", - fields: fields{ranges: []*Range{gtV223Inclusive}}, - args: args{r: gtV323Inclusive}, - want: []*Range{gtV223Inclusive}, - }, - { - name: "superset_with_unrelated", - fields: fields{ranges: []*Range{v123ToV133, gtV223Inclusive}}, - args: args{r: gtV323Inclusive}, - want: []*Range{v123ToV133, gtV223Inclusive}, - }, - { - name: "superset_with_overlap", - fields: fields{ranges: []*Range{v123ToV423, gtV323Inclusive}}, - args: args{r: gtV223Inclusive}, - want: []*Range{v123ToV423, gtV223Inclusive}, - }, - { - name: "one_subset", - fields: fields{ranges: []*Range{gtV323}}, - args: args{r: gtV223}, - want: []*Range{gtV223}, - }, - { - name: "one_subset_both_bounded", - fields: fields{ranges: []*Range{v323ToV523}}, - args: args{r: gtV223}, - want: []*Range{gtV223}, - }, - { - name: "one_subset_with_unrelated", - fields: fields{ranges: []*Range{v123ToV133, gtV323}}, - args: args{r: gtV223}, - want: []*Range{v123ToV133, gtV223}, - }, - { - name: "one_subset_with_overlap", - fields: fields{ranges: []*Range{v123ToV423, gtV323}}, - args: args{r: gtV223}, - want: []*Range{v123ToV423, gtV223}, - }, - { - name: "upper_bounded_unrelated", - fields: fields{ranges: []*Range{ltV223}}, - args: args{r: gtV323}, - want: []*Range{ltV223, gtV323}, - }, - { - name: "upper_bounded_overlapped", - fields: fields{ranges: []*Range{ltV323}}, - args: args{r: gtV223}, - want: []*Range{ltV323, gtV223}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - cs := &Constraints{ - ranges: tc.fields.ranges, - } - - cs.Or(tc.args.r) - - if !reflect.DeepEqual(cs.ranges, tc.want) { - t.Errorf("cs.ranges = %v, want %v", cs.ranges, tc.want) - } - }) - } -} - -func TestConstraints_Or_bounded(t *testing.T) { - type fields struct { - ranges []*Range - } - type args struct { - r *Range - } - tests := []struct { - name string - fields fields - args args - want []*Range - }{ - { - name: "empty", - fields: fields{ - ranges: []*Range{}, - }, - args: args{r: v223ToV323}, - want: []*Range{v223ToV323}, - }, - { - name: "one_unrelated", - fields: fields{ - ranges: []*Range{v123ToV133}, - }, - args: args{r: v223ToV323}, - want: []*Range{v123ToV133, v223ToV323}, - }, - { - name: "two_unrelated", - fields: fields{ - ranges: []*Range{v123ToV133, v423ToV523}, - }, - args: args{r: v223ToV323}, - want: []*Range{v123ToV133, v423ToV523, v223ToV323}, - }, - { - name: "wildcard", - fields: fields{ - ranges: []*Range{wildcardRange}, - }, - args: args{r: v223ToV323}, - want: []*Range{wildcardRange}, - }, - { - name: "same_inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323Inclusive}, - }, - args: args{r: v223InclusiveToV323Inclusive}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_non-inclusive", - fields: fields{ - ranges: []*Range{v223ToV323}, - }, - args: args{r: v223ToV323}, - want: []*Range{v223ToV323}, - }, - { - name: "same_left_non-inclusive_right_inclusive", - fields: fields{ - ranges: []*Range{v223ToV323Inclusive}, - }, - args: args{r: v223ToV323Inclusive}, - want: []*Range{v223ToV323Inclusive}, - }, - { - name: "same_left_inclusive_right_non-inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323}, - }, - args: args{r: v223InclusiveToV323}, - want: []*Range{v223InclusiveToV323}, - }, - { - name: "same_ranges_inclusive_r_non-inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323Inclusive}, - }, - args: args{r: v223ToV323}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_non-inclusive_r_inclusive", - fields: fields{ - ranges: []*Range{v223ToV323}, - }, - args: args{r: v223InclusiveToV323Inclusive}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_left_inclusive_right_inclusive_r_left_non-inclusive_right_inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323Inclusive}, - }, - args: args{r: v223ToV323Inclusive}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_left_non-inclusive_right_inclusive_r_left_inclusive_right_inclusive", - fields: fields{ - ranges: []*Range{v223ToV323Inclusive}, - }, - args: args{r: v223InclusiveToV323Inclusive}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_left_inclusive_right_non-inclusive_r_left_non-inclusive_right_non-inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323}, - }, - args: args{r: v223ToV323}, - want: []*Range{v223InclusiveToV323}, - }, - { - name: "same_ranges_left_non-inclusive_right_non-inclusive_r_left_inclusive_right_non-inclusive", - fields: fields{ - ranges: []*Range{v223ToV323}, - }, - args: args{r: v223InclusiveToV323}, - want: []*Range{v223InclusiveToV323}, - }, - { - name: "same_ranges_left_inclusive_right_inclusive_r_left_inclusive_right_non-inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323Inclusive}, - }, - args: args{r: v223InclusiveToV323}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_left_inclusive_right_non-inclusive_r_left_inclusive_right_inclusive", - fields: fields{ - ranges: []*Range{v223InclusiveToV323}, - }, - args: args{r: v223InclusiveToV323Inclusive}, - want: []*Range{v223InclusiveToV323Inclusive}, - }, - { - name: "same_ranges_left_non-inclusive_right_inclusive_r_left_inclusive_right_non-inclusive", - fields: fields{ - ranges: []*Range{v223ToV323Inclusive}, - }, - args: args{r: v223InclusiveToV323}, - want: []*Range{v223ToV323Inclusive, v223InclusiveToV323}, - }, - { - name: "superset", - fields: fields{ - ranges: []*Range{v123ToV623}, - }, - args: args{r: v323ToV523}, - want: []*Range{v123ToV623}, - }, - { - name: "superset_inclusive", - fields: fields{ - ranges: []*Range{v123InclusiveToV623Inclusive}, - }, - args: args{r: v223ToV623}, - want: []*Range{v123InclusiveToV623Inclusive}, - }, - { - name: "superset_with_unrelated", - fields: fields{ - ranges: []*Range{v123ToV623, gtV523}, - }, - args: args{r: v223ToV423}, - want: []*Range{v123ToV623, gtV523}, - }, - { - name: "superset_with_overlap", - fields: fields{ - ranges: []*Range{v123ToV623, gtV323}, - }, - args: args{r: v223ToV423}, - want: []*Range{v123ToV623, gtV323}, - }, - { - name: "subset", - fields: fields{ - ranges: []*Range{v223ToV423}, - }, - args: args{r: v123ToV623}, - want: []*Range{v123ToV623}, - }, - { - name: "left overlap", - fields: fields{ - ranges: []*Range{v323ToV523}, - }, - args: args{r: v223ToV423}, - want: []*Range{v323ToV523, v223ToV423}, - }, - { - name: "right overlap", - fields: fields{ - ranges: []*Range{v323ToV523}, - }, - args: args{r: v423ToV623}, - want: []*Range{v323ToV523, v423ToV623}, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - cs := &Constraints{ - ranges: tc.fields.ranges, - } - - cs.Or(tc.args.r) - - if !reflect.DeepEqual(cs.ranges, tc.want) { - t.Errorf("cs.ranges = %v, want %v", cs.ranges, tc.want) - } - }) - } -} - -func TestNewWildcardRange(t *testing.T) { - want := &Range{ - fromWildcard: true, - toWildcard: true, - } - - got, err := NewWildcardRange() - - if err != nil { - t.Errorf("NewWildcardRange() error = %v", err) - return - } - - if !reflect.DeepEqual(got, want) { - t.Errorf("NewWildcardRange() = %v, want %v", got, want) - } - - if !got.fromWildcard { - t.Errorf( - "NewWildcardRange().fromWildcard got = %v, want %v", - got.fromWildcard, - true, - ) - } - - if !got.toWildcard { - t.Errorf( - "NewWildcardRange().toWildcard got = %v, want %v", - got.toWildcard, - true, - ) - } -} - -func TestNewUpperBoundedRange(t *testing.T) { - type args struct { - version string - inclusive bool - } - type want struct { - toString string - toInclusive bool - } - tests := []struct { - name string - args args - want want - wantErr bool - }{ - { - name: "inclusive", - args: args{version: "1.2.3", inclusive: true}, - want: want{toString: "1.2.3", toInclusive: true}, - wantErr: false, - }, - { - name: "non-inclusive", - args: args{version: "1.2.3", inclusive: false}, - want: want{toString: "1.2.3", toInclusive: false}, - wantErr: false, - }, - { - name: "major_minor", - args: args{version: "1.2", inclusive: true}, - want: want{toString: "1.2.0", toInclusive: true}, - wantErr: false, - }, - { - name: "major", - args: args{version: "1", inclusive: true}, - want: want{toString: "1.0.0", toInclusive: true}, - wantErr: false, - }, - { - name: "invalid_semantic_version", - args: args{version: "1.2.3.4", inclusive: true}, - want: want{}, - wantErr: true, - }, - { - name: "invalid_version", - args: args{version: "informational", inclusive: true}, - want: want{}, - wantErr: true, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - got, err := NewUpperBoundedRange(tc.args.version, tc.args.inclusive) - - if tc.wantErr { - if err == nil { - t.Errorf("NewUpperBoundedRange() error = %v, wantErr %v", err, tc.wantErr) - } - return - } - - if err != nil { - t.Errorf("NewUpperBoundedRange() error = %v, wantErr %v", err, tc.wantErr) - return - } - - if got.toInclusive != tc.want.toInclusive { - t.Errorf( - "NewUpperBoundedRange().toInclusive got = %v, want %v", - got.toInclusive, - tc.want.toInclusive, - ) - } - - if got.toVersion.String() != tc.want.toString { - t.Errorf( - "NewUpperBoundedRange().toVersion.String() got = %v, want %v", - got.toVersion.String(), - tc.want.toString, - ) - } - - if !got.fromWildcard { - t.Errorf( - "NewUpperBoundedRange().fromWildcard got = %v, want %v", - got.fromWildcard, - true, - ) - } - - if got.toWildcard { - t.Errorf( - "NewUpperBoundedRange().toWildcard got = %v, want %v", - got.toWildcard, - false, - ) - } - }) - } -} - -func TestNewLowerBoundedRange(t *testing.T) { - type args struct { - version string - inclusive bool - } - type want struct { - fromString string - fromInclusive bool - } - tests := []struct { - name string - args args - want want - wantErr bool - }{ - { - name: "inclusive", - args: args{version: "1.2.3", inclusive: true}, - want: want{fromString: "1.2.3", fromInclusive: true}, - wantErr: false, - }, - { - name: "non-inclusive", - args: args{version: "1.2.3", inclusive: false}, - want: want{fromString: "1.2.3", fromInclusive: false}, - wantErr: false, - }, - { - name: "major_minor", - args: args{version: "1.2", inclusive: true}, - want: want{fromString: "1.2.0", fromInclusive: true}, - wantErr: false, - }, - { - name: "major", - args: args{version: "1", inclusive: true}, - want: want{fromString: "1.0.0", fromInclusive: true}, - wantErr: false, - }, - { - name: "invalid_semantic_version", - args: args{version: "1.2.3.4", inclusive: true}, - want: want{}, - wantErr: true, - }, - { - name: "invalid_version", - args: args{version: "informational", inclusive: true}, - want: want{}, - wantErr: true, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - got, err := NewLowerBoundedRange(tc.args.version, tc.args.inclusive) - - if tc.wantErr { - if err == nil { - t.Errorf("NewLowerBoundedRange() error = %v, wantErr %v", err, tc.wantErr) - } - return - } - - if err != nil { - t.Errorf("NewLowerBoundedRange() error = %v, wantErr %v", err, tc.wantErr) - return - } - - if got.fromInclusive != tc.want.fromInclusive { - t.Errorf( - "NewLowerBoundedRange().fromInclusive got = %v, want %v", - got.fromInclusive, - tc.want.fromInclusive, - ) - } - - if got.fromVersion.String() != tc.want.fromString { - t.Errorf( - "NewLowerBoundedRange().fromVersion.String() got = %v, want %v", - got.fromVersion.String(), - tc.want.fromString, - ) - } - - if got.fromWildcard { - t.Errorf( - "NewLowerBoundedRange().fromWildcard got = %v, want %v", - got.fromWildcard, - false, - ) - } - - if !got.toWildcard { - t.Errorf( - "NewLowerBoundedRange().toWildcard got = %v, want %v", - got.toWildcard, - true, - ) - } - }) - } -} - -func TestNewRange(t *testing.T) { - type args struct { - fromVersion string - fromInclusive bool - toVersion string - toInclusive bool - } - type want struct { - fromString string - fromInclusive bool - toString string - toInclusive bool - } - tests := []struct { - name string - args args - want want - wantErr bool - }{ - { - name: "from_inclusive", - args: args{fromVersion: "1.2.3", fromInclusive: true, toVersion: "9.8.7", toInclusive: false}, - want: want{fromString: "1.2.3", fromInclusive: true, toString: "9.8.7", toInclusive: false}, - wantErr: false, - }, - { - name: "to_inclusive", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8.7", toInclusive: true}, - want: want{fromString: "1.2.3", fromInclusive: false, toString: "9.8.7", toInclusive: true}, - wantErr: false, - }, - { - name: "both_inclusive", - args: args{fromVersion: "1.2.3", fromInclusive: true, toVersion: "9.8.7", toInclusive: true}, - want: want{fromString: "1.2.3", fromInclusive: true, toString: "9.8.7", toInclusive: true}, - wantErr: false, - }, - { - name: "both_non-inclusive", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: want{fromString: "1.2.3", fromInclusive: false, toString: "9.8.7", toInclusive: false}, - wantErr: false, - }, - { - name: "from_major_minor", - args: args{fromVersion: "1.2", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: want{fromString: "1.2.0", fromInclusive: false, toString: "9.8.7", toInclusive: false}, - wantErr: false, - }, - { - name: "to_major_minor", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8", toInclusive: false}, - want: want{fromString: "1.2.3", fromInclusive: false, toString: "9.8.0", toInclusive: false}, - wantErr: false, - }, - { - name: "both_major_minor", - args: args{fromVersion: "1.2", fromInclusive: false, toVersion: "9.8", toInclusive: false}, - want: want{fromString: "1.2.0", fromInclusive: false, toString: "9.8.0", toInclusive: false}, - wantErr: false, - }, - { - name: "from_major", - args: args{fromVersion: "1", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: want{fromString: "1.0.0", fromInclusive: false, toString: "9.8.7", toInclusive: false}, - wantErr: false, - }, - { - name: "to_major", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9", toInclusive: false}, - want: want{fromString: "1.2.3", fromInclusive: false, toString: "9.0.0", toInclusive: false}, - wantErr: false, - }, - { - name: "both_major", - args: args{fromVersion: "1", fromInclusive: false, toVersion: "9", toInclusive: false}, - want: want{fromString: "1.0.0", fromInclusive: false, toString: "9.0.0", toInclusive: false}, - wantErr: false, - }, - { - name: "from_invalid_semantic_version", - args: args{fromVersion: "1.2.3.4", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: want{}, - wantErr: true, - }, - { - name: "to_invalid_semantic_version", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8.7.6", toInclusive: false}, - want: want{}, - wantErr: true, - }, - { - name: "both_invalid_semantic_version", - args: args{fromVersion: "1.2.3.4", fromInclusive: false, toVersion: "9.8.7.6", toInclusive: false}, - want: want{}, - wantErr: true, - }, - { - name: "from_invalid_version", - args: args{fromVersion: "informational", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: want{}, - wantErr: true, - }, - { - name: "to_invalid_version", - args: args{fromVersion: "1.2.3", fromInclusive: false, toVersion: "informational", toInclusive: false}, - want: want{}, - wantErr: true, - }, - { - name: "both_invalid_version", - args: args{fromVersion: "informational", fromInclusive: false, toVersion: "informational", toInclusive: false}, - want: want{}, - wantErr: true, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - got, err := NewRange( - tc.args.fromVersion, - tc.args.fromInclusive, - tc.args.toVersion, - tc.args.toInclusive, - ) - - if tc.wantErr { - if err == nil { - t.Errorf("NewRange() error = %v, wantErr %v", err, tc.wantErr) - } - return - } - - if err != nil { - t.Errorf("NewRange() error = %v, wantErr %v", err, tc.wantErr) - return - } - - if got.fromInclusive != tc.want.fromInclusive { - t.Errorf( - "NewRange().fromInclusive got = %v, want %v", - got.fromInclusive, - tc.want.fromInclusive, - ) - } - - if got.fromVersion.String() != tc.want.fromString { - t.Errorf( - "NewRange().fromVersion.String() got = %v, want %v", - got.fromVersion.String(), - tc.want.fromString, - ) - } - - if got.toInclusive != tc.want.toInclusive { - t.Errorf( - "NewRange().toInclusive got = %v, want %v", - got.toInclusive, - tc.want.toInclusive, - ) - } - - if got.toVersion.String() != tc.want.toString { - t.Errorf( - "NewRange().toVersion.String() got = %v, want %v", - got.toVersion.String(), - tc.want.toString, - ) - } - - if got.fromWildcard { - t.Errorf( - "NewRange().fromWildcard got = %v, want %v", - got.fromWildcard, - false, - ) - } - - if got.toWildcard { - t.Errorf( - "NewRange().toWildcard got = %v, want %v", - got.toWildcard, - false, - ) - } - }) - } -} - -func TestRange_String(t *testing.T) { - type fields struct { - fromVersion string - fromInclusive bool - toVersion string - toInclusive bool - } - tests := []struct { - name string - fields fields - want string - }{ - { - name: "from_inclusive", - fields: fields{fromVersion: "1.2.3", fromInclusive: true, toVersion: "9.8.7", toInclusive: false}, - want: ">=1.2.3,<9.8.7", - }, - { - name: "to_inclusive", - fields: fields{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8.7", toInclusive: true}, - want: ">1.2.3,<=9.8.7", - }, - { - name: "both_inclusive", - fields: fields{fromVersion: "1.2.3", fromInclusive: true, toVersion: "9.8.7", toInclusive: true}, - want: ">=1.2.3,<=9.8.7", - }, - { - name: "both_non-inclusive", - fields: fields{fromVersion: "1.2.3", fromInclusive: false, toVersion: "9.8.7", toInclusive: false}, - want: ">1.2.3,<9.8.7", - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - r, _ := NewRange( - tc.fields.fromVersion, - tc.fields.fromInclusive, - tc.fields.toVersion, - tc.fields.toInclusive, - ) - - got := r.String() - - if !reflect.DeepEqual(got, tc.want) { - t.Errorf("String() got = %v, want %v", got, tc.want) - } - }) - } -} - -func TestRange_String_upper_bounded(t *testing.T) { - type fields struct { - version string - inclusive bool - } - tests := []struct { - name string - fields fields - want string - }{ - { - name: "inclusive", - fields: fields{version: "1.2.3", inclusive: true}, - want: "<=1.2.3", - }, - { - name: "non-inclusive", - fields: fields{version: "1.2.3", inclusive: false}, - want: "<1.2.3", - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - r, _ := NewUpperBoundedRange(tc.fields.version, tc.fields.inclusive) - - got := r.String() - - if !reflect.DeepEqual(got, tc.want) { - t.Errorf("String() got = %v, want %v", got, tc.want) - } - }) - } -} - -func TestRange_String_lower_bounded(t *testing.T) { - type fields struct { - version string - inclusive bool - } - tests := []struct { - name string - fields fields - want string - }{ - { - name: "inclusive", - fields: fields{version: "1.2.3", inclusive: true}, - want: ">=1.2.3", - }, - { - name: "non-inclusive", - fields: fields{version: "1.2.3", inclusive: false}, - want: ">1.2.3", - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - r, _ := NewLowerBoundedRange(tc.fields.version, tc.fields.inclusive) - - got := r.String() - - if !reflect.DeepEqual(got, tc.want) { - t.Errorf("String() got = %v, want %v", got, tc.want) - } - }) - } -} - -func TestRange_String_wildcard(t *testing.T) { - r, _ := NewWildcardRange() - - got := r.String() - - if got != "*" { - t.Errorf("String() got = %v, want %v", got, "*") - } -} diff --git a/wordfence/client.go b/wordfence/client.go deleted file mode 100644 index ebde1b5..0000000 --- a/wordfence/client.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "encoding/json" - "net/http" -) - -const productionFeedURL string = "https://www.wordfence.com/api/intelligence/vulnerabilities/production" -const scannerFeedURL string = "https://www.wordfence.com/api/intelligence/vulnerabilities/scanner" - -type Client struct { - httpClient *http.Client - url string -} - -func NewProductionFeedClient(httpClient *http.Client) Client { - return Client{ - httpClient: httpClient, - url: productionFeedURL, - } -} - -func NewScannerFeedClient(httpClient *http.Client) Client { - return Client{ - httpClient: httpClient, - url: scannerFeedURL, - } -} - -func (c Client) fetch() (vulnerabilities, error) { - resp, err := c.httpClient.Get(c.url) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - var vulns map[string]Vulnerability - if err := json.NewDecoder(resp.Body).Decode(&vulns); err != nil { - return nil, err - } - - return vulns, nil -} diff --git a/wordfence/client_test.go b/wordfence/client_test.go deleted file mode 100644 index 0802ede..0000000 --- a/wordfence/client_test.go +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "fmt" - "github.com/stretchr/testify/assert" - "net/http" - "net/http/httptest" - "os" - "strconv" - "testing" -) - -func TestClient_Fetch(t *testing.T) { - tests := []struct { - name string - fixture string - want vulnerabilities - }{ - { - name: "production", - fixture: "testdata/production.json", - want: productionVulnerabilities, - }, - } - for i, tc := range tests { - i, tc := i, tc - t.Run(strconv.Itoa(i), func(t *testing.T) { - svr := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - file, _ := os.ReadFile(tc.fixture) - fmt.Fprint(w, string(file)) - })) - - c := Client{ - httpClient: svr.Client(), - url: svr.URL, - } - - got, err := c.fetch() - - if err != nil { - t.Errorf("Unexpected error: %v", err) - return - } - - assert.Equal(t, tc.want, got) - }) - } -} diff --git a/wordfence/fixture_test.go b/wordfence/fixture_test.go deleted file mode 100644 index 85a5629..0000000 --- a/wordfence/fixture_test.go +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "github.com/typisttech/wpsecadvi/composer" -) - -var ( - productionVulnerabilities = vulnerabilities{ - "123e4567-e89b-12d3-a456-426655440000": { - ID: "123e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "plugin", - Slug: "foo-bar", - AffectedVersions: map[string]AffectedVersion{ - "* - 1.5.7": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "1.5.7", - ToInclusive: true, - }, - "1.6 - 1.6.3": { - FromVersion: "1.6", - FromInclusive: true, - ToVersion: "1.6.3", - ToInclusive: true, - }, - "1.7 - 1.7.3.3": { - FromVersion: "1.7", - FromInclusive: true, - ToVersion: "1.7.3.3", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-1111", - }, - "223e4567-e89b-12d3-a456-426655440000": { - ID: "223e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "plugin", - Slug: "foo-bar", - AffectedVersions: map[string]AffectedVersion{ - "[1.8 - 1.8.8.8)": { - FromVersion: "1.8", - FromInclusive: true, - ToVersion: "1.8.8.8", - ToInclusive: false, - }, - "(1.9 - 1.9.9.9]": { - FromVersion: "1.9", - FromInclusive: false, - ToVersion: "1.9.9.9", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-2222", - }, - "323e4567-e89b-12d3-a456-426655440000": { - ID: "323e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "theme", - Slug: "foo-bar", - AffectedVersions: map[string]AffectedVersion{ - "[2.8 - 2.8.8.8)": { - FromVersion: "2.8", - FromInclusive: true, - ToVersion: "2.8.8.8", - ToInclusive: false, - }, - "(2.9 - 2.9.9]": { - FromVersion: "2.9", - FromInclusive: false, - ToVersion: "2.9.9", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-3333", - }, - "423e4567-e89b-12d3-a456-426655440000": { - ID: "423e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "core", - Slug: "wordpress", - AffectedVersions: map[string]AffectedVersion{ - "[3.8 - 3.8.8.8)": { - FromVersion: "3.8", - FromInclusive: true, - ToVersion: "3.8.8.8", - ToInclusive: false, - }, - "(3.9 - 3.9.9]": { - FromVersion: "3.9", - FromInclusive: false, - ToVersion: "3.9.9", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-4444", - }, - "523e4567-e89b-12d3-a456-426655440000": { - ID: "523e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "plugin", - Slug: "foo-bar-wildcard", - AffectedVersions: map[string]AffectedVersion{ - "* - *": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "*", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-5555", - }, - "623e4567-e89b-12d3-a456-426655440000": { - ID: "623e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "plugin", - Slug: "foo-bar", - AffectedVersions: map[string]AffectedVersion{ - "[1.0 - 2.0]": { - FromVersion: "1.0", - FromInclusive: true, - ToVersion: "2.0", - ToInclusive: true, - }, - "[9.1.1 - 10.2.2)": { - FromVersion: "9.1.1", - FromInclusive: true, - ToVersion: "10.2.2", - ToInclusive: false, - }, - }, - }, - }, - CVE: "CVE-2022-6666", - }, - "723e4567-e89b-12d3-a456-426655440000": { - ID: "723e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "plugin", - Slug: "foo-bar-informational", - AffectedVersions: map[string]AffectedVersion{ - "informational": { - FromVersion: "informational", - FromInclusive: true, - ToVersion: "informational", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-7777", - }, - "823e4567-e89b-12d3-a456-426655440000": { - ID: "823e4567-e89b-12d3-a456-426655440000", - Software: []Software{ - { - Type: "core", - Slug: "wordpress", - AffectedVersions: map[string]AffectedVersion{ - "* - 6.1.1": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "6.1.1", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2022-8888", - }, - } - - productionSoftwareRanges = map[composer.PackageType]map[softwareSlug][]string{ - composer.WPCore: { - "wordpress": []string{">3.9.0,<=3.9.9"}, - }, - composer.WPPlugin: { - "foo-bar-wildcard": []string{"*"}, - "foo-bar": []string{"<=1.5.7", ">=1.6.0,<=1.6.3", ">=1.0.0,<=2.0.0", ">=9.1.1,<10.2.2"}, - }, - composer.WPTheme: { - "foo-bar": []string{">2.9.0,<=2.9.9"}, - }, - } -) diff --git a/wordfence/generator.go b/wordfence/generator.go deleted file mode 100644 index d5804ca..0000000 --- a/wordfence/generator.go +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "github.com/typisttech/wpsecadvi/composer" - "github.com/typisttech/wpsecadvi/semver" -) - -type Generator struct { - client Client - searcher composer.Searcher -} - -func NewGenerator(client Client, searcher composer.Searcher) Generator { - return Generator{ - client: client, - searcher: searcher, - } -} - -func (g Generator) Generate(ignores []string) (composer.JSON, error) { - json := composer.JSON{} - - vulns, err := g.client.fetch() - if err != nil { - return json, err - } - - links := make([]composer.Link, 0) - for t, ranges := range vulns.softwareRanges(ignores) { - for slug, rs := range ranges { - // Just skip WPMU. - if t == composer.WPCore && slug == "wpmu" { - continue - } - - ns := g.searcher.Search(t, string(slug)) - if len(ns) == 0 { - continue - } - - cs := semver.Constraints{} - for _, r := range rs { - cs.Or(r) - } - - for _, n := range ns { - if n == "" { - continue - } - - l := composer.NewLink(n, cs) - - links = append(links, l) - } - } - } - - for _, l := range links { - json.AddConflict(l) - } - - return json, nil -} diff --git a/wordfence/generator_test.go b/wordfence/generator_test.go deleted file mode 100644 index 13c2698..0000000 --- a/wordfence/generator_test.go +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "encoding/json" - "fmt" - "github.com/stretchr/testify/assert" - "github.com/typisttech/wpsecadvi/composer" - "net/http" - "net/http/httptest" - "os" - "testing" -) - -type subSearcher struct { -} - -func (ss subSearcher) Search(t composer.PackageType, slug string) []string { - return []string{ - "sub-" + string(t) + "/" + slug, - "sub2-" + string(t) + "/" + slug, - } -} - -func TestGenerator_Generate(t *testing.T) { - subSearcher := subSearcher{} - - type args struct { - ignores []string - } - type fields struct { - searcher composer.Searcher - } - tests := []struct { - name string - fixture string - fields fields - args args - want string - }{ - { - name: "production_ignore_id", - fixture: "testdata/production.json", - fields: fields{searcher: subSearcher}, - args: args{ignores: []string{"823e4567-e89b-12d3-a456-426655440000"}}, - want: "testdata/production.composer.json.golden", - }, - { - name: "production_ignore_cve", - fixture: "testdata/production.json", - fields: fields{searcher: subSearcher}, - args: args{ignores: []string{"CVE-2022-8888"}}, - want: "testdata/production.composer.json.golden", - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - svr := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - file, _ := os.ReadFile(tc.fixture) - fmt.Fprint(w, string(file)) - })) - - g := Generator{ - client: Client{ - httpClient: svr.Client(), - url: svr.URL, - }, - searcher: tc.fields.searcher, - } - got, err := g.Generate(tc.args.ignores) - if !assert.NoError(t, err) { - return - } - - gotJSON, err := json.Marshal(got) - - if !assert.NoError(t, err) { - return - } - - golden, err := os.ReadFile(tc.want) - if !assert.NoError(t, err) { - return - } - - assert.JSONEq(t, string(golden), string(gotJSON)) - }) - } -} diff --git a/wordfence/testdata/production.composer.json.golden b/wordfence/testdata/production.composer.json.golden deleted file mode 100644 index 0ac4966..0000000 --- a/wordfence/testdata/production.composer.json.golden +++ /dev/null @@ -1,12 +0,0 @@ -{ - "conflicts": { - "sub-wordpress-core/wordpress": ">3.9.0,<=3.9.9", - "sub2-wordpress-core/wordpress": ">3.9.0,<=3.9.9", - "sub-wordpress-plugin/foo-bar": "<=1.5.7|>=1.0.0,<=2.0.0|>=9.1.1,<10.2.2", - "sub2-wordpress-plugin/foo-bar": "<=1.5.7|>=1.0.0,<=2.0.0|>=9.1.1,<10.2.2", - "sub-wordpress-plugin/foo-bar-wildcard": "*", - "sub2-wordpress-plugin/foo-bar-wildcard": "*", - "sub-wordpress-theme/foo-bar": ">2.9.0,<=2.9.9", - "sub2-wordpress-theme/foo-bar": ">2.9.0,<=2.9.9" - } -} \ No newline at end of file diff --git a/wordfence/testdata/production.json b/wordfence/testdata/production.json deleted file mode 100644 index 4bd12c1..0000000 --- a/wordfence/testdata/production.json +++ /dev/null @@ -1,182 +0,0 @@ -{ - "123e4567-e89b-12d3-a456-426655440000": { - "id": "123e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "plugin", - "slug": "foo-bar", - "affected_versions": { - "* - 1.5.7": { - "from_version": "*", - "from_inclusive": true, - "to_version": "1.5.7", - "to_inclusive": true - }, - "1.6 - 1.6.3": { - "from_version": "1.6", - "from_inclusive": true, - "to_version": "1.6.3", - "to_inclusive": true - }, - "1.7 - 1.7.3.3": { - "from_version": "1.7", - "from_inclusive": true, - "to_version": "1.7.3.3", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-1111" - }, - "223e4567-e89b-12d3-a456-426655440000": { - "id": "223e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "plugin", - "slug": "foo-bar", - "affected_versions": { - "[1.8 - 1.8.8.8)": { - "from_version": "1.8", - "from_inclusive": true, - "to_version": "1.8.8.8", - "to_inclusive": false - }, - "(1.9 - 1.9.9.9]": { - "from_version": "1.9", - "from_inclusive": false, - "to_version": "1.9.9.9", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-2222" - }, - "323e4567-e89b-12d3-a456-426655440000": { - "id": "323e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "theme", - "slug": "foo-bar", - "affected_versions": { - "[2.8 - 2.8.8.8)": { - "from_version": "2.8", - "from_inclusive": true, - "to_version": "2.8.8.8", - "to_inclusive": false - }, - "(2.9 - 2.9.9]": { - "from_version": "2.9", - "from_inclusive": false, - "to_version": "2.9.9", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-3333" - }, - "423e4567-e89b-12d3-a456-426655440000": { - "id": "423e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "core", - "slug": "wordpress", - "affected_versions": { - "[3.8 - 3.8.8.8)": { - "from_version": "3.8", - "from_inclusive": true, - "to_version": "3.8.8.8", - "to_inclusive": false - }, - "(3.9 - 3.9.9]": { - "from_version": "3.9", - "from_inclusive": false, - "to_version": "3.9.9", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-4444" - }, - "523e4567-e89b-12d3-a456-426655440000": { - "id": "523e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "plugin", - "slug": "foo-bar-wildcard", - "affected_versions": { - "* - *": { - "from_version": "*", - "from_inclusive": true, - "to_version": "*", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-5555" - }, - "623e4567-e89b-12d3-a456-426655440000": { - "id": "623e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "plugin", - "slug": "foo-bar", - "affected_versions": { - "[1.0 - 2.0]": { - "from_version": "1.0", - "from_inclusive": true, - "to_version": "2.0", - "to_inclusive": true - }, - "[9.1.1 - 10.2.2)": { - "from_version": "9.1.1", - "from_inclusive": true, - "to_version": "10.2.2", - "to_inclusive": false - } - } - } - ], - "cve": "CVE-2022-6666" - }, - "723e4567-e89b-12d3-a456-426655440000": { - "id": "723e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "plugin", - "slug": "foo-bar-informational", - "affected_versions": { - "informational": { - "from_version": "informational", - "from_inclusive": true, - "to_version": "informational", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-7777" - }, - "823e4567-e89b-12d3-a456-426655440000": { - "id": "823e4567-e89b-12d3-a456-426655440000", - "software": [ - { - "type": "core", - "slug": "wordpress", - "affected_versions": { - "* - 6.1.1": { - "from_version": "*", - "from_inclusive": true, - "to_version": "6.1.1", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2022-8888" - } -} \ No newline at end of file diff --git a/wordfence/vulnerability.go b/wordfence/vulnerability.go deleted file mode 100644 index c4a1622..0000000 --- a/wordfence/vulnerability.go +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "github.com/typisttech/wpsecadvi/composer" - "github.com/typisttech/wpsecadvi/semver" - "golang.org/x/exp/slices" -) - -type vulnerabilities map[string]Vulnerability - -func (vs vulnerabilities) softwareRanges(ignores []string) map[composer.PackageType]map[softwareSlug][]*semver.Range { - // TODO: Refactor! - ranges := make(map[composer.PackageType]map[softwareSlug][]*semver.Range) - for _, vuln := range vs { - ii := slices.IndexFunc(ignores, func(ignore string) bool { - return vuln.ID == ignore || vuln.CVE == ignore - }) - if ii >= 0 { - continue - } - - for _, s := range vuln.Software { - t := s.packageType() - if t == "" { - continue - } - - if s.Slug == "" { - continue - } - - for _, av := range s.AffectedVersions { - r, err := av.semverRange() - if err != nil { - continue - } - - if ranges[t] == nil { - ranges[t] = make(map[softwareSlug][]*semver.Range) - } - - ranges[t][s.Slug] = append(ranges[t][s.Slug], r) - } - } - } - - return ranges -} - -type Vulnerability struct { - ID string `json:"id"` - Software []Software `json:"software"` - CVE string `json:"cve"` -} - -type softwareSlug string - -type Software struct { - Type string `json:"type"` - Slug softwareSlug `json:"slug"` - AffectedVersions map[string]AffectedVersion `json:"affected_versions"` -} - -func (s Software) packageType() composer.PackageType { - switch s.Type { - case "core": - return composer.WPCore - case "plugin": - return composer.WPPlugin - case "theme": - return composer.WPTheme - } - - // TODO: Handle unexpected types. - return "" -} - -type AffectedVersion struct { - FromVersion string `json:"from_version"` - FromInclusive bool `json:"from_inclusive"` - ToVersion string `json:"to_version"` - ToInclusive bool `json:"to_inclusive"` -} - -func (av AffectedVersion) semverRange() (*semver.Range, error) { - if av.FromVersion == "*" && av.ToVersion == "*" { - return semver.NewWildcardRange() - } - - if av.FromVersion == "*" { - return semver.NewUpperBoundedRange(av.ToVersion, av.ToInclusive) - } - - if av.ToVersion == "*" { - return semver.NewLowerBoundedRange(av.FromVersion, av.FromInclusive) - } - - return semver.NewRange(av.FromVersion, av.FromInclusive, av.ToVersion, av.ToInclusive) -} diff --git a/wordfence/vulnerability_test.go b/wordfence/vulnerability_test.go deleted file mode 100644 index f43334e..0000000 --- a/wordfence/vulnerability_test.go +++ /dev/null @@ -1,344 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "github.com/stretchr/testify/assert" - "github.com/typisttech/wpsecadvi/composer" - "testing" -) - -func Test_vulnerabilities_softwareRanges(t *testing.T) { - type args struct { - ignores []string - } - tests := []struct { - name string - vs vulnerabilities - args args - want map[composer.PackageType]map[softwareSlug][]string - dontWant map[composer.PackageType]map[softwareSlug][]string - }{ - { - name: "production_ignore_id", - vs: productionVulnerabilities, - args: args{ignores: []string{"823e4567-e89b-12d3-a456-426655440000"}}, - want: productionSoftwareRanges, - dontWant: map[composer.PackageType]map[softwareSlug][]string{ - composer.WPCore: { - "wordpress": []string{"<=6.1.1"}, - }, - }, - }, - { - name: "production_ignore_cve", - vs: productionVulnerabilities, - args: args{ignores: []string{"CVE-2022-8888"}}, - want: productionSoftwareRanges, - dontWant: map[composer.PackageType]map[softwareSlug][]string{ - composer.WPCore: { - "wordpress": []string{"<=6.1.1"}, - }, - }, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - got := tc.vs.softwareRanges(tc.args.ignores) - - // TODO: Refactor! - for pt, sRanges := range tc.want { - assert.Contains(t, got, pt) - - for slug, rs := range sRanges { - assert.Contains(t, got[pt], slug) - - gotRs := make([]string, 0, len(rs)) - for _, r := range got[pt][slug] { - gotRs = append(gotRs, r.String()) - } - - assert.Subset(t, gotRs, rs) - } - } - - for pt, sRanges := range tc.dontWant { - for slug, rs := range sRanges { - gotRs := make([]string, 0, len(rs)) - for _, r := range got[pt][slug] { - gotRs = append(gotRs, r.String()) - } - - assert.NotSubset(t, gotRs, rs) - } - } - }) - } -} - -func TestSoftware_packageType(t *testing.T) { - type fields struct { - Type string - } - tests := []struct { - name string - fields fields - want composer.PackageType - }{ - { - name: "core", - fields: fields{Type: "core"}, - want: composer.WPCore, - }, - { - name: "core", - fields: fields{Type: "plugin"}, - want: composer.WPPlugin, - }, - { - name: "core", - fields: fields{Type: "theme"}, - want: composer.WPTheme, - }, - { - name: "unexpected", - fields: fields{Type: "unexpected"}, - want: "", - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - s := Software{ - Type: tc.fields.Type, - } - - assert.Equalf(t, tc.want, s.packageType(), "packageType()") - }) - } -} - -func TestAffectedVersion_semverRange(t *testing.T) { - type fields struct { - FromVersion string - FromInclusive bool - ToVersion string - ToInclusive bool - } - tests := []struct { - name string - fields fields - want string - wantErr bool - }{ - { - name: "both_bounded", - fields: fields{ - FromVersion: "1", - FromInclusive: false, - ToVersion: "1.2.3", - ToInclusive: false, - }, - want: ">1.0.0,<1.2.3", - wantErr: false, - }, - { - name: "both_bounded_left_inclusive", - fields: fields{ - FromVersion: "1", - FromInclusive: true, - ToVersion: "1.2.3", - ToInclusive: false, - }, - want: ">=1.0.0,<1.2.3", - wantErr: false, - }, - { - name: "both_bounded_right_inclusive", - fields: fields{ - FromVersion: "1", - FromInclusive: false, - ToVersion: "1.2.3", - ToInclusive: true, - }, - want: ">1.0.0,<=1.2.3", - wantErr: false, - }, - { - name: "both_bounded_both_inclusive", - fields: fields{ - FromVersion: "1", - FromInclusive: true, - ToVersion: "1.2.3", - ToInclusive: true, - }, - want: ">=1.0.0,<=1.2.3", - wantErr: false, - }, - { - name: "lower_bounded", - fields: fields{ - FromVersion: "1", - FromInclusive: false, - ToVersion: "*", - ToInclusive: true, - }, - want: ">1.0.0", - wantErr: false, - }, - { - name: "lower_bounded_inclusive", - fields: fields{ - FromVersion: "1", - FromInclusive: true, - ToVersion: "*", - ToInclusive: true, - }, - want: ">=1.0.0", - wantErr: false, - }, - { - name: "upper_bounded", - fields: fields{ - FromVersion: "*", - FromInclusive: true, - ToVersion: "3.2.1", - ToInclusive: false, - }, - want: "<3.2.1", - wantErr: false, - }, - { - name: "upper_bounded_inclusive", - fields: fields{ - FromVersion: "*", - FromInclusive: true, - ToVersion: "3.2.1", - ToInclusive: true, - }, - want: "<=3.2.1", - wantErr: false, - }, - { - name: "wildcard", - fields: fields{ - FromVersion: "*", - FromInclusive: true, - ToVersion: "*", - ToInclusive: true, - }, - want: "*", - wantErr: false, - }, - { - name: "from_invalid_semantic_version", - fields: fields{ - FromVersion: "1.2.3.4", - FromInclusive: true, - ToVersion: "9.9.9", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - { - name: "to_invalid_semantic_version", - fields: fields{ - FromVersion: "1.1.1", - FromInclusive: true, - ToVersion: "2.3.4.5", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - { - name: "both_invalid_semantic_version", - fields: fields{ - FromVersion: "1.2.3.4", - FromInclusive: true, - ToVersion: "2.3.4.5", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - { - name: "from_informational", - fields: fields{ - FromVersion: "informational", - FromInclusive: true, - ToVersion: "9.9.9", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - { - name: "to_informational", - fields: fields{ - FromVersion: "1.1.1", - FromInclusive: true, - ToVersion: "informational", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - { - name: "both_informational", - fields: fields{ - FromVersion: "informational", - FromInclusive: true, - ToVersion: "informational", - ToInclusive: true, - }, - want: "", - wantErr: true, - }, - } - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - av := AffectedVersion{ - FromVersion: tc.fields.FromVersion, - FromInclusive: tc.fields.FromInclusive, - ToVersion: tc.fields.ToVersion, - ToInclusive: tc.fields.ToInclusive, - } - got, err := av.semverRange() - - if tc.wantErr { - if err == nil { - t.Errorf("semverRange() want error, got %v", err) - } - return - } - - if err != nil { - t.Errorf("semverRange() unexpected error, got %v", err) - return - } - - assert.Equalf(t, tc.want, got.String(), "semverRange().String") - }) - } -} From 57aeb50f4ee1665f6d2a224cb5c4ec19e062ccb1 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sun, 27 Aug 2023 09:44:23 +0100 Subject: [PATCH 02/20] Add `composer/version` package --- cmd/wpsecadvi/main.go | 1 + composer/version/doc.go | 34 ++ composer/version/range.go | 296 ++++++++++++++++++ composer/version/range_test.go | 521 +++++++++++++++++++++++++++++++ composer/version/version.go | 136 ++++++++ composer/version/version_test.go | 314 +++++++++++++++++++ 6 files changed, 1302 insertions(+) create mode 100644 composer/version/doc.go create mode 100644 composer/version/range.go create mode 100644 composer/version/range_test.go create mode 100644 composer/version/version.go create mode 100644 composer/version/version_test.go diff --git a/cmd/wpsecadvi/main.go b/cmd/wpsecadvi/main.go index dc24dae..f651029 100644 --- a/cmd/wpsecadvi/main.go +++ b/cmd/wpsecadvi/main.go @@ -19,6 +19,7 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ + package main func main() { diff --git a/composer/version/doc.go b/composer/version/doc.go new file mode 100644 index 0000000..8885304 --- /dev/null +++ b/composer/version/doc.go @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +// Package version implements comparison of a subset of [composer/semver] +// compilable version strings. +// +// The general form of a version string accepted by this package is +// +// [v]MAJOR[.MINOR[.PATCH[.REVISION]]] +// +// where square brackets indicate optional parts of the syntax; MAJOR, MINOR, +// PATCH and REVISION are decimal integers without extra leading zeros. +// +// [composer/semver]: https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L150-L174 +package version \ No newline at end of file diff --git a/composer/version/range.go b/composer/version/range.go new file mode 100644 index 0000000..109ba92 --- /dev/null +++ b/composer/version/range.go @@ -0,0 +1,296 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package version + +import ( + "fmt" + "slices" + "strings" +) + +type Range struct { + from *Version // TODO: Can we use value instead? + fromInclusive bool + to *Version // TODO: Can we use value instead? + toInclusive bool +} + +type RangeOptFn func(*Range) + +func WithInclusiveCeiling(v *Version) RangeOptFn { + return func(r *Range) { + r.to = v + r.toInclusive = true + } +} + +func WithNonInclusiveCeiling(v *Version) RangeOptFn { + return func(r *Range) { + r.to = v + r.toInclusive = false + } +} + +func WithoutCeiling() RangeOptFn { + return func(r *Range) { + r.to = nil + r.toInclusive = false + } +} + +func WithInclusiveFloor(v *Version) RangeOptFn { + return func(r *Range) { + r.from = v + r.fromInclusive = true + } +} + +func WithNonInclusiveFloor(v *Version) RangeOptFn { + return func(r *Range) { + r.from = v + r.fromInclusive = false + } +} + +func WithoutFloor() RangeOptFn { + return func(r *Range) { + r.from = nil + r.fromInclusive = false + } +} + +func NewRange(optFns ...RangeOptFn) Range { + r := &Range{} + + for _, optFn := range optFns { + optFn(r) + } + + // TODO: Validate r.from <= r.to + // TODO: Validate when r.from == r.to, then r.fromInclusive == true && r.toInclusive == true + + return *r +} + +func (r Range) String() string { + if r.from == nil && r.to == nil { + return "*" + } + + if r.fromInclusive && r.toInclusive && r.from != nil && r.from == r.to { + return r.from.String() + } + + from := "" + if r.from != nil { + op := ">" + if r.fromInclusive { + op = ">=" + } + + from = fmt.Sprintf("%s%s", op, r.from) + } + + to := "" + if r.to != nil { + op := "<" + if r.toInclusive { + op = "<=" + } + + to = fmt.Sprintf("%s%s", op, r.to) + } + + str := strings.Join([]string{from, to}, " ") + return strings.Trim(str, " ") +} + +// Constraint represents a slice of [Range] grouped together with logical OR. +type Constraint []Range + +func (c Constraint) String() string { + rs := or(c...) + + ss := make([]string, 0, len(rs)) + for _, r := range rs { + ss = append(ss, r.String()) + } + + // For easier testing assertions. + slices.Sort(ss) + + return strings.Join(ss, "||") +} + +func or(rs ...Range) []Range { + if len(rs) == 0 { + return []Range{} + } + + f, rs := rs[0], rs[1:] + result := []Range{f} + + for i, r := range rs { + for j, s := range result { + if m, ok := orTwo(r, s); ok { + result[j] = m + result = append(result, rs[i+1:]...) + return or(result...) + } + } + result = append(result, r) + } + + return result +} + +func orTwo(a Range, b Range) (Range, bool) { + if !overlap(a, b) { + return Range{}, false + } + + if a.from == nil && a.to == nil { + return a, true + } + if b.from == nil && b.to == nil { + return b, true + } + if a.String() == b.String() { + return a, true + } + + // Both without celling, take the lesser from + // |<-a-> + // |<---b---> + if a.to == nil && b.to == nil { + from := a.from + fromInclusive := a.fromInclusive + + if b.from.lessThan(*a.from) { + from = b.from + fromInclusive = b.fromInclusive + } + if a.from.equalTo(*b.from) { + fromInclusive = a.fromInclusive && b.fromInclusive + } + + return Range{from, fromInclusive, nil, false}, true + } + + // Both without floor + // <-a->| + // <---b--->| + if a.from == nil && b.from == nil { + to := a.to + toInclusive := a.toInclusive + + if b.to.greaterThan(*a.to) { + to = b.to + toInclusive = b.toInclusive + } + if a.to.equalTo(*b.to) { + toInclusive = a.toInclusive && b.toInclusive + } + + return Range{nil, false, to, toInclusive}, true + } + + // Ensure a has a lower from + // |<-a->| + // |<---b--->| + // Or, + // |<-a->| + // |<---b--->| + // Or, + // |<-a->| + // |<--- b --->| + // Or, + // |<--------a-------->| + // |<---b--->| + if a.from.greaterThan(*b.from) { + a, b = b, a + } + + from := a.from + fromInclusive := a.fromInclusive + if a.from.equalTo(*b.from) { + fromInclusive = a.fromInclusive || b.fromInclusive + } + + to := b.to + toInclusive := b.toInclusive + if a.to.greaterThan(*b.to) { + to = a.to + } + if a.to.equalTo(*b.to) { + toInclusive = a.toInclusive || b.toInclusive + } + + return Range{from, fromInclusive, to, toInclusive}, true +} + +func overlap(a Range, b Range) bool { + if a.from == nil && a.to == nil { + return true + } + if b.from == nil && b.to == nil { + return true + } + if a.String() == b.String() { + return true + } + + // Both without celling + // |<-a-> + // |<---b---> + if a.to == nil && b.to == nil { + return true + } + + // Both without floor + // <-a->| + // <---b--->| + if a.from == nil && b.from == nil { + return true + } + + // Ensure a has a lower from + // |<-a->| + // |<---b--->| + // Or, + // |<-a->| + // |<---b--->| + // Or, + // |<-a->| + // |<--- b --->| + // Or, + // |<--------a-------->| + // |<---b--->| + if a.from.greaterThan(*b.from) { + a, b = b, a + } + + return a.to == nil || + a.to.greaterThan(*b.from) || + (a.to.equalTo(*b.from) && (a.toInclusive || b.fromInclusive)) +} \ No newline at end of file diff --git a/composer/version/range_test.go b/composer/version/range_test.go new file mode 100644 index 0000000..39cfa75 --- /dev/null +++ b/composer/version/range_test.go @@ -0,0 +1,521 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package version + +import ( + "reflect" + "testing" +) + +var ( + v1 = &Version{1, 0, 0, 0} + v2 = &Version{2, 0, 0, 0} + v3 = &Version{3, 0, 0, 0} + v4 = &Version{4, 0, 0, 0} + v5 = &Version{5, 0, 0, 0} + + unbounded = Range{} + + r1i2 = Range{v1, true, v2, false} + r1i2i = Range{v1, true, v2, true} + r1i3 = Range{v1, true, v3, false} + r1i3i = Range{v1, true, v3, true} + r2i3 = Range{v2, true, v3, false} + r2i3i = Range{v2, true, v3, true} + r12 = Range{v1, false, v2, false} + r12i = Range{v1, false, v2, true} + r13 = Range{v1, false, v3, false} + r13i = Range{v1, false, v3, true} + r14 = Range{v1, false, v4, false} + r15 = Range{v1, false, v5, false} + r23 = Range{v2, false, v3, false} + r24 = Range{v2, false, v4, false} + r34 = Range{v3, false, v4, false} + r35 = Range{v3, false, v5, false} + + l1 = Range{nil, false, v1, false} + l2 = Range{nil, false, v2, false} + l3 = Range{nil, false, v3, false} + l4 = Range{nil, false, v4, false} + + g1 = Range{v1, false, nil, false} + g2 = Range{v2, false, nil, false} + g3 = Range{v3, false, nil, false} + g4 = Range{v4, false, nil, false} +) + +func TestNewRange(t *testing.T) { + tests := []struct { + optFns []RangeOptFn + want Range + }{ + { + []RangeOptFn{}, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithInclusiveCeiling(v1), + }, + Range{nil, false, v1, true}, + }, + { + []RangeOptFn{ + WithNonInclusiveCeiling(v1), + }, + Range{nil, false, v1, false}, + }, + { + []RangeOptFn{ + WithoutCeiling(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithInclusiveCeiling(v1), + WithoutCeiling(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithNonInclusiveCeiling(v1), + WithoutCeiling(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithInclusiveFloor(v1), + }, + Range{v1, true, nil, false}, + }, + { + []RangeOptFn{ + WithNonInclusiveFloor(v1), + }, + Range{v1, false, nil, false}, + }, + { + []RangeOptFn{ + WithoutFloor(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithInclusiveFloor(v1), + WithoutFloor(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithNonInclusiveFloor(v1), + WithoutFloor(), + }, + Range{nil, false, nil, false}, + }, + { + []RangeOptFn{ + WithInclusiveCeiling(v1), + WithInclusiveFloor(v2), + }, + Range{v2, true, v1, true}, + }, + { + []RangeOptFn{ + WithInclusiveCeiling(v1), + WithNonInclusiveFloor(v2), + }, + Range{v2, false, v1, true}, + }, + { + []RangeOptFn{ + WithInclusiveCeiling(v1), + WithoutFloor(), + }, + Range{nil, false, v1, true}, + }, + { + []RangeOptFn{ + WithNonInclusiveCeiling(v1), + WithInclusiveFloor(v2), + }, + Range{v2, true, v1, false}, + }, + { + []RangeOptFn{ + WithNonInclusiveCeiling(v1), + WithNonInclusiveFloor(v2), + }, + Range{v2, false, v1, false}, + }, + { + []RangeOptFn{ + WithNonInclusiveCeiling(v1), + WithoutFloor(), + }, + Range{nil, false, v1, false}, + }, + { + []RangeOptFn{ + WithoutCeiling(), + WithInclusiveFloor(v1), + }, + Range{v1, true, nil, false}, + }, + { + []RangeOptFn{ + WithoutCeiling(), + WithNonInclusiveFloor(v1), + }, + Range{v1, false, nil, false}, + }, + { + []RangeOptFn{ + WithoutCeiling(), + WithoutFloor(), + }, + Range{nil, false, nil, false}, + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if reflect.DeepEqual(v1, v2) { + t.Errorf("bad implmentation v1 == v2") + } + + if got := NewRange(tt.optFns...); !reflect.DeepEqual(got, tt.want) { + t.Errorf("NewRange() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRange_String(t *testing.T) { + v1234 := &Version{1, 2, 3, 4} + v9876 := &Version{9, 8, 7, 6} + + type fields struct { + from *Version + fromInclusive bool + to *Version + toInclusive bool + } + tests := []struct { + fields fields + want string + }{ + {fields{}, "*"}, + {fields{v1234, false, nil, false}, ">1.2.3.4"}, + {fields{v1234, true, nil, false}, ">=1.2.3.4"}, + {fields{v1234, false, nil, true}, ">1.2.3.4"}, + {fields{v1234, true, nil, true}, ">=1.2.3.4"}, + {fields{nil, false, v1234, false}, "<1.2.3.4"}, + {fields{nil, false, v1234, true}, "<=1.2.3.4"}, + {fields{nil, true, v1234, false}, "<1.2.3.4"}, + {fields{nil, true, v1234, true}, "<=1.2.3.4"}, + {fields{v1234, false, v9876, false}, ">1.2.3.4 <9.8.7.6"}, + {fields{v1234, false, v9876, true}, ">1.2.3.4 <=9.8.7.6"}, + {fields{v1234, true, v9876, false}, ">=1.2.3.4 <9.8.7.6"}, + {fields{v1234, true, v9876, true}, ">=1.2.3.4 <=9.8.7.6"}, + {fields{v1234, true, v1234, true}, "1.2.3.4"}, + } + for _, tt := range tests { + t.Run(tt.want, func(t *testing.T) { + r := Range{ + from: tt.fields.from, + fromInclusive: tt.fields.fromInclusive, + to: tt.fields.to, + toInclusive: tt.fields.toInclusive, + } + if got := r.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestConstraint_String(t *testing.T) { + tests := []struct { + name string + c Constraint + want string + }{ + { + "empty", + []Range{}, + "", + }, + { + "single", + []Range{r12}, + ">1 <2", + }, + { + "no overlap", + []Range{r12, r23, r34}, + ">1 <2||>2 <3||>3 <4", + }, + { + "without floor", + []Range{l1, l2}, + "<2", + }, + { + "without floor", + []Range{l2, l3, l1}, + "<3", + }, + { + "without floor", + []Range{l4, l3, l2, l1}, + "<4", + }, + { + "without celling", + []Range{g1, g2}, + ">1", + }, + { + "without celling", + []Range{g2, g3, g1}, + ">1", + }, + { + "without celling", + []Range{g4, g3, g2, g1}, + ">1", + }, + { + "overlap", + []Range{r13, r24}, + ">1 <4", + }, + { + "overlap", + []Range{r24, r13, r35}, + ">1 <5", + }, + { + "touching", + []Range{r12i, r23}, + ">1 <3", + }, + { + "touching", + []Range{r12, r2i3}, + ">1 <3", + }, + { + "touching", + []Range{r1i2i, r23}, + ">=1 <3", + }, + { + "touching", + []Range{r12, r2i3i}, + ">1 <=3", + }, + { + "touching", + []Range{r1i2, r2i3i}, + ">=1 <=3", + }, + { + "included", + []Range{r14, r23}, + ">1 <4", + }, + { + "included", + []Range{r23, r14}, + ">1 <4", + }, + { + "unbounded", + []Range{unbounded}, + "*", + }, + { + "unbounded", + []Range{unbounded, unbounded}, + "*", + }, + { + "unbounded", + []Range{r12, unbounded}, + "*", + }, + { + "unbounded", + []Range{unbounded, r12}, + "*", + }, + { + "unbounded", + []Range{r14, r23, unbounded, r13, r24}, + "*", + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if got := tt.c.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_or(t *testing.T) { + tests := []struct { + name string + args []Range + want []Range + }{ + { + "empty", + []Range{}, + []Range{}, + }, + { + "single", + []Range{r12}, + []Range{r12}, + }, + { + "no overlap", + []Range{r12, r23, r34}, + []Range{r12, r23, r34}, + }, + { + "without floor", + []Range{l1, l2}, + []Range{l2}, + }, + { + "without floor", + []Range{l2, l3, l1}, + []Range{l3}, + }, + { + "without floor", + []Range{l4, l3, l2, l1}, + []Range{l4}, + }, + { + "without celling", + []Range{g1, g2}, + []Range{g1}, + }, + { + "without celling", + []Range{g2, g3, g1}, + []Range{g1}, + }, + { + "without celling", + []Range{g4, g3, g2, g1}, + []Range{g1}, + }, + { + "overlap", + []Range{r13, r24}, + []Range{r14}, + }, + { + "overlap", + []Range{r24, r13, r35}, + []Range{r15}, + }, + { + "touching", + []Range{r12i, r23}, + []Range{r13}, + }, + { + "touching", + []Range{r12, r2i3}, + []Range{r13}, + }, + { + "touching", + []Range{r1i2i, r23}, + []Range{r1i3}, + }, + { + "touching", + []Range{r12, r2i3i}, + []Range{r13i}, + }, + { + "touching", + []Range{r1i2, r2i3i}, + []Range{r1i3i}, + }, + { + "included", + []Range{r14, r23}, + []Range{r14}, + }, + { + "included", + []Range{r23, r14}, + []Range{r14}, + }, + { + "unbounded", + []Range{unbounded}, + []Range{unbounded}, + }, + { + "unbounded", + []Range{unbounded, unbounded}, + []Range{unbounded}, + }, + { + "unbounded", + []Range{r12, unbounded}, + []Range{unbounded}, + }, + { + "unbounded", + []Range{unbounded, r12}, + []Range{unbounded}, + }, + { + "unbounded", + []Range{r14, r23, unbounded, r13, r24}, + []Range{unbounded}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := or(tt.args...); !reflect.DeepEqual(got, tt.want) { + t.Errorf("or() = %v, want %v", got, tt.want) + } + }) + } +} \ No newline at end of file diff --git a/composer/version/version.go b/composer/version/version.go new file mode 100644 index 0000000..637abd2 --- /dev/null +++ b/composer/version/version.go @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package version + +import ( + "errors" + "fmt" + "regexp" + "strconv" + "strings" +) + +const ( + regex = `^v?