jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity
ac55ddf525
sap-jenkins-library/cmd/whitesourceExecuteScan_test.go

874 lines
33 KiB
Go
Raw Normal View History

Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
package cmd
import (
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
"context"
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
"fmt"
fix(whitesourceExecuteScan) properly handle output resources (#2266) * fix(whitesourceExecuteScan) properly handle output resources * fix merge issues * add required aliases * update generation * fix reading custom and container environment parameters from cpe Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
2020-11-02 09:51:58 +02:00
"path/filepath"
"testing"
"time"
SBOM creation for Mend (#3934) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
"github.com/SAP/jenkins-library/pkg/format"
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
"github.com/SAP/jenkins-library/pkg/mock"
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
"github.com/SAP/jenkins-library/pkg/piperutils"
"github.com/SAP/jenkins-library/pkg/reporting"
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
"github.com/SAP/jenkins-library/pkg/versioning"
ws "github.com/SAP/jenkins-library/pkg/whitesource"
feat(whitesourceExecuteScan): allow to specify InstallCommand (#4376) * feat(whitesourceExecuteScan) allow to specify InstallCommand * reorder imports --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-05-30 16:00:02 +02:00
"github.com/pkg/errors"
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
"github.com/stretchr/testify/assert"
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
"github.com/google/go-github/v45/github"
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
)
type whitesourceUtilsMock struct {
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
*ws.ScanUtilsMock
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
coordinates versioning.Coordinates
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
usedBuildTool string
usedBuildDescriptorFile string
usedOptions versioning.Options
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
func (w *whitesourceUtilsMock) GetArtifactCoordinates(buildTool, buildDescriptorFile string,
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
options *versioning.Options,
) (versioning.Coordinates, error) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
w.usedBuildTool = buildTool
w.usedBuildDescriptorFile = buildDescriptorFile
w.usedOptions = *options
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
return w.coordinates, nil
}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
const wsTimeNow = "2010-05-10 00:15:42"
func (w *whitesourceUtilsMock) Now() time.Time {
now, _ := time.Parse("2006-01-02 15:04:05", wsTimeNow)
return now
}
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
func (w *whitesourceUtilsMock) GetIssueService() *github.IssuesService {
return nil
}
func (w *whitesourceUtilsMock) GetSearchService() *github.SearchService {
return nil
}
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
func newWhitesourceUtilsMock() *whitesourceUtilsMock {
return &whitesourceUtilsMock{
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
ScanUtilsMock: &ws.ScanUtilsMock{
FilesMock: &mock.FilesMock{},
ExecMockRunner: &mock.ExecMockRunner{},
},
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
coordinates: versioning.Coordinates{
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
GroupID: "mock-group-id",
ArtifactID: "mock-artifact-id",
Version: "1.0.42",
},
}
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
func TestNewWhitesourceUtils(t *testing.T) {
t.Parallel()
config := ScanOptions{}
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
utils := newWhitesourceUtils(&config, &github.Client{Issues: &github.IssuesService{}, Search: &github.SearchService{}})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.NotNil(t, utils.Client)
assert.NotNil(t, utils.Command)
assert.NotNil(t, utils.Files)
}
func TestRunWhitesourceExecuteScan(t *testing.T) {
t.Parallel()
t.Run("fails for invalid configured project token", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := ScanOptions{
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
ProductName: "mock-product",
ProjectToken: "no-such-project-token",
AgentDownloadURL: "https://whitesource.com/agent.jar",
AgentFileName: "ua.jar",
}
utilsMock := newWhitesourceUtilsMock()
utilsMock.AddFile("wss-generated-file.config", []byte("key=value"))
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
err := runWhitesourceExecuteScan(ctx, &config, scan, utilsMock, systemMock, &cpe, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
Error logging (#2947) * (feat) adds error logging output for downloading reports from whitesource * Extended error logging with errors.Wrapf() * Adjusted whitesource tests
2021-06-30 11:11:41 +02:00
assert.EqualError(t, err, "failed to resolve and aggregate project name: failed to get project by token: no project with token 'no-such-project-token' found in Whitesource")
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, "", config.ProjectName)
assert.Equal(t, "", scan.AggregateProjectName)
})
t.Run("retrieves aggregate project name by configured token", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := ScanOptions{
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
AgentDownloadURL: "https://whitesource.com/agent.jar",
VulnerabilityReportFormat: "pdf",
Reporting: true,
AgentFileName: "ua.jar",
ProductName: "mock-product",
ProjectToken: "mock-project-token",
}
utilsMock := newWhitesourceUtilsMock()
utilsMock.AddFile("wss-generated-file.config", []byte("key=value"))
lastUpdatedDate := time.Now().Format(ws.DateTimeLayout)
systemMock := ws.NewSystemMock(lastUpdatedDate)
systemMock.Alerts = []ws.Alert{}
scan := newWhitesourceScan(&config)
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
err := runWhitesourceExecuteScan(ctx, &config, scan, utilsMock, systemMock, &cpe, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
assert.NoError(t, err)
// Retrieved project name is stored in scan.AggregateProjectName, but not in config.ProjectName
// in order to differentiate between aggregate-project scanning and multi-project scanning.
