2022-07-18 22:54:53 +03:00
|
|
|
// Copyright 2022 Security Scorecard Authors
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package dependencydiff
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2022-07-25 20:51:10 +03:00
|
|
|
"errors"
|
2022-07-18 22:54:53 +03:00
|
|
|
"path"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/ossf/scorecard/v4/clients"
|
2022-08-01 20:58:46 +03:00
|
|
|
sclog "github.com/ossf/scorecard/v4/log"
|
2022-08-04 01:54:26 +03:00
|
|
|
"github.com/ossf/scorecard/v4/pkg"
|
2022-07-18 22:54:53 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Test_fetchRawDependencyDiffData is a test function for fetchRawDependencyDiffData.
|
|
|
|
|
func Test_fetchRawDependencyDiffData(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
2022-08-17 04:55:48 +03:00
|
|
|
|
2022-07-18 22:54:53 +03:00
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
dCtx dependencydiffContext
|
|
|
|
|
wantEmpty bool
|
|
|
|
|
wantErr bool
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "error response",
|
|
|
|
|
dCtx: dependencydiffContext{
|
2022-08-01 20:58:46 +03:00
|
|
|
logger: sclog.NewLogger(sclog.InfoLevel),
|
2022-07-18 22:54:53 +03:00
|
|
|
ctx: context.Background(),
|
|
|
|
|
ownerName: "no_such_owner",
|
|
|
|
|
repoName: "repo_not_exist",
|
2022-07-23 04:05:14 +03:00
|
|
|
base: "main",
|
|
|
|
|
head: clients.HeadSHA,
|
2022-07-18 22:54:53 +03:00
|
|
|
},
|
|
|
|
|
wantEmpty: true,
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
// Considering of the token usage, normal responses are tested in the e2e test.
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
err := fetchRawDependencyDiffData(&tt.dCtx)
|
|
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
|
t.Errorf("fetchRawDependencyDiffData() error = {%v}, want error: %v", err, tt.wantErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
lenResults := len(tt.dCtx.dependencydiffs)
|
|
|
|
|
if (lenResults == 0) != tt.wantEmpty {
|
|
|
|
|
t.Errorf("want empty results: %v, got len of results:%d", tt.wantEmpty, lenResults)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_initRepoAndClientByChecks(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
//nolint
|
|
|
|
|
tests := []struct {
|
2022-07-19 04:17:19 +03:00
|
|
|
name string
|
|
|
|
|
dCtx dependencydiffContext
|
|
|
|
|
srcRepo string
|
|
|
|
|
wantRepoClient, wantFuzzClient bool
|
|
|
|
|
wantVulnClient, wantCIIClient bool
|
|
|
|
|
wantErr bool
|
2022-07-18 22:54:53 +03:00
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "error creating repo",
|
|
|
|
|
dCtx: dependencydiffContext{
|
2022-08-01 20:58:46 +03:00
|
|
|
logger: sclog.NewLogger(sclog.InfoLevel),
|
2022-07-18 22:54:53 +03:00
|
|
|
ctx: context.Background(),
|
|
|
|
|
checkNamesToRun: []string{},
|
|
|
|
|
},
|
2022-07-19 04:17:19 +03:00
|
|
|
srcRepo: path.Join(
|
|
|
|
|
"host_not_exist.com",
|
|
|
|
|
"owner_not_exist",
|
|
|
|
|
"repo_not_exist",
|
|
|
|
|
),
|
2022-07-18 22:54:53 +03:00
|
|
|
wantRepoClient: false,
|
|
|
|
|
wantFuzzClient: false,
|
|
|
|
|
wantVulnClient: false,
|
|
|
|
|
wantCIIClient: false,
|
|
|
|
|
wantErr: true,
|
|
|
|
|
},
|
|
|
|
|
// Same as the above, putting the normal responses to the e2e test.