[[:blank:]]?(?P\d+)(\.(?P\d+)(\.(?P\d+)(\.(?P\d+)?)?)?)?` +) + +var ( + ErrMalformedVersionString = errors.New("malformed version string") +) + +type Version struct { + major uint64 + minor uint64 + patch uint64 + revision uint64 +} + +// NewVersion parses a given string and returns a pointer of [Version] or +// an error if unable to parse the version. If the version is not composer +// compilable it attempts to convert it. +func NewVersion(v string) (*Version, error) { + r := regexp.MustCompile(regex) + + if !r.MatchString(v) { + return nil, fmt.Errorf("unable to parse %q: %w", v, ErrMalformedVersionString) + } + + ver := &Version{} + + m := r.FindStringSubmatch(v) + for i, name := range r.SubexpNames() { + n, err := strconv.ParseUint(m[i], 10, 0) + if err != nil { + continue + } + + switch name { + case "major": + ver.major = n + case "minor": + ver.minor = n + case "patch": + ver.patch = n + case "revision": + ver.revision = n + } + } + + return ver, nil +} + +// normalize returns the normalized formatting of the version. It fills in any +// missing .MINOR or .PATCH or .REVISION. Two versions are compared equal only +// if their normalized formatting are identical strings. +func (v Version) normalize() string { + return fmt.Sprintf("%d.%d.%d.%d", v.major, v.minor, v.patch, v.revision) +} + +func (v Version) String() string { + s := v.normalize() + + s, _ = strings.CutSuffix(s, ".0") // revision + s, _ = strings.CutSuffix(s, ".0") // patch + s, _ = strings.CutSuffix(s, ".0") // minor + + return s +} + +// compare this version to another one. It returns -1, 0 or 1 if the version +// is smaller, equal or larger than the other version respectively. +func (v Version) compare(o Version) int { + if d := compareUint(v.major, o.major); d != 0 { + return d + } + if d := compareUint(v.minor, o.minor); d != 0 { + return d + } + if d := compareUint(v.patch, o.patch); d != 0 { + return d + } + + return compareUint(v.revision, o.revision) +} + +func compareUint(i, j uint64) int { + switch { + case i < j: + return -1 + case i > j: + return 1 + default: + return 0 + } +} + +func (v Version) equalTo(o Version) bool { + return v.compare(o) == 0 +} + +func (v Version) greaterThan(o Version) bool { + return v.compare(o) > 0 +} + +func (v Version) lessThan(o Version) bool { + return v.compare(o) < 0 +} \ No newline at end of file diff --git a/composer/version/version_test.go b/composer/version/version_test.go new file mode 100644 index 0000000..04add68 --- /dev/null +++ b/composer/version/version_test.go @@ -0,0 +1,314 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package version + +import ( + "errors" + "fmt" + "testing" +) + +// tests is modified from `composer/semver`'s test. +// https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L65-L134 +// https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L150-L174 +var tests = []struct { + name string + in string + out string +}{ + // From `VersionParserTest::successfulNormalizedVersions()` + {"none", "1.0.0", "1.0.0.0"}, + {"none/2", "1.2.3.4", "1.2.3.4"}, + //{"parses state", "1.0.0RC1dev", "1.0.0.0-RC1-dev"}, + //{"CI parsing", "1.0.0-rC15-dev", "1.0.0.0-RC15-dev"}, + //{"delimiters", "1.0.0.RC.15-dev", "1.0.0.0-RC15-dev"}, + //{"RC uppercase", "1.0.0-rc1", "1.0.0.0-RC1"}, + //{"patch replace", "1.0.0.pl3-dev", "1.0.0.0-patch3-dev"}, + //{"forces w.x.y.z", "1.0-dev", "1.0.0.0-dev"}, + {"forces w.x.y.z/2", "0", "0.0.0.0"}, + //{"parses long", "10.4.13-beta", "10.4.13.0-beta"}, + //{"parses long/2", "10.4.13beta2", "10.4.13.0-beta2"}, + //{"parses long/semver", "10.4.13beta.2", "10.4.13.0-beta2"}, + //{"parses long/semver2", "v1.13.11-beta.0", "1.13.11.0-beta0"}, + //{"parses long/semver3", "1.13.11.0-beta0", "1.13.11.0-beta0"}, + //{"expand shorthand", "10.4.13-b", "10.4.13.0-beta"}, + //{"expand shorthand/2", "10.4.13-b5", "10.4.13.0-beta5"}, + {"strips leading v", "v1.0.0", "1.0.0.0"}, + //{"parses dates y-m as classical", "2010.01", "2010.01.0.0"}, + //{"parses dates w/ . as classical", "2010.01.02", "2010.01.02.0"}, + {"parses dates y.m.Y as classical", "2010.1.555", "2010.1.555.0"}, + {"parses dates y.m.Y/2 as classical", "2010.10.200", "2010.10.200.0"}, + //{"strips v/datetime", "v20100102", "20100102"}, + //{"parses dates w/ -", "2010-01-02", "2010.01.02"}, + //{"parses dates w/ .", "2012.06.07", "2012.06.07.0"}, + //{"parses numbers", "2010-01-02.5", "2010.01.02.5"}, + {"parses dates y.m.Y", "2010.1.555", "2010.1.555.0"}, + //{"parses datetime", "20100102-203040", "20100102.203040"}, + //{"parses date dev", "20100102.x-dev", "20100102.9999999.9999999.9999999-dev"}, + //{"parses datetime dev", "20100102.203040.x-dev", "20100102.203040.9999999.9999999-dev"}, + //{"parses dt+number", "20100102203040-10", "20100102203040.10"}, + //{"parses dt+patch", "20100102-203040-p1", "20100102.203040-patch1"}, + //{"parses dt Ym", "201903.0", "201903.0"}, + //{"parses dt Ym dev", "201903.x-dev", "201903.9999999.9999999.9999999-dev"}, + //{"parses dt Ym+patch", "201903.0-p2", "201903.0-patch2"}, + //{"parses master", "dev-master", "dev-master"}, + //{"parses master w/o dev", "master", "dev-master"}, + //{"parses trunk", "dev-trunk", "dev-trunk"}, + //{"parses branches", "1.x-dev", "1.9999999.9999999.9999999-dev"}, + //{"parses arbitrary", "dev-feature-foo", "dev-feature-foo"}, + //{"parses arbitrary/2", "DEV-FOOBAR", "dev-FOOBAR"}, + //{"parses arbitrary/3", "dev-feature/foo", "dev-feature/foo"}, + //{"parses arbitrary/4", "dev-feature+issue-1", "dev-feature+issue-1"}, + //{"ignores aliases", "dev-master as 1.0.0", "dev-master"}, + //{"ignores aliases/2", "dev-load-varnish-only-when-used as ^2.0", "dev-load-varnish-only-when-used"}, + //{"ignores aliases/3", "dev-load-varnish-only-when-used@dev as ^2.0@dev", "dev-load-varnish-only-when-used"}, + {"ignores stability", "1.0.0+foo@dev", "1.0.0.0"}, + //{"ignores stability/2", "dev-load-varnish-only-when-used@stable", "dev-load-varnish-only-when-used"}, + //{"semver metadata/2", "1.0.0-beta.5+foo", "1.0.0.0-beta5"}, + {"semver metadata/3", "1.0.0+foo", "1.0.0.0"}, + //{"semver metadata/4", "1.0.0-alpha.3.1+foo", "1.0.0.0-alpha3.1"}, + //{"semver metadata/5", "1.0.0-alpha2.1+foo", "1.0.0.0-alpha2.1"}, + //{"semver metadata/6", "1.0.0-alpha-2.1-3+foo", "1.0.0.0-alpha2.1-3"}, + // not supported for BC "semver metadata/7", "1.0.0-0.3.7", "1.0.0.0-0.3.7"}, + // not supported for BC "semver metadata/8", "1.0.0-x.7.z.92", "1.0.0.0-x.7.z.92"}, + {"metadata w/ alias", "1.0.0+foo as 2.0", "1.0.0.0"}, + //{"keep zero-padding", "00.01.03.04", "00.01.03.04"}, + //{"keep zero-padding/2", "000.001.003.004", "000.001.003.004"}, + //{"keep zero-padding/3", "0.000.103.204", "0.000.103.204"}, + //{"keep zero-padding/4", "0700", "0700.0.0.0"}, + //{"keep zero-padding/5", "041.x-dev", "041.9999999.9999999.9999999-dev"}, + //{"keep zero-padding/6", "dev-041.003", "dev-041.003"}, + //{"dev with mad name", "dev-1.0.0-dev<1.0.5-dev", "dev-1.0.0-dev<1.0.5-dev"}, + //{"dev prefix with spaces", "dev-foo bar", "dev-foo bar"}, + {"space padding", " 1.0.0", "1.0.0.0"}, + {"space padding/2", "1.0.0 ", "1.0.0.0"}, + + // From `VersionParserTest::failingNormalizedVersions()` + {"empty ", "", ""}, + {"invalid chars", "a", ""}, + //{"invalid type", "1.0.0-meh", ""}, + //{"too many bits", "1.0.0.0.0", ""}, + {"non-dev arbitrary", "feature-foo", ""}, + //{"metadata w/ space", "1.0.0+foo bar", ""}, + //{"maven style release", "1.0.1-SNAPSHOT", ""}, + //{"dev with less than", "1.0.0<1.0.5-dev", ""}, + //{"dev with less than/2", "1.0.0-dev<1.0.5-dev", ""}, + {"dev suffix with spaces", "foo bar-dev", ""}, + //{"any with spaces", "1.0 .2", ""}, + {"no version, no alias", " as ", ""}, + {"no version, only alias", " as 1.2", ""}, + {"just an operator", "^", ""}, + {"just an operator/2", "^8 || ^", ""}, + {"just an operator/3", "~", ""}, + {"just an operator/4", "~1 ~", ""}, + {"constraint", "~1", ""}, + {"constraint/2", "^1", ""}, + //{"constraint/3", "1.*", ""}, +} + +func TestNewVersion(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := NewVersion(tt.in) + + if tt.out == "" { + if err == nil { + t.Errorf("NewVersion() error = nil, want error") + } + + if !errors.Is(err, ErrMalformedVersionString) { + t.Errorf("NewVersion() error = %v, want ErrMalformedVersionString", err) + } + + return + } + + if err != nil { + t.Errorf("NewVersion() error = %v, want nil", err) + return + } + if got.normalize() != tt.out { + t.Errorf("NewVersion() got = %v, want %v", got, tt.out) + } + }) + } +} + +func TestVersion_String(t *testing.T) { + type fields struct { + major uint64 + minor uint64 + patch uint64 + revision uint64 + } + tests := []struct { + fields fields + want string + }{ + // No zero. + {fields{1, 2, 3, 4}, "1.2.3.4"}, + //// 1 zero. + {fields{1, 2, 3, 0}, "1.2.3"}, + {fields{1, 2, 0, 4}, "1.2.0.4"}, + {fields{1, 0, 3, 4}, "1.0.3.4"}, + {fields{0, 2, 3, 4}, "0.2.3.4"}, + //// 2 zeros. + {fields{1, 2, 0, 0}, "1.2"}, + {fields{1, 0, 3, 0}, "1.0.3"}, + {fields{0, 2, 3, 0}, "0.2.3"}, + {fields{1, 0, 0, 4}, "1.0.0.4"}, + {fields{0, 2, 0, 4}, "0.2.0.4"}, + {fields{0, 0, 3, 4}, "0.0.3.4"}, + //// 3 zeros. + {fields{1, 0, 0, 0}, "1"}, + {fields{0, 2, 0, 0}, "0.2"}, + {fields{0, 0, 3, 0}, "0.0.3"}, + {fields{0, 0, 0, 4}, "0.0.0.4"}, + // 4 zeros. + {fields{0, 0, 0, 0}, "0"}, + // + {fields{10, 2, 3, 4}, "10.2.3.4"}, + {fields{1, 20, 3, 4}, "1.20.3.4"}, + {fields{1, 2, 30, 4}, "1.2.30.4"}, + {fields{1, 2, 3, 40}, "1.2.3.40"}, + {fields{10, 20, 30, 40}, "10.20.30.40"}, + } + for _, tt := range tests { + t.Run( + fmt.Sprintf("%d.%d.%d.%d", tt.fields.major, tt.fields.minor, tt.fields.patch, tt.fields.revision), + func(t *testing.T) { + v := Version{ + major: tt.fields.major, + minor: tt.fields.minor, + patch: tt.fields.patch, + revision: tt.fields.revision, + } + if got := v.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestVersion_compare(t *testing.T) { + tests := []struct { + v Version + o Version + want int + }{ + {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, 0}, + {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, 1}, + {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, 1}, + {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, 1}, + {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, 1}, + {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, -1}, + {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, -1}, + {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, -1}, + {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, -1}, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if got := tt.v.compare(tt.o); got != tt.want { + t.Errorf("'%s'.compare('%s') = %v, want %v", tt.v, tt.o, got, tt.want) + } + }) + } +} + +func TestVersion_equalTo(t *testing.T) { + tests := []struct { + v Version + o Version + want bool + }{ + {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, true}, + {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, true}, + {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, false}, + {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, false}, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if got := tt.v.equalTo(tt.o); got != tt.want { + t.Errorf("'%s'.equalTo('%s') = %v, want %v", tt.v, tt.o, got, tt.want) + } + }) + } +} + +func TestVersion_greaterThan(t *testing.T) { + tests := []struct { + v Version + o Version + want bool + }{ + {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, false}, + {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, true}, + {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, false}, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if got := tt.v.greaterThan(tt.o); got != tt.want { + t.Errorf("'%s'.greaterThan('%s') = %v, want %v", tt.v, tt.o, got, tt.want) + } + }) + } +} + +func TestVersion_lessThan(t *testing.T) { + tests := []struct { + v Version + o Version + want bool + }{ + {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, false}, + {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, false}, + {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, false}, + {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, true}, + {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, true}, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + if got := tt.v.lessThan(tt.o); got != tt.want { + t.Errorf("'%s'.lessThan('%s') = %v, want %v", tt.v, tt.o, got, tt.want) + } + }) + } +} \ No newline at end of file From b914ff11524b0a69f0a9f6e7c6cf590f938c3ab7 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Wed, 30 Aug 2023 03:22:03 +0100 Subject: [PATCH 03/20] Add `wp` package --- wp/entity.go | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 wp/entity.go diff --git a/wp/entity.go b/wp/entity.go new file mode 100644 index 0000000..adaa9fa --- /dev/null +++ b/wp/entity.go @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wp + +import ( + "errors" + "github.com/typisttech/wpsecadvi/composer/version" +) + +type kind byte + +const ( + core kind = iota + plugin + theme +) + +var ( + ErrEmptyEntitySlug = errors.New("empty entity string") +) + +type Entity struct { + kind kind + slug string + versionRanges []version.Range +} + +func NewCoreEntity() *Entity { + return &Entity{kind: core, slug: "wordpress-core"} +} + +func NewPluginEntity(slug string) (*Entity, error) { + if slug == "" { + return nil, ErrEmptyEntitySlug + } + return &Entity{kind: plugin, slug: slug}, nil +} + +func NewThemeEntity(slug string) (*Entity, error) { + if slug == "" { + return nil, ErrEmptyEntitySlug + } + return &Entity{kind: theme, slug: slug}, nil +} + +func (e *Entity) IsCore() bool { + return e.kind == core +} + +func (e *Entity) IsPlugin() bool { + return e.kind == plugin +} + +func (e *Entity) IsTheme() bool { + return e.kind == theme +} + +func (e *Entity) Slug() string { + return e.slug +} + +func (e *Entity) VersionRanges() []version.Range { + return e.versionRanges +} + +func (e *Entity) Or(r version.Range) { + e.versionRanges = append(e.versionRanges, r) +} \ No newline at end of file From 4221909f50c830750d757ddeabbf3e509e78c30a Mon Sep 17 00:00:00 2001 From: TangRufus Date: Wed, 30 Aug 2023 06:41:20 +0100 Subject: [PATCH 04/20] Add `wordfence` package --- composer/version/range.go | 82 +++-- composer/version/range_test.go | 315 ++++++++++-------- composer/version/version.go | 6 +- composer/version/version_test.go | 10 +- go.mod | 7 +- go.sum | 4 + wordfence/client.go | 86 +++++ wordfence/client_test.go | 156 +++++++++ wordfence/fixture_test.go | 243 ++++++++++++++ wordfence/repo.go | 80 +++++ wordfence/repo_test.go | 341 ++++++++++++++++++++ wordfence/testdata/empty.json | 1 + wordfence/testdata/not-json.json | 1 + wordfence/testdata/production.example.json | 60 ++++ wordfence/testdata/production.multiple.json | 99 ++++++ wordfence/testdata/scanner.example.json | 37 +++ wordfence/vulnerability.go | 178 ++++++++++ wp/entity.go | 41 +-- 18 files changed, 1538 insertions(+), 209 deletions(-) create mode 100644 wordfence/client.go create mode 100644 wordfence/client_test.go create mode 100644 wordfence/fixture_test.go create mode 100644 wordfence/repo.go create mode 100644 wordfence/repo_test.go create mode 100644 wordfence/testdata/empty.json create mode 100644 wordfence/testdata/not-json.json create mode 100644 wordfence/testdata/production.example.json create mode 100644 wordfence/testdata/production.multiple.json create mode 100644 wordfence/testdata/scanner.example.json create mode 100644 wordfence/vulnerability.go diff --git a/composer/version/range.go b/composer/version/range.go index 109ba92..8639142 100644 --- a/composer/version/range.go +++ b/composer/version/range.go @@ -35,64 +35,62 @@ type Range struct { toInclusive bool } -type RangeOptFn func(*Range) +type RangeOptionFunc func(*Range) -func WithInclusiveCeiling(v *Version) RangeOptFn { +func WithCeiling(v *Version, inclusive bool) RangeOptionFunc { + // TODO: test me! return func(r *Range) { r.to = v - r.toInclusive = true + r.toInclusive = inclusive && v != nil } } -func WithNonInclusiveCeiling(v *Version) RangeOptFn { - return func(r *Range) { - r.to = v - r.toInclusive = false - } +func WithInclusiveCeiling(v *Version) RangeOptionFunc { + return WithCeiling(v, true) } -func WithoutCeiling() RangeOptFn { - return func(r *Range) { - r.to = nil - r.toInclusive = false - } +func WithNonInclusiveCeiling(v *Version) RangeOptionFunc { + return WithCeiling(v, false) } -func WithInclusiveFloor(v *Version) RangeOptFn { - return func(r *Range) { - r.from = v - r.fromInclusive = true - } +func WithoutCeiling() RangeOptionFunc { + return WithCeiling(nil, false) } -func WithNonInclusiveFloor(v *Version) RangeOptFn { +func WithFloor(v *Version, inclusive bool) RangeOptionFunc { return func(r *Range) { r.from = v - r.fromInclusive = false + r.fromInclusive = inclusive && v != nil } } -func WithoutFloor() RangeOptFn { - return func(r *Range) { - r.from = nil - r.fromInclusive = false - } +func WithInclusiveFloor(v *Version) RangeOptionFunc { + return WithFloor(v, true) +} + +func WithNonInclusiveFloor(v *Version) RangeOptionFunc { + return WithFloor(v, false) +} + +func WithoutFloor() RangeOptionFunc { + // TODO: test me! + return WithFloor(nil, false) } -func NewRange(optFns ...RangeOptFn) Range { +func NewRange(optionFuncs ...RangeOptionFunc) (*Range, error) { r := &Range{} - for _, optFn := range optFns { + for _, optFn := range optionFuncs { optFn(r) } // TODO: Validate r.from <= r.to // TODO: Validate when r.from == r.to, then r.fromInclusive == true && r.toInclusive == true - return *r + return r, nil } -func (r Range) String() string { +func (r *Range) String() string { if r.from == nil && r.to == nil { return "*" } @@ -125,8 +123,8 @@ func (r Range) String() string { return strings.Trim(str, " ") } -// Constraint represents a slice of [Range] grouped together with logical OR. -type Constraint []Range +// Constraint represents a slice of [*Range] grouped together with logical OR. +type Constraint []*Range func (c Constraint) String() string { rs := or(c...) @@ -142,13 +140,13 @@ func (c Constraint) String() string { return strings.Join(ss, "||") } -func or(rs ...Range) []Range { +func or(rs ...*Range) []*Range { if len(rs) == 0 { - return []Range{} + return nil } f, rs := rs[0], rs[1:] - result := []Range{f} + result := []*Range{f} for i, r := range rs { for j, s := range result { @@ -164,9 +162,9 @@ func or(rs ...Range) []Range { return result } -func orTwo(a Range, b Range) (Range, bool) { +func orTwo(a *Range, b *Range) (*Range, bool) { if !overlap(a, b) { - return Range{}, false + return nil, false } if a.from == nil && a.to == nil { @@ -194,7 +192,7 @@ func orTwo(a Range, b Range) (Range, bool) { fromInclusive = a.fromInclusive && b.fromInclusive } - return Range{from, fromInclusive, nil, false}, true + return &Range{from, fromInclusive, nil, false}, true } // Both without floor @@ -212,10 +210,10 @@ func orTwo(a Range, b Range) (Range, bool) { toInclusive = a.toInclusive && b.toInclusive } - return Range{nil, false, to, toInclusive}, true + return &Range{nil, false, to, toInclusive}, true } - // Ensure a has a lower from + // Ensure a has the lower from // |<-a->| // |<---b--->| // Or, @@ -246,10 +244,10 @@ func orTwo(a Range, b Range) (Range, bool) { toInclusive = a.toInclusive || b.toInclusive } - return Range{from, fromInclusive, to, toInclusive}, true + return &Range{from, fromInclusive, to, toInclusive}, true } -func overlap(a Range, b Range) bool { +func overlap(a *Range, b *Range) bool { if a.from == nil && a.to == nil { return true } @@ -274,7 +272,7 @@ func overlap(a Range, b Range) bool { return true } - // Ensure a has a lower from + // Ensure a has the lower from // |<-a->| // |<---b--->| // Or, diff --git a/composer/version/range_test.go b/composer/version/range_test.go index 39cfa75..6818166 100644 --- a/composer/version/range_test.go +++ b/composer/version/range_test.go @@ -34,171 +34,192 @@ var ( v4 = &Version{4, 0, 0, 0} v5 = &Version{5, 0, 0, 0} - unbounded = Range{} + unbounded = &Range{} - r1i2 = Range{v1, true, v2, false} - r1i2i = Range{v1, true, v2, true} - r1i3 = Range{v1, true, v3, false} - r1i3i = Range{v1, true, v3, true} - r2i3 = Range{v2, true, v3, false} - r2i3i = Range{v2, true, v3, true} - r12 = Range{v1, false, v2, false} - r12i = Range{v1, false, v2, true} - r13 = Range{v1, false, v3, false} - r13i = Range{v1, false, v3, true} - r14 = Range{v1, false, v4, false} - r15 = Range{v1, false, v5, false} - r23 = Range{v2, false, v3, false} - r24 = Range{v2, false, v4, false} - r34 = Range{v3, false, v4, false} - r35 = Range{v3, false, v5, false} + r1i2 = &Range{v1, true, v2, false} + r1i2i = &Range{v1, true, v2, true} + r1i3 = &Range{v1, true, v3, false} + r1i3i = &Range{v1, true, v3, true} + r2i3 = &Range{v2, true, v3, false} + r2i3i = &Range{v2, true, v3, true} + r12 = &Range{v1, false, v2, false} + r12i = &Range{v1, false, v2, true} + r13 = &Range{v1, false, v3, false} + r13i = &Range{v1, false, v3, true} + r14 = &Range{v1, false, v4, false} + r15 = &Range{v1, false, v5, false} + r23 = &Range{v2, false, v3, false} + r24 = &Range{v2, false, v4, false} + r34 = &Range{v3, false, v4, false} + r35 = &Range{v3, false, v5, false} - l1 = Range{nil, false, v1, false} - l2 = Range{nil, false, v2, false} - l3 = Range{nil, false, v3, false} - l4 = Range{nil, false, v4, false} + l1 = &Range{nil, false, v1, false} + l2 = &Range{nil, false, v2, false} + l3 = &Range{nil, false, v3, false} + l4 = &Range{nil, false, v4, false} - g1 = Range{v1, false, nil, false} - g2 = Range{v2, false, nil, false} - g3 = Range{v3, false, nil, false} - g4 = Range{v4, false, nil, false} + g1 = &Range{v1, false, nil, false} + g2 = &Range{v2, false, nil, false} + g3 = &Range{v3, false, nil, false} + g4 = &Range{v4, false, nil, false} ) func TestNewRange(t *testing.T) { tests := []struct { - optFns []RangeOptFn - want Range + optionFuncs []RangeOptionFunc + want *Range + wantErr bool }{ { - []RangeOptFn{}, - Range{nil, false, nil, false}, + []RangeOptionFunc{}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveCeiling(v1), }, - Range{nil, false, v1, true}, + &Range{nil, false, v1, true}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveCeiling(v1), }, - Range{nil, false, v1, false}, + &Range{nil, false, v1, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithoutCeiling(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveCeiling(v1), WithoutCeiling(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveCeiling(v1), WithoutCeiling(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveFloor(v1), }, - Range{v1, true, nil, false}, + &Range{v1, true, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveFloor(v1), }, - Range{v1, false, nil, false}, + &Range{v1, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithoutFloor(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveFloor(v1), WithoutFloor(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveFloor(v1), WithoutFloor(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveCeiling(v1), WithInclusiveFloor(v2), }, - Range{v2, true, v1, true}, + &Range{v2, true, v1, true}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveCeiling(v1), WithNonInclusiveFloor(v2), }, - Range{v2, false, v1, true}, + &Range{v2, false, v1, true}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithInclusiveCeiling(v1), WithoutFloor(), }, - Range{nil, false, v1, true}, + &Range{nil, false, v1, true}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveCeiling(v1), WithInclusiveFloor(v2), }, - Range{v2, true, v1, false}, + &Range{v2, true, v1, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveCeiling(v1), WithNonInclusiveFloor(v2), }, - Range{v2, false, v1, false}, + &Range{v2, false, v1, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithNonInclusiveCeiling(v1), WithoutFloor(), }, - Range{nil, false, v1, false}, + &Range{nil, false, v1, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithoutCeiling(), WithInclusiveFloor(v1), }, - Range{v1, true, nil, false}, + &Range{v1, true, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithoutCeiling(), WithNonInclusiveFloor(v1), }, - Range{v1, false, nil, false}, + &Range{v1, false, nil, false}, + false, }, { - []RangeOptFn{ + []RangeOptionFunc{ WithoutCeiling(), WithoutFloor(), }, - Range{nil, false, nil, false}, + &Range{nil, false, nil, false}, + false, }, } for _, tt := range tests { @@ -207,7 +228,18 @@ func TestNewRange(t *testing.T) { t.Errorf("bad implmentation v1 == v2") } - if got := NewRange(tt.optFns...); !reflect.DeepEqual(got, tt.want) { + got, err := NewRange(tt.optionFuncs...) + + if tt.wantErr && (err == nil) { + t.Errorf("NewRange() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !tt.wantErr && (err != nil) { + t.Errorf("NewRange() error = %v, wantErr %v", err, tt.wantErr) + return + } + + if !reflect.DeepEqual(*got, *tt.want) { t.Errorf("NewRange() = %v, want %v", got, tt.want) } }) @@ -266,117 +298,117 @@ func TestConstraint_String(t *testing.T) { }{ { "empty", - []Range{}, + []*Range{}, "", }, { "single", - []Range{r12}, + []*Range{r12}, ">1 <2", }, { "no overlap", - []Range{r12, r23, r34}, + []*Range{r12, r23, r34}, ">1 <2||>2 <3||>3 <4", }, { "without floor", - []Range{l1, l2}, + []*Range{l1, l2}, "<2", }, { "without floor", - []Range{l2, l3, l1}, + []*Range{l2, l3, l1}, "<3", }, { "without floor", - []Range{l4, l3, l2, l1}, + []*Range{l4, l3, l2, l1}, "<4", }, { "without celling", - []Range{g1, g2}, + []*Range{g1, g2}, ">1", }, { "without celling", - []Range{g2, g3, g1}, + []*Range{g2, g3, g1}, ">1", }, { "without celling", - []Range{g4, g3, g2, g1}, + []*Range{g4, g3, g2, g1}, ">1", }, { "overlap", - []Range{r13, r24}, + []*Range{r13, r24}, ">1 <4", }, { "overlap", - []Range{r24, r13, r35}, + []*Range{r24, r13, r35}, ">1 <5", }, { "touching", - []Range{r12i, r23}, + []*Range{r12i, r23}, ">1 <3", }, { "touching", - []Range{r12, r2i3}, + []*Range{r12, r2i3}, ">1 <3", }, { "touching", - []Range{r1i2i, r23}, + []*Range{r1i2i, r23}, ">=1 <3", }, { "touching", - []Range{r12, r2i3i}, + []*Range{r12, r2i3i}, ">1 <=3", }, { "touching", - []Range{r1i2, r2i3i}, + []*Range{r1i2, r2i3i}, ">=1 <=3", }, { "included", - []Range{r14, r23}, + []*Range{r14, r23}, ">1 <4", }, { "included", - []Range{r23, r14}, + []*Range{r23, r14}, ">1 <4", }, { "unbounded", - []Range{unbounded}, + []*Range{unbounded}, "*", }, { "unbounded", - []Range{unbounded, unbounded}, + []*Range{unbounded, unbounded}, "*", }, { "unbounded", - []Range{r12, unbounded}, + []*Range{r12, unbounded}, "*", }, { "unbounded", - []Range{unbounded, r12}, + []*Range{unbounded, r12}, "*", }, { "unbounded", - []Range{r14, r23, unbounded, r13, r24}, + []*Range{r14, r23, unbounded, r13, r24}, "*", }, } @@ -392,123 +424,128 @@ func TestConstraint_String(t *testing.T) { func Test_or(t *testing.T) { tests := []struct { name string - args []Range - want []Range + args []*Range + want []*Range }{ { "empty", - []Range{}, - []Range{}, + []*Range{}, + nil, + }, + { + "nil", + nil, + nil, }, { "single", - []Range{r12}, - []Range{r12}, + []*Range{r12}, + []*Range{r12}, }, { "no overlap", - []Range{r12, r23, r34}, - []Range{r12, r23, r34}, + []*Range{r12, r23, r34}, + []*Range{r12, r23, r34}, }, { "without floor", - []Range{l1, l2}, - []Range{l2}, + []*Range{l1, l2}, + []*Range{l2}, }, { "without floor", - []Range{l2, l3, l1}, - []Range{l3}, + []*Range{l2, l3, l1}, + []*Range{l3}, }, { "without floor", - []Range{l4, l3, l2, l1}, - []Range{l4}, + []*Range{l4, l3, l2, l1}, + []*Range{l4}, }, { "without celling", - []Range{g1, g2}, - []Range{g1}, + []*Range{g1, g2}, + []*Range{g1}, }, { "without celling", - []Range{g2, g3, g1}, - []Range{g1}, + []*Range{g2, g3, g1}, + []*Range{g1}, }, { "without