assert.Equal(t, "", config.ProjectName)
assert.Equal(t, "mock-project", scan.AggregateProjectName)
if assert.Len(t, utilsMock.DownloadedFiles, 1) {
assert.Equal(t, ws.DownloadedFile{
SourceURL: "https://whitesource.com/agent.jar",
FilePath: "ua.jar",
}, utilsMock.DownloadedFiles[0])
}
if assert.Len(t, cpe.custom.whitesourceProjectNames, 1) {
assert.Equal(t, []string{"mock-project - 1"}, cpe.custom.whitesourceProjectNames)
}
assert.True(t, utilsMock.HasWrittenFile(filepath.Join(ws.ReportsDirectory, "mock-project - 1-vulnerability-report.pdf")))
assert.True(t, utilsMock.HasWrittenFile(filepath.Join(ws.ReportsDirectory, "mock-project - 1-vulnerability-report.pdf")))
feat(whitesourceExecuteScan): allow to specify InstallCommand (#4376) * feat(whitesourceExecuteScan) allow to specify InstallCommand * reorder imports --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2023-05-30 16:00:02 +02:00
assert.Equal(t, 3, len(utilsMock.ExecMockRunner.Calls), "no InstallCommand must be executed")
})
t.Run("executes the InstallCommand prior to the scan", func(t *testing.T) {
ctx := context.Background()
// init
config := ScanOptions{
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
AgentDownloadURL: "https://whitesource.com/agent.jar",
VulnerabilityReportFormat: "pdf",
Reporting: true,
AgentFileName: "ua.jar",
ProductName: "mock-product",
ProjectToken: "mock-project-token",
InstallCommand: "echo hello world",
}
utilsMock := newWhitesourceUtilsMock()
utilsMock.AddFile("wss-generated-file.config", []byte("key=value"))
lastUpdatedDate := time.Now().Format(ws.DateTimeLayout)
systemMock := ws.NewSystemMock(lastUpdatedDate)
systemMock.Alerts = []ws.Alert{}
scan := newWhitesourceScan(&config)
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
influx := whitesourceExecuteScanInflux{}
// test
err := runWhitesourceExecuteScan(ctx, &config, scan, utilsMock, systemMock, &cpe, &influx)
// assert
assert.NoError(t, err)
assert.Equal(t, 4, len(utilsMock.ExecMockRunner.Calls), "InstallCommand not executed")
assert.Equal(t, mock.ExecCall{Exec: "echo", Params: []string{"hello", "world"}}, utilsMock.ExecMockRunner.Calls[0], "run command/params of InstallCommand incorrect")
})
t.Run("fails if the InstallCommand fails", func(t *testing.T) {
ctx := context.Background()
// init
config := ScanOptions{
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
AgentDownloadURL: "https://whitesource.com/agent.jar",
VulnerabilityReportFormat: "pdf",
Reporting: true,
AgentFileName: "ua.jar",
ProductName: "mock-product",
ProjectToken: "mock-project-token",
InstallCommand: "echo this-will-fail",
}
utilsMock := newWhitesourceUtilsMock()
utilsMock.AddFile("wss-generated-file.config", []byte("key=value"))
lastUpdatedDate := time.Now().Format(ws.DateTimeLayout)
systemMock := ws.NewSystemMock(lastUpdatedDate)
systemMock.Alerts = []ws.Alert{}
scan := newWhitesourceScan(&config)
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
influx := whitesourceExecuteScanInflux{}
utilsMock.ExecMockRunner.ShouldFailOnCommand = map[string]error{
"echo this-will-fail": errors.New("error case"),
}
// test
err := runWhitesourceExecuteScan(ctx, &config, scan, utilsMock, systemMock, &cpe, &influx)
// assert
assert.EqualError(t, err, "failed to execute WhiteSource scan: failed to execute Scan: failed to execute install command: echo this-will-fail: error case")
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
})
}
func TestCheckAndReportScanResults(t *testing.T) {
t.Parallel()
t.Run("no reports requested", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := &ScanOptions{
ProductToken: "mock-product-token",
ProjectToken: "mock-project-token",
Version: "1",
}
scan := newWhitesourceScan(config)
utils := newWhitesourceUtilsMock()
system := ws.NewSystemMock(time.Now().Format(ws.DateTimeLayout))
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
_, err := checkAndReportScanResults(ctx, config, scan, utils, system, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
assert.NoError(t, err)
vPath := filepath.Join(ws.ReportsDirectory, "mock-project-vulnerability-report.txt")
assert.False(t, utils.HasWrittenFile(vPath))
rPath := filepath.Join(ws.ReportsDirectory, "mock-project-risk-report.pdf")
assert.False(t, utils.HasWrittenFile(rPath))
})
t.Run("check vulnerabilities - invalid limit", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := &ScanOptions{
SecurityVulnerabilities: true,
CvssSeverityLimit: "invalid",
}
scan := newWhitesourceScan(config)
utils := newWhitesourceUtilsMock()
system := ws.NewSystemMock(time.Now().Format(ws.DateTimeLayout))
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
_, err := checkAndReportScanResults(ctx, config, scan, utils, system, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
assert.EqualError(t, err, "failed to parse parameter cvssSeverityLimit (invalid) as floating point number: strconv.ParseFloat: parsing \"invalid\": invalid syntax")
})
t.Run("check vulnerabilities - limit not hit", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := &ScanOptions{
ProductToken: "mock-product-token",
ProjectToken: "mock-project-token",
Version: "1",
SecurityVulnerabilities: true,
CvssSeverityLimit: "6.0",
}
scan := newWhitesourceScan(config)
utils := newWhitesourceUtilsMock()
system := ws.NewSystemMock(time.Now().Format(ws.DateTimeLayout))
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
_, err := checkAndReportScanResults(ctx, config, scan, utils, system, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
