test(e2e): add test for CRITICAL severity

e2e/smoke.spec.ts

@@ -5,7 +5,7 @@ import { HomePage } from "./home-page"
 const filenameSchemaVersion1 = "test-result-v1.json"
 const filenameSchemaVersion2 = "test-result-v2.json"
 const trivyReportUrl = `https://raw.githubusercontent.com/dbsystel/trivy-vulnerability-explorer/refs/heads/e2e-playwright/public/${filenameSchemaVersion2}`
-const cveEntries = ["CVE-2019-1543", "CVE-2021-3450", "CVE-2021-3449"]
+const cveEntries = ["CVE-2021-3450", "CVE-2021-3449", "CVE-2019-14697"]
 
 test("should have the correct title", async ({ page }) => {
   const homePage = new HomePage(page)
@@ -52,19 +52,21 @@ test("user can filter results by input string", async ({ page }) => {
   await homePage.goto()
   await homePage.uploadLocalTestFile(`../public/${filenameSchemaVersion2}`)
   await homePage.setInputFilter("1.1.1d-r0")
-  await homePage.verifyTableResult(2)
+  await homePage.verifyTableResult(1)
 })
 
 test("user can filter results by severity", async ({ page }) => {
   const homePage = new HomePage(page)
   await homePage.goto()
   await homePage.uploadLocalTestFile(`../public/${filenameSchemaVersion2}`)
   await homePage.setSeverityFilter("LOW")
-  await homePage.verifyTableResult(2)
+  await homePage.verifyTableResult(1)
   await homePage.setSeverityFilter("MEDIUM")
   await homePage.verifyTableResult(1)
   await homePage.setSeverityFilter("HIGH")
   await homePage.verifyTableResult(2)
+  await homePage.setSeverityFilter("CRITICAL")
+  await homePage.verifyTableResult(1)
 })
 
 test("user check all items", async ({ page }) => {

public/alpine-3.9.2.json

@@ -1520,78 +1520,40 @@
           "LastModifiedDate": "2022-08-29T20:27:00Z"
         },
         {
-          "VulnerabilityID": "CVE-2019-1563",
-          "PkgName": "libssl1.1",
-          "InstalledVersion": "1.1.1a-r1",
-          "FixedVersion": "1.1.1d-r0",
+          "VulnerabilityID": "CVE-2019-14697",
+          "PkgName": "musl",
+          "InstalledVersion": "1.1.20-r3",
+          "FixedVersion": "1.1.20-r5",
           "Layer": {
             "Digest": "sha256:8e402f1a9c577ded051c1ef10e9fe4492890459522089959988a4852dee8ab2c",
             "DiffID": "sha256:bcf2f368fe234217249e00ad9d762d8f1a3156d60c442ed92079fa5b120634a1"
           },
           "SeveritySource": "nvd",
-          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563",
+          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697",
           "DataSource": {
             "ID": "alpine",
             "Name": "Alpine Secdb",
             "URL": "https://secdb.alpinelinux.org/"
           },
-          "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
-          "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
-          "Severity": "LOW",
-          "CweIDs": ["CWE-327", "CWE-203"],
+          "Title": "musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...",
+          "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",
+          "Severity": "CRITICAL",
+          "CweIDs": ["CWE-787"],
           "CVSS": {
             "nvd": {
-              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
-              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
-              "V2Score": 4.3,
-              "V3Score": 3.7
-            },
-            "redhat": {
-              "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
-              "V3Score": 3.7
+              "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+              "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+              "V2Score": 7.5,
+              "V3Score": 9.8
             }
           },
           "References": [
-            "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html",
-            "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html",
-            "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html",
-            "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html",
-            "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
-            "https://access.redhat.com/security/cve/CVE-2019-1563",
-            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
-            "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64",
-            "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97",
-            "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f",
-            "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
-            "https://linux.oracle.com/cve/CVE-2019-1563.html",
-            "https://linux.oracle.com/errata/ELSA-2020-1840.html",
-            "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html",
-            "https://lists.fedoraproject.org/archives/list/[email protected]/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
-            "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
-            "https://seclists.org/bugtraq/2019/Oct/0",
-            "https://seclists.org/bugtraq/2019/Oct/1",
-            "https://seclists.org/bugtraq/2019/Sep/25",
-            "https://security.gentoo.org/glsa/201911-04",
-            "https://security.netapp.com/advisory/ntap-20190919-0002/",
-            "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp;utm_medium=RSS",
-            "https://ubuntu.com/security/notices/USN-4376-1",
-            "https://ubuntu.com/security/notices/USN-4376-2",
-            "https://ubuntu.com/security/notices/USN-4504-1",
-            "https://usn.ubuntu.com/4376-1/",
-            "https://usn.ubuntu.com/4376-2/",
-            "https://usn.ubuntu.com/4504-1/",
-            "https://www.debian.org/security/2019/dsa-4539",
-            "https://www.debian.org/security/2019/dsa-4540",
-            "https://www.openssl.org/news/secadv/20190910.txt",
-            "https://www.oracle.com/security-alerts/cpuapr2020.html",
-            "https://www.oracle.com/security-alerts/cpujan2020.html",
-            "https://www.oracle.com/security-alerts/cpujul2020.html",
-            "https://www.oracle.com/security-alerts/cpuoct2020.html",
-            "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
-            "https://www.tenable.com/security/tns-2019-09"
+            "http://www.openwall.com/lists/oss-security/2019/08/06/4",
+            "https://security.gentoo.org/glsa/202003-13",
+            "https://www.openwall.com/lists/musl/2019/08/06/1"
           ],
-          "PublishedDate": "2019-09-10T17:15:00Z",
-          "LastModifiedDate": "2021-07-31T08:15:00Z"
+          "PublishedDate": "2019-08-06T16:15:00Z",
+          "LastModifiedDate": "2020-03-14T19:15:00Z"
         },
         {
           "VulnerabilityID": "CVE-2021-23839",

