1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
sap-jenkins-library/cmd/protecodeExecuteScan_test.go

381 lines
12 KiB
Go
Raw Normal View History

package cmd
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"strings"
"testing"
"time"
piperHttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/mock"
"github.com/SAP/jenkins-library/pkg/protecode"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/fake"
)
type protecodeTestUtilsBundle struct {
*mock.FilesMock
*mock.DownloadMock
}
func TestRunProtecodeScan(t *testing.T) {
requestURI := ""
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
requestURI = req.RequestURI
var b bytes.Buffer
if requestURI == "/api/product/4486/" || requestURI == "/api/product/4711/" {
violations := filepath.Join("testdata/TestProtecode", "protecode_result_violations.json")
byteContent, err := ioutil.ReadFile(violations)
require.NoErrorf(t, err, "failed reading %v", violations)
response := protecode.ResultData{Result: protecode.Result{ProductID: 4711, ReportURL: requestURI}}
err = json.Unmarshal(byteContent, &response)
_ = json.NewEncoder(&b).Encode(response)
} else if requestURI == "/api/fetch/" {
violations := filepath.Join("testdata/TestProtecode", "protecode_result_violations.json")
byteContent, err := ioutil.ReadFile(violations)
require.NoErrorf(t, err, "failed reading %v", violations)
response := protecode.ResultData{Result: protecode.Result{ProductID: 4486, ReportURL: requestURI}}
err = json.Unmarshal(byteContent, &response)
_ = json.NewEncoder(&b).Encode(response)
} else if requestURI == "/api/product/4486/pdf-report" {
} else if requestURI == "/api/upload/t.tar" {
response := protecode.ResultData{Result: protecode.Result{ProductID: 4486, ReportURL: requestURI}}
var b bytes.Buffer
_ = json.NewEncoder(&b).Encode(&response)
if _, err := rw.Write([]byte(b.Bytes())); err != nil {
t.Fail()
}
} else {
response := protecode.Result{ProductID: 4486, ReportURL: requestURI}
_ = json.NewEncoder(&b).Encode(&response)
}
if _, err := rw.Write([]byte(b.Bytes())); err != nil {
t.Fail()
}
}))
// Close the server when test finishes
defer server.Close()
po := protecode.Options{ServerURL: server.URL}
pc := protecode.Protecode{}
pc.SetOptions(po)
influx := protecodeExecuteScanInflux{}
ttt := []struct {
name string
opts protecodeExecuteScanOptions
}{
{
name: "With tar as scan image",
opts: protecodeExecuteScanOptions{
ServerURL: server.URL,
TimeoutMinutes: "1",
VerifyOnly: false,
CleanupMode: "none",
Group: "13",
FetchURL: "/api/fetch/",
ExcludeCVEs: "CVE-2018-1, CVE-2017-1000382",
ReportFileName: "./cache/report-file.txt",
},
},
{
name: "Without tar as scan image",
opts: protecodeExecuteScanOptions{
ServerURL: server.URL,
ScanImage: "t",
TimeoutMinutes: "1",
VerifyOnly: false,
CleanupMode: "none",
Group: "13",
ExcludeCVEs: "CVE-2018-1, CVE-2017-1000382",
ReportFileName: "./cache/report-file.txt",
},
},
}
for _, test := range ttt {
t.Run(test.name, func(t *testing.T) {
files := mock.FilesMock{}
httpClient := piperHttp.Client{}
httpClient.SetFileUtils(&files)
pc.SetHttpClient(&httpClient)
docker := mock.DownloadMock{}
docker.Stub = func(imageRef string, dest string) (v1.Image, error) {
files.AddFile(dest, []byte(""))
return &fake.FakeImage{}, nil
}
utils := protecodeTestUtilsBundle{DownloadMock: &docker, FilesMock: &files}
cacheDir, _ := files.TempDir("", "protecode-")
files.AddFile(filepath.Join(cacheDir, "t.tar"), []byte(""))
err := runProtecodeScan(&test.opts, &influx, pc, utils, cacheDir)
if assert.NoError(t, err) {
if protecodeExecuteJsonExists, err := files.FileExists("protecodeExecuteScan.json"); assert.NoError(t, err) {
assert.True(t, protecodeExecuteJsonExists, "protecodeExecuteScan.json expected")
}
if protecodeVulnsJsonExists, err := files.FileExists("protecodescan_vulns.json"); assert.NoError(t, err) {
assert.True(t, protecodeVulnsJsonExists, "protecodescan_vulns.json expected")
}
if userSpecifiedReportExists, err := files.FileExists(test.opts.ReportFileName); assert.NoError(t, err) {
assert.True(t, userSpecifiedReportExists, "%s must exist", test.opts.ReportFileName)
}
}
if cacheExists, err := files.DirExists(cacheDir); assert.NoError(t, err) {
assert.True(t, cacheExists, "Whoever calls runProtecodeScan is responsible to cleanup the cache.")