assert.NoError(t, err)
})
t.Run("check vulnerabilities - limit exceeded", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// init
config := &ScanOptions{
fix(whitesourceExecuteScan): failOnSevereVulnerabilities (#3894) * fix(whitesourceExecuteScan): failOnSevereVulnerabilities failOnSevereVulnerabilities has not been considered properly for security vulnerabilities. * chore: remove comment * chore: update formatting
2022-07-18 14:36:29 +02:00
ProductToken: "mock-product-token",
ProjectName: "mock-project - 1",
ProjectToken: "mock-project-token",
Version: "1",
SecurityVulnerabilities: true,
CvssSeverityLimit: "4",
FailOnSevereVulnerabilities: true,
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
}
scan := newWhitesourceScan(config)
utils := newWhitesourceUtilsMock()
system := ws.NewSystemMock(time.Now().Format(ws.DateTimeLayout))
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// test
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
_, err := checkAndReportScanResults(ctx, config, scan, utils, system, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
// assert
assert.EqualError(t, err, "1 Open Source Software Security vulnerabilities with CVSS score greater or equal to 4.0 detected in project mock-project - 1")
})
}
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
func TestResolveProjectIdentifiers(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
t.Parallel()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("success", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
ProductName: "mock-product",
M2Path: "m2/path",
ProjectSettingsFile: "project-settings.xml",
GlobalSettingsFile: "global-settings.xml",
}
utilsMock := newWhitesourceUtilsMock()
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
if assert.NoError(t, err) {
assert.Equal(t, "mock-group-id-mock-artifact-id", scan.AggregateProjectName)
assert.Equal(t, "1", config.Version)
assert.Equal(t, "mock-product-token", config.ProductToken)
assert.Equal(t, "mta", utilsMock.usedBuildTool)
assert.Equal(t, "my-mta.yml", utilsMock.usedBuildDescriptorFile)
assert.Equal(t, "project-settings.xml", utilsMock.usedOptions.ProjectSettingsFile)
assert.Equal(t, "global-settings.xml", utilsMock.usedOptions.GlobalSettingsFile)
assert.Equal(t, "m2/path", utilsMock.usedOptions.M2Path)
}
})
t.Run("success - with version from default", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
BuildDescriptorFile: "my-mta.yml",
Version: "1.2.3-20200101",
VersioningModel: "major",
ProductName: "mock-product",
M2Path: "m2/path",
ProjectSettingsFile: "project-settings.xml",
GlobalSettingsFile: "global-settings.xml",
}
utilsMock := newWhitesourceUtilsMock()
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
if assert.NoError(t, err) {
assert.Equal(t, "mock-group-id-mock-artifact-id", scan.AggregateProjectName)
assert.Equal(t, "1", config.Version)
assert.Equal(t, "mock-product-token", config.ProductToken)
assert.Equal(t, "mta", utilsMock.usedBuildTool)
assert.Equal(t, "my-mta.yml", utilsMock.usedBuildDescriptorFile)
assert.Equal(t, "project-settings.xml", utilsMock.usedOptions.ProjectSettingsFile)
assert.Equal(t, "global-settings.xml", utilsMock.usedOptions.GlobalSettingsFile)
assert.Equal(t, "m2/path", utilsMock.usedOptions.M2Path)
}
})
t.Run("success - with custom scan version", func(t *testing.T) {
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
// init
config := ScanOptions{
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
BuildTool: "mta",
BuildDescriptorFile: "my-mta.yml",
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
CustomScanVersion: "2.3.4",
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
VersioningModel: "major",
ProductName: "mock-product",
M2Path: "m2/path",
ProjectSettingsFile: "project-settings.xml",
GlobalSettingsFile: "global-settings.xml",
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
utilsMock := newWhitesourceUtilsMock()
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
systemMock := ws.NewSystemMock("ignored")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(&config)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
// test
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
// assert
if assert.NoError(t, err) {
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
assert.Equal(t, "mock-group-id-mock-artifact-id", scan.AggregateProjectName)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, "2.3.4", config.Version)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
assert.Equal(t, "mock-product-token", config.ProductToken)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
assert.Equal(t, "mta", utilsMock.usedBuildTool)
assert.Equal(t, "my-mta.yml", utilsMock.usedBuildDescriptorFile)
assert.Equal(t, "project-settings.xml", utilsMock.usedOptions.ProjectSettingsFile)
assert.Equal(t, "global-settings.xml", utilsMock.usedOptions.GlobalSettingsFile)
assert.Equal(t, "m2/path", utilsMock.usedOptions.M2Path)
}
})
fix(whitesourceExecuteScan): respect versioning model and custom scan version (#4187) * Test * Test * Test * Respect customScanVersion if filled * Add test case * Clean up * Respect versioningModel * Add test case * Clean up * Clean up
2023-01-16 19:14:33 +02:00
t.Run("success - with custom scan version (projectName is filled)", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
CustomScanVersion: "latest",
VersioningModel: "major",
ProductName: "mock-product",
ProjectName: "mock-project",
Version: "0.0.1",
}
utilsMock := newWhitesourceUtilsMock()