celling", - []Range{g4, g3, g2, g1}, - []Range{g1}, + []*Range{g4, g3, g2, g1}, + []*Range{g1}, }, { "overlap", - []Range{r13, r24}, - []Range{r14}, + []*Range{r13, r24}, + []*Range{r14}, }, { "overlap", - []Range{r24, r13, r35}, - []Range{r15}, + []*Range{r24, r13, r35}, + []*Range{r15}, }, { "touching", - []Range{r12i, r23}, - []Range{r13}, + []*Range{r12i, r23}, + []*Range{r13}, }, { "touching", - []Range{r12, r2i3}, - []Range{r13}, + []*Range{r12, r2i3}, + []*Range{r13}, }, { "touching", - []Range{r1i2i, r23}, - []Range{r1i3}, + []*Range{r1i2i, r23}, + []*Range{r1i3}, }, { "touching", - []Range{r12, r2i3i}, - []Range{r13i}, + []*Range{r12, r2i3i}, + []*Range{r13i}, }, { "touching", - []Range{r1i2, r2i3i}, - []Range{r1i3i}, + []*Range{r1i2, r2i3i}, + []*Range{r1i3i}, }, { "included", - []Range{r14, r23}, - []Range{r14}, + []*Range{r14, r23}, + []*Range{r14}, }, { "included", - []Range{r23, r14}, - []Range{r14}, + []*Range{r23, r14}, + []*Range{r14}, }, { "unbounded", - []Range{unbounded}, - []Range{unbounded}, + []*Range{unbounded}, + []*Range{unbounded}, }, { "unbounded", - []Range{unbounded, unbounded}, - []Range{unbounded}, + []*Range{unbounded, unbounded}, + []*Range{unbounded}, }, { "unbounded", - []Range{r12, unbounded}, - []Range{unbounded}, + []*Range{r12, unbounded}, + []*Range{unbounded}, }, { "unbounded", - []Range{unbounded, r12}, - []Range{unbounded}, + []*Range{unbounded, r12}, + []*Range{unbounded}, }, { "unbounded", - []Range{r14, r23, unbounded, r13, r24}, - []Range{unbounded}, + []*Range{r14, r23, unbounded, r13, r24}, + []*Range{unbounded}, }, } for _, tt := range tests { diff --git a/composer/version/version.go b/composer/version/version.go index 637abd2..1cf9a16 100644 --- a/composer/version/version.go +++ b/composer/version/version.go @@ -45,10 +45,10 @@ type Version struct { revision uint64 } -// NewVersion parses a given string and returns a pointer of [Version] or -// an error if unable to parse the version. If the version is not composer +// New parses a given string and returns a pointer of [Version] or an error +// if unable to parse the version. If the version string is not composer // compilable it attempts to convert it. -func NewVersion(v string) (*Version, error) { +func New(v string) (*Version, error) { r := regexp.MustCompile(regex) if !r.MatchString(v) { diff --git a/composer/version/version_test.go b/composer/version/version_test.go index 04add68..38bcd2b 100644 --- a/composer/version/version_test.go +++ b/composer/version/version_test.go @@ -129,26 +129,26 @@ var tests = []struct { func TestNewVersion(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := NewVersion(tt.in) + got, err := New(tt.in) if tt.out == "" { if err == nil { - t.Errorf("NewVersion() error = nil, want error") + t.Errorf("New() error = nil, want error") } if !errors.Is(err, ErrMalformedVersionString) { - t.Errorf("NewVersion() error = %v, want ErrMalformedVersionString", err) + t.Errorf("New() error = %v, want ErrMalformedVersionString", err) } return } if err != nil { - t.Errorf("NewVersion() error = %v, want nil", err) + t.Errorf("New() error = %v, want nil", err) return } if got.normalize() != tt.out { - t.Errorf("NewVersion() got = %v, want %v", got, tt.out) + t.Errorf("New() got = %v, want %v", got, tt.out) } }) } diff --git a/go.mod b/go.mod index 1b505ed..6093fa1 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,13 @@ module github.com/typisttech/wpsecadvi go 1.21.0 +require ( + github.com/google/go-cmp v0.5.9 + github.com/spf13/cobra v1.7.0 + golang.org/x/net v0.14.0 +) + require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect ) diff --git a/go.sum b/go.sum index f3366a9..f9e64eb 100644 --- a/go.sum +++ b/go.sum @@ -1,4 +1,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -6,5 +8,7 @@ github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/wordfence/client.go b/wordfence/client.go new file mode 100644 index 0000000..72069f4 --- /dev/null +++ b/wordfence/client.go @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + + "golang.org/x/net/context/ctxhttp" +) + +const ( + // ProductionFeed is the data feed with detailed records that have been fully + // analyzed by the Wordfence team. + ProductionFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/production" + + // ScannerFeed is the data feed with minimal format that provides detection + // information for newly discovered vulnerabilities that are actively being + // researched in addition to those included in the ProductionFeed. + ScannerFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" +) + +var ( + ErrBadStatusCode = errors.New("bad status code") +) + +type Client struct { + // HTTPClient provides a http.Client fetch Wordfence data feed. + // If the client is nil, http.DefaultClient is used. + HTTPClient *http.Client + // URL to the Wordfence data feed. + // If the URL is empty, ProductionFeed is used. + URL string +} + +func (c Client) fetch(ctx context.Context) (map[string]Vulnerability, error) { + url := c.URL + if url == "" { + url = ProductionFeed + } + + return get[map[string]Vulnerability](ctx, c.HTTPClient, url) +} + +func get[T any](ctx context.Context, client *http.Client, url string) (T, error) { + var out T + + res, err := ctxhttp.Get(ctx, client, url) + if err != nil { + return out, err + } + defer res.Body.Close() + + if res.StatusCode != http.StatusOK { + return out, fmt.Errorf("HTTP GET request to %s failed with %s", url, res.Status) + } + + if err := json.NewDecoder(res.Body).Decode(&out); err != nil { + return out, err + } + + return out, nil +} \ No newline at end of file diff --git a/wordfence/client_test.go b/wordfence/client_test.go new file mode 100644 index 0000000..5c0dda8 --- /dev/null +++ b/wordfence/client_test.go @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "os" + "reflect" + "testing" + "time" +) + +func TestClient_fetch(t *testing.T) { + tests := []struct { + name string + fixture string + want map[string]Vulnerability + wantErr bool + }{ + { + "production example", + "testdata/production.example.json", + productionExample, + false, + }, + { + "production multiple", + "testdata/production.multiple.json", + productionMultiple, + false, + }, + { + "scanner example", + "testdata/scanner.example.json", + scannerExample, + false, + }, + { + "empty", + "testdata/empty.json", + map[string]Vulnerability{}, + false, + }, + { + "empty", + "testdata/not-json.json", + nil, + true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + + file, _ := os.ReadFile(tt.fixture) + w.Write(file) + })) + defer ts.Close() + + c := Client{ + HTTPClient: ts.Client(), + URL: ts.URL, + } + ctx := context.Background() + + got, err := c.fetch(ctx) + + if tt.wantErr && (err == nil) { + t.Errorf("fetch() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !tt.wantErr && (err != nil) { + t.Errorf("fetch() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("fetch() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestClient_fetch_cancelable(t *testing.T) { + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + + file, _ := os.ReadFile("testdata/production.example.json") + w.Write(file) + + time.Sleep(1 * time.Second) + })) + defer ts.Close() + + c := Client{ + HTTPClient: ts.Client(), + URL: ts.URL, + } + + ctx := context.Background() + ctx, cancel := context.WithCancel(ctx) + cancel() + + _, err := c.fetch(ctx) + + if !errors.Is(err, context.Canceled) { + t.Errorf("fetch() error = %v, want %v", err, context.Canceled) + } +} + +func TestClient_fetch_http_error(t *testing.T) { + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusNotFound) + + file, _ := os.ReadFile("testdata/production.example.json") + w.Write(file) + })) + defer ts.Close() + + c := Client{ + HTTPClient: ts.Client(), + URL: ts.URL, + } + ctx := context.Background() + + _, err := c.fetch(ctx) + + if err == nil { + t.Errorf("fetch() error = %v, wantErr true", err) + } +} \ No newline at end of file diff --git a/wordfence/fixture_test.go b/wordfence/fixture_test.go new file mode 100644 index 0000000..32dcfd2 --- /dev/null +++ b/wordfence/fixture_test.go @@ -0,0 +1,243 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "github.com/typisttech/wpsecadvi/composer/version" + "github.com/typisttech/wpsecadvi/wp" +) + +var ( + productionExample = map[string]Vulnerability{ + "848ccbdc-c6f1-480f-a272-cd459e706713": { + ID: "848ccbdc-c6f1-480f-a272-cd459e706713", + Software: []Software{ + { + Type: "plugin", + Slug: "example", + AffectedVersions: map[string]AffectedVersion{ + "1.0.0 - 1.2.3": { + FromVersion: "1.0.0", + FromInclusive: true, + ToVersion: "1.2.3", + ToInclusive: true, + }, + }, + }, + }, + CVE: "CVE-1998-1000", + }, + } + + productionMultiple = map[string]Vulnerability{ + "0114f098-713d-4eef-8643-901f607375de": { + ID: "0114f098-713d-4eef-8643-901f607375de", + Software: []Software{ + { + Type: "core", + Slug: "wordpress", + AffectedVersions: map[string]AffectedVersion{ + "[5.6, 5.6.7)": { + FromVersion: "5.6", + FromInclusive: true, + ToVersion: "5.6.7", + ToInclusive: false, + }, + "[5.7, 5.7.5)": { + FromVersion: "5.7", + FromInclusive: true, + ToVersion: "5.7.5", + ToInclusive: false, + }, + "[5.8, 5.8.3)": { + FromVersion: "5.8", + FromInclusive: true, + ToVersion: "5.8.3", + ToInclusive: false, + }, + }, + }, + }, + CVE: "CVE-2022-21664", + }, + "01179ac2-ad68-4a5d-af67-70d57ed611d2": { + ID: "01179ac2-ad68-4a5d-af67-70d57ed611d2", + Software: []Software{ + { + Type: "plugin", + Slug: "simple-shipping-edd", + AffectedVersions: map[string]AffectedVersion{ + "* - 2.1.3": { + FromVersion: "*", + FromInclusive: true, + ToVersion: "2.1.3", + ToInclusive: true, + }, + }, + }, + }, + CVE: "CVE-2015-9527", + }, + "014da588-9494-493e-8659-590b8e8c14a6": { + ID: "014da588-9494-493e-8659-590b8e8c14a6", + Software: []Software{ + { + Type: "plugin", + Slug: "wpgsi", + AffectedVersions: map[string]AffectedVersion{ + "* - 3.5.0": { + FromVersion: "*", + FromInclusive: true, + ToVersion: "3.5.0", + ToInclusive: true, + }, + }, + }, + { + Type: "plugin", + Slug: "wpgsi-professional", + AffectedVersions: map[string]AffectedVersion{ + "* - 3.5.1": { + FromVersion: "*", + FromInclusive: true, + ToVersion: "3.5.1", + ToInclusive: true, + }, + }, + }, + }, + }, + "06fee60a-e96c-49ce-9007-0d402ef46d72": { + ID: "06fee60a-e96c-49ce-9007-0d402ef46d72", + Software: []Software{ + { + Type: "theme", + Slug: "dt-chocolate", + AffectedVersions: map[string]AffectedVersion{ + "*": { + FromVersion: "*", + FromInclusive: true, + ToVersion: "*", + ToInclusive: true, + }, + }, + }, + }, + }, + } + + scannerExample = map[string]Vulnerability{ + "848ccbdc-c6f1-480f-a272-cd459e706713": { + ID: "848ccbdc-c6f1-480f-a272-cd459e706713", + Software: []Software{ + { + Type: "plugin", + Slug: "example", + AffectedVersions: map[string]AffectedVersion{ + "1.0.0 - 1.2.3": { + FromVersion: "1.0.0", + FromInclusive: true, + ToVersion: "1.2.3", + ToInclusive: true, + }, + }, + }, + }, + }, + } +) + +func productionExampleEntities() []*wp.Entity { + e, _ := wp.NewPluginEntity("example") + + from, _ := version.New("1.0.0") + to, _ := version.New("1.2.3") + r, _ := version.NewRange( + version.WithInclusiveFloor(from), + version.WithInclusiveCeiling(to), + ) + + e.Or([]*version.Range{r}) + + return []*wp.Entity{e} +} + +func productionMultipleEntities() []*wp.Entity { + core := wp.NewCoreEntity() + coreFrom1, _ := version.New("5.6") + coreTo1, _ := version.New("5.6.7") + coreR1, _ := version.NewRange( + version.WithInclusiveFloor(coreFrom1), + version.WithNonInclusiveCeiling(coreTo1), + ) + coreFrom2, _ := version.New("5.7") + coreTo2, _ := version.New("5.7.5") + coreR2, _ := version.NewRange( + version.WithInclusiveFloor(coreFrom2), + version.WithNonInclusiveCeiling(coreTo2), + ) + coreFrom3, _ := version.New("5.8") + coreTo3, _ := version.New("5.8.3") + coreR3, _ := version.NewRange( + version.WithInclusiveFloor(coreFrom3), + version.WithNonInclusiveCeiling(coreTo3), + ) + core.Or([]*version.Range{coreR1, coreR2, coreR3}) + + simpleShippingEdd, _ := wp.NewPluginEntity("simple-shipping-edd") + simpleShippingEddTo, _ := version.New("2.1.3") + simpleShippingEddR, _ := version.NewRange( + version.WithoutFloor(), + version.WithInclusiveCeiling(simpleShippingEddTo), + ) + simpleShippingEdd.Or([]*version.Range{simpleShippingEddR}) + + wpgsi, _ := wp.NewPluginEntity("wpgsi") + wpgsiTo, _ := version.New("3.5.0") + wpgsiR, _ := version.NewRange( + version.WithoutFloor(), + version.WithInclusiveCeiling(wpgsiTo), + ) + wpgsi.Or([]*version.Range{wpgsiR}) + + wpgsiProfessional, _ := wp.NewPluginEntity("wpgsi-professional") + wpgsiProfessionalTo, _ := version.New("3.5.1") + wpgsiProfessionalR, _ := version.NewRange( + version.WithoutFloor(), + version.WithInclusiveCeiling(wpgsiProfessionalTo), + ) + wpgsiProfessional.Or([]*version.Range{wpgsiProfessionalR}) + + dtChocolate, _ := wp.NewThemeEntity("dt-chocolate") + dtChocolateR, _ := version.NewRange( + version.WithoutFloor(), + version.WithoutCeiling(), + ) + dtChocolate.Or([]*version.Range{dtChocolateR}) + + return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} +} + +func scannerExampleEntities() []*wp.Entity { + return productionExampleEntities() +} \ No newline at end of file diff --git a/wordfence/repo.go b/wordfence/repo.go new file mode 100644 index 0000000..085aab8 --- /dev/null +++ b/wordfence/repo.go @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "context" + "fmt" + "slices" + + "github.com/typisttech/wpsecadvi/wp" +) + +// excludeFunc returns true if a [Vulnerability] should be excluded from [Repo.Get] result. +type excludeFunc func(v Vulnerability) bool + +type fetcher interface { + fetch(ctx context.Context) (map[string]Vulnerability, error) +} + +type Repo struct { + Client fetcher + discardFuncs []excludeFunc +} + +// WhereIDNotIn excludes [Vulnerability] from [Repo.Get] results by IDs. +func (r *Repo) WhereIDNotIn(ids ...string) *Repo { + return r.withFilterFn(func(v Vulnerability) bool { + return slices.Contains(ids, v.ID) + }) +} + +// WhereCVENotIn excludes [Vulnerability] from [Repo.Get] results by CVEs. +func (r *Repo) WhereCVENotIn(cves ...string) *Repo { + return r.withFilterFn(func(v Vulnerability) bool { + return slices.Contains(cves, v.CVE) + }) +} + +func (r *Repo) withFilterFn(fn excludeFunc) *Repo { + r.discardFuncs = append(r.discardFuncs, fn) + return r +} + +func (r *Repo) Get(ctx context.Context) ([]*wp.Entity, error) { + vsMap, err := r.Client.fetch(ctx) + if err != nil { + return nil, fmt.Errorf("failed to fetch vulnerabilities form WordFence: %w", err) + } + + vs := make(vulnerabilities, 0, len(vsMap)) + for _, v := range vsMap { + vs = append(vs, v) + } + + for _, fn := range r.discardFuncs { + vs = slices.DeleteFunc(vs, fn) + } + + return vs.entities() +} \ No newline at end of file diff --git a/wordfence/repo_test.go b/wordfence/repo_test.go new file mode 100644 index 0000000..48d0295 --- /dev/null +++ b/wordfence/repo_test.go @@ -0,0 +1,341 @@ +/* + * Copyright (c) 2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "context" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/typisttech/wpsecadvi/composer/version" + "github.com/typisttech/wpsecadvi/wp" +) + +type stub struct { + fixture map[string]Vulnerability +} + +func (s stub) fetch(ctx context.Context) (map[string]Vulnerability, error) { + return s.fixture, nil +} + +func TestRepo_Get(t *testing.T) { + tests := []struct { + fixture map[string]Vulnerability + want []*wp.Entity + wantErr bool + }{ + { + fixture: productionExample, + want: productionExampleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: scannerExample, + want: scannerExampleEntities(), + wantErr: false, + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + r := &Repo{ + Client: stub{ + fixture: tt.fixture, + }, + } + ctx := context.Background() + + got, err := r.Get(ctx) + + if (err != nil) != tt.wantErr { + t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr) + return + } + + diff := cmp.Diff( + tt.want, + got, + cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), + cmpopts.SortSlices(func(a, b *wp.Entity) bool { + return a.Slug() < b.Slug() + }), + cmpopts.SortSlices(func(a, b *version.Range) bool { + return a.String() < b.String() + }), + ) + if diff != "" { + t.Errorf("Get() mismatch (-want +got):\n%s", diff) + } + }) + } +} + +func TestRepo_Get_whereIDNotIn(t *testing.T) { + tests := []struct { + fixture map[string]Vulnerability + ids []string + want []*wp.Entity + wantErr bool + }{ + { + fixture: productionMultiple, + ids: nil, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{}, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{"014da588-9494-493e-8659-590b8e8c14a6"}, // wpgsi & wpgsiProfessional + want: append(productionMultipleEntities()[0:2], productionMultipleEntities()[4:]...), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{ + "0114f098-713d-4eef-8643-901f607375de", // core + "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional + }, + want: append(productionMultipleEntities()[1:2], productionMultipleEntities()[4:]...), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{ + "0114f098-713d-4eef-8643-901f607375de", // core + "01179ac2-ad68-4a5d-af67-70d57ed611d2", // simpleShippingEdd + "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional + "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate + }, + want: nil, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + r := &Repo{ + Client: stub{ + fixture: tt.fixture, + }, + } + ctx := context.Background() + + got, err := r.WhereIDNotIn(tt.ids...).Get(ctx) + + if (err != nil) != tt.wantErr { + t.Errorf("WhereIDNotIn().Get() error = %v, wantErr %v", err, tt.wantErr) + return + } + + diff := cmp.Diff( + tt.want, + got, + cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), + cmpopts.SortSlices(func(a, b *wp.Entity) bool { + return a.Slug() < b.Slug() + }), + cmpopts.SortSlices(func(a, b *version.Range) bool { + return a.String() < b.String() + }), + ) + if diff != "" { + t.Errorf("WhereIDNotIn().Get() mismatch (-want +got):\n%s", diff) + } + }) + } +} + +func TestRepo_Get_whereCVENotIn(t *testing.T) { + //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} + + tests := []struct { + fixture map[string]Vulnerability + cves []string + want []*wp.Entity + wantErr bool + }{ + { + fixture: productionMultiple, + cves: nil, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + cves: []string{}, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + cves: []string{"CVE-2022-21664"}, // core + want: productionMultipleEntities()[1:], + wantErr: false, + }, + { + fixture: productionMultiple, + cves: []string{"CVE-2015-9527"}, // simpleShippingEdd + want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), + wantErr: false, + }, + { + fixture: productionMultiple, + cves: []string{ + "CVE-2022-21664", // core + "CVE-2015-9527", // simpleShippingEdd + }, + want: productionMultipleEntities()[2:], + wantErr: false, + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + r := &Repo{ + Client: stub{ + fixture: tt.fixture, + }, + } + ctx := context.Background() + + got, err := r.WhereCVENotIn(tt.cves...).Get(ctx) + + if (err != nil) != tt.wantErr { + t.Errorf("WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) + return + } + + diff := cmp.Diff( + tt.want, + got, + cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), + cmpopts.SortSlices(func(a, b *wp.Entity) bool { + return a.Slug() < b.Slug() + }), + cmpopts.SortSlices(func(a, b *version.Range) bool { + return a.String() < b.String() + }), + ) + if diff != "" { + t.Errorf("WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) + } + }) + } +} + +func TestRepo_Get_whereNotIn(t *testing.T) { + //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} + + tests := []struct { + fixture map[string]Vulnerability + ids []string + cves []string + want []*wp.Entity + wantErr bool + }{ + { + fixture: productionMultiple, + ids: nil, + cves: nil, + want: productionMultipleEntities(), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{"0114f098-713d-4eef-8643-901f607375de"}, // core + cves: []string{"CVE-2015-9527"}, // simpleShippingEdd + want: productionMultipleEntities()[2:], + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd + cves: []string{"CVE-2022-21664"}, // core + want: productionMultipleEntities()[2:], + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd + cves: []string{"CVE-2015-9527"}, // simpleShippingEdd + want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), + wantErr: false, + }, + { + fixture: productionMultiple, + ids: []string{ + "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional + "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate + }, + cves: []string{ + "CVE-2022-21664", // core + "CVE-2015-9527", // simpleShippingEdd + }, + want: nil, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + r := &Repo{ + Client: stub{ + fixture: tt.fixture, + }, + } + ctx := context.Background() + + got, err := r.WhereIDNotIn(tt.ids...).WhereCVENotIn(tt.cves...).Get(ctx) + + if (err != nil) != tt.wantErr { + t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) + return + } + + diff := cmp.Diff( + tt.want, + got, + cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), + cmpopts.SortSlices(func(a, b *wp.Entity) bool { + return a.Slug() < b.Slug() + }), + cmpopts.SortSlices(func(a, b *version.Range) bool { + return a.String() < b.String() + }), + ) + if diff != "" { + t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) + } + }) + } +} \ No newline at end of file diff --git a/wordfence/testdata/empty.json b/wordfence/testdata/empty.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/wordfence/testdata/empty.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/wordfence/testdata/not-json.json b/wordfence/testdata/not-json.json new file mode 100644 index 0000000..b659543 --- /dev/null +++ b/wordfence/testdata/not-json.json @@ -0,0 +1 @@ +I am not a json. \ No newline at end of file diff --git a/wordfence/testdata/production.example.json b/wordfence/testdata/production.example.json new file mode 100644 index 0000000..e471a95 --- /dev/null +++ b/wordfence/testdata/production.example.json @@ -0,0 +1,60 @@ +{ + "848ccbdc-c6f1-480f-a272-cd459e706713": { + "id": "848ccbdc-c6f1-480f-a272-cd459e706713", + "title": "Example Vulnerability", + "software": [ + { + "type": "plugin", + "name": "Example Plugin", + "slug": "example", + "affected_versions": { + "1.0.0 - 1.2.3": { + "from_version": "1.0.0", + "from_inclusive": true, + "to_version": "1.2.3", + "to_inclusive": true + } + }, + "patched": true, + "patched_versions": [ + "1.2.4" + ], + "remediation": "Update to version 1.2.4, or a newer patched version" + } + ], + "description": "An example vulnerability", + "references": [ + "http:\/\/www.wordfence.com/threat-intel/vulnerabilities/example" + ], + "cwe": { + "id": 80, + "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", + "description": "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages." + }, + "cvss": { + "vector": "CVSS:3.1\/A:N\/I:L\/C:L\/S:U\/UI:N\/PR:N\/AC:L\/AV:N", + "score": 6.5, + "rating": "Medium" + }, + "cve": "CVE-1998-1000", + "cve_link": "https:\/\/www.cve.org\/CVERecord?id=CVE-1998-1000", + "researchers": [ + "A. Researcher" + ], + "published": "1998-01-09 00:00:00", + "updated": "2022-08-05 20:14:05", + "copyrights": { + "message": "This record contains material that is subject to copyright", + "defiant": { + "notice": "Copyright 2012-2023 Defiant Inc.", + "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you, include a hyperlink to this vulnerability record, and reproduce Defiant's copyright designation and this license in any such copy.", + "license_url": "https:\/\/www.wordfence.com\/wti-community-edition-terms-and-conditions\/" + }, + "mitre": { + "notice": "Copyright 1999-2022 The MITRE Corporation", + "license": "CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE\u00ae). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.", + "license_url": "https:\/\/www.cve.org\/Legal\/TermsOfUse" + } + } + } +} \ No newline at end of file diff --git a/wordfence/testdata/production.multiple.json b/wordfence/testdata/production.multiple.json new file mode 100644 index 0000000..2c3efa1 --- /dev/null +++ b/wordfence/testdata/production.multiple.json @@ -0,0 +1,99 @@ +{ + "0114f098-713d-4eef-8643-901f607375de": { + "id": "0114f098-713d-4eef-8643-901f607375de", + "software": [ + { + "type": "core", + "name": "WordPress", + "slug": "wordpress", + "affected_versions": { + "[5.6, 5.6.7)": { + "from_version": "5.6", + "from_inclusive": true, + "to_version": "5.6.7", + "to_inclusive": false + }, + "[5.7, 5.7.5)": { + "from_version": "5.7", + "from_inclusive": true, + "to_version": "5.7.5", + "to_inclusive": false + }, + "[5.8, 5.8.3)": { + "from_version": "5.8", + "from_inclusive": true, + "to_version": "5.8.3", + "to_inclusive": false + } + } + } + ], + "cve": "CVE-2022-21664" + }, + "01179ac2-ad68-4a5d-af67-70d57ed611d2": { + "id": "01179ac2-ad68-4a5d-af67-70d57ed611d2", + "software": [ + { + "type": "plugin", + "slug": "simple-shipping-edd", + "affected_versions": { + "* - 2.1.3": { + "from_version": "*", + "from_inclusive": true, + "to_version": "2.1.3", + "to_inclusive": true + } + } + } + ], + "cve": "CVE-2015-9527" + }, + "014da588-9494-493e-8659-590b8e8c14a6": { + "id": "014da588-9494-493e-8659-590b8e8c14a6", + "software": [ + { + "type": "plugin", + "slug": "wpgsi", + "affected_versions": { + "* - 3.5.0": { + "from_version": "*", + "from_inclusive": true, + "to_version": "3.5.0", + "to_inclusive": true + } + } + }, + { + "type": "plugin", + "slug": "wpgsi-professional", + "affected_versions": { + "* - 3.5.1": { + "from_version": "*", + "from_inclusive": true, + "to_version": "3.5.1", + "to_inclusive": true + } + } + } + ], + "cve": null + }, + "06fee60a-e96c-49ce-9007-0d402ef46d72": { + "id": "06fee60a-e96c-49ce-9007-0d402ef46d72", + "software": [ + { + "type": "theme", + "slug": "dt-chocolate", + "affected_versions": { + "*": { + "from_version": "*", + "from_inclusive": true, + "to_version": "*", + "to_inclusive": true + } + } + } + ], + "cve": null + } +} \ No newline at end of file diff --git a/wordfence/testdata/scanner.example.json b/wordfence/testdata/scanner.example.json new file mode 100644 index 0000000..989c344 --- /dev/null +++ b/wordfence/testdata/scanner.example.json @@ -0,0 +1,37 @@ +{ + "848ccbdc-c6f1-480f-a272-cd459e706713": { + "id": "848ccbdc-c6f1-480f-a272-cd459e706713", + "title": "Example Vulnerability", + "software": [ + { + "type": "plugin", + "name": "Example Plugin", + "slug": "example", + "affected_versions": { + "1.0.0 - 1.2.3": { + "from_version": "1.0.0", + "from_inclusive": true, + "to_version": "1.2.3", + "to_inclusive": true + } + }, + "patched": true, + "patched_versions": [ + "1.2.4" + ], + "references": [ + "http:\/\/www.wordfence.com/threat-intel/vulnerabilities/example" + ] + } + ], + "published": "1998-01-09 00:00:00", + "copyrights": { + "message": "This record contains material that is subject to copyright", + "defiant": { + "notice": "Copyright 2012-2023 Defiant Inc.", + "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you, include a hyperlink to this vulnerability record, and reproduce Defiant's copyright designation and this license in any such copy.", + "license_url": "https:\/\/www.wordfence.com\/wti-community-edition-terms-and-conditions\/" + } + } + } +} \ No newline at end of file diff --git a/wordfence/vulnerability.go b/wordfence/vulnerability.go new file mode 100644 index 0000000..acbbb78 --- /dev/null +++ b/wordfence/vulnerability.go @@ -0,0 +1,178 @@ +/* + * Copyright (c) 2022-2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wordfence + +import ( + "fmt" + + "github.com/typisttech/wpsecadvi/composer/version" + "github.com/typisttech/wpsecadvi/wp" +) + +// Vulnerability represents an item in the Wordfence data feed. +// +// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#data_format +type Vulnerability struct { + // ID is a UUID string that serves as a unique identifier for the vulnerability. + ID string `json:"id"` + // Software is a list of affected software specified for each vulnerability. + Software []Software `json:"software"` + // CVE is the CVE ID (i.e. "CVE-1998-1000") when assigned, empty otherwise. + CVE string `json:"cve"` +} + +// Software represents the affected software and version information. +// +// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#software_format +type Software struct { + // Type is one of "core", "plugin", or "theme". + Type string `json:"type"` + // Slug is an identifier for the software. + Slug string `json:"slug"` + // AffectedVersions is set of affected versions. + AffectedVersions AffectedVersions `json:"affected_versions"` +} + +// AffectedVersion represents +// +// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#affected_version_format +type AffectedVersion struct { + FromVersion string `json:"from_version"` + FromInclusive bool `json:"from_inclusive"` + ToVersion string `json:"to_version"` + ToInclusive bool `json:"to_inclusive"` +} + +type vulnerabilities []Vulnerability + +func (vs vulnerabilities) entities() ([]*wp.Entity, error) { + entities := make([]*wp.Entity, 0, len(vs)) + for _, v := range vs { + es, err := v.entities() + if err != nil { + continue + } + + entities = append(entities, es...) + } + + if len(entities) == 0 { + return nil, fmt.Errorf("unable to parse any wp entity from the %d vulnerabilities", len(vs)) + } + + return entities, nil +} + +func (v Vulnerability) entities() ([]*wp.Entity, error) { + es := make([]*wp.Entity, 0, len(v.Software)) + for _, s := range v.Software { + e, err := s.entity() + if err != nil { + continue + } + + es = append(es, e) + } + + if len(es) == 0 { + return nil, fmt.Errorf("unable to parse any wp entity from the %d software of vulnerability %s %s", len(v.Software), v.ID, v.CVE) + } + + return es, nil +} + +func (s Software) entity() (*wp.Entity, error) { + var e *wp.Entity + var err error + + switch s.Type { + case "core": + e = wp.NewCoreEntity() + case "plugin": + e, err = wp.NewPluginEntity(s.Slug) + if err != nil { + return nil, fmt.Errorf("unable to parse plugin entity: %w", err) + } + case "theme": + e, err = wp.NewThemeEntity(s.Slug) + if err != nil { + return nil, fmt.Errorf("unable to parse theme entity: %w", err) + } + default: + return nil, fmt.Errorf("unexpected software type: %s", s.Type) + } + + c, err := s.AffectedVersions.constraint() + if err != nil { + return nil, fmt.Errorf("unable to parse entity constraint for %s (%s): %w", s.Type, e.Slug(), err) + } + + e.Or(c) + + return e, nil +} + +type AffectedVersions map[string]AffectedVersion + +func (avs AffectedVersions) constraint() (version.Constraint, error) { + c := version.Constraint{} + + for _, av := range avs { + r, err := av.versionRange() + if err != nil { + continue + } + + c = append(c, r) + } + + if len(c) == 0 { + return nil, fmt.Errorf("unable to parse any version constraint from the %d affected versions", len(avs)) + } + + return c, nil +} + +func (av AffectedVersion) versionRange() (*version.Range, error) { + var from *version.Version + var err error + if av.FromVersion != "*" { + from, err = version.New(av.FromVersion) + if err != nil { + return nil, err + } + } + + var to *version.Version + if av.ToVersion != "*" { + to, err = version.New(av.ToVersion) + if err != nil { + return nil, err + } + } + + return version.NewRange( + version.WithFloor(from, av.FromInclusive), + version.WithCeiling(to, av.ToInclusive), + ) +} \ No newline at end of file diff --git a/wp/entity.go b/wp/entity.go index adaa9fa..cc49e47 100644 --- a/wp/entity.go +++ b/wp/entity.go @@ -24,6 +24,7 @@ package wp import ( "errors" + "github.com/typisttech/wpsecadvi/composer/version" ) @@ -36,13 +37,13 @@ const ( ) var ( - ErrEmptyEntitySlug = errors.New("empty entity string") + ErrEmptyEntitySlug = errors.New("empty entity slug") ) type Entity struct { - kind kind - slug string - versionRanges []version.Range + kind kind + slug string + constraint version.Constraint } func NewCoreEntity() *Entity { @@ -50,6 +51,7 @@ func NewCoreEntity() *Entity { } func NewPluginEntity(slug string) (*Entity, error) { + // TODO: Test me. if slug == "" { return nil, ErrEmptyEntitySlug } @@ -57,32 +59,33 @@ func NewPluginEntity(slug string) (*Entity, error) { } func NewThemeEntity(slug string) (*Entity, error) { + // TODO: Test me. if slug == "" { return nil, ErrEmptyEntitySlug } return &Entity{kind: theme, slug: slug}, nil } -func (e *Entity) IsCore() bool { - return e.kind == core -} - -func (e *Entity) IsPlugin() bool { - return e.kind == plugin -} - -func (e *Entity) IsTheme() bool { - return e.kind == theme -} +//func (e *Entity) IsCore() bool { +// return e.kind == core +//} +// +//func (e *Entity) IsPlugin() bool { +// return e.kind == plugin +//} +// +//func (e *Entity) IsTheme() bool { +// return e.kind == theme +//} func (e *Entity) Slug() string { return e.slug } -func (e *Entity) VersionRanges() []version.Range { - return e.versionRanges +func (e *Entity) Constraint() version.Constraint { + return e.constraint } -func (e *Entity) Or(r version.Range) { - e.versionRanges = append(e.versionRanges, r) +func (e *Entity) Or(constraint version.Constraint) { + e.constraint = append(e.constraint, constraint...) } \ No newline at end of file From 65adbb1236a50d6ead75cc6c275f95ae5577c5d8 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Tue, 12 Sep 2023 15:53:33 +0100 Subject: [PATCH 05/20] go get -u -t ./... --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6093fa1..54fdd3b 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21.0 require ( github.com/google/go-cmp v0.5.9 github.com/spf13/cobra v1.7.0 - golang.org/x/net v0.14.0 + golang.org/x/net v0.15.0 ) require ( diff --git a/go.sum b/go.sum index f9e64eb..d9dacc1 100644 --- a/go.sum +++ b/go.sum @@ -10,5 +10,7 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From c407312ebab6201be9dbf688dedf82e09afd45f4 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Tue, 12 Sep 2023 15:54:03 +0100 Subject: [PATCH 06/20] go mod tidy --- go.sum | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.sum b/go.sum index d9dacc1..aeab9a5 100644 --- a/go.sum +++ b/go.sum @@ -8,8 +8,6 @@ github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 71b4c6bfc535a0569b34869b8dba15340afc06d1 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Tue, 12 Sep 2023 15:58:42 +0100 Subject: [PATCH 07/20] Remove dead code --- wordfence/client.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/wordfence/client.go b/wordfence/client.go index 72069f4..170a83a 100644 --- a/wordfence/client.go +++ b/wordfence/client.go @@ -25,7 +25,6 @@ package wordfence import ( "context" "encoding/json" - "errors" "fmt" "net/http" @@ -43,10 +42,6 @@ const ( ScannerFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" ) -var ( - ErrBadStatusCode = errors.New("bad status code") -) - type Client struct { // HTTPClient provides a http.Client fetch Wordfence data feed. // If the client is nil, http.DefaultClient is used. From 684290ef9d07b2c0f9c491c4551d85e07d9ab84f Mon Sep 17 00:00:00 2001 From: TangRufus Date: Mon, 8 Jan 2024 22:07:06 +0000 Subject: [PATCH 08/20] tmp?? --- repo.go | 45 ++++ wordfence/client.go | 49 +++- wordfence/client_test.go | 118 ++++++++- wordfence/fixture_test.go | 18 +- wordfence/repo.go | 42 +-- wordfence/repo_test.go | 528 ++++++++++++++++---------------------- 6 files changed, 430 insertions(+), 370 deletions(-) create mode 100644 repo.go diff --git a/repo.go b/repo.go new file mode 100644 index 0000000..235336a --- /dev/null +++ b/repo.go @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2023 Typist Tech Limited + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package wpsecadvi + +//type repo interface { +// Get(ctx context.Context) ([]*wp.Entity, error) +//} +// +//type Client struct { +// // HTTPClient provides a http.Client fetch Wordfence data feed. +// // If the client is nil, http.DefaultClient is used. +// HTTPClient *http.Client +// // URL to the Wordfence data feed. +// // If the URL is empty, ProductionFeed is used. +// URL string +//} +// +//func (c Client) fetch(ctx context.Context) (map[string]Vulnerability, error) { +// url := c.URL +// if url == "" { +// url = ProductionFeed +// } +// +// return get[map[string]Vulnerability](ctx, c.HTTPClient, url) +//} \ No newline at end of file diff --git a/wordfence/client.go b/wordfence/client.go index 170a83a..eee12c8 100644 --- a/wordfence/client.go +++ b/wordfence/client.go @@ -27,6 +27,7 @@ import ( "encoding/json" "fmt" "net/http" + "slices" "golang.org/x/net/context/ctxhttp" ) @@ -42,6 +43,9 @@ const ( ScannerFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" ) +// excludeFunc returns true if a [Vulnerability] should be excluded from [Repo.Get] result. +type excludeFunc func(v Vulnerability) bool + type Client struct { // HTTPClient provides a http.Client fetch Wordfence data feed. // If the client is nil, http.DefaultClient is used. @@ -49,15 +53,54 @@ type Client struct { // URL to the Wordfence data feed. // If the URL is empty, ProductionFeed is used. URL string + + excludeFuncs []excludeFunc } -func (c Client) fetch(ctx context.Context) (map[string]Vulnerability, error) { +// WhereIDNotIn excludes [Vulnerability] results by IDs. +func (c *Client) WhereIDNotIn(ids ...string) *Client { + return c.withExcludeFunc(func(v Vulnerability) bool { + return slices.Contains(ids, v.ID) + }) +} + +// WhereCVENotIn excludes [Vulnerability] by CVEs. +func (c *Client) WhereCVENotIn(cves ...string) *Client { + return c.withExcludeFunc(func(v Vulnerability) bool { + return slices.Contains(cves, v.CVE) + }) +} + +func (c *Client) withExcludeFunc(fn excludeFunc) *Client { + c.excludeFuncs = append(c.excludeFuncs, fn) + return c +} + +func (c *Client) fetch(ctx context.Context) (vulnerabilities, error) { url := c.URL if url == "" { url = ProductionFeed } - return get[map[string]Vulnerability](ctx, c.HTTPClient, url) + vsMap, err := get[map[string]Vulnerability](ctx, c.HTTPClient, url) + if err != nil { + return nil, fmt.Errorf("failed to fetch vulnerabilities from Wordfence feed %s: %w", url, err) + } + + vs := make(vulnerabilities, 0, len(vsMap)) + for _, v := range vsMap { + vs = append(vs, v) + } + + for _, fn := range c.excludeFuncs { + vs = slices.DeleteFunc(vs, fn) + } + + if len(vs) == 0 { + return nil, fmt.Errorf("no vulnerabilities found from Wordfence feed %s", url) + } + + return vs, nil } func get[T any](ctx context.Context, client *http.Client, url string) (T, error) { @@ -70,7 +113,7 @@ func get[T any](ctx context.Context, client *http.Client, url string) (T, error) defer res.Body.Close() if res.StatusCode != http.StatusOK { - return out, fmt.Errorf("HTTP GET request to %s failed with %s", url, res.Status) + return out, fmt.Errorf("HTTP GET request failed with %s", res.Status) } if err := json.NewDecoder(res.Body).Decode(&out); err != nil { diff --git a/wordfence/client_test.go b/wordfence/client_test.go index 5c0dda8..8d8032a 100644 --- a/wordfence/client_test.go +++ b/wordfence/client_test.go @@ -28,16 +28,18 @@ import ( "net/http" "net/http/httptest" "os" - "reflect" "testing" "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" ) func TestClient_fetch(t *testing.T) { tests := []struct { name string fixture string - want map[string]Vulnerability + want vulnerabilities wantErr bool }{ { @@ -61,7 +63,7 @@ func TestClient_fetch(t *testing.T) { { "empty", "testdata/empty.json", - map[string]Vulnerability{}, + vulnerabilities{}, false, }, { @@ -77,7 +79,7 @@ func TestClient_fetch(t *testing.T) { w.WriteHeader(http.StatusOK) file, _ := os.ReadFile(tt.fixture) - w.Write(file) + _, _ = w.Write(file) })) defer ts.Close() @@ -89,16 +91,20 @@ func TestClient_fetch(t *testing.T) { got, err := c.fetch(ctx) - if tt.wantErr && (err == nil) { + if (err != nil) != tt.wantErr { t.Errorf("fetch() error = %v, wantErr %v", err, tt.wantErr) return } - if !tt.wantErr && (err != nil) { - t.Errorf("fetch() error = %v, wantErr %v", err, tt.wantErr) - return - } - if !reflect.DeepEqual(got, tt.want) { - t.Errorf("fetch() got = %v, want %v", got, tt.want) + + diff := cmp.Diff( + tt.want, + got, + cmpopts.SortSlices(func(a, b Vulnerability) bool { + return a.ID < b.ID + }), + ) + if diff != "" { + t.Errorf("fetch() mismatch (-want +got):\n%s", diff) } }) } @@ -110,7 +116,7 @@ func TestClient_fetch_cancelable(t *testing.T) { w.WriteHeader(http.StatusOK) file, _ := os.ReadFile("testdata/production.example.json") - w.Write(file) + _, _ = w.Write(file) time.Sleep(1 * time.Second) })) @@ -138,7 +144,7 @@ func TestClient_fetch_http_error(t *testing.T) { w.WriteHeader(http.StatusNotFound) file, _ := os.ReadFile("testdata/production.example.json") - w.Write(file) + _, _ = w.Write(file) })) defer ts.Close() @@ -153,4 +159,90 @@ func TestClient_fetch_http_error(t *testing.T) { if err == nil { t.Errorf("fetch() error = %v, wantErr true", err) } +} + +func TestClient_WhereIDNotIn(t *testing.T) { + tests := []struct { + fixture string + ids []string + want vulnerabilities + wantErr bool + }{ + { + fixture: "testdata/production.multiple.json", + ids: nil, + want: productionMultiple, + wantErr: false, + }, + { + fixture: "testdata/production.multiple.json", + ids: []string{}, + want: productionMultiple, + wantErr: false, + }, + { + fixture: "testdata/production.multiple.json", + ids: []string{"014da588-9494-493e-8659-590b8e8c14a6"}, // wpgsi & wpgsiProfessional + want: append(productionMultiple[0:2], productionMultiple[3:]...), + wantErr: false, + }, + //{ + // fixture: "testdata/production.multiple.json", + // ids: []string{ + // "0114f098-713d-4eef-8643-901f607375de", // core + // "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional + // }, + // want: append(productionMultiple[1:2], productionMultiple[4:]...), + // wantErr: false, + //}, + //{ + // fixture: "testdata/production.multiple.json", + // ids: []string{ + // "0114f098-713d-4eef-8643-901f607375de", // core + // "01179ac2-ad68-4a5d-af67-70d57ed611d2", // simpleShippingEdd + // "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional + // "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate + // }, + // want: nil, + // wantErr: true, + //}, + } + for _, tt := range tests { + t.Run("", func(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + + file, _ := os.ReadFile(tt.fixture) + _, _ = w.Write(file) + })) + defer ts.Close() + + c := Client{ + HTTPClient: ts.Client(), + URL: ts.URL, + } + ctx := context.Background() + + got, err := c.WhereIDNotIn(tt.ids...).fetch(ctx) + + if (err != nil) != tt.wantErr { + t.Errorf("WhereIDNotIn().fetch() error = %v, wantErr %v", err, tt.wantErr) + return + } + + diff := cmp.Diff( + tt.want, + got, + cmpopts.SortSlices(func(a, b Vulnerability) bool { + return a.ID < b.ID + }), + cmpopts.SortSlices(func(a, b Software) bool { + return a.Type+a.Slug < b.Type+b.Slug + }), + ) + if diff != "" { + t.Errorf("WhereIDNotIn().fetch() mismatch (-want +got):\n%s", diff) + } + }) + } } \ No newline at end of file diff --git a/wordfence/fixture_test.go b/wordfence/fixture_test.go index 32dcfd2..0a4c2e9 100644 --- a/wordfence/fixture_test.go +++ b/wordfence/fixture_test.go @@ -28,8 +28,8 @@ import ( ) var ( - productionExample = map[string]Vulnerability{ - "848ccbdc-c6f1-480f-a272-cd459e706713": { + productionExample = []Vulnerability{ + { ID: "848ccbdc-c6f1-480f-a272-cd459e706713", Software: []Software{ { @@ -49,8 +49,8 @@ var ( }, } - productionMultiple = map[string]Vulnerability{ - "0114f098-713d-4eef-8643-901f607375de": { + productionMultiple = []Vulnerability{ + { ID: "0114f098-713d-4eef-8643-901f607375de", Software: []Software{ { @@ -80,7 +80,7 @@ var ( }, CVE: "CVE-2022-21664", }, - "01179ac2-ad68-4a5d-af67-70d57ed611d2": { + { ID: "01179ac2-ad68-4a5d-af67-70d57ed611d2", Software: []Software{ { @@ -98,7 +98,7 @@ var ( }, CVE: "CVE-2015-9527", }, - "014da588-9494-493e-8659-590b8e8c14a6": { + { ID: "014da588-9494-493e-8659-590b8e8c14a6", Software: []Software{ { @@ -127,7 +127,7 @@ var ( }, }, }, - "06fee60a-e96c-49ce-9007-0d402ef46d72": { + { ID: "06fee60a-e96c-49ce-9007-0d402ef46d72", Software: []Software{ { @@ -146,8 +146,8 @@ var ( }, } - scannerExample = map[string]Vulnerability{ - "848ccbdc-c6f1-480f-a272-cd459e706713": { + scannerExample = []Vulnerability{ + { ID: "848ccbdc-c6f1-480f-a272-cd459e706713", Software: []Software{ { diff --git a/wordfence/repo.go b/wordfence/repo.go index 085aab8..6bb122e 100644 --- a/wordfence/repo.go +++ b/wordfence/repo.go @@ -24,56 +24,22 @@ package wordfence import ( "context" - "fmt" - "slices" "github.com/typisttech/wpsecadvi/wp" ) -// excludeFunc returns true if a [Vulnerability] should be excluded from [Repo.Get] result. -type excludeFunc func(v Vulnerability) bool - type fetcher interface { - fetch(ctx context.Context) (map[string]Vulnerability, error) + fetch(ctx context.Context) (vulnerabilities, error) } type Repo struct { - Client fetcher - discardFuncs []excludeFunc -} - -// WhereIDNotIn excludes [Vulnerability] from [Repo.Get] results by IDs. -func (r *Repo) WhereIDNotIn(ids ...string) *Repo { - return r.withFilterFn(func(v Vulnerability) bool { - return slices.Contains(ids, v.ID) - }) -} - -// WhereCVENotIn excludes [Vulnerability] from [Repo.Get] results by CVEs. -func (r *Repo) WhereCVENotIn(cves ...string) *Repo { - return r.withFilterFn(func(v Vulnerability) bool { - return slices.Contains(cves, v.CVE) - }) -} - -func (r *Repo) withFilterFn(fn excludeFunc) *Repo { - r.discardFuncs = append(r.discardFuncs, fn) - return r + Client fetcher } func (r *Repo) Get(ctx context.Context) ([]*wp.Entity, error) { - vsMap, err := r.Client.fetch(ctx) + vs, err := r.Client.fetch(ctx) if err != nil { - return nil, fmt.Errorf("failed to fetch vulnerabilities form WordFence: %w", err) - } - - vs := make(vulnerabilities, 0, len(vsMap)) - for _, v := range vsMap { - vs = append(vs, v) - } - - for _, fn := range r.discardFuncs { - vs = slices.DeleteFunc(vs, fn) + return nil, err } return vs.entities() diff --git a/wordfence/repo_test.go b/wordfence/repo_test.go index 48d0295..cb223d3 100644 --- a/wordfence/repo_test.go +++ b/wordfence/repo_test.go @@ -24,318 +24,232 @@ package wordfence import ( "context" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - - "github.com/typisttech/wpsecadvi/composer/version" - "github.com/typisttech/wpsecadvi/wp" ) type stub struct { - fixture map[string]Vulnerability + fixture []Vulnerability } -func (s stub) fetch(ctx context.Context) (map[string]Vulnerability, error) { +func (s stub) fetch(ctx context.Context) (vulnerabilities, error) { return s.fixture, nil } -func TestRepo_Get(t *testing.T) { - tests := []struct { - fixture map[string]Vulnerability - want []*wp.Entity - wantErr bool - }{ - { - fixture: productionExample, - want: productionExampleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: scannerExample, - want: scannerExampleEntities(), - wantErr: false, - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - r := &Repo{ - Client: stub{ - fixture: tt.fixture, - }, - } - ctx := context.Background() - - got, err := r.Get(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), - cmpopts.SortSlices(func(a, b *wp.Entity) bool { - return a.Slug() < b.Slug() - }), - cmpopts.SortSlices(func(a, b *version.Range) bool { - return a.String() < b.String() - }), - ) - if diff != "" { - t.Errorf("Get() mismatch (-want +got):\n%s", diff) - } - }) - } -} - -func TestRepo_Get_whereIDNotIn(t *testing.T) { - tests := []struct { - fixture map[string]Vulnerability - ids []string - want []*wp.Entity - wantErr bool - }{ - { - fixture: productionMultiple, - ids: nil, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{}, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{"014da588-9494-493e-8659-590b8e8c14a6"}, // wpgsi & wpgsiProfessional - want: append(productionMultipleEntities()[0:2], productionMultipleEntities()[4:]...), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{ - "0114f098-713d-4eef-8643-901f607375de", // core - "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional - }, - want: append(productionMultipleEntities()[1:2], productionMultipleEntities()[4:]...), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{ - "0114f098-713d-4eef-8643-901f607375de", // core - "01179ac2-ad68-4a5d-af67-70d57ed611d2", // simpleShippingEdd - "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional - "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - r := &Repo{ - Client: stub{ - fixture: tt.fixture, - }, - } - ctx := context.Background() - - got, err := r.WhereIDNotIn(tt.ids...).Get(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("WhereIDNotIn().Get() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), - cmpopts.SortSlices(func(a, b *wp.Entity) bool { - return a.Slug() < b.Slug() - }), - cmpopts.SortSlices(func(a, b *version.Range) bool { - return a.String() < b.String() - }), - ) - if diff != "" { - t.Errorf("WhereIDNotIn().Get() mismatch (-want +got):\n%s", diff) - } - }) - } -} - -func TestRepo_Get_whereCVENotIn(t *testing.T) { - //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} - - tests := []struct { - fixture map[string]Vulnerability - cves []string - want []*wp.Entity - wantErr bool - }{ - { - fixture: productionMultiple, - cves: nil, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - cves: []string{}, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - cves: []string{"CVE-2022-21664"}, // core - want: productionMultipleEntities()[1:], - wantErr: false, - }, - { - fixture: productionMultiple, - cves: []string{"CVE-2015-9527"}, // simpleShippingEdd - want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), - wantErr: false, - }, - { - fixture: productionMultiple, - cves: []string{ - "CVE-2022-21664", // core - "CVE-2015-9527", // simpleShippingEdd - }, - want: productionMultipleEntities()[2:], - wantErr: false, - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - r := &Repo{ - Client: stub{ - fixture: tt.fixture, - }, - } - ctx := context.Background() - - got, err := r.WhereCVENotIn(tt.cves...).Get(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), - cmpopts.SortSlices(func(a, b *wp.Entity) bool { - return a.Slug() < b.Slug() - }), - cmpopts.SortSlices(func(a, b *version.Range) bool { - return a.String() < b.String() - }), - ) - if diff != "" { - t.Errorf("WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) - } - }) - } -} - -func TestRepo_Get_whereNotIn(t *testing.T) { - //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} - - tests := []struct { - fixture map[string]Vulnerability - ids []string - cves []string - want []*wp.Entity - wantErr bool - }{ - { - fixture: productionMultiple, - ids: nil, - cves: nil, - want: productionMultipleEntities(), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{"0114f098-713d-4eef-8643-901f607375de"}, // core - cves: []string{"CVE-2015-9527"}, // simpleShippingEdd - want: productionMultipleEntities()[2:], - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd - cves: []string{"CVE-2022-21664"}, // core - want: productionMultipleEntities()[2:], - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd - cves: []string{"CVE-2015-9527"}, // simpleShippingEdd - want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), - wantErr: false, - }, - { - fixture: productionMultiple, - ids: []string{ - "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional - "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate - }, - cves: []string{ - "CVE-2022-21664", // core - "CVE-2015-9527", // simpleShippingEdd - }, - want: nil, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - r := &Repo{ - Client: stub{ - fixture: tt.fixture, - }, - } - ctx := context.Background() - - got, err := r.WhereIDNotIn(tt.ids...).WhereCVENotIn(tt.cves...).Get(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), - cmpopts.SortSlices(func(a, b *wp.Entity) bool { - return a.Slug() < b.Slug() - }), - cmpopts.SortSlices(func(a, b *version.Range) bool { - return a.String() < b.String() - }), - ) - if diff != "" { - t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) - } - }) - } -} \ No newline at end of file +//func TestRepo_Get(t *testing.T) { +// tests := []struct { +// fixture []Vulnerability +// want []*wp.Entity +// wantErr bool +// }{ +// { +// fixture: productionExample, +// want: productionExampleEntities(), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// want: productionMultipleEntities(), +// wantErr: false, +// }, +// { +// fixture: scannerExample, +// want: scannerExampleEntities(), +// wantErr: false, +// }, +// } +// for _, tt := range tests { +// t.Run("", func(t *testing.T) { +// r := &Repo{ +// Client: stub{ +// fixture: tt.fixture, +// }, +// } +// ctx := context.Background() +// +// got, err := r.Get(ctx) +// +// if (err != nil) != tt.wantErr { +// t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr) +// return +// } +// +// diff := cmp.Diff( +// tt.want, +// got, +// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), +// cmpopts.SortSlices(func(a, b *wp.Entity) bool { +// return a.Slug() < b.Slug() +// }), +// cmpopts.SortSlices(func(a, b *version.Range) bool { +// return a.String() < b.String() +// }), +// ) +// if diff != "" { +// t.Errorf("Get() mismatch (-want +got):\n%s", diff) +// } +// }) +// } +//} + +// +//func TestRepo_Get_whereCVENotIn(t *testing.T) { +// //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} +// +// tests := []struct { +// fixture []Vulnerability +// cves []string +// want []*wp.Entity +// wantErr bool +// }{ +// { +// fixture: productionMultiple, +// cves: nil, +// want: productionMultipleEntities(), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// cves: []string{}, +// want: productionMultipleEntities(), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// cves: []string{"CVE-2022-21664"}, // core +// want: productionMultipleEntities()[1:], +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd +// want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// cves: []string{ +// "CVE-2022-21664", // core +// "CVE-2015-9527", // simpleShippingEdd +// }, +// want: productionMultipleEntities()[2:], +// wantErr: false, +// }, +// } +// for _, tt := range tests { +// t.Run("", func(t *testing.T) { +// r := &Repo{ +// Client: stub{ +// fixture: tt.fixture, +// }, +// } +// ctx := context.Background() +// +// got, err := r.WhereCVENotIn(tt.cves...).Get(ctx) +// +// if (err != nil) != tt.wantErr { +// t.Errorf("WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) +// return +// } +// +// diff := cmp.Diff( +// tt.want, +// got, +// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), +// cmpopts.SortSlices(func(a, b *wp.Entity) bool { +// return a.Slug() < b.Slug() +// }), +// cmpopts.SortSlices(func(a, b *version.Range) bool { +// return a.String() < b.String() +// }), +// ) +// if diff != "" { +// t.Errorf("WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) +// } +// }) +// } +//} +// +//func TestRepo_Get_whereNotIn(t *testing.T) { +// //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} +// +// tests := []struct { +// fixture []Vulnerability +// ids []string +// cves []string +// want []*wp.Entity +// wantErr bool +// }{ +// { +// fixture: productionMultiple, +// ids: nil, +// cves: nil, +// want: productionMultipleEntities(), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// ids: []string{"0114f098-713d-4eef-8643-901f607375de"}, // core +// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd +// want: productionMultipleEntities()[2:], +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd +// cves: []string{"CVE-2022-21664"}, // core +// want: productionMultipleEntities()[2:], +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd +// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd +// want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), +// wantErr: false, +// }, +// { +// fixture: productionMultiple, +// ids: []string{ +// "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional +// "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate +// }, +// cves: []string{ +// "CVE-2022-21664", // core +// "CVE-2015-9527", // simpleShippingEdd +// }, +// want: nil, +// wantErr: true, +// }, +// } +// for _, tt := range tests { +// t.Run("", func(t *testing.T) { +// r := &Repo{ +// Client: stub{ +// fixture: tt.fixture, +// }, +// } +// ctx := context.Background() +// +// got, err := r.WhereIDNotIn(tt.ids...).WhereCVENotIn(tt.cves...).Get(ctx) +// +// if (err != nil) != tt.wantErr { +// t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) +// return +// } +// +// diff := cmp.Diff( +// tt.want, +// got, +// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), +// cmpopts.SortSlices(func(a, b *wp.Entity) bool { +// return a.Slug() < b.Slug() +// }), +// cmpopts.SortSlices(func(a, b *version.Range) bool { +// return a.String() < b.String() +// }), +// ) +// if diff != "" { +// t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) +// } +// }) +// } +//} \ No newline at end of file From 32a0d9a9656c845680825422405cb028ff068d47 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:24:03 +0000 Subject: [PATCH 09/20] wip --- .editorconfig | 13 - .github/dependabot.yml | 11 + .github/workflows/build.yml | 34 ++ .github/workflows/check.yml | 44 ++ .github/workflows/codeql.yml | 30 ++ .github/workflows/govulncheck.yml | 28 + .github/workflows/release.yml | 35 ++ .github/workflows/test.yml | 48 +- LICENSE | 2 +- Makefile | 142 +++++ cmd/wpsecadvi/.gitignore | 1 - cmd/wpsecadvi/main.go | 27 - cmd/wpsecadvi/root.go | 65 --- composer/version/doc.go | 34 -- composer/version/range.go | 294 ----------- composer/version/range_test.go | 558 -------------------- composer/version/version.go | 136 ----- composer/version/version_test.go | 314 ----------- go.mod | 13 +- go.sum | 14 - repo.go | 45 -- wordfence/client.go | 124 ----- wordfence/client_test.go | 248 --------- wordfence/fixture_test.go | 243 --------- wordfence/repo.go | 46 -- wordfence/repo_test.go | 255 --------- wordfence/testdata/empty.json | 1 - wordfence/testdata/not-json.json | 1 - wordfence/testdata/production.example.json | 60 --- wordfence/testdata/production.multiple.json | 99 ---- wordfence/testdata/scanner.example.json | 37 -- wordfence/vulnerability.go | 178 ------- wp/entity.go | 91 ---- 33 files changed, 348 insertions(+), 2923 deletions(-) delete mode 100644 .editorconfig create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/check.