public/test-result-v1.json

@@ -72,7 +72,7 @@
         "LastModifiedDate": "2022-07-25T18:16:00Z"
       },
       {
-        "VulnerabilityID": "CVE-2019-1563-1",
+        "VulnerabilityID": "CVE-2019-1563",
         "PkgName": "libcrypto1.1",
         "InstalledVersion": "1.1.1a-r1",
         "FixedVersion": "1.1.1d-r0",
@@ -281,78 +281,40 @@
         "LastModifiedDate": "2021-07-31T08:15:00Z"
       },
       {
-        "VulnerabilityID": "CVE-2019-1563",
-        "PkgName": "libcrypto1.1",
-        "InstalledVersion": "1.1.1a-r1",
-        "FixedVersion": "1.1.1d-r0",
+        "VulnerabilityID": "CVE-2019-14697",
+        "PkgName": "musl",
+        "InstalledVersion": "1.1.20-r3",
+        "FixedVersion": "1.1.20-r5",
         "Layer": {
           "Digest": "sha256:8e402f1a9c577ded051c1ef10e9fe4492890459522089959988a4852dee8ab2c",
           "DiffID": "sha256:bcf2f368fe234217249e00ad9d762d8f1a3156d60c442ed92079fa5b120634a1"
         },
         "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563",
+        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697",
         "DataSource": {
           "ID": "alpine",
           "Name": "Alpine Secdb",
           "URL": "https://secdb.alpinelinux.org/"
         },
-        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
-        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
-        "Severity": "LOW",
-        "CweIDs": ["CWE-327", "CWE-203"],
+        "Title": "musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...",
+        "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",
+        "Severity": "CRITICAL",
+        "CweIDs": ["CWE-787"],
         "CVSS": {
           "nvd": {
-            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
-            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
-            "V2Score": 4.3,
-            "V3Score": 3.7
-          },
-          "redhat": {
-            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
-            "V3Score": 3.7
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
           }
         },
         "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html",
-          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
-          "https://access.redhat.com/security/cve/CVE-2019-1563",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
-          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64",
-          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97",
-          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f",
-          "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
-          "https://linux.oracle.com/cve/CVE-2019-1563.html",
-          "https://linux.oracle.com/errata/ELSA-2020-1840.html",
-          "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html",
-          "https://lists.fedoraproject.org/archives/list/[email protected]/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/",
-          "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/",
-          "https://seclists.org/bugtraq/2019/Oct/0",
-          "https://seclists.org/bugtraq/2019/Oct/1",
-          "https://seclists.org/bugtraq/2019/Sep/25",
-          "https://security.gentoo.org/glsa/201911-04",
-          "https://security.netapp.com/advisory/ntap-20190919-0002/",
-          "https://support.f5.com/csp/article/K97324400?utm_source=f5support\u0026amp;utm_medium=RSS",
-          "https://ubuntu.com/security/notices/USN-4376-1",
-          "https://ubuntu.com/security/notices/USN-4376-2",
-          "https://ubuntu.com/security/notices/USN-4504-1",
-          "https://usn.ubuntu.com/4376-1/",
-          "https://usn.ubuntu.com/4376-2/",
-          "https://usn.ubuntu.com/4504-1/",
-          "https://www.debian.org/security/2019/dsa-4539",
-          "https://www.debian.org/security/2019/dsa-4540",
-          "https://www.openssl.org/news/secadv/20190910.txt",
-          "https://www.oracle.com/security-alerts/cpuapr2020.html",
-          "https://www.oracle.com/security-alerts/cpujan2020.html",
-          "https://www.oracle.com/security-alerts/cpujul2020.html",
-          "https://www.oracle.com/security-alerts/cpuoct2020.html",
-          "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
-          "https://www.tenable.com/security/tns-2019-09"
+          "http://www.openwall.com/lists/oss-security/2019/08/06/4",
+          "https://security.gentoo.org/glsa/202003-13",
+          "https://www.openwall.com/lists/musl/2019/08/06/1"
         ],
-        "PublishedDate": "2019-09-10T17:15:00Z",
-        "LastModifiedDate": "2021-07-31T08:15:00Z"
+        "PublishedDate": "2019-08-06T16:15:00Z",
+        "LastModifiedDate": "2020-03-14T19:15:00Z"
       }
     ]
   }