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
if assert.NoError(t, err) {
assert.Equal(t, "mock-project", scan.AggregateProjectName)
assert.Equal(t, "latest", config.Version)
assert.Equal(t, "mock-product-token", config.ProductToken)
}
})
t.Run("success - with version from default (projectName is filled)", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
VersioningModel: "major-minor",
ProductName: "mock-product",
ProjectName: "mock-project",
Version: "1.2.3",
}
utilsMock := newWhitesourceUtilsMock()
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
if assert.NoError(t, err) {
assert.Equal(t, "mock-project", scan.AggregateProjectName)
assert.Equal(t, "1.2", config.Version)
assert.Equal(t, "mock-product-token", config.ProductToken)
}
})
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
t.Run("retrieves token for configured project name", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
BuildDescriptorFile: "my-mta.yml",
VersioningModel: "major",
ProductName: "mock-product",
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
ProjectName: "mock-project",
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
}
utilsMock := newWhitesourceUtilsMock()
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
systemMock := ws.NewSystemMock("ignored")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
if assert.NoError(t, err) {
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
assert.Equal(t, "mock-project", scan.AggregateProjectName)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, "1", config.Version)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
assert.Equal(t, "mock-product-token", config.ProductToken)
assert.Equal(t, "mta", utilsMock.usedBuildTool)
assert.Equal(t, "my-mta.yml", utilsMock.usedBuildDescriptorFile)
assert.Equal(t, "mock-project-token", config.ProjectToken)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
})
t.Run("product not found", func(t *testing.T) {
// init
config := ScanOptions{
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
BuildTool: "mta",
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
VersioningModel: "major",
ProductName: "does-not-exist",
}
utilsMock := newWhitesourceUtilsMock()
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
systemMock := ws.NewSystemMock("ignored")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(&config)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
// test
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
// assert
Error logging (#2947) * (feat) adds error logging output for downloading reports from whitesource * Extended error logging with errors.Wrapf() * Adjusted whitesource tests
2021-06-30 11:11:41 +02:00
assert.EqualError(t, err, "error resolving product token: failed to get product by name: no product with name 'does-not-exist' found in Whitesource")
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
})
whitesourceExecuteScan-go: Implement parameters "timeout", "createProductFromPipeline" (#2246)
2020-10-29 10:21:01 +02:00
t.Run("product not found, created from pipeline", func(t *testing.T) {
// init
config := ScanOptions{
BuildTool: "mta",
CreateProductFromPipeline: true,
EmailAddressesOfInitialProductAdmins: []string{"user1@domain.org", "user2@domain.org"},
VersioningModel: "major",
ProductName: "created-by-pipeline",
}
utilsMock := newWhitesourceUtilsMock()
systemMock := ws.NewSystemMock("ignored")
scan := newWhitesourceScan(&config)
// test
err := resolveProjectIdentifiers(&config, scan, utilsMock, systemMock)
// assert
assert.NoError(t, err)
assert.Len(t, systemMock.Products, 2)
assert.Equal(t, "created-by-pipeline", systemMock.Products[1].Name)
assert.Equal(t, "mock-product-token-1", config.ProductToken)
})
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
func TestCheckPolicyViolations(t *testing.T) {
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
t.Parallel()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("success - no violations", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
config := ScanOptions{ProductName: "mock-product", Version: "1"}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{}
utilsMock := newWhitesourceUtilsMock()
reportPaths := []piperutils.Path{
{Target: filepath.Join("whitesource", "report1.pdf")},
{Target: filepath.Join("whitesource", "report2.pdf")},
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
path, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.NoError(t, err)
assert.Equal(t, filepath.Join(ws.ReportsDirectory, "whitesource-ip.json"), path.Target)
fileContent, _ := utilsMock.FileRead(path.Target)
content := string(fileContent)
assert.Contains(t, content, `"policyViolations":0`)
assert.Contains(t, content, `"reports":["report1.pdf","report2.pdf"]`)
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
exists, err := utilsMock.FileExists(filepath.Join(reporting.StepReportDirectory, "whitesourceExecuteScan_ip_2d3120020f3f46393a54575a7f6f5675ad536721.json"))
assert.True(t, exists)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
})
t.Run("success - no reports", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{}
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{}
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
utilsMock := newWhitesourceUtilsMock()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
reportPaths := []piperutils.Path{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
path, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.NoError(t, err)
fileContent, _ := utilsMock.FileRead(path.Target)