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/govulncheck.yml create mode 100644 .github/workflows/release.yml create mode 100644 Makefile delete mode 100644 cmd/wpsecadvi/.gitignore delete mode 100644 cmd/wpsecadvi/main.go delete mode 100644 cmd/wpsecadvi/root.go delete mode 100644 composer/version/doc.go delete mode 100644 composer/version/range.go delete mode 100644 composer/version/range_test.go delete mode 100644 composer/version/version.go delete mode 100644 composer/version/version_test.go delete mode 100644 repo.go delete mode 100644 wordfence/client.go delete mode 100644 wordfence/client_test.go delete mode 100644 wordfence/fixture_test.go delete mode 100644 wordfence/repo.go delete mode 100644 wordfence/repo_test.go delete mode 100644 wordfence/testdata/empty.json delete mode 100644 wordfence/testdata/not-json.json delete mode 100644 wordfence/testdata/production.example.json delete mode 100644 wordfence/testdata/production.multiple.json delete mode 100644 wordfence/testdata/scanner.example.json delete mode 100644 wordfence/vulnerability.go delete mode 100644 wp/entity.go diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index 00d37e3..0000000 --- a/.editorconfig +++ /dev/null @@ -1,13 +0,0 @@ -root = true - -[*] -charset = utf-8 -end_of_line = lf -indent_size = 4 -indent_style = space -insert_final_newline = false -max_line_length = 120 -tab_width = 4 - -[{*.go,*.go2}] -indent_style = tab diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..256759f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 + +updates: + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..704da26 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,34 @@ +name: Build + +on: + workflow_dispatch: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - run: go version + - uses: goreleaser/goreleaser-action@v5 + with: + version: latest + args: release --clean --snapshot --verbose + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - uses: actions/upload-artifact@v4 + with: + name: ${{ github.sha }} + path: dist/* diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..0a8fa9b --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,44 @@ +name: Check + +on: + workflow_dispatch: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + golangci-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: false + - run: go version + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: latest + args: --verbose + + goreleaser-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - run: go version + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: check --verbose diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..d1811c2 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,30 @@ +name: CodeQL + +on: + schedule: + - cron: '23 05 * * *' + workflow_dispatch: + pull_request: + branches: + - main + push: + branches: + - main + +permissions: + actions: read + contents: read + security-events: write + +jobs: + codeql: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + - uses: github/codeql-action/init@v3 + with: + languages: go + queries: security-and-quality + - uses: github/codeql-action/autobuild@v3 + - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml new file mode 100644 index 0000000..41e738a --- /dev/null +++ b/.github/workflows/govulncheck.yml @@ -0,0 +1,28 @@ +name: govulncheck + +on: + schedule: + - cron: '23 05 * * *' + workflow_dispatch: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + govulncheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version: 'stable' + - run: go version + - run: go install golang.org/x/vuln/cmd/govulncheck@latest + - run: govulncheck --show version -test ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..a36e027 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,35 @@ +name: Release + +on: + push: + tags: + - '*' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - run: go version + # Use GitHub token to download private modules +# - run: | +# git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean --fail-fast --verbose + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 957acd8..c06a6a9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,33 +1,29 @@ -name: Test +#name: Test on: - push: + workflow_dispatch: pull_request: + branches: + - main + push: + branches: + - main -permissions: - contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: - build: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - macos-latest - runs-on: ${{ matrix.os }} - + test: + runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '^1.19.4' - - - name: Print Go version - run: go version - - - name: Run tests - run: go test -race -v ./... \ No newline at end of file + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - run: go version + - run: go test -v -count=1 -race -shuffle=on -cover -coverprofile=coverage.out ./... + - uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true diff --git a/LICENSE b/LICENSE index 7214bce..bef7377 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright © 2022-2023 Typist Tech Limited +Copyright © 2022-2024 Typist Tech Limited Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1e5478d --- /dev/null +++ b/Makefile @@ -0,0 +1,142 @@ +MAKEFLAGS+=-r -R + +# Project +BINARY_NAME=wpsecadvi +DIST=$(CURDIR)/dist +DIST_BINARY=$(DIST)/$(BINARY_NAME)_$(shell $(GOCMD) env GOOS)_$(shell $(GOCMD) env GOARCH)/${BINARY_NAME} +OUTPUT_BINARY=$(CURDIR)/$(BINARY_NAME) + +# Go +GOCMD?=$(shell which go) +GOTEST?=$(GOCMD) test +GOBIN?=$(if $(shell go env GOBIN),$(shell go env GOBIN),$(shell go env GOPATH)/bin) + +# Tool +GOLANGCI_LINT?=$(GOBIN)/golangci-lint +GORELEASER?=$(GOBIN)/goreleaser +GOVULNCHECK?=$(GOBIN)/govulncheck + +# Color +GREEN := $(shell tput -Txterm setaf 2) +YELLOW := $(shell tput -Txterm setaf 3) +BLUE := $(shell tput -Txterm setaf 4) +MAGENTA := $(shell tput -Txterm setaf 5) +CYAN := $(shell tput -Txterm setaf 6) +WHITE := $(shell tput -Txterm setaf 7) +RESET := $(shell tput -Txterm sgr0) + + +## Common: +.PHONY: default +default: check test build ## Alias of check, test and build + +.PHONY: all +all: check test build-all ## Alias of check, test, build-all + +.PHONY: clean +clean: test-clean build-clean ## Clean up all generated files + + +## Build: +.PHONY: build +build: build-clean goreleaser-check ## Build binary for current GOOS and GOARCH + @echo "\n${GREEN}====>${RESET} Building binary for current GOOS and GOARCH to ${CYAN}$(DIST)${RESET}..." + $(GORELEASER) build --clean --snapshot --single-target + @echo "\n${GREEN}====>${RESET} Copying binary from ${CYAN}$(DIST_BINARY)${RESET} to ${CYAN}$(OUTPUT_BINARY)${RESET}..." + cp $(DIST_BINARY) $(OUTPUT_BINARY) + @echo "\n${GREEN}====>${RESET} Printing binary version information" + $(OUTPUT_BINARY) --version + +.PHONY: build-all +build-all: build-clean goreleaser-check ## Build binaries for all supported targets to ./dist + @echo "\n${GREEN}====>${RESET} Building binaries to ${CYAN}$(DIST)${RESET}..." + $(GORELEASER) build --clean --snapshot + +.PHONY: build-clean +build-clean: ## Clean up binaries and build outputs + @echo "\n${GREEN}====>${RESET} Removing ${CYAN}$(DIST)${RESET}..." + rm -rf $(DIST) + @echo "\n${GREEN}====>${RESET} Removing ${CYAN}$(OUTPUT_BINARY)${RESET}..." + rm -f $(OUTPUT_BINARY) + + +## Test: +.PHONY: test +test: ## Run tests + @echo "\n${GREEN}====>${RESET} Running tests..." + $(GOTEST) -failfast -race -shuffle=on ./... + +.PHONY: coverage.out +coverage.out: + @echo "\n${GREEN}====>${RESET} Generating coverage profile to ${CYAN}$(CURDIR)/coverage.out${RESET}..." + $(GOTEST) -v -count=1 -race -shuffle=on -cover -coverprofile=coverage.out ./... + +.PHONY: test-coverage +test-coverage: coverage.out ## Run all tests with coverage, then open the coverage report in default web browser + @echo "\n${GREEN}====>${RESET} Opening the coverage profile in default web browser..." + $(GOCMD) tool cover -html=$(CURDIR)/coverage.out + +.PHONY: test-clean +test-clean: ## Clean up generated test files + @echo "\n${GREEN}====>${RESET} Removing ${CYAN}$(CURDIR)/coverage.out${RESET}..." + rm -f $(CURDIR)/coverage.out + + +## Check: +.PHONY: check +check: golangci-lint goreleaser-check govulncheck ## Run all checks + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Run golangci-lint linters + @echo "\n${GREEN}====>${RESET} Running golangci-lint linters..." + $(GOLANGCI_LINT) run + +.PHONY: goreleaser-check +goreleaser-check: $(GORELEASER) ## Valid goreleaser configuration + @echo "\n${GREEN}====>${RESET} Validating goreleaser configuration..." + $(GORELEASER) check + +.PHONY: govulncheck +govulncheck: $(GOVULNCHECK) ## Scan for vulnerable dependencies + @echo "\n${GREEN}====>${RESET} Scanning for vulnerable dependencies..." + $(GOVULNCHECK) ./... + + +## Tool: +tool: $(GOBIN)/golangci-lint $(GOBIN)/goreleaser $(GOBIN)/govulncheck ## Install all tools to $GOBIN + +$(GOBIN)/golangci-lint: PACKAGE=github.com/golangci/golangci-lint/cmd/golangci-lint@latest +$(GOBIN)/goreleaser: PACKAGE=github.com/goreleaser/goreleaser@latest +$(GOBIN)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck@latest + +$(GOBIN)/%: + @echo "\n${GREEN}====>${RESET} Installing ${MAGENTA}$(PACKAGE)${RESET} to ${CYAN}$(GOBIN)${RESET}..." + GOBIN=$(GOBIN) $(GOCMD) install $(PACKAGE) + + +## Help: +.PHONY: help +help: ## Show this help + @echo '' + @echo 'Usage:' + @echo ' ${CYAN}make${RESET} ${GREEN}${RESET}' + @echo '' + @echo 'Targets:' + @awk 'BEGIN {FS = ":.*?## "} { \ + if (/^[a-zA-Z_-]+:.*?##.*$$/) {printf " ${GREEN}%-18s${WHITE}%s${RESET}\n", $$1, $$2} \ + else if (/^## .*$$/) {printf "\n ${YELLOW}%s${RESET}\n", substr($$1,4)} \ + }' $(MAKEFILE_LIST) + +.PHONY: debug +debug: ## List variables + @echo "BINARY_NAME ${CYAN}$(BINARY_NAME)${RESET}" + @echo "DIST ${CYAN}$(DIST)${RESET}" + @echo "DIST_BINARY ${CYAN}$(DIST_BINARY)${RESET}" + @echo "OUTPUT_BINARY ${CYAN}$(OUTPUT_BINARY)${RESET}" + @echo "GOCMD ${CYAN}$(GOCMD)${RESET}" + @echo "GOTEST ${CYAN}$(GOTEST)${RESET}" + @echo "GOBIN ${CYAN}$(GOBIN)${RESET}" + @echo "GOLANGCI_LINT ${CYAN}$(GOLANGCI_LINT)${RESET}" + @echo "GORELEASER ${CYAN}$(GORELEASER)${RESET}" + @echo "GOVULNCHECK ${CYAN}$(GOVULNCHECK)${RESET}" + @echo "MAKEFLAGS ${CYAN}$(MAKEFLAGS)${RESET}" diff --git a/cmd/wpsecadvi/.gitignore b/cmd/wpsecadvi/.gitignore deleted file mode 100644 index 477ca7a..0000000 --- a/cmd/wpsecadvi/.gitignore +++ /dev/null @@ -1 +0,0 @@ -wpsecadvi \ No newline at end of file diff --git a/cmd/wpsecadvi/main.go b/cmd/wpsecadvi/main.go deleted file mode 100644 index f651029..0000000 --- a/cmd/wpsecadvi/main.go +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package main - -func main() { - Execute() -} \ No newline at end of file diff --git a/cmd/wpsecadvi/root.go b/cmd/wpsecadvi/root.go deleted file mode 100644 index eea7c95..0000000 --- a/cmd/wpsecadvi/root.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package main - -import ( - "os" - - "github.com/spf13/cobra" -) - -// rootCmd represents the base command when called without any subcommands -var rootCmd = &cobra.Command{ - Use: "wpsecadvi", - Short: "A brief description of your application", - Long: `A longer description that spans multiple lines and likely contains -examples and usage of using your application. For example: - -Cobra is a CLI library for Go that empowers applications. -This application is a tool to generate the needed files -to quickly create a Cobra application.`, - // Uncomment the following line if your bare application - // has an action associated with it: - // Run: func(cmd *cobra.Command, args []string) { }, -} - -// Execute adds all child commands to the root command and sets flags appropriately. -// This is called by main.main(). It only needs to happen once to the rootCmd. -func Execute() { - err := rootCmd.Execute() - if err != nil { - os.Exit(1) - } -} - -func init() { - // Here you will define your flags and configuration settings. - // Cobra supports persistent flags, which, if defined here, - // will be global for your application. - - // rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.wpsecadvi.yaml)") - - // Cobra also supports local flags, which will only run - // when this action is called directly. - rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") -} \ No newline at end of file diff --git a/composer/version/doc.go b/composer/version/doc.go deleted file mode 100644 index 8885304..0000000 --- a/composer/version/doc.go +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -// Package version implements comparison of a subset of [composer/semver] -// compilable version strings. -// -// The general form of a version string accepted by this package is -// -// [v]MAJOR[.MINOR[.PATCH[.REVISION]]] -// -// where square brackets indicate optional parts of the syntax; MAJOR, MINOR, -// PATCH and REVISION are decimal integers without extra leading zeros. -// -// [composer/semver]: https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L150-L174 -package version \ No newline at end of file diff --git a/composer/version/range.go b/composer/version/range.go deleted file mode 100644 index 8639142..0000000 --- a/composer/version/range.go +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package version - -import ( - "fmt" - "slices" - "strings" -) - -type Range struct { - from *Version // TODO: Can we use value instead? - fromInclusive bool - to *Version // TODO: Can we use value instead? - toInclusive bool -} - -type RangeOptionFunc func(*Range) - -func WithCeiling(v *Version, inclusive bool) RangeOptionFunc { - // TODO: test me! - return func(r *Range) { - r.to = v - r.toInclusive = inclusive && v != nil - } -} - -func WithInclusiveCeiling(v *Version) RangeOptionFunc { - return WithCeiling(v, true) -} - -func WithNonInclusiveCeiling(v *Version) RangeOptionFunc { - return WithCeiling(v, false) -} - -func WithoutCeiling() RangeOptionFunc { - return WithCeiling(nil, false) -} - -func WithFloor(v *Version, inclusive bool) RangeOptionFunc { - return func(r *Range) { - r.from = v - r.fromInclusive = inclusive && v != nil - } -} - -func WithInclusiveFloor(v *Version) RangeOptionFunc { - return WithFloor(v, true) -} - -func WithNonInclusiveFloor(v *Version) RangeOptionFunc { - return WithFloor(v, false) -} - -func WithoutFloor() RangeOptionFunc { - // TODO: test me! - return WithFloor(nil, false) -} - -func NewRange(optionFuncs ...RangeOptionFunc) (*Range, error) { - r := &Range{} - - for _, optFn := range optionFuncs { - optFn(r) - } - - // TODO: Validate r.from <= r.to - // TODO: Validate when r.from == r.to, then r.fromInclusive == true && r.toInclusive == true - - return r, nil -} - -func (r *Range) String() string { - if r.from == nil && r.to == nil { - return "*" - } - - if r.fromInclusive && r.toInclusive && r.from != nil && r.from == r.to { - return r.from.String() - } - - from := "" - if r.from != nil { - op := ">" - if r.fromInclusive { - op = ">=" - } - - from = fmt.Sprintf("%s%s", op, r.from) - } - - to := "" - if r.to != nil { - op := "<" - if r.toInclusive { - op = "<=" - } - - to = fmt.Sprintf("%s%s", op, r.to) - } - - str := strings.Join([]string{from, to}, " ") - return strings.Trim(str, " ") -} - -// Constraint represents a slice of [*Range] grouped together with logical OR. -type Constraint []*Range - -func (c Constraint) String() string { - rs := or(c...) - - ss := make([]string, 0, len(rs)) - for _, r := range rs { - ss = append(ss, r.String()) - } - - // For easier testing assertions. - slices.Sort(ss) - - return strings.Join(ss, "||") -} - -func or(rs ...*Range) []*Range { - if len(rs) == 0 { - return nil - } - - f, rs := rs[0], rs[1:] - result := []*Range{f} - - for i, r := range rs { - for j, s := range result { - if m, ok := orTwo(r, s); ok { - result[j] = m - result = append(result, rs[i+1:]...) - return or(result...) - } - } - result = append(result, r) - } - - return result -} - -func orTwo(a *Range, b *Range) (*Range, bool) { - if !overlap(a, b) { - return nil, false - } - - if a.from == nil && a.to == nil { - return a, true - } - if b.from == nil && b.to == nil { - return b, true - } - if a.String() == b.String() { - return a, true - } - - // Both without celling, take the lesser from - // |<-a-> - // |<---b---> - if a.to == nil && b.to == nil { - from := a.from - fromInclusive := a.fromInclusive - - if b.from.lessThan(*a.from) { - from = b.from - fromInclusive = b.fromInclusive - } - if a.from.equalTo(*b.from) { - fromInclusive = a.fromInclusive && b.fromInclusive - } - - return &Range{from, fromInclusive, nil, false}, true - } - - // Both without floor - // <-a->| - // <---b--->| - if a.from == nil && b.from == nil { - to := a.to - toInclusive := a.toInclusive - - if b.to.greaterThan(*a.to) { - to = b.to - toInclusive = b.toInclusive - } - if a.to.equalTo(*b.to) { - toInclusive = a.toInclusive && b.toInclusive - } - - return &Range{nil, false, to, toInclusive}, true - } - - // Ensure a has the lower from - // |<-a->| - // |<---b--->| - // Or, - // |<-a->| - // |<---b--->| - // Or, - // |<-a->| - // |<--- b --->| - // Or, - // |<--------a-------->| - // |<---b--->| - if a.from.greaterThan(*b.from) { - a, b = b, a - } - - from := a.from - fromInclusive := a.fromInclusive - if a.from.equalTo(*b.from) { - fromInclusive = a.fromInclusive || b.fromInclusive - } - - to := b.to - toInclusive := b.toInclusive - if a.to.greaterThan(*b.to) { - to = a.to - } - if a.to.equalTo(*b.to) { - toInclusive = a.toInclusive || b.toInclusive - } - - return &Range{from, fromInclusive, to, toInclusive}, true -} - -func overlap(a *Range, b *Range) bool { - if a.from == nil && a.to == nil { - return true - } - if b.from == nil && b.to == nil { - return true - } - if a.String() == b.String() { - return true - } - - // Both without celling - // |<-a-> - // |<---b---> - if a.to == nil && b.to == nil { - return true - } - - // Both without floor - // <-a->| - // <---b--->| - if a.from == nil && b.from == nil { - return true - } - - // Ensure a has the lower from - // |<-a->| - // |<---b--->| - // Or, - // |<-a->| - // |<---b--->| - // Or, - // |<-a->| - // |<--- b --->| - // Or, - // |<--------a-------->| - // |<---b--->| - if a.from.greaterThan(*b.from) { - a, b = b, a - } - - return a.to == nil || - a.to.greaterThan(*b.from) || - (a.to.equalTo(*b.from) && (a.toInclusive || b.fromInclusive)) -} \ No newline at end of file diff --git a/composer/version/range_test.go b/composer/version/range_test.go deleted file mode 100644 index 6818166..0000000 --- a/composer/version/range_test.go +++ /dev/null @@ -1,558 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package version - -import ( - "reflect" - "testing" -) - -var ( - v1 = &Version{1, 0, 0, 0} - v2 = &Version{2, 0, 0, 0} - v3 = &Version{3, 0, 0, 0} - v4 = &Version{4, 0, 0, 0} - v5 = &Version{5, 0, 0, 0} - - unbounded = &Range{} - - r1i2 = &Range{v1, true, v2, false} - r1i2i = &Range{v1, true, v2, true} - r1i3 = &Range{v1, true, v3, false} - r1i3i = &Range{v1, true, v3, true} - r2i3 = &Range{v2, true, v3, false} - r2i3i = &Range{v2, true, v3, true} - r12 = &Range{v1, false, v2, false} - r12i = &Range{v1, false, v2, true} - r13 = &Range{v1, false, v3, false} - r13i = &Range{v1, false, v3, true} - r14 = &Range{v1, false, v4, false} - r15 = &Range{v1, false, v5, false} - r23 = &Range{v2, false, v3, false} - r24 = &Range{v2, false, v4, false} - r34 = &Range{v3, false, v4, false} - r35 = &Range{v3, false, v5, false} - - l1 = &Range{nil, false, v1, false} - l2 = &Range{nil, false, v2, false} - l3 = &Range{nil, false, v3, false} - l4 = &Range{nil, false, v4, false} - - g1 = &Range{v1, false, nil, false} - g2 = &Range{v2, false, nil, false} - g3 = &Range{v3, false, nil, false} - g4 = &Range{v4, false, nil, false} -) - -func TestNewRange(t *testing.T) { - tests := []struct { - optionFuncs []RangeOptionFunc - want *Range - wantErr bool - }{ - { - []RangeOptionFunc{}, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveCeiling(v1), - }, - &Range{nil, false, v1, true}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveCeiling(v1), - }, - &Range{nil, false, v1, false}, - false, - }, - { - []RangeOptionFunc{ - WithoutCeiling(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveCeiling(v1), - WithoutCeiling(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveCeiling(v1), - WithoutCeiling(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveFloor(v1), - }, - &Range{v1, true, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveFloor(v1), - }, - &Range{v1, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithoutFloor(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveFloor(v1), - WithoutFloor(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveFloor(v1), - WithoutFloor(), - }, - &Range{nil, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveCeiling(v1), - WithInclusiveFloor(v2), - }, - &Range{v2, true, v1, true}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveCeiling(v1), - WithNonInclusiveFloor(v2), - }, - &Range{v2, false, v1, true}, - false, - }, - { - []RangeOptionFunc{ - WithInclusiveCeiling(v1), - WithoutFloor(), - }, - &Range{nil, false, v1, true}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveCeiling(v1), - WithInclusiveFloor(v2), - }, - &Range{v2, true, v1, false}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveCeiling(v1), - WithNonInclusiveFloor(v2), - }, - &Range{v2, false, v1, false}, - false, - }, - { - []RangeOptionFunc{ - WithNonInclusiveCeiling(v1), - WithoutFloor(), - }, - &Range{nil, false, v1, false}, - false, - }, - { - []RangeOptionFunc{ - WithoutCeiling(), - WithInclusiveFloor(v1), - }, - &Range{v1, true, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithoutCeiling(), - WithNonInclusiveFloor(v1), - }, - &Range{v1, false, nil, false}, - false, - }, - { - []RangeOptionFunc{ - WithoutCeiling(), - WithoutFloor(), - }, - &Range{nil, false, nil, false}, - false, - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if reflect.DeepEqual(v1, v2) { - t.Errorf("bad implmentation v1 == v2") - } - - got, err := NewRange(tt.optionFuncs...) - - if tt.wantErr && (err == nil) { - t.Errorf("NewRange() error = %v, wantErr %v", err, tt.wantErr) - return - } - if !tt.wantErr && (err != nil) { - t.Errorf("NewRange() error = %v, wantErr %v", err, tt.wantErr) - return - } - - if !reflect.DeepEqual(*got, *tt.want) { - t.Errorf("NewRange() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestRange_String(t *testing.T) { - v1234 := &Version{1, 2, 3, 4} - v9876 := &Version{9, 8, 7, 6} - - type fields struct { - from *Version - fromInclusive bool - to *Version - toInclusive bool - } - tests := []struct { - fields fields - want string - }{ - {fields{}, "*"}, - {fields{v1234, false, nil, false}, ">1.2.3.4"}, - {fields{v1234, true, nil, false}, ">=1.2.3.4"}, - {fields{v1234, false, nil, true}, ">1.2.3.4"}, - {fields{v1234, true, nil, true}, ">=1.2.3.4"}, - {fields{nil, false, v1234, false}, "<1.2.3.4"}, - {fields{nil, false, v1234, true}, "<=1.2.3.4"}, - {fields{nil, true, v1234, false}, "<1.2.3.4"}, - {fields{nil, true, v1234, true}, "<=1.2.3.4"}, - {fields{v1234, false, v9876, false}, ">1.2.3.4 <9.8.7.6"}, - {fields{v1234, false, v9876, true}, ">1.2.3.4 <=9.8.7.6"}, - {fields{v1234, true, v9876, false}, ">=1.2.3.4 <9.8.7.6"}, - {fields{v1234, true, v9876, true}, ">=1.2.3.4 <=9.8.7.6"}, - {fields{v1234, true, v1234, true}, "1.2.3.4"}, - } - for _, tt := range tests { - t.Run(tt.want, func(t *testing.T) { - r := Range{ - from: tt.fields.from, - fromInclusive: tt.fields.fromInclusive, - to: tt.fields.to, - toInclusive: tt.fields.toInclusive, - } - if got := r.String(); got != tt.want { - t.Errorf("String() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestConstraint_String(t *testing.T) { - tests := []struct { - name string - c Constraint - want string - }{ - { - "empty", - []*Range{}, - "", - }, - { - "single", - []*Range{r12}, - ">1 <2", - }, - { - "no overlap", - []*Range{r12, r23, r34}, - ">1 <2||>2 <3||>3 <4", - }, - { - "without floor", - []*Range{l1, l2}, - "<2", - }, - { - "without floor", - []*Range{l2, l3, l1}, - "<3", - }, - { - "without floor", - []*Range{l4, l3, l2, l1}, - "<4", - }, - { - "without celling", - []*Range{g1, g2}, - ">1", - }, - { - "without celling", - []*Range{g2, g3, g1}, - ">1", - }, - { - "without celling", - []*Range{g4, g3, g2, g1}, - ">1", - }, - { - "overlap", - []*Range{r13, r24}, - ">1 <4", - }, - { - "overlap", - []*Range{r24, r13, r35}, - ">1 <5", - }, - { - "touching", - []*Range{r12i, r23}, - ">1 <3", - }, - { - "touching", - []*Range{r12, r2i3}, - ">1 <3", - }, - { - "touching", - []*Range{r1i2i, r23}, - ">=1 <3", - }, - { - "touching", - []*Range{r12, r2i3i}, - ">1 <=3", - }, - { - "touching", - []*Range{r1i2, r2i3i}, - ">=1 <=3", - }, - { - "included", - []*Range{r14, r23}, - ">1 <4", - }, - { - "included", - []*Range{r23, r14}, - ">1 <4", - }, - { - "unbounded", - []*Range{unbounded}, - "*", - }, - { - "unbounded", - []*Range{unbounded, unbounded}, - "*", - }, - { - "unbounded", - []*Range{r12, unbounded}, - "*", - }, - { - "unbounded", - []*Range{unbounded, r12}, - "*", - }, - { - "unbounded", - []*Range{r14, r23, unbounded, r13, r24}, - "*", - }, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if got := tt.c.String(); got != tt.want { - t.Errorf("String() = %v, want %v", got, tt.want) - } - }) - } -} - -func Test_or(t *testing.T) { - tests := []struct { - name string - args []*Range - want []*Range - }{ - { - "empty", - []*Range{}, - nil, - }, - { - "nil", - nil, - nil, - }, - { - "single", - []*Range{r12}, - []*Range{r12}, - }, - { - "no overlap", - []*Range{r12, r23, r34}, - []*Range{r12, r23, r34}, - }, - { - "without floor", - []*Range{l1, l2}, - []*Range{l2}, - }, - { - "without floor", - []*Range{l2, l3, l1}, - []*Range{l3}, - }, - { - "without floor", - []*Range{l4, l3, l2, l1}, - []*Range{l4}, - }, - { - "without celling", - []*Range{g1, g2}, - []*Range{g1}, - }, - { - "without celling", - []*Range{g2, g3, g1}, - []*Range{g1}, - }, - { - "without celling", - []*Range{g4, g3, g2, g1}, - []*Range{g1}, - }, - { - "overlap", - []*Range{r13, r24}, - []*Range{r14}, - }, - { - "overlap", - []*Range{r24, r13, r35}, - []*Range{r15}, - }, - { - "touching", - []*Range{r12i, r23}, - []*Range{r13}, - }, - { - "touching", - []*Range{r12, r2i3}, - []*Range{r13}, - }, - { - "touching", - []*Range{r1i2i, r23}, - []*Range{r1i3}, - }, - { - "touching", - []*Range{r12, r2i3i}, - []*Range{r13i}, - }, - { - "touching", - []*Range{r1i2, r2i3i}, - []*Range{r1i3i}, - }, - { - "included", - []*Range{r14, r23}, - []*Range{r14}, - }, - { - "included", - []*Range{r23, r14}, - []*Range{r14}, - }, - { - "unbounded", - []*Range{unbounded}, - []*Range{unbounded}, - }, - { - "unbounded", - []*Range{unbounded, unbounded}, - []*Range{unbounded}, - }, - { - "unbounded", - []*Range{r12, unbounded}, - []*Range{unbounded}, - }, - { - "unbounded", - []*Range{unbounded, r12}, - []*Range{unbounded}, - }, - { - "unbounded", - []*Range{r14, r23, unbounded, r13, r24}, - []*Range{unbounded}, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := or(tt.args...); !reflect.DeepEqual(got, tt.want) { - t.Errorf("or() = %v, want %v", got, tt.want) - } - }) - } -} \ No newline at end of file diff --git a/composer/version/version.go b/composer/version/version.go deleted file mode 100644 index 1cf9a16..0000000 --- a/composer/version/version.go +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package version - -import ( - "errors" - "fmt" - "regexp" - "strconv" - "strings" -) - -const ( - regex = `^v?