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
2022-07-19 04:17:19 +03:00
|
|
|
err := initRepoAndClientByChecks(&tt.dCtx, tt.srcRepo)
|
2022-07-18 22:54:53 +03:00
|
|
|
if (err != nil) != tt.wantErr {
|
2022-07-19 04:17:19 +03:00
|
|
|
t.Errorf("initClientByChecks() error = {%v}, want error: %v", err, tt.wantErr)
|
2022-07-18 22:54:53 +03:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if (tt.dCtx.ghRepoClient != nil) != tt.wantRepoClient {
|
|
|
|
|
t.Errorf("init repo error, wantRepoClient: %v, got %v", tt.wantRepoClient, tt.dCtx.ghRepoClient)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if (tt.dCtx.ossFuzzClient != nil) != tt.wantFuzzClient {
|
|
|
|
|
t.Errorf("init repo error, wantFuzzClient: %v, got %v", tt.wantFuzzClient, tt.dCtx.ossFuzzClient)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if (tt.dCtx.vulnsClient != nil) != tt.wantVulnClient {
|
|
|
|
|
t.Errorf("init repo error, wantVulnClient: %v, got %v", tt.wantVulnClient, tt.dCtx.vulnsClient)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if (tt.dCtx.ciiClient != nil) != tt.wantCIIClient {
|
|
|
|
|
t.Errorf("init repo error, wantCIIClient: %v, got %v", tt.wantCIIClient, tt.dCtx.ciiClient)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Test_getScorecardCheckResults(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
2022-08-17 04:55:48 +03:00
|
|
|
|
2022-07-18 22:54:53 +03:00
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
dCtx dependencydiffContext
|
|
|
|
|
wantErr bool
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "empty response",
|
|
|
|
|
dCtx: dependencydiffContext{
|
|
|
|
|
ctx: context.Background(),
|
2022-08-01 20:58:46 +03:00
|
|
|
logger: sclog.NewLogger(sclog.InfoLevel),
|
2022-07-18 22:54:53 +03:00
|
|
|
ownerName: "owner_not_exist",
|
|
|
|
|
repoName: "repo_not_exist",
|
|
|
|
|
},
|
|
|
|
|
wantErr: false,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
2022-07-19 04:17:19 +03:00
|
|
|
err := getScorecardCheckResults(&tt.dCtx)
|
2022-07-18 22:54:53 +03:00
|
|
|
if (err != nil) != tt.wantErr {
|
|
|
|
|
t.Errorf("getScorecardCheckResults() error = {%v}, want error: %v", err, tt.wantErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-25 20:51:10 +03:00
|
|
|
|
|
|
|
|
func Test_mapDependencyEcosystemNaming(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
//nolint
|
|
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
deps []dependency
|
|
|
|
|
errWanted error
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "error invalid github ecosystem",
|
|
|
|
|
deps: []dependency{
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_1",
|
|
|
|
|
Ecosystem: asPointer("not_supported"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_2",
|
|
|
|
|
Ecosystem: asPointer("gomod"),
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
errWanted: errInvalid,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "error cannot find mapping",
|
|
|
|
|
deps: []dependency{
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_3",
|
2022-08-01 20:58:46 +03:00
|
|
|
Ecosystem: asPointer("foobar"),
|
2022-07-25 20:51:10 +03:00
|
|
|
},
|
|
|
|
|
},
|
2022-08-01 20:58:46 +03:00
|
|
|
errWanted: errMappingNotFound,
|
2022-07-25 20:51:10 +03:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "correct mapping",
|
|
|
|
|
deps: []dependency{
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_4",
|
|
|
|
|
Ecosystem: asPointer("gomod"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_5",
|
|
|
|
|
Ecosystem: asPointer("pip"),
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Name: "dependency_6",
|
|
|
|
|
Ecosystem: asPointer("cargo"),
|
|
|
|
|
},
|
2022-08-01 20:58:46 +03:00
|
|
|
{
|
|
|
|
|
Name: "dependency_7",
|
|
|
|
|
Ecosystem: asPointer("actions"),
|
|
|
|
|
},
|
2022-07-25 20:51:10 +03:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
err := mapDependencyEcosystemNaming(tt.deps)
|
|
|
|
|
if tt.errWanted != nil && errors.Is(tt.errWanted, err) {
|
|
|
|
|
t.Errorf("not a wanted error, want:%v, got:%v", tt.errWanted, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-04 01:54:26 +03:00
|
|
|
|
|
|
|
|
func Test_isSpecifiedByUser(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
2022-08-17 04:55:48 +03:00
|
|
|
|
2022-08-04 01:54:26 +03:00
|
|
|
tests := []struct {
|
|
|
|
|
name string
|
|
|
|
|
ct pkg.ChangeType
|
|
|
|
|
changeTypesToCheck []string
|
|
|
|
|
resultWanted bool
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "error invalid github ecosystem",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "added",
|
|
|
|
|
ct: pkg.ChangeType("added"),
|
|
|
|
|
changeTypesToCheck: nil,
|
|
|
|
|
resultWanted: false,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "ct is added but not specified",
|
|
|
|
|
ct: pkg.ChangeType("added"),
|
|
|
|
|
changeTypesToCheck: []string{"removed"},
|
|
|
|
|
resultWanted: false,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "removed",
|
|
|
|
|
ct: pkg.ChangeType("added"),
|
|
|
|
|
changeTypesToCheck: []string{"added", "removed"},
|
|
|
|
|
resultWanted: true,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "not_supported",
|
|
|
|
|
ct: pkg.ChangeType("not_supported"),
|
|
|
|
|
changeTypesToCheck: []string{"added", "removed"},
|
|
|
|
|
resultWanted: false,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for _, tt := range tests {
|
|
|
|
|
tt := tt
|
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
|
t.Parallel()
|
|
|
|
|
result := isSpecifiedByUser(tt.ct, tt.changeTypesToCheck)
|
|
|
|
|
if result != tt.resultWanted {
|
|
|
|
|
t.Errorf("result (%v) != result wanted (%v)", result, tt.resultWanted)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