content := string(fileContent)
assert.Contains(t, content, `reports":[]`)
})
t.Run("error - policy violations", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat: allow OSVM scans to succeed with vulnerabilities (#3889) For running open source vulnerability scans in de-coupled processes it is helpful to allow that steps only create compliance reports to inform users/teams but not fail the pipeline. This can now be achieved constitently with the flag: `failOnSevereVulnerabilities` Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
config := ScanOptions{FailOnSevereVulnerabilities: true}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
systemMock := ws.NewSystemMock("ignored")
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock.Alerts = []ws.Alert{
{Vulnerability: ws.Vulnerability{Name: "policyVul1"}},
{Vulnerability: ws.Vulnerability{Name: "policyVul2"}},
}
utilsMock := newWhitesourceUtilsMock()
reportPaths := []piperutils.Path{
{Target: "report1.pdf"},
{Target: "report2.pdf"},
}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
path, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "2 policy violation(s) found")
fileContent, _ := utilsMock.FileRead(path.Target)
content := string(fileContent)
assert.Contains(t, content, `"policyViolations":2`)
assert.Contains(t, content, `"reports":["report1.pdf","report2.pdf"]`)
})
t.Run("error - get alerts", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{}
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.AlertError = fmt.Errorf("failed to read alerts")
utilsMock := newWhitesourceUtilsMock()
reportPaths := []piperutils.Path{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
_, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "failed to retrieve project policy alerts from WhiteSource")
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("error - write file", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{}
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{}
utilsMock := newWhitesourceUtilsMock()
utilsMock.FileWriteError = fmt.Errorf("failed to write file")
reportPaths := []piperutils.Path{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
_, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "failed to write policy violation report:")
})
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
t.Run("failed to write json report", func(t *testing.T) {
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
ctx := context.Background()
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
config := ScanOptions{ProductName: "mock-product", Version: "1"}
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{}
utilsMock := newWhitesourceUtilsMock()
utilsMock.FileWriteErrors = map[string]error{
filepath.Join(reporting.StepReportDirectory, "whitesourceExecuteScan_ip_2d3120020f3f46393a54575a7f6f5675ad536721.json"): fmt.Errorf("write error"),
}
reportPaths := []piperutils.Path{}
influx := whitesourceExecuteScanInflux{}
fix(whitesourceExecuteScan): properly handle policy violations (#4089) * fix(whitesourceExecuteScan): properly handle policy violations * update files * update formatting Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-11-07 12:16:07 +02:00
_, err := checkPolicyViolations(ctx, &config, scan, systemMock, utilsMock, reportPaths, &influx)
feat(pipelineCreateScanSummary) Create groovy wrapper (#2743) * feat(pipelineCreateScanSummary) Create groovy wrapper * add command to binary * stash step reports * update stash * fix typo * unstash reports first * update reporting * update json reporting * update tests & enhance logging * update md report * update md reporting * fix rendering * update tests
2021-04-15 07:45:06 +02:00
assert.Contains(t, fmt.Sprint(err), "failed to write json report")
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
}
func TestCheckSecurityViolations(t *testing.T) {
t.Parallel()
t.Run("success - non-aggregated", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
config := ScanOptions{
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
CvssSeverityLimit: "7",
}
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
{Vulnerability: ws.Vulnerability{Name: "vul1", CVSS3Score: 6.0}},
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
utilsMock := newWhitesourceUtilsMock()
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
reportPaths, err := checkSecurityViolations(ctx, &config, scan, systemMock, utilsMock, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.NoError(t, err)
fileContent, err := utilsMock.FileRead(reportPaths[0].Target)
assert.NoError(t, err)
assert.True(t, len(fileContent) > 0)
})
t.Run("success - aggregated", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{
CvssSeverityLimit: "7",
ProjectToken: "theProjectToken",
}
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
scan := newWhitesourceScan(&config)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
{Vulnerability: ws.Vulnerability{Name: "vul1", CVSS3Score: 6.0}},
}
utilsMock := newWhitesourceUtilsMock()
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
reportPaths, err := checkSecurityViolations(ctx, &config, scan, systemMock, utilsMock, &influx)
whitesourcExecuteScan-go: Additional fixes (#2315) * Make sure the UA scan is known to the scan object. Fixes downloading reports later on. * Move polling into pkg/whitesource, add test for e2e scan * Remove conditions from stash config resource * Don't use version stored in CPE. This will prevent the versioningModel from being applied.
