up

src/StellaOps.Feedser.Exporter.Json.Tests/JsonFeedExporterTests.cs

@@ -88,21 +88,52 @@ public sealed class JsonFeedExporterTests : IDisposable
     [Fact]
     public async Task ExportAsync_WritesManifestMetadata()
     {
-        var exportedAt = DateTimeOffset.Parse("2024-08-10T00:00:00Z", CultureInfo.InvariantCulture);
-        var advisory = new Advisory(
-            advisoryKey: "CVE-2024-4321",
-            title: "Manifest Test",
-            summary: null,
-            language: "en",
-            published: DateTimeOffset.Parse("2024-07-01T00:00:00Z", CultureInfo.InvariantCulture),
-            modified: DateTimeOffset.Parse("2024-07-02T00:00:00Z", CultureInfo.InvariantCulture),
-            severity: "medium",
-            exploitKnown: false,
-            aliases: new[] { "CVE-2024-4321" },
-            references: Array.Empty<AdvisoryReference>(),
-            affectedPackages: Array.Empty<AffectedPackage>(),
-            cvssMetrics: Array.Empty<CvssMetric>(),
-            provenance: Array.Empty<AdvisoryProvenance>());
+        var exportedAt = DateTimeOffset.Parse("2024-08-10T00:00:00Z", CultureInfo.InvariantCulture);
+        var recordedAt = DateTimeOffset.Parse("2024-07-02T00:00:00Z", CultureInfo.InvariantCulture);
+        var reference = new AdvisoryReference(
+            "http://Example.com/path/resource?b=2&a=1",
+            kind: "advisory",
+            sourceTag: "REF-001",
+            summary: "Primary vendor advisory",
+            provenance: new AdvisoryProvenance("ghsa", "map", "REF-001", recordedAt, new[] { ProvenanceFieldMasks.References }));
+        var weakness = new AdvisoryWeakness(
+            taxonomy: "cwe",
+            identifier: "CWE-79",
+            name: "Cross-site Scripting",
+            uri: "https://cwe.mitre.org/data/definitions/79.html",
+            provenance: new[]
+            {
+                new AdvisoryProvenance("nvd", "map", "CWE-79", recordedAt, new[] { ProvenanceFieldMasks.Weaknesses })
+            });
+        var cvssMetric = new CvssMetric(
+            "3.1",
+            "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+            9.8,
+            "critical",
+            new AdvisoryProvenance("nvd", "map", "CVE-2024-4321", recordedAt, new[] { ProvenanceFieldMasks.CvssMetrics }));
+
+        var advisory = new Advisory(
+            advisoryKey: "CVE-2024-4321",
+            title: "Manifest Test",
+            summary: "Short summary",
+            language: "en",
+            published: DateTimeOffset.Parse("2024-07-01T00:00:00Z", CultureInfo.InvariantCulture),
+            modified: recordedAt,
+            severity: "medium",
+            exploitKnown: false,
+            aliases: new[] { "CVE-2024-4321", "GHSA-xxxx-yyyy-zzzz" },
+            credits: Array.Empty<AdvisoryCredit>(),
+            references: new[] { reference },
+            affectedPackages: Array.Empty<AffectedPackage>(),
+            cvssMetrics: new[] { cvssMetric },
+            provenance: new[]
+            {
+                new AdvisoryProvenance("ghsa", "map", "GHSA-xxxx-yyyy-zzzz", recordedAt, new[] { ProvenanceFieldMasks.Advisory }),
+                new AdvisoryProvenance("nvd", "map", "CVE-2024-4321", recordedAt, new[] { ProvenanceFieldMasks.Advisory })
+            },
+            description: "Detailed description capturing remediation steps.",
+            cwes: new[] { weakness },
+            canonicalMetricId: "3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
 
         var advisoryStore = new StubAdvisoryStore(advisory);
         var optionsValue = new JsonExportOptions
@@ -149,18 +180,33 @@ public sealed class JsonFeedExporterTests : IDisposable
             .OrderBy(file => file.Relative, StringComparer.Ordinal)
             .ToArray();
 
-        var filesElement = root.GetProperty("files")
-            .EnumerateArray()
-            .Select(element => new
-            {
-                Path = element.GetProperty("path").GetString(),
-                Bytes = element.GetProperty("bytes").GetInt64(),
-                Digest = element.GetProperty("digest").GetString(),
-            })
-            .OrderBy(file => file.Path, StringComparer.Ordinal)
-            .ToArray();
-
-        Assert.Equal(exportedFiles.Select(file => file.Relative).ToArray(), filesElement.Select(file => file.Path).ToArray());
+        var filesElement = root.GetProperty("files")
+            .EnumerateArray()
+            .Select(element => new
+            {
+                Path = element.GetProperty("path").GetString(),
+                Bytes = element.GetProperty("bytes").GetInt64(),
+                Digest = element.GetProperty("digest").GetString(),
+            })
+            .OrderBy(file => file.Path, StringComparer.Ordinal)
+            .ToArray();
+
+        var dataFile = Assert.Single(exportedFiles);
+        using (var advisoryDocument = JsonDocument.Parse(await File.ReadAllBytesAsync(dataFile.Absolute, CancellationToken.None)))
+        {
+            var advisoryRoot = advisoryDocument.RootElement;
+            Assert.Equal("Detailed description capturing remediation steps.", advisoryRoot.GetProperty("description").GetString());
+            Assert.Equal("3.1|CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", advisoryRoot.GetProperty("canonicalMetricId").GetString());
+
+            var referenceElement = advisoryRoot.GetProperty("references").EnumerateArray().Single();
+            Assert.Equal(reference.Url, referenceElement.GetProperty("url").GetString(), StringComparer.OrdinalIgnoreCase);
+
+            var weaknessElement = advisoryRoot.GetProperty("cwes").EnumerateArray().Single();
+            Assert.Equal("cwe", weaknessElement.GetProperty("taxonomy").GetString());
+            Assert.Equal("CWE-79", weaknessElement.GetProperty("identifier").GetString());
+        }
+
+        Assert.Equal(exportedFiles.Select(file => file.Relative).ToArray(), filesElement.Select(file => file.Path).ToArray());
 
         long totalBytes = exportedFiles.Select(file => new FileInfo(file.Absolute).Length).Sum();
         Assert.Equal(totalBytes, root.GetProperty("totalBytes").GetInt64());