changed expected result for non applicable CVEs in test to match the …

…new added applicability results
jfrog · Oct 7, 2024 · 75af5d7 · 75af5d7
1 parent 72f6c1f
commit 75af5d7
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 9 deletions.
diff --git a/src/test/resources/applicableScan/npm/expectedScanResponse.json b/src/test/resources/applicableScan/npm/expectedScanResponse.json
@@ -38,9 +38,18 @@
             "fullDescription": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `util.setProperty` with external input to its 2nd (`path`) or 3rd (`value`) arguments.\n* `ReflectionObject.setParsedOption` with external input to its 2nd (`name`) or 3rd (`value`) arguments.\n* `parse` with external input to its 1st (`source`) argument.\n* `load`\n* `loadSync`\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present."
         }
     },
-    "nonapplicableCve": [
-        "CVE-2021-3807",
-        "CVE-2021-3918",
-        "CVE-2021-44228"
-    ]
+    "nonapplicableCve": {
+        "CVE-2021-3807": {
+            "fixReason": "The scanner checks whether the vulnerable function `ansi-regex` is called.",
+            "fullDescription": "The scanner checks whether the vulnerable function `ansi-regex` is called."
+        },
+        "CVE-2021-3918":{
+            "fixReason": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `json-schema.validate` with external input to its 1st (`instance`) argument.\n* `json-schema.checkPropertyChange` with external input to its 2nd (`schema`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.",
+            "fullDescription": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `json-schema.validate` with external input to its 1st (`instance`) argument.\n* `json-schema.checkPropertyChange` with external input to its 2nd (`schema`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present."
+        },
+        "CVE-2021-44228":{
+            "fixReason": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `info` with external input to any of its arguments.\n* `fatal` with external input to any of its arguments.\n* `log` with external input to any of its arguments.\n* `warn` with external input to any of its arguments.\n* `trace` with external input to any of its arguments.\n* `error` with external input to any of its arguments.\n* `debug` with external input to any of its arguments.",
+            "fullDescription": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `info` with external input to any of its arguments.\n* `fatal` with external input to any of its arguments.\n* `log` with external input to any of its arguments.\n* `warn` with external input to any of its arguments.\n* `trace` with external input to any of its arguments.\n* `error` with external input to any of its arguments.\n* `debug` with external input to any of its arguments."
+        }
+    }
 }
diff --git a/src/test/resources/applicableScan/python/expectedScanResponse.json b/src/test/resources/applicableScan/python/expectedScanResponse.json
@@ -27,8 +27,14 @@
             "fullDescription": "The scanner checks whether the vulnerable function `open` is called with external input to its 1st (`name`) argument."
         }
     },
-    "nonapplicableCve": [
-        "CVE-2021-3918",
-        "CVE-2019-15605"
-    ]
+    "nonapplicableCve": {
+        "CVE-2021-3918": {
+            "fixReason": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `json-schema.validate` with external input to its 1st (`instance`) argument.\n* `json-schema.checkPropertyChange` with external input to its 2nd (`schema`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present.",
+            "fullDescription": "The scanner checks whether any of the following vulnerable functions are called:\n\n* `json-schema.validate` with external input to its 1st (`instance`) argument.\n* `json-schema.checkPropertyChange` with external input to its 2nd (`schema`) argument.\n\nThe scanner also checks whether the `Object.freeze()` remediation is not present."
+        },
+        "CVE-2019-15605": {
+            "fixReason": "The scanner checks whether Express.js, which is the vulnerability's main remote attack vector, is running.",
+            "fullDescription": "The scanner checks whether Express.js, which is the vulnerability's main remote attack vector, is running."
+        }
+    }
 }