2020-11-10 10:09:51 +02:00
assert.NoError(t, err)
Fix issue with not generating sarif file when projectName was specified (#4199) * Fixed bug in generating sarif file in whitesource step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-02-07 17:10:21 +02:00
assert.Equal(t, 3, len(reportPaths))
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
})
t.Run("error - wrong limit", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{CvssSeverityLimit: "x"}
scan := newWhitesourceScan(&config)
systemMock := ws.NewSystemMock("ignored")
utilsMock := newWhitesourceUtilsMock()
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
_, err := checkSecurityViolations(ctx, &config, scan, systemMock, utilsMock, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "failed to parse parameter cvssSeverityLimit")
})
t.Run("error - non-aggregated", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{
fix(whitesourceExecuteScan): failOnSevereVulnerabilities (#3894) * fix(whitesourceExecuteScan): failOnSevereVulnerabilities failOnSevereVulnerabilities has not been considered properly for security vulnerabilities. * chore: remove comment * chore: update formatting
2022-07-18 14:36:29 +02:00
CvssSeverityLimit: "5",
FailOnSevereVulnerabilities: true,
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
scan := newWhitesourceScan(&config)
chore: fix linting issues (#3878) * chore: fix linting issues * add more fixes * correct formatting * Delete depl.yaml
2022-07-21 09:04:21 +02:00
if err := scan.AppendScannedProject("testProject1"); err != nil {
t.Fail()
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
{Vulnerability: ws.Vulnerability{Name: "vul1", CVSS3Score: 6.0}},
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
utilsMock := newWhitesourceUtilsMock()
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
reportPaths, err := checkSecurityViolations(ctx, &config, scan, systemMock, utilsMock, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "1 Open Source Software Security vulnerabilities")
fileContent, err := utilsMock.FileRead(reportPaths[0].Target)
assert.NoError(t, err)
assert.True(t, len(fileContent) > 0)
})
t.Run("error - aggregated", func(t *testing.T) {
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
ctx := context.Background()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
config := ScanOptions{
fix(whitesourceExecuteScan): failOnSevereVulnerabilities (#3894) * fix(whitesourceExecuteScan): failOnSevereVulnerabilities failOnSevereVulnerabilities has not been considered properly for security vulnerabilities. * chore: remove comment * chore: update formatting
2022-07-18 14:36:29 +02:00
CvssSeverityLimit: "5",
ProjectToken: "theProjectToken",
FailOnSevereVulnerabilities: true,
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
}
scan := newWhitesourceScan(&config)
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
{Vulnerability: ws.Vulnerability{Name: "vul1", CVSS3Score: 6.0}},
}
utilsMock := newWhitesourceUtilsMock()
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
feat: improve vulnerability reporting via GitHub issues (#3924) * feat: improve vulnerability reporting via GitHub issues * feat: update reports * chore: add tls cert links * only write log on error * chore: update formatting * chore: update handling of direct dependencies * chore: fix linting issue * chore: minor updates
2022-08-02 08:26:26 +02:00
reportPaths, err := checkSecurityViolations(ctx, &config, scan, systemMock, utilsMock, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "1 Open Source Software Security vulnerabilities")
Fix issue with not generating sarif file when projectName was specified (#4199) * Fixed bug in generating sarif file in whitesource step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-02-07 17:10:21 +02:00
assert.Equal(t, 3, len(reportPaths))
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
})
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
func TestCheckProjectSecurityViolations(t *testing.T) {
project := ws.Project{Name: "testProject - 1", Token: "testToken"}
t.Run("success - no alerts", func(t *testing.T) {
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
severeVulnerabilities, alerts, assessedAlerts, err := checkProjectSecurityViolations(&ScanOptions{FailOnSevereVulnerabilities: true}, 7.0, project, systemMock, &[]format.Assessment{}, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.NoError(t, err)
assert.Equal(t, 0, severeVulnerabilities)
assert.Equal(t, 0, len(alerts))
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
assert.Equal(t, 0, len(assessedAlerts))
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
})
t.Run("error - some vulnerabilities", func(t *testing.T) {
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
Refinement of SARIF generation for BD and WS (#3942) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix * feat(fortify): Added a check for fortify binary in $PATH (#3925) * added check for fortifyupdate and sourceanalyzer bin Co-authored-by: sumeet patil <sumeet.patil@sap.com> * Modify SARIF * Enhanced SARID contents * Small refinement for hub detect * Small adjustments * Extend SARIF contents * Consistency to Mend part * Fix tests * Fix merge * Fix test * Add debug log, enhance output * Enhance meta info * Fix libType for node * Fix log entry * Fix pointers and test * Fix test * Fix library types * Fix test * Extend libType mappings Co-authored-by: Vinayak S <vinayaks439@gmail.com> Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-11 13:12:14 +02:00