}
})
}
}
func TestHandleArtifactVersion(t *testing.T) {
cases := []struct {
version string
want string
}{
{"1.0.0-20200131085038+eeb7c1033339bfd404d21ec5e7dc05c80e9e985e", "1"},
{"2.20.20-20200131085038+eeb7c1033339bfd404d21ec5e7dc05c80e9e985e", "2"},
{"3.20.20-20200131085038+eeb7c1033339bfd404d21ec5e7dc05c80e9e985e", "3"},
{"4.20.20-20200131085038", "4"},
{"5.20.20-20200131085038+", "5"},
{"6.00", "6.00"},
{"7.20.20", "7.20.20"},
}
for i, c := range cases {
t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
got := handleArtifactVersion(c.version)
assert.Equal(t, c.want, got)
})
}
}
func TestCreateProtecodeClient(t *testing.T) {
cases := []struct {
timeout string
}{
{""},
{"1"},
}
for _, c := range cases {
t.Run(fmt.Sprintf("With timeout: %s", c.timeout), func(t *testing.T) {
config := protecodeExecuteScanOptions{TimeoutMinutes: c.timeout}
client := createProtecodeClient(&config)
assert.NotNil(t, client, "client should not be empty")
})
}
}
func TestUploadScanOrDeclareFetch(t *testing.T) {
// init
testFile, err := ioutil.TempFile("", "testFileUpload")
require.NoError(t, err)
defer os.RemoveAll(testFile.Name()) // clean up
fileName := filepath.Base(testFile.Name())
path := strings.ReplaceAll(testFile.Name(), fileName, "")
requestURI := ""
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
requestURI = req.RequestURI
if requestURI == "/api/fetch/" {
response := protecode.ResultData{Result: protecode.Result{ProductID: 4711, ReportURL: requestURI}}
var b bytes.Buffer
_ = json.NewEncoder(&b).Encode(&response)
if _, err := rw.Write([]byte(b.Bytes())); err != nil {
t.Fail()
}
}
if requestURI == fmt.Sprintf("/api/upload/%v", fileName) || requestURI == fmt.Sprintf("/api/upload/PR_4711_%v", fileName) {
response := protecode.ResultData{Result: protecode.Result{ProductID: 4711, ReportURL: requestURI}}
var b bytes.Buffer
_ = json.NewEncoder(&b).Encode(&response)
if _, err := rw.Write([]byte(b.Bytes())); err != nil {
t.Fail()
}
}
}))
// Close the server when test finishes
defer server.Close()
po := protecode.Options{ServerURL: server.URL}
pc := protecode.Protecode{}
pc.SetOptions(po)
cases := []struct {
reuse bool
clean string
group string
fetchURL string
filePath string
prName string
prID int
want int
}{
{false, "test", "group1", "/api/fetch/", "", "", -1, 4711},
{true, "test", "group1", "/api/fetch/", "", "", -1, 4711},
{false, "test", "group1", "/api/fetch/", "", "", 4711, 4711},
{false, "test", "group1", "/api/fetch/", "", "", 0, 4711},
{false, "test", "group1", "", path, "", -1, 4711},
{true, "test", "group1", "", path, "", -1, 4711},
{false, "test", "group1", "", path, "PR_4711", 4711, 4711},
{false, "test", "group1", "", path, "", 0, 4711},
}
for i, c := range cases {
t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
utils := protecodeTestUtilsBundle{
FilesMock: &mock.FilesMock{},
DownloadMock: &mock.DownloadMock{},
}
// test
config := protecodeExecuteScanOptions{VerifyOnly: c.reuse, CleanupMode: c.clean, Group: c.group, FetchURL: c.fetchURL, FilePath: c.filePath}
// got := uploadScanOrDeclareFetch(config, 0, pc, fileName)
got := uploadScanOrDeclareFetch(utils, config, c.prID, pc, fileName)
// assert
assert.Equal(t, c.want, got)
})
}
}
func TestExecuteProtecodeScan(t *testing.T) {
testDataFile := filepath.Join("testdata", "TestProtecode", "protecode_result_violations.json")