[[:blank:]]?(?P\d+)(\.(?P\d+)(\.(?P\d+)(\.(?P\d+)?)?)?)?` -) - -var ( - ErrMalformedVersionString = errors.New("malformed version string") -) - -type Version struct { - major uint64 - minor uint64 - patch uint64 - revision uint64 -} - -// New parses a given string and returns a pointer of [Version] or an error -// if unable to parse the version. If the version string is not composer -// compilable it attempts to convert it. -func New(v string) (*Version, error) { - r := regexp.MustCompile(regex) - - if !r.MatchString(v) { - return nil, fmt.Errorf("unable to parse %q: %w", v, ErrMalformedVersionString) - } - - ver := &Version{} - - m := r.FindStringSubmatch(v) - for i, name := range r.SubexpNames() { - n, err := strconv.ParseUint(m[i], 10, 0) - if err != nil { - continue - } - - switch name { - case "major": - ver.major = n - case "minor": - ver.minor = n - case "patch": - ver.patch = n - case "revision": - ver.revision = n - } - } - - return ver, nil -} - -// normalize returns the normalized formatting of the version. It fills in any -// missing .MINOR or .PATCH or .REVISION. Two versions are compared equal only -// if their normalized formatting are identical strings. -func (v Version) normalize() string { - return fmt.Sprintf("%d.%d.%d.%d", v.major, v.minor, v.patch, v.revision) -} - -func (v Version) String() string { - s := v.normalize() - - s, _ = strings.CutSuffix(s, ".0") // revision - s, _ = strings.CutSuffix(s, ".0") // patch - s, _ = strings.CutSuffix(s, ".0") // minor - - return s -} - -// compare this version to another one. It returns -1, 0 or 1 if the version -// is smaller, equal or larger than the other version respectively. -func (v Version) compare(o Version) int { - if d := compareUint(v.major, o.major); d != 0 { - return d - } - if d := compareUint(v.minor, o.minor); d != 0 { - return d - } - if d := compareUint(v.patch, o.patch); d != 0 { - return d - } - - return compareUint(v.revision, o.revision) -} - -func compareUint(i, j uint64) int { - switch { - case i < j: - return -1 - case i > j: - return 1 - default: - return 0 - } -} - -func (v Version) equalTo(o Version) bool { - return v.compare(o) == 0 -} - -func (v Version) greaterThan(o Version) bool { - return v.compare(o) > 0 -} - -func (v Version) lessThan(o Version) bool { - return v.compare(o) < 0 -} \ No newline at end of file diff --git a/composer/version/version_test.go b/composer/version/version_test.go deleted file mode 100644 index 38bcd2b..0000000 --- a/composer/version/version_test.go +++ /dev/null @@ -1,314 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package version - -import ( - "errors" - "fmt" - "testing" -) - -// tests is modified from `composer/semver`'s test. -// https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L65-L134 -// https://github.com/composer/semver/blob/fa1ec24f0ab1efe642671ec15c51a3ab879f59bf/tests/VersionParserTest.php#L150-L174 -var tests = []struct { - name string - in string - out string -}{ - // From `VersionParserTest::successfulNormalizedVersions()` - {"none", "1.0.0", "1.0.0.0"}, - {"none/2", "1.2.3.4", "1.2.3.4"}, - //{"parses state", "1.0.0RC1dev", "1.0.0.0-RC1-dev"}, - //{"CI parsing", "1.0.0-rC15-dev", "1.0.0.0-RC15-dev"}, - //{"delimiters", "1.0.0.RC.15-dev", "1.0.0.0-RC15-dev"}, - //{"RC uppercase", "1.0.0-rc1", "1.0.0.0-RC1"}, - //{"patch replace", "1.0.0.pl3-dev", "1.0.0.0-patch3-dev"}, - //{"forces w.x.y.z", "1.0-dev", "1.0.0.0-dev"}, - {"forces w.x.y.z/2", "0", "0.0.0.0"}, - //{"parses long", "10.4.13-beta", "10.4.13.0-beta"}, - //{"parses long/2", "10.4.13beta2", "10.4.13.0-beta2"}, - //{"parses long/semver", "10.4.13beta.2", "10.4.13.0-beta2"}, - //{"parses long/semver2", "v1.13.11-beta.0", "1.13.11.0-beta0"}, - //{"parses long/semver3", "1.13.11.0-beta0", "1.13.11.0-beta0"}, - //{"expand shorthand", "10.4.13-b", "10.4.13.0-beta"}, - //{"expand shorthand/2", "10.4.13-b5", "10.4.13.0-beta5"}, - {"strips leading v", "v1.0.0", "1.0.0.0"}, - //{"parses dates y-m as classical", "2010.01", "2010.01.0.0"}, - //{"parses dates w/ . as classical", "2010.01.02", "2010.01.02.0"}, - {"parses dates y.m.Y as classical", "2010.1.555", "2010.1.555.0"}, - {"parses dates y.m.Y/2 as classical", "2010.10.200", "2010.10.200.0"}, - //{"strips v/datetime", "v20100102", "20100102"}, - //{"parses dates w/ -", "2010-01-02", "2010.01.02"}, - //{"parses dates w/ .", "2012.06.07", "2012.06.07.0"}, - //{"parses numbers", "2010-01-02.5", "2010.01.02.5"}, - {"parses dates y.m.Y", "2010.1.555", "2010.1.555.0"}, - //{"parses datetime", "20100102-203040", "20100102.203040"}, - //{"parses date dev", "20100102.x-dev", "20100102.9999999.9999999.9999999-dev"}, - //{"parses datetime dev", "20100102.203040.x-dev", "20100102.203040.9999999.9999999-dev"}, - //{"parses dt+number", "20100102203040-10", "20100102203040.10"}, - //{"parses dt+patch", "20100102-203040-p1", "20100102.203040-patch1"}, - //{"parses dt Ym", "201903.0", "201903.0"}, - //{"parses dt Ym dev", "201903.x-dev", "201903.9999999.9999999.9999999-dev"}, - //{"parses dt Ym+patch", "201903.0-p2", "201903.0-patch2"}, - //{"parses master", "dev-master", "dev-master"}, - //{"parses master w/o dev", "master", "dev-master"}, - //{"parses trunk", "dev-trunk", "dev-trunk"}, - //{"parses branches", "1.x-dev", "1.9999999.9999999.9999999-dev"}, - //{"parses arbitrary", "dev-feature-foo", "dev-feature-foo"}, - //{"parses arbitrary/2", "DEV-FOOBAR", "dev-FOOBAR"}, - //{"parses arbitrary/3", "dev-feature/foo", "dev-feature/foo"}, - //{"parses arbitrary/4", "dev-feature+issue-1", "dev-feature+issue-1"}, - //{"ignores aliases", "dev-master as 1.0.0", "dev-master"}, - //{"ignores aliases/2", "dev-load-varnish-only-when-used as ^2.0", "dev-load-varnish-only-when-used"}, - //{"ignores aliases/3", "dev-load-varnish-only-when-used@dev as ^2.0@dev", "dev-load-varnish-only-when-used"}, - {"ignores stability", "1.0.0+foo@dev", "1.0.0.0"}, - //{"ignores stability/2", "dev-load-varnish-only-when-used@stable", "dev-load-varnish-only-when-used"}, - //{"semver metadata/2", "1.0.0-beta.5+foo", "1.0.0.0-beta5"}, - {"semver metadata/3", "1.0.0+foo", "1.0.0.0"}, - //{"semver metadata/4", "1.0.0-alpha.3.1+foo", "1.0.0.0-alpha3.1"}, - //{"semver metadata/5", "1.0.0-alpha2.1+foo", "1.0.0.0-alpha2.1"}, - //{"semver metadata/6", "1.0.0-alpha-2.1-3+foo", "1.0.0.0-alpha2.1-3"}, - // not supported for BC "semver metadata/7", "1.0.0-0.3.7", "1.0.0.0-0.3.7"}, - // not supported for BC "semver metadata/8", "1.0.0-x.7.z.92", "1.0.0.0-x.7.z.92"}, - {"metadata w/ alias", "1.0.0+foo as 2.0", "1.0.0.0"}, - //{"keep zero-padding", "00.01.03.04", "00.01.03.04"}, - //{"keep zero-padding/2", "000.001.003.004", "000.001.003.004"}, - //{"keep zero-padding/3", "0.000.103.204", "0.000.103.204"}, - //{"keep zero-padding/4", "0700", "0700.0.0.0"}, - //{"keep zero-padding/5", "041.x-dev", "041.9999999.9999999.9999999-dev"}, - //{"keep zero-padding/6", "dev-041.003", "dev-041.003"}, - //{"dev with mad name", "dev-1.0.0-dev<1.0.5-dev", "dev-1.0.0-dev<1.0.5-dev"}, - //{"dev prefix with spaces", "dev-foo bar", "dev-foo bar"}, - {"space padding", " 1.0.0", "1.0.0.0"}, - {"space padding/2", "1.0.0 ", "1.0.0.0"}, - - // From `VersionParserTest::failingNormalizedVersions()` - {"empty ", "", ""}, - {"invalid chars", "a", ""}, - //{"invalid type", "1.0.0-meh", ""}, - //{"too many bits", "1.0.0.0.0", ""}, - {"non-dev arbitrary", "feature-foo", ""}, - //{"metadata w/ space", "1.0.0+foo bar", ""}, - //{"maven style release", "1.0.1-SNAPSHOT", ""}, - //{"dev with less than", "1.0.0<1.0.5-dev", ""}, - //{"dev with less than/2", "1.0.0-dev<1.0.5-dev", ""}, - {"dev suffix with spaces", "foo bar-dev", ""}, - //{"any with spaces", "1.0 .2", ""}, - {"no version, no alias", " as ", ""}, - {"no version, only alias", " as 1.2", ""}, - {"just an operator", "^", ""}, - {"just an operator/2", "^8 || ^", ""}, - {"just an operator/3", "~", ""}, - {"just an operator/4", "~1 ~", ""}, - {"constraint", "~1", ""}, - {"constraint/2", "^1", ""}, - //{"constraint/3", "1.*", ""}, -} - -func TestNewVersion(t *testing.T) { - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := New(tt.in) - - if tt.out == "" { - if err == nil { - t.Errorf("New() error = nil, want error") - } - - if !errors.Is(err, ErrMalformedVersionString) { - t.Errorf("New() error = %v, want ErrMalformedVersionString", err) - } - - return - } - - if err != nil { - t.Errorf("New() error = %v, want nil", err) - return - } - if got.normalize() != tt.out { - t.Errorf("New() got = %v, want %v", got, tt.out) - } - }) - } -} - -func TestVersion_String(t *testing.T) { - type fields struct { - major uint64 - minor uint64 - patch uint64 - revision uint64 - } - tests := []struct { - fields fields - want string - }{ - // No zero. - {fields{1, 2, 3, 4}, "1.2.3.4"}, - //// 1 zero. - {fields{1, 2, 3, 0}, "1.2.3"}, - {fields{1, 2, 0, 4}, "1.2.0.4"}, - {fields{1, 0, 3, 4}, "1.0.3.4"}, - {fields{0, 2, 3, 4}, "0.2.3.4"}, - //// 2 zeros. - {fields{1, 2, 0, 0}, "1.2"}, - {fields{1, 0, 3, 0}, "1.0.3"}, - {fields{0, 2, 3, 0}, "0.2.3"}, - {fields{1, 0, 0, 4}, "1.0.0.4"}, - {fields{0, 2, 0, 4}, "0.2.0.4"}, - {fields{0, 0, 3, 4}, "0.0.3.4"}, - //// 3 zeros. - {fields{1, 0, 0, 0}, "1"}, - {fields{0, 2, 0, 0}, "0.2"}, - {fields{0, 0, 3, 0}, "0.0.3"}, - {fields{0, 0, 0, 4}, "0.0.0.4"}, - // 4 zeros. - {fields{0, 0, 0, 0}, "0"}, - // - {fields{10, 2, 3, 4}, "10.2.3.4"}, - {fields{1, 20, 3, 4}, "1.20.3.4"}, - {fields{1, 2, 30, 4}, "1.2.30.4"}, - {fields{1, 2, 3, 40}, "1.2.3.40"}, - {fields{10, 20, 30, 40}, "10.20.30.40"}, - } - for _, tt := range tests { - t.Run( - fmt.Sprintf("%d.%d.%d.%d", tt.fields.major, tt.fields.minor, tt.fields.patch, tt.fields.revision), - func(t *testing.T) { - v := Version{ - major: tt.fields.major, - minor: tt.fields.minor, - patch: tt.fields.patch, - revision: tt.fields.revision, - } - if got := v.String(); got != tt.want { - t.Errorf("String() = %v, want %v", got, tt.want) - } - }) - } -} - -func TestVersion_compare(t *testing.T) { - tests := []struct { - v Version - o Version - want int - }{ - {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, 0}, - {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, 1}, - {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, 1}, - {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, 1}, - {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, 1}, - {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, -1}, - {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, -1}, - {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, -1}, - {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, -1}, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if got := tt.v.compare(tt.o); got != tt.want { - t.Errorf("'%s'.compare('%s') = %v, want %v", tt.v, tt.o, got, tt.want) - } - }) - } -} - -func TestVersion_equalTo(t *testing.T) { - tests := []struct { - v Version - o Version - want bool - }{ - {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, true}, - {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, true}, - {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, false}, - {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, false}, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if got := tt.v.equalTo(tt.o); got != tt.want { - t.Errorf("'%s'.equalTo('%s') = %v, want %v", tt.v, tt.o, got, tt.want) - } - }) - } -} - -func TestVersion_greaterThan(t *testing.T) { - tests := []struct { - v Version - o Version - want bool - }{ - {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, false}, - {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, true}, - {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, false}, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if got := tt.v.greaterThan(tt.o); got != tt.want { - t.Errorf("'%s'.greaterThan('%s') = %v, want %v", tt.v, tt.o, got, tt.want) - } - }) - } -} - -func TestVersion_lessThan(t *testing.T) { - tests := []struct { - v Version - o Version - want bool - }{ - {Version{0, 0, 0, 0}, Version{0, 0, 0, 0}, false}, - {Version{1, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{2, 2, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 3, 3, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 4, 4}, Version{1, 2, 3, 4}, false}, - {Version{1, 2, 3, 5}, Version{1, 2, 3, 4}, false}, - {Version{0, 2, 3, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 1, 3, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 2, 2, 4}, Version{1, 2, 3, 4}, true}, - {Version{1, 2, 3, 3}, Version{1, 2, 3, 4}, true}, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - if got := tt.v.lessThan(tt.o); got != tt.want { - t.Errorf("'%s'.lessThan('%s') = %v, want %v", tt.v, tt.o, got, tt.want) - } - }) - } -} \ No newline at end of file diff --git a/go.mod b/go.mod index 54fdd3b..397cf2e 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,3 @@ module github.com/typisttech/wpsecadvi -go 1.21.0 - -require ( - github.com/google/go-cmp v0.5.9 - github.com/spf13/cobra v1.7.0 - golang.org/x/net v0.15.0 -) - -require ( - github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect -) +go 1.21.6 diff --git a/go.sum b/go.sum index aeab9a5..e69de29 100644 --- a/go.sum +++ b/go.sum @@ -1,14 +0,0 @@ -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= -github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/repo.go b/repo.go deleted file mode 100644 index 235336a..0000000 --- a/repo.go +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wpsecadvi - -//type repo interface { -// Get(ctx context.Context) ([]*wp.Entity, error) -//} -// -//type Client struct { -// // HTTPClient provides a http.Client fetch Wordfence data feed. -// // If the client is nil, http.DefaultClient is used. -// HTTPClient *http.Client -// // URL to the Wordfence data feed. -// // If the URL is empty, ProductionFeed is used. -// URL string -//} -// -//func (c Client) fetch(ctx context.Context) (map[string]Vulnerability, error) { -// url := c.URL -// if url == "" { -// url = ProductionFeed -// } -// -// return get[map[string]Vulnerability](ctx, c.HTTPClient, url) -//} \ No newline at end of file diff --git a/wordfence/client.go b/wordfence/client.go deleted file mode 100644 index eee12c8..0000000 --- a/wordfence/client.go +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - "slices" - - "golang.org/x/net/context/ctxhttp" -) - -const ( - // ProductionFeed is the data feed with detailed records that have been fully - // analyzed by the Wordfence team. - ProductionFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/production" - - // ScannerFeed is the data feed with minimal format that provides detection - // information for newly discovered vulnerabilities that are actively being - // researched in addition to those included in the ProductionFeed. - ScannerFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" -) - -// excludeFunc returns true if a [Vulnerability] should be excluded from [Repo.Get] result. -type excludeFunc func(v Vulnerability) bool - -type Client struct { - // HTTPClient provides a http.Client fetch Wordfence data feed. - // If the client is nil, http.DefaultClient is used. - HTTPClient *http.Client - // URL to the Wordfence data feed. - // If the URL is empty, ProductionFeed is used. - URL string - - excludeFuncs []excludeFunc -} - -// WhereIDNotIn excludes [Vulnerability] results by IDs. -func (c *Client) WhereIDNotIn(ids ...string) *Client { - return c.withExcludeFunc(func(v Vulnerability) bool { - return slices.Contains(ids, v.ID) - }) -} - -// WhereCVENotIn excludes [Vulnerability] by CVEs. -func (c *Client) WhereCVENotIn(cves ...string) *Client { - return c.withExcludeFunc(func(v Vulnerability) bool { - return slices.Contains(cves, v.CVE) - }) -} - -func (c *Client) withExcludeFunc(fn excludeFunc) *Client { - c.excludeFuncs = append(c.excludeFuncs, fn) - return c -} - -func (c *Client) fetch(ctx context.Context) (vulnerabilities, error) { - url := c.URL - if url == "" { - url = ProductionFeed - } - - vsMap, err := get[map[string]Vulnerability](ctx, c.HTTPClient, url) - if err != nil { - return nil, fmt.Errorf("failed to fetch vulnerabilities from Wordfence feed %s: %w", url, err) - } - - vs := make(vulnerabilities, 0, len(vsMap)) - for _, v := range vsMap { - vs = append(vs, v) - } - - for _, fn := range c.excludeFuncs { - vs = slices.DeleteFunc(vs, fn) - } - - if len(vs) == 0 { - return nil, fmt.Errorf("no vulnerabilities found from Wordfence feed %s", url) - } - - return vs, nil -} - -func get[T any](ctx context.Context, client *http.Client, url string) (T, error) { - var out T - - res, err := ctxhttp.Get(ctx, client, url) - if err != nil { - return out, err - } - defer res.Body.Close() - - if res.StatusCode != http.StatusOK { - return out, fmt.Errorf("HTTP GET request failed with %s", res.Status) - } - - if err := json.NewDecoder(res.Body).Decode(&out); err != nil { - return out, err - } - - return out, nil -} \ No newline at end of file diff --git a/wordfence/client_test.go b/wordfence/client_test.go deleted file mode 100644 index 8d8032a..0000000 --- a/wordfence/client_test.go +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "context" - "errors" - "net/http" - "net/http/httptest" - "os" - "testing" - "time" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" -) - -func TestClient_fetch(t *testing.T) { - tests := []struct { - name string - fixture string - want vulnerabilities - wantErr bool - }{ - { - "production example", - "testdata/production.example.json", - productionExample, - false, - }, - { - "production multiple", - "testdata/production.multiple.json", - productionMultiple, - false, - }, - { - "scanner example", - "testdata/scanner.example.json", - scannerExample, - false, - }, - { - "empty", - "testdata/empty.json", - vulnerabilities{}, - false, - }, - { - "empty", - "testdata/not-json.json", - nil, - true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusOK) - - file, _ := os.ReadFile(tt.fixture) - _, _ = w.Write(file) - })) - defer ts.Close() - - c := Client{ - HTTPClient: ts.Client(), - URL: ts.URL, - } - ctx := context.Background() - - got, err := c.fetch(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("fetch() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmpopts.SortSlices(func(a, b Vulnerability) bool { - return a.ID < b.ID - }), - ) - if diff != "" { - t.Errorf("fetch() mismatch (-want +got):\n%s", diff) - } - }) - } -} - -func TestClient_fetch_cancelable(t *testing.T) { - - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusOK) - - file, _ := os.ReadFile("testdata/production.example.json") - _, _ = w.Write(file) - - time.Sleep(1 * time.Second) - })) - defer ts.Close() - - c := Client{ - HTTPClient: ts.Client(), - URL: ts.URL, - } - - ctx := context.Background() - ctx, cancel := context.WithCancel(ctx) - cancel() - - _, err := c.fetch(ctx) - - if !errors.Is(err, context.Canceled) { - t.Errorf("fetch() error = %v, want %v", err, context.Canceled) - } -} - -func TestClient_fetch_http_error(t *testing.T) { - - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusNotFound) - - file, _ := os.ReadFile("testdata/production.example.json") - _, _ = w.Write(file) - })) - defer ts.Close() - - c := Client{ - HTTPClient: ts.Client(), - URL: ts.URL, - } - ctx := context.Background() - - _, err := c.fetch(ctx) - - if err == nil { - t.Errorf("fetch() error = %v, wantErr true", err) - } -} - -func TestClient_WhereIDNotIn(t *testing.T) { - tests := []struct { - fixture string - ids []string - want vulnerabilities - wantErr bool - }{ - { - fixture: "testdata/production.multiple.json", - ids: nil, - want: productionMultiple, - wantErr: false, - }, - { - fixture: "testdata/production.multiple.json", - ids: []string{}, - want: productionMultiple, - wantErr: false, - }, - { - fixture: "testdata/production.multiple.json", - ids: []string{"014da588-9494-493e-8659-590b8e8c14a6"}, // wpgsi & wpgsiProfessional - want: append(productionMultiple[0:2], productionMultiple[3:]...), - wantErr: false, - }, - //{ - // fixture: "testdata/production.multiple.json", - // ids: []string{ - // "0114f098-713d-4eef-8643-901f607375de", // core - // "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional - // }, - // want: append(productionMultiple[1:2], productionMultiple[4:]...), - // wantErr: false, - //}, - //{ - // fixture: "testdata/production.multiple.json", - // ids: []string{ - // "0114f098-713d-4eef-8643-901f607375de", // core - // "01179ac2-ad68-4a5d-af67-70d57ed611d2", // simpleShippingEdd - // "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional - // "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate - // }, - // want: nil, - // wantErr: true, - //}, - } - for _, tt := range tests { - t.Run("", func(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusOK) - - file, _ := os.ReadFile(tt.fixture) - _, _ = w.Write(file) - })) - defer ts.Close() - - c := Client{ - HTTPClient: ts.Client(), - URL: ts.URL, - } - ctx := context.Background() - - got, err := c.WhereIDNotIn(tt.ids...).fetch(ctx) - - if (err != nil) != tt.wantErr { - t.Errorf("WhereIDNotIn().fetch() error = %v, wantErr %v", err, tt.wantErr) - return - } - - diff := cmp.Diff( - tt.want, - got, - cmpopts.SortSlices(func(a, b Vulnerability) bool { - return a.ID < b.ID - }), - cmpopts.SortSlices(func(a, b Software) bool { - return a.Type+a.Slug < b.Type+b.Slug - }), - ) - if diff != "" { - t.Errorf("WhereIDNotIn().fetch() mismatch (-want +got):\n%s", diff) - } - }) - } -} \ No newline at end of file diff --git a/wordfence/fixture_test.go b/wordfence/fixture_test.go deleted file mode 100644 index 0a4c2e9..0000000 --- a/wordfence/fixture_test.go +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "github.com/typisttech/wpsecadvi/composer/version" - "github.com/typisttech/wpsecadvi/wp" -) - -var ( - productionExample = []Vulnerability{ - { - ID: "848ccbdc-c6f1-480f-a272-cd459e706713", - Software: []Software{ - { - Type: "plugin", - Slug: "example", - AffectedVersions: map[string]AffectedVersion{ - "1.0.0 - 1.2.3": { - FromVersion: "1.0.0", - FromInclusive: true, - ToVersion: "1.2.3", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-1998-1000", - }, - } - - productionMultiple = []Vulnerability{ - { - ID: "0114f098-713d-4eef-8643-901f607375de", - Software: []Software{ - { - Type: "core", - Slug: "wordpress", - AffectedVersions: map[string]AffectedVersion{ - "[5.6, 5.6.7)": { - FromVersion: "5.6", - FromInclusive: true, - ToVersion: "5.6.7", - ToInclusive: false, - }, - "[5.7, 5.7.5)": { - FromVersion: "5.7", - FromInclusive: true, - ToVersion: "5.7.5", - ToInclusive: false, - }, - "[5.8, 5.8.3)": { - FromVersion: "5.8", - FromInclusive: true, - ToVersion: "5.8.3", - ToInclusive: false, - }, - }, - }, - }, - CVE: "CVE-2022-21664", - }, - { - ID: "01179ac2-ad68-4a5d-af67-70d57ed611d2", - Software: []Software{ - { - Type: "plugin", - Slug: "simple-shipping-edd", - AffectedVersions: map[string]AffectedVersion{ - "* - 2.1.3": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "2.1.3", - ToInclusive: true, - }, - }, - }, - }, - CVE: "CVE-2015-9527", - }, - { - ID: "014da588-9494-493e-8659-590b8e8c14a6", - Software: []Software{ - { - Type: "plugin", - Slug: "wpgsi", - AffectedVersions: map[string]AffectedVersion{ - "* - 3.5.0": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "3.5.0", - ToInclusive: true, - }, - }, - }, - { - Type: "plugin", - Slug: "wpgsi-professional", - AffectedVersions: map[string]AffectedVersion{ - "* - 3.5.1": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "3.5.1", - ToInclusive: true, - }, - }, - }, - }, - }, - { - ID: "06fee60a-e96c-49ce-9007-0d402ef46d72", - Software: []Software{ - { - Type: "theme", - Slug: "dt-chocolate", - AffectedVersions: map[string]AffectedVersion{ - "*": { - FromVersion: "*", - FromInclusive: true, - ToVersion: "*", - ToInclusive: true, - }, - }, - }, - }, - }, - } - - scannerExample = []Vulnerability{ - { - ID: "848ccbdc-c6f1-480f-a272-cd459e706713", - Software: []Software{ - { - Type: "plugin", - Slug: "example", - AffectedVersions: map[string]AffectedVersion{ - "1.0.0 - 1.2.3": { - FromVersion: "1.0.0", - FromInclusive: true, - ToVersion: "1.2.3", - ToInclusive: true, - }, - }, - }, - }, - }, - } -) - -func productionExampleEntities() []*wp.Entity { - e, _ := wp.NewPluginEntity("example") - - from, _ := version.New("1.0.0") - to, _ := version.New("1.2.3") - r, _ := version.NewRange( - version.WithInclusiveFloor(from), - version.WithInclusiveCeiling(to), - ) - - e.Or([]*version.Range{r}) - - return []*wp.Entity{e} -} - -func productionMultipleEntities() []*wp.Entity { - core := wp.NewCoreEntity() - coreFrom1, _ := version.New("5.6") - coreTo1, _ := version.New("5.6.7") - coreR1, _ := version.NewRange( - version.WithInclusiveFloor(coreFrom1), - version.WithNonInclusiveCeiling(coreTo1), - ) - coreFrom2, _ := version.New("5.7") - coreTo2, _ := version.New("5.7.5") - coreR2, _ := version.NewRange( - version.WithInclusiveFloor(coreFrom2), - version.WithNonInclusiveCeiling(coreTo2), - ) - coreFrom3, _ := version.New("5.8") - coreTo3, _ := version.New("5.8.3") - coreR3, _ := version.NewRange( - version.WithInclusiveFloor(coreFrom3), - version.WithNonInclusiveCeiling(coreTo3), - ) - core.Or([]*version.Range{coreR1, coreR2, coreR3}) - - simpleShippingEdd, _ := wp.NewPluginEntity("simple-shipping-edd") - simpleShippingEddTo, _ := version.New("2.1.3") - simpleShippingEddR, _ := version.NewRange( - version.WithoutFloor(), - version.WithInclusiveCeiling(simpleShippingEddTo), - ) - simpleShippingEdd.Or([]*version.Range{simpleShippingEddR}) - - wpgsi, _ := wp.NewPluginEntity("wpgsi") - wpgsiTo, _ := version.New("3.5.0") - wpgsiR, _ := version.NewRange( - version.WithoutFloor(), - version.WithInclusiveCeiling(wpgsiTo), - ) - wpgsi.Or([]*version.Range{wpgsiR}) - - wpgsiProfessional, _ := wp.NewPluginEntity("wpgsi-professional") - wpgsiProfessionalTo, _ := version.New("3.5.1") - wpgsiProfessionalR, _ := version.NewRange( - version.WithoutFloor(), - version.WithInclusiveCeiling(wpgsiProfessionalTo), - ) - wpgsiProfessional.Or([]*version.Range{wpgsiProfessionalR}) - - dtChocolate, _ := wp.NewThemeEntity("dt-chocolate") - dtChocolateR, _ := version.NewRange( - version.WithoutFloor(), - version.WithoutCeiling(), - ) - dtChocolate.Or([]*version.Range{dtChocolateR}) - - return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} -} - -func scannerExampleEntities() []*wp.Entity { - return productionExampleEntities() -} \ No newline at end of file diff --git a/wordfence/repo.go b/wordfence/repo.go deleted file mode 100644 index 6bb122e..0000000 --- a/wordfence/repo.go +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "context" - - "github.com/typisttech/wpsecadvi/wp" -) - -type fetcher interface { - fetch(ctx context.Context) (vulnerabilities, error) -} - -type Repo struct { - Client fetcher -} - -func (r *Repo) Get(ctx context.Context) ([]*wp.Entity, error) { - vs, err := r.Client.fetch(ctx) - if err != nil { - return nil, err - } - - return vs.entities() -} \ No newline at end of file diff --git a/wordfence/repo_test.go b/wordfence/repo_test.go deleted file mode 100644 index cb223d3..0000000 --- a/wordfence/repo_test.go +++ /dev/null @@ -1,255 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "context" -) - -type stub struct { - fixture []Vulnerability -} - -func (s stub) fetch(ctx context.Context) (vulnerabilities, error) { - return s.fixture, nil -} - -//func TestRepo_Get(t *testing.T) { -// tests := []struct { -// fixture []Vulnerability -// want []*wp.Entity -// wantErr bool -// }{ -// { -// fixture: productionExample, -// want: productionExampleEntities(), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// want: productionMultipleEntities(), -// wantErr: false, -// }, -// { -// fixture: scannerExample, -// want: scannerExampleEntities(), -// wantErr: false, -// }, -// } -// for _, tt := range tests { -// t.Run("", func(t *testing.T) { -// r := &Repo{ -// Client: stub{ -// fixture: tt.fixture, -// }, -// } -// ctx := context.Background() -// -// got, err := r.Get(ctx) -// -// if (err != nil) != tt.wantErr { -// t.Errorf("Get() error = %v, wantErr %v", err, tt.wantErr) -// return -// } -// -// diff := cmp.Diff( -// tt.want, -// got, -// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), -// cmpopts.SortSlices(func(a, b *wp.Entity) bool { -// return a.Slug() < b.Slug() -// }), -// cmpopts.SortSlices(func(a, b *version.Range) bool { -// return a.String() < b.String() -// }), -// ) -// if diff != "" { -// t.Errorf("Get() mismatch (-want +got):\n%s", diff) -// } -// }) -// } -//} - -// -//func TestRepo_Get_whereCVENotIn(t *testing.T) { -// //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} -// -// tests := []struct { -// fixture []Vulnerability -// cves []string -// want []*wp.Entity -// wantErr bool -// }{ -// { -// fixture: productionMultiple, -// cves: nil, -// want: productionMultipleEntities(), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// cves: []string{}, -// want: productionMultipleEntities(), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// cves: []string{"CVE-2022-21664"}, // core -// want: productionMultipleEntities()[1:], -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd -// want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// cves: []string{ -// "CVE-2022-21664", // core -// "CVE-2015-9527", // simpleShippingEdd -// }, -// want: productionMultipleEntities()[2:], -// wantErr: false, -// }, -// } -// for _, tt := range tests { -// t.Run("", func(t *testing.T) { -// r := &Repo{ -// Client: stub{ -// fixture: tt.fixture, -// }, -// } -// ctx := context.Background() -// -// got, err := r.WhereCVENotIn(tt.cves...).Get(ctx) -// -// if (err != nil) != tt.wantErr { -// t.Errorf("WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) -// return -// } -// -// diff := cmp.Diff( -// tt.want, -// got, -// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), -// cmpopts.SortSlices(func(a, b *wp.Entity) bool { -// return a.Slug() < b.Slug() -// }), -// cmpopts.SortSlices(func(a, b *version.Range) bool { -// return a.String() < b.String() -// }), -// ) -// if diff != "" { -// t.Errorf("WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) -// } -// }) -// } -//} -// -//func TestRepo_Get_whereNotIn(t *testing.T) { -// //return []*wp.Entity{core, simpleShippingEdd, wpgsi, wpgsiProfessional, dtChocolate} -// -// tests := []struct { -// fixture []Vulnerability -// ids []string -// cves []string -// want []*wp.Entity -// wantErr bool -// }{ -// { -// fixture: productionMultiple, -// ids: nil, -// cves: nil, -// want: productionMultipleEntities(), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// ids: []string{"0114f098-713d-4eef-8643-901f607375de"}, // core -// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd -// want: productionMultipleEntities()[2:], -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd -// cves: []string{"CVE-2022-21664"}, // core -// want: productionMultipleEntities()[2:], -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// ids: []string{"01179ac2-ad68-4a5d-af67-70d57ed611d2"}, // simpleShippingEdd -// cves: []string{"CVE-2015-9527"}, // simpleShippingEdd -// want: append(productionMultipleEntities()[0:1], productionMultipleEntities()[2:]...), -// wantErr: false, -// }, -// { -// fixture: productionMultiple, -// ids: []string{ -// "014da588-9494-493e-8659-590b8e8c14a6", // wpgsi & wpgsiProfessional -// "06fee60a-e96c-49ce-9007-0d402ef46d72", // dtChocolate -// }, -// cves: []string{ -// "CVE-2022-21664", // core -// "CVE-2015-9527", // simpleShippingEdd -// }, -// want: nil, -// wantErr: true, -// }, -// } -// for _, tt := range tests { -// t.Run("", func(t *testing.T) { -// r := &Repo{ -// Client: stub{ -// fixture: tt.fixture, -// }, -// } -// ctx := context.Background() -// -// got, err := r.WhereIDNotIn(tt.ids...).WhereCVENotIn(tt.cves...).Get(ctx) -// -// if (err != nil) != tt.wantErr { -// t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() error = %v, wantErr %v", err, tt.wantErr) -// return -// } -// -// diff := cmp.Diff( -// tt.want, -// got, -// cmp.AllowUnexported(wp.Entity{}, version.Range{}, version.Version{}), -// cmpopts.SortSlices(func(a, b *wp.Entity) bool { -// return a.Slug() < b.Slug() -// }), -// cmpopts.SortSlices(func(a, b *version.Range) bool { -// return a.String() < b.String() -// }), -// ) -// if diff != "" { -// t.Errorf("WhereIDNotIn().WhereCVENotIn().Get() mismatch (-want +got):\n%s", diff) -// } -// }) -// } -//} \ No newline at end of file diff --git a/wordfence/testdata/empty.json b/wordfence/testdata/empty.json deleted file mode 100644 index 9e26dfe..0000000 --- a/wordfence/testdata/empty.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/wordfence/testdata/not-json.json b/wordfence/testdata/not-json.json deleted file mode 100644 index b659543..0000000 --- a/wordfence/testdata/not-json.json +++ /dev/null @@ -1 +0,0 @@ -I am not a json. \ No newline at end of file diff --git a/wordfence/testdata/production.example.json b/wordfence/testdata/production.example.json deleted file mode 100644 index e471a95..0000000 --- a/wordfence/testdata/production.example.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "848ccbdc-c6f1-480f-a272-cd459e706713": { - "id": "848ccbdc-c6f1-480f-a272-cd459e706713", - "title": "Example Vulnerability", - "software": [ - { - "type": "plugin", - "name": "Example Plugin", - "slug": "example", - "affected_versions": { - "1.0.0 - 1.2.3": { - "from_version": "1.0.0", - "from_inclusive": true, - "to_version": "1.2.3", - "to_inclusive": true - } - }, - "patched": true, - "patched_versions": [ - "1.2.4" - ], - "remediation": "Update to version 1.2.4, or a newer patched version" - } - ], - "description": "An example vulnerability", - "references": [ - "http:\/\/www.wordfence.com/threat-intel/vulnerabilities/example" - ], - "cwe": { - "id": 80, - "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", - "description": "The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages." - }, - "cvss": { - "vector": "CVSS:3.1\/A:N\/I:L\/C:L\/S:U\/UI:N\/PR:N\/AC:L\/AV:N", - "score": 6.5, - "rating": "Medium" - }, - "cve": "CVE-1998-1000", - "cve_link": "https:\/\/www.cve.org\/CVERecord?id=CVE-1998-1000", - "researchers": [ - "A. Researcher" - ], - "published": "1998-01-09 00:00:00", - "updated": "2022-08-05 20:14:05", - "copyrights": { - "message": "This record contains material that is subject to copyright", - "defiant": { - "notice": "Copyright 2012-2023 Defiant Inc.", - "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you, include a hyperlink to this vulnerability record, and reproduce Defiant's copyright designation and this license in any such copy.", - "license_url": "https:\/\/www.wordfence.com\/wti-community-edition-terms-and-conditions\/" - }, - "mitre": { - "notice": "Copyright 1999-2022 The MITRE Corporation", - "license": "CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE\u00ae). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.", - "license_url": "https:\/\/www.cve.org\/Legal\/TermsOfUse" - } - } - } -} \ No newline at end of file diff --git a/wordfence/testdata/production.multiple.json b/wordfence/testdata/production.multiple.json deleted file mode 100644 index 2c3efa1..0000000 --- a/wordfence/testdata/production.multiple.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "0114f098-713d-4eef-8643-901f607375de": { - "id": "0114f098-713d-4eef-8643-901f607375de", - "software": [ - { - "type": "core", - "name": "WordPress", - "slug": "wordpress", - "affected_versions": { - "[5.6, 5.6.7)": { - "from_version": "5.6", - "from_inclusive": true, - "to_version": "5.6.7", - "to_inclusive": false - }, - "[5.7, 5.7.5)": { - "from_version": "5.7", - "from_inclusive": true, - "to_version": "5.7.5", - "to_inclusive": false - }, - "[5.8, 5.8.3)": { - "from_version": "5.8", - "from_inclusive": true, - "to_version": "5.8.3", - "to_inclusive": false - } - } - } - ], - "cve": "CVE-2022-21664" - }, - "01179ac2-ad68-4a5d-af67-70d57ed611d2": { - "id": "01179ac2-ad68-4a5d-af67-70d57ed611d2", - "software": [ - { - "type": "plugin", - "slug": "simple-shipping-edd", - "affected_versions": { - "* - 2.1.3": { - "from_version": "*", - "from_inclusive": true, - "to_version": "2.1.3", - "to_inclusive": true - } - } - } - ], - "cve": "CVE-2015-9527" - }, - "014da588-9494-493e-8659-590b8e8c14a6": { - "id": "014da588-9494-493e-8659-590b8e8c14a6", - "software": [ - { - "type": "plugin", - "slug": "wpgsi", - "affected_versions": { - "* - 3.5.0": { - "from_version": "*", - "from_inclusive": true, - "to_version": "3.5.0", - "to_inclusive": true - } - } - }, - { - "type": "plugin", - "slug": "wpgsi-professional", - "affected_versions": { - "* - 3.5.1": { - "from_version": "*", - "from_inclusive": true, - "to_version": "3.5.1", - "to_inclusive": true - } - } - } - ], - "cve": null - }, - "06fee60a-e96c-49ce-9007-0d402ef46d72": { - "id": "06fee60a-e96c-49ce-9007-0d402ef46d72", - "software": [ - { - "type": "theme", - "slug": "dt-chocolate", - "affected_versions": { - "*": { - "from_version": "*", - "from_inclusive": true, - "to_version": "*", - "to_inclusive": true - } - } - } - ], - "cve": null - } -} \ No newline at end of file diff --git a/wordfence/testdata/scanner.example.json b/wordfence/testdata/scanner.example.json deleted file mode 100644 index 989c344..0000000 --- a/wordfence/testdata/scanner.example.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "848ccbdc-c6f1-480f-a272-cd459e706713": { - "id": "848ccbdc-c6f1-480f-a272-cd459e706713", - "title": "Example Vulnerability", - "software": [ - { - "type": "plugin", - "name": "Example Plugin", - "slug": "example", - "affected_versions": { - "1.0.0 - 1.2.3": { - "from_version": "1.0.0", - "from_inclusive": true, - "to_version": "1.2.3", - "to_inclusive": true - } - }, - "patched": true, - "patched_versions": [ - "1.2.4" - ], - "references": [ - "http:\/\/www.wordfence.com/threat-intel/vulnerabilities/example" - ] - } - ], - "published": "1998-01-09 00:00:00", - "copyrights": { - "message": "This record contains material that is subject to copyright", - "defiant": { - "notice": "Copyright 2012-2023 Defiant Inc.", - "license": "Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you, include a hyperlink to this vulnerability record, and reproduce Defiant's copyright designation and this license in any such copy.", - "license_url": "https:\/\/www.wordfence.com\/wti-community-edition-terms-and-conditions\/" - } - } - } -} \ No newline at end of file diff --git a/wordfence/vulnerability.go b/wordfence/vulnerability.go deleted file mode 100644 index acbbb78..0000000 --- a/wordfence/vulnerability.go +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) 2022-2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wordfence - -import ( - "fmt" - - "github.com/typisttech/wpsecadvi/composer/version" - "github.com/typisttech/wpsecadvi/wp" -) - -// Vulnerability represents an item in the Wordfence data feed. -// -// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#data_format -type Vulnerability struct { - // ID is a UUID string that serves as a unique identifier for the vulnerability. - ID string `json:"id"` - // Software is a list of affected software specified for each vulnerability. - Software []Software `json:"software"` - // CVE is the CVE ID (i.e. "CVE-1998-1000") when assigned, empty otherwise. - CVE string `json:"cve"` -} - -// Software represents the affected software and version information. -// -// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#software_format -type Software struct { - // Type is one of "core", "plugin", or "theme". - Type string `json:"type"` - // Slug is an identifier for the software. - Slug string `json:"slug"` - // AffectedVersions is set of affected versions. - AffectedVersions AffectedVersions `json:"affected_versions"` -} - -// AffectedVersion represents -// -// See https://www.wordfence.com/intelligence-documentation/v2-accessing-and-consuming-the-vulnerability-data-feed/#affected_version_format -type AffectedVersion struct { - FromVersion string `json:"from_version"` - FromInclusive bool `json:"from_inclusive"` - ToVersion string `json:"to_version"` - ToInclusive bool `json:"to_inclusive"` -} - -type vulnerabilities []Vulnerability - -func (vs vulnerabilities) entities() ([]*wp.Entity, error) { - entities := make([]*wp.Entity, 0, len(vs)) - for _, v := range vs { - es, err := v.entities() - if err != nil { - continue - } - - entities = append(entities, es...) - } - - if len(entities) == 0 { - return nil, fmt.Errorf("unable to parse any wp entity from the %d vulnerabilities", len(vs)) - } - - return entities, nil -} - -func (v Vulnerability) entities() ([]*wp.Entity, error) { - es := make([]*wp.Entity, 0, len(v.Software)) - for _, s := range v.Software { - e, err := s.entity() - if err != nil { - continue - } - - es = append(es, e) - } - - if len(es) == 0 { - return nil, fmt.Errorf("unable to parse any wp entity from the %d software of vulnerability %s %s", len(v.Software), v.ID, v.CVE) - } - - return es, nil -} - -func (s Software) entity() (*wp.Entity, error) { - var e *wp.Entity - var err error - - switch s.Type { - case "core": - e = wp.NewCoreEntity() - case "plugin": - e, err = wp.NewPluginEntity(s.Slug) - if err != nil { - return nil, fmt.Errorf("unable to parse plugin entity: %w", err) - } - case "theme": - e, err = wp.NewThemeEntity(s.Slug) - if err != nil { - return nil, fmt.Errorf("unable to parse theme entity: %w", err) - } - default: - return nil, fmt.Errorf("unexpected software type: %s", s.Type) - } - - c, err := s.AffectedVersions.constraint() - if err != nil { - return nil, fmt.Errorf("unable to parse entity constraint for %s (%s): %w", s.Type, e.Slug(), err) - } - - e.Or(c) - - return e, nil -} - -type AffectedVersions map[string]AffectedVersion - -func (avs AffectedVersions) constraint() (version.Constraint, error) { - c := version.Constraint{} - - for _, av := range avs { - r, err := av.versionRange() - if err != nil { - continue - } - - c = append(c, r) - } - - if len(c) == 0 { - return nil, fmt.Errorf("unable to parse any version constraint from the %d affected versions", len(avs)) - } - - return c, nil -} - -func (av AffectedVersion) versionRange() (*version.Range, error) { - var from *version.Version - var err error - if av.FromVersion != "*" { - from, err = version.New(av.FromVersion) - if err != nil { - return nil, err - } - } - - var to *version.Version - if av.ToVersion != "*" { - to, err = version.New(av.ToVersion) - if err != nil { - return nil, err - } - } - - return version.NewRange( - version.WithFloor(from, av.FromInclusive), - version.WithCeiling(to, av.ToInclusive), - ) -} \ No newline at end of file diff --git a/wp/entity.go b/wp/entity.go deleted file mode 100644 index cc49e47..0000000 --- a/wp/entity.go +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2023 Typist Tech Limited - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package wp - -import ( - "errors" - - "github.com/typisttech/wpsecadvi/composer/version" -) - -type kind byte - -const ( - core kind = iota - plugin - theme -) - -var ( - ErrEmptyEntitySlug = errors.New("empty entity slug") -) - -type Entity struct { - kind kind - slug string - constraint version.Constraint -} - -func NewCoreEntity() *Entity { - return &Entity{kind: core, slug: "wordpress-core"} -} - -func NewPluginEntity(slug string) (*Entity, error) { - // TODO: Test me. - if slug == "" { - return nil, ErrEmptyEntitySlug - } - return &Entity{kind: plugin, slug: slug}, nil -} - -func NewThemeEntity(slug string) (*Entity, error) { - // TODO: Test me. - if slug == "" { - return nil, ErrEmptyEntitySlug - } - return &Entity{kind: theme, slug: slug}, nil -} - -//func (e *Entity) IsCore() bool { -// return e.kind == core -//} -// -//func (e *Entity) IsPlugin() bool { -// return e.kind == plugin -//} -// -//func (e *Entity) IsTheme() bool { -// return e.kind == theme -//} - -func (e *Entity) Slug() string { - return e.slug -} - -func (e *Entity) Constraint() version.Constraint { - return e.constraint -} - -func (e *Entity) Or(constraint version.Constraint) { - e.constraint = append(e.constraint, constraint...) -} \ No newline at end of file From cc0e9fa1926608abc9a1b195f245d7e27234ed1f Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:27:14 +0000 Subject: [PATCH 10/20] wip --- .github/workflows/codeql.yml | 30 ------------------------------ Makefile | 5 ++++- 2 files changed, 4 insertions(+), 31 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index d1811c2..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: CodeQL - -on: - schedule: - - cron: '23 05 * * *' - workflow_dispatch: - pull_request: - branches: - - main - push: - branches: - - main - -permissions: - actions: read - contents: read - security-events: write - -jobs: - codeql: - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - uses: github/codeql-action/init@v3 - with: - languages: go - queries: security-and-quality - - uses: github/codeql-action/autobuild@v3 - - uses: github/codeql-action/analyze@v3 diff --git a/Makefile b/Makefile index 1e5478d..58f2574 100644 --- a/Makefile +++ b/Makefile @@ -28,11 +28,14 @@ RESET := $(shell tput -Txterm sgr0) ## Common: .PHONY: default -default: check test build ## Alias of check, test and build +default: build ## Alias build .PHONY: all all: check test build-all ## Alias of check, test, build-all +.PHONY: dev +dev: check test ## Alias of check and test + .PHONY: clean clean: test-clean build-clean ## Clean up all generated files From be06b2885f54b3a49f92efac392f8a01f2af3f27 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:37:58 +0000 Subject: [PATCH 11/20] wip --- .github/workflows/check.yml | 16 ++++++++++++++-- go.mod | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0a8fa9b..f13cbf2 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -14,6 +14,19 @@ concurrency: cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: + go-mod-tidy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + cache: false + - run: go version + - run: go mod tidy + - name: Check whether go.mod and go.sum are tidied + run: git diff --exit-code + golangci-lint: runs-on: ubuntu-latest steps: @@ -23,8 +36,7 @@ jobs: go-version-file: 'go.mod' cache: false - run: go version - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + - uses: golangci/golangci-lint-action@v3 with: version: latest args: --verbose diff --git a/go.mod b/go.mod index 397cf2e..7d19ecb 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,3 @@ module github.com/typisttech/wpsecadvi -go 1.21.6 +go 1.21 From 55254d2338ff5422592384a5670809351f3e9bd4 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:39:51 +0000 Subject: [PATCH 12/20] wip --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7d19ecb..7d7b504 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,3 @@ module github.com/typisttech/wpsecadvi -go 1.21 +go 1.21.111 From d55b235747b0fd940daa20bc9d24a5f7c2917682 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:40:15 +0000 Subject: [PATCH 13/20] wip --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7d7b504..7d19ecb 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,3 @@ module github.com/typisttech/wpsecadvi -go 1.21.111 +go 1.21 From a4edd2910dd508cbf8f53e00cb0efab8aab85736 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:41:03 +0000 Subject: [PATCH 14/20] wip --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c06a6a9..ea67f64 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,4 @@ -#name: Test +name: Test on: workflow_dispatch: From c2ce3acf51e066f14e3f9f519413dab63f7cf294 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:42:45 +0000 Subject: [PATCH 15/20] wip --- .github/workflows/release.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a36e027..9e0c6f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,12 +20,6 @@ jobs: with: go-version-file: 'go.mod' - run: go version - # Use GitHub token to download private modules -# - run: | -# git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: goreleaser/goreleaser-action@v5 with: distribution: goreleaser From 10f81cf1156536fdbaeccef46deba7cd1d36bada Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:48:48 +0000 Subject: [PATCH 16/20] wip --- .golangci.yml | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .golangci.yml diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..ec019a5 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,59 @@ +linters: + presets: + - bugs + - comment + - complexity + - error + - format + - import + - metalinter + - module + - performance + - sql + - style + - test + - unused + +# disable: +# - depguard +# - dupl +# - exhaustruct +# - godox +# - lll +# - nlreturn +# - nonamedreturns +# - paralleltest +# - tagliatelle +# - testpackage +# - varnamelen +# - wrapcheck +# - wsl # TODO + +#linters-settings: +# ireturn: +# allow: +# - anon +# - error +# - empty +# - stdlib +# - (or|er)$ +# - generic +# - T + +#issues: +# exclude-rules: +# - path: '(.+)_test\.go' +# linters: +# - bodyclose +# - dupword +# - forcetypeassert +# - funlen +# - gochecknoglobals +# - maintidx +# - unparam +# - path: 'cmd/wpsecadvi' +# linters: +# - unparam +# - path: 'cmd/wpsecadvi/version.go' +# linters: +# - gochecknoglobals From f117ed8b3b7aa1213ce3bfb2deb4e876f22b5e60 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Sat, 3 Feb 2024 10:48:53 +0000 Subject: [PATCH 17/20] wip --- .goreleaser.yml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .goreleaser.yml diff --git a/.goreleaser.yml b/.goreleaser.yml new file mode 100644 index 0000000..e0ee511 --- /dev/null +++ b/.goreleaser.yml @@ -0,0 +1,46 @@ +version: 1 + +before: + hooks: + - go mod tidy + +builds: + - main: ./cmd/wpsecadvi + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + mod_timestamp: '{{ .CommitTimestamp }}' + flags: + - -trimpath + ldflags: + - -s -w -X main.version={{.Version}} -X main.fullCommit={{.FullCommit}} -X main.commitOn={{ .CommitDate }} -X main.isGitDirty={{ .IsGitDirty }} + +gomod: + proxy: true + env: + - GOPROXY=https://proxy.golang.org + - GOSUMDB=sum.golang.org + mod: mod + +archives: + - format: tar.gz + # this name template makes the OS and Arch compatible with the results of `uname` + name_template: >- + {{ .ProjectName }}_ + {{- title .Os }}_ + {{- if eq .Arch "amd64" }}x86_64 + {{- else if eq .Arch "386" }}i386 + {{- else }}{{ .Arch }}{{ end }} + {{- if .Arm }}v{{ .Arm }}{{ end }} + +changelog: + # TODO: goreleaser > v1.23.0 renamed from `skip` to `disable`. + # https://github.com/goreleaser/goreleaser/commit/29f30b623ef8f0a19607afab22b3f3a2f9f68172 + skip: true + +checksum: + disable: false + +report_sizes: true From d4036f0627ce97bb96155d1e5909f35d33c6eac2 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Wed, 7 Feb 2024 17:02:50 +0000 Subject: [PATCH 18/20] tmp --- .github/workflows/build.yml | 2 +- .github/workflows/check.yml | 2 +- .github/workflows/release.yml | 2 +- wordfence/client.go | 69 +++++++++++++++++++++++++++++++++++ wordfence/vulnerability.go | 1 + 5 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 wordfence/client.go create mode 100644 wordfence/vulnerability.go diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 704da26..cc05c32 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: - uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --clean --snapshot --verbose + args: release --clean --snapshot env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions/upload-artifact@v4 diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index f13cbf2..b2cd718 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -53,4 +53,4 @@ jobs: with: distribution: goreleaser version: latest - args: check --verbose + args: check diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9e0c6f5..83f1f16 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,6 +24,6 @@ jobs: with: distribution: goreleaser version: latest - args: release --clean --fail-fast --verbose + args: release --clean --fail-fast env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/wordfence/client.go b/wordfence/client.go new file mode 100644 index 0000000..f9c94a3 --- /dev/null +++ b/wordfence/client.go @@ -0,0 +1,69 @@ +package wordfence + +import ( + "net/http" + "net/url" +) + +const ( + // ProductionFeed is the data feed with detailed records that have been fully + // analyzed by the Wordfence team. + ProductionFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/production" + + // ScannerFeed is the data feed with minimal format that provides detection + // information for newly discovered vulnerabilities that are actively being + // researched in addition to those included in the ProductionFeed. + ScannerFeed = "https://www.wordfence.com/api/intelligence/v2/vulnerabilities/scanner" +) + +type Client struct { + Client *http.Client + URL *url.URL +} + +type ClientOpt func(c *Client) + +func NewClient(opts ...ClientOpt) *Client { + u, _ := url.Parse(ProductionFeed) + client := &Client{ + Client: &http.Client{}, + URL: u, + } + for _, opt := range opts { + opt(client) + } + + return client +} + +// NewProductionFeedClient returns a new Wordfence API client for fetching the +// ProductionFeed. If a nil httpClient is provided, a new [http.Client] will be +// used. +func NewProductionFeedClient(httpClient *http.Client) *Client { + if httpClient == nil { + httpClient = &http.Client{} + } + + u, _ := url.Parse(ProductionFeed) + + return &Client{ + Client: httpClient, + URL: u, + } +} + +// NewScannerFeedClient returns a new Wordfence API client for fetching the +// ScannerFeed. If a nil httpClient is provided, a new [http.Client] will be +// used. +func NewScannerFeedClient(httpClient *http.Client) *Client { + if httpClient == nil { + httpClient = &http.Client{} + } + + u, _ := url.Parse(ScannerFeed) + + return &Client{ + Client: httpClient, + URL: u, + } +} diff --git a/wordfence/vulnerability.go b/wordfence/vulnerability.go new file mode 100644 index 0000000..29843f3 --- /dev/null +++ b/wordfence/vulnerability.go @@ -0,0 +1 @@ +package wordfence From 551cb0c518b1e08756a7650ae1636d0c17a18171 Mon Sep 17 00:00:00 2001 From: TangRufus Date: Wed, 7 Feb 2024 20:30:22 +0000 Subject: [PATCH 19/20] tmp --- .goreleaser.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index e0ee511..6294ed0 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -36,9 +36,7 @@ archives: {{- if .Arm }}v{{ .Arm }}{{ end }} changelog: - # TODO: goreleaser > v1.23.0 renamed from `skip` to `disable`. - # https://github.com/goreleaser/goreleaser/commit/29f30b623ef8f0a19607afab22b3f3a2f9f68172 - skip: true + use: github-native checksum: disable: false From acd0cccc544455dc60b7a1435e7f0b206389671d Mon Sep 17 00:00:00 2001 From: TangRufus Date: Wed, 7 Feb 2024 20:35:21 +0000 Subject: [PATCH 20/20] tmp --- .goreleaser.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 6294ed0..6c04c7f 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -24,6 +24,9 @@ gomod: - GOSUMDB=sum.golang.org mod: mod +release: + draft: true + archives: - format: tar.gz # this name template makes the OS and Arch compatible with the results of `uname`