{Vulnerability: ws.Vulnerability{CVSS3Score: 7, Name: "CVE-2025-001"}, Library: ws.Library{KeyID: 42, Name: "test", GroupID: "com.sap", ArtifactID: "test", Version: "1.2.3", LibType: "Java"}},
{Vulnerability: ws.Vulnerability{CVSS3Score: 6, Name: "CVE-2025-002"}, Library: ws.Library{KeyID: 42, Name: "test", GroupID: "com.sap", ArtifactID: "test", Version: "1.2.3", LibType: "Java"}},
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
}
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
severeVulnerabilities, alerts, assessedAlerts, err := checkProjectSecurityViolations(&ScanOptions{FailOnSevereVulnerabilities: true}, 7.0, project, systemMock, &[]format.Assessment{}, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "1 Open Source Software Security vulnerabilities")
assert.Equal(t, 1, severeVulnerabilities)
assert.Equal(t, 2, len(alerts))
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
assert.Equal(t, 0, len(assessedAlerts))
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
})
SBOM creation for Mend (#3934) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
t.Run("success - assessed vulnerabilities", func(t *testing.T) {
systemMock := ws.NewSystemMock("ignored")
systemMock.Alerts = []ws.Alert{
Refinement of SARIF generation for BD and WS (#3942) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix * feat(fortify): Added a check for fortify binary in $PATH (#3925) * added check for fortifyupdate and sourceanalyzer bin Co-authored-by: sumeet patil <sumeet.patil@sap.com> * Modify SARIF * Enhanced SARID contents * Small refinement for hub detect * Small adjustments * Extend SARIF contents * Consistency to Mend part * Fix tests * Fix merge * Fix test * Add debug log, enhance output * Enhance meta info * Fix libType for node * Fix log entry * Fix pointers and test * Fix test * Fix library types * Fix test * Extend libType mappings Co-authored-by: Vinayak S <vinayaks439@gmail.com> Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2022-08-11 13:12:14 +02:00
{Vulnerability: ws.Vulnerability{CVSS3Score: 7.8, Name: "CVE-2025-001"}, Library: ws.Library{KeyID: 42, Name: "test", GroupID: "com.sap", ArtifactID: "test", Version: "1.2.3", LibType: "Java"}},
{Vulnerability: ws.Vulnerability{CVSS3Score: 6, Name: "CVE-2025-002"}, Library: ws.Library{KeyID: 42, Name: "test", GroupID: "com.sap", ArtifactID: "test", Version: "1.2.3", LibType: "Java"}},
SBOM creation for Mend (#3934) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
}
influx := whitesourceExecuteScanInflux{}
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
severeVulnerabilities, alerts, assessedAlerts, err := checkProjectSecurityViolations(&ScanOptions{FailOnSevereVulnerabilities: true}, 7.0, project, systemMock, &[]format.Assessment{{Vulnerability: "CVE-2025-001", Purls: []format.Purl{{Purl: "pkg:/maven/com.sap/test@1.2.3"}}}, {Vulnerability: "CVE-2025-002", Purls: []format.Purl{{Purl: "pkg:/maven/com.sap/test@1.2.3"}}}}, &influx)
SBOM creation for Mend (#3934) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
assert.NoError(t, err)
assert.Equal(t, 0, severeVulnerabilities)
assert.Equal(t, 0, len(alerts))
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
assert.Equal(t, 2, len(assessedAlerts))
SBOM creation for Mend (#3934) * Fix docs and format * Assessment format added * Added sample file * Added parsing * Added packageurl implementation * Slight refinement * Refactored assessment options * Adapted sample file * First attempt of ws sbom gen * Reworked SBOM generation * Fix test code * Add assessment handling * Update dependencies * Added golden test * Small fix Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-08-09 13:56:01 +02:00
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("error - WhiteSource failure", func(t *testing.T) {
systemMock := ws.NewSystemMock("ignored")
systemMock.AlertError = fmt.Errorf("failed to read alerts")
fix(influx): correct data type of influx measurements (#2171) * update data type of influx measurements * Update checkmarx.yaml * pick changes from #1885 for testing * update generated code * update to new datatype * adjust to type changes * change back to string type * Update fortifyExecuteScan.go * add typo to be backward compatible * change type to int for files_scanned and lines_of_code_scanned * add typo * add measurements to whitesource * update generated sources * adjust test cases Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-10 17:00:53 +02:00
influx := whitesourceExecuteScanInflux{}
fix(whitesourceExecuteScan): Fix processing of assessment (#4059) * Fix potential nil reference * Fix handling of assessed vulns * Fix test code * Add error detail * Fix parsing * Adding debug output * Fix nil reference * fix * Add debug * Update cmd/whitesourceExecuteScan.go Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> * Update cmd/whitesourceExecuteScan.go * Update cmd/whitesourceExecuteScan.go * Fix fmt Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2022-10-13 12:34:02 +02:00