violationsAbsPath, err := filepath.Abs(testDataFile)
require.NoErrorf(t, err, "failed to obtain absolute path to test data with violations: %v", err)
requestURI := ""
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
requestURI = req.RequestURI
var b bytes.Buffer
if requestURI == "/api/product/4711/" {
byteContent, err := ioutil.ReadFile(violationsAbsPath)
require.NoErrorf(t, err, "failed reading %v", violationsAbsPath)
response := protecode.ResultData{}
err = json.Unmarshal(byteContent, &response)
_ = json.NewEncoder(&b).Encode(response)
} else if requestURI == "/api/product/4711/pdf-report" {
} else {
response := protecode.ResultData{Result: protecode.Result{ProductID: 4711, ReportURL: requestURI}}
_ = json.NewEncoder(&b).Encode(&response)
}
if _, err := rw.Write([]byte(b.Bytes())); err != nil {
t.Fail()
}
}))
// Close the server when test finishes
defer server.Close()
po := protecode.Options{ServerURL: server.URL, Duration: time.Minute * 3}
pc := protecode.Protecode{}
pc.SetOptions(po)
cases := []struct {
reuse bool
clean string
group string
fetchURL string
want int
}{
{false, "binary", "group1", "/api/fetch/", 4711},
}
resetDir, err := os.Getwd()
require.NoErrorf(t, err, "Failed to get current directory: %v", err)
defer func() { _ = os.Chdir(resetDir) }()
for i, c := range cases {
t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
utils := protecodeTestUtilsBundle{
FilesMock: &mock.FilesMock{},
DownloadMock: &mock.DownloadMock{},
}
config := protecodeExecuteScanOptions{VerifyOnly: c.reuse, CleanupMode: c.clean, Group: c.group, FetchURL: c.fetchURL, TimeoutMinutes: "3", ExcludeCVEs: "CVE-2018-1, CVE-2017-1000382", ReportFileName: "./cache/report-file.txt"}
influxData := &protecodeExecuteScanInflux{}
// test
executeProtecodeScan(influxData, pc, &config, "dummy", utils)
// assert
assert.Equal(t, 1125, influxData.protecode_data.fields.historical_vulnerabilities)
assert.Equal(t, 0, influxData.protecode_data.fields.triaged_vulnerabilities)
assert.Equal(t, 1, influxData.protecode_data.fields.excluded_vulnerabilities)
assert.Equal(t, 129, influxData.protecode_data.fields.major_vulnerabilities)
assert.Equal(t, 226, influxData.protecode_data.fields.vulnerabilities)
})
}
}
func TestCorrectDockerConfigEnvVar(t *testing.T) {
t.Run("with credentials", func(t *testing.T) {
// init
testDirectory := t.TempDir()
dockerConfigDir := filepath.Join(testDirectory, "myConfig")
if err := os.Mkdir(dockerConfigDir, 0755); err != nil {
t.Fail()
}
require.DirExists(t, dockerConfigDir)
dockerConfigFile := filepath.Join(dockerConfigDir, "docker.json")
file, _ := os.Create(dockerConfigFile)
defer file.Close()
require.FileExists(t, dockerConfigFile)
resetValue := os.Getenv("DOCKER_CONFIG")
defer os.Setenv("DOCKER_CONFIG", resetValue)
// test
correctDockerConfigEnvVar(&protecodeExecuteScanOptions{DockerConfigJSON: dockerConfigFile})
// assert
absolutePath, _ := filepath.Abs(dockerConfigDir)
assert.Equal(t, absolutePath, os.Getenv("DOCKER_CONFIG"))
})
t.Run("without credentials", func(t *testing.T) {
// init
resetValue := os.Getenv("DOCKER_CONFIG")
defer os.Setenv("DOCKER_CONFIG", resetValue)
// test
correctDockerConfigEnvVar(&protecodeExecuteScanOptions{})
// assert
assert.Equal(t, resetValue, os.Getenv("DOCKER_CONFIG"))
})
}