_, _, _, err := checkProjectSecurityViolations(&ScanOptions{FailOnSevereVulnerabilities: true}, 7.0, project, systemMock, &[]format.Assessment{}, &influx)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Contains(t, fmt.Sprint(err), "failed to retrieve project alerts from WhiteSource")
})
}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
func TestAggregateVersionWideLibraries(t *testing.T) {
t.Parallel()
t.Run("happy path", func(t *testing.T) {
// init
config := &ScanOptions{
feat: allow OSVM scans to succeed with vulnerabilities (#3889) For running open source vulnerability scans in de-coupled processes it is helpful to allow that steps only create compliance reports to inform users/teams but not fail the pipeline. This can now be achieved constitently with the flag: `failOnSevereVulnerabilities` Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2022-07-12 11:43:24 +02:00
FailOnSevereVulnerabilities: true,
ProductToken: "mock-product-token",
Version: "1",
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
}
utils := newWhitesourceUtilsMock()
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
system := ws.NewSystemMock("2010-05-30 00:15:00 +0100")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// test
err := aggregateVersionWideLibraries(config, utils, system)
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
resource := filepath.Join(ws.ReportsDirectory, "libraries-20100510-001542.csv")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
if assert.NoError(t, err) && assert.True(t, utils.HasWrittenFile(resource)) {
contents, _ := utils.FileRead(resource)
asString := string(contents)
assert.Equal(t, "Library Name, Project Name\nmock-library, mock-project\n", asString)
chore: cleanup reporting & some incorrect file usage in tests (#3943) * chore: cleanup reporting & some incorrect file usage in tests * cleanup interface * chore: remove comment * preserve error handling * Rename FileUtils.go to fileUtils.go * clean up formatting * chore: address static check findings * fix brittle test * chore: cleanup formatting
2022-08-09 10:57:02 +02:00
c, _ := utils.ReadFile("/whitesourceExecuteScan_reports.json")
assert.NotEmpty(t, c)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
}
})
}
func TestAggregateVersionWideVulnerabilities(t *testing.T) {
t.Parallel()
t.Run("happy path", func(t *testing.T) {
// init
config := &ScanOptions{
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
ProductToken: "mock-product-token",
Version: "1",
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
}
utils := newWhitesourceUtilsMock()
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207)
2020-10-20 09:49:26 +02:00
system := ws.NewSystemMock("2010-05-30 00:15:00 +0100")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// test
err := aggregateVersionWideVulnerabilities(config, utils, system)
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
resource := filepath.Join(ws.ReportsDirectory, "project-names-aggregated.txt")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
assert.NoError(t, err)
if assert.True(t, utils.HasWrittenFile(resource)) {
contents, _ := utils.FileRead(resource)
asString := string(contents)
assert.Equal(t, "mock-project - 1\n", asString)
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
reportSheet := filepath.Join(ws.ReportsDirectory, "vulnerabilities-20100510-001542.xlsx")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
sheetContents, err := utils.FileRead(reportSheet)
assert.NoError(t, err)
assert.NotEmpty(t, sheetContents)
chore: cleanup reporting & some incorrect file usage in tests (#3943) * chore: cleanup reporting & some incorrect file usage in tests * cleanup interface * chore: remove comment * preserve error handling * Rename FileUtils.go to fileUtils.go * clean up formatting * chore: address static check findings * fix brittle test * chore: cleanup formatting
2022-08-09 10:57:02 +02:00
c, _ := utils.ReadFile("whitesourceExecuteScan_reports.json")
assert.NotEmpty(t, c)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
})
}
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
func TestPersistScannedProjects(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
t.Parallel()
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("write 1 scanned projects", func(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// init
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
config := &ScanOptions{Version: "1"}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(config)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
_ = scan.AppendScannedProject("project")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// test
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
persistScannedProjects(config, scan, &cpe)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, []string{"project - 1"}, cpe.custom.whitesourceProjectNames)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("write 2 scanned projects", func(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// init
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
config := &ScanOptions{Version: "1"}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(config)
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
_ = scan.AppendScannedProject("project-app")
_ = scan.AppendScannedProject("project-db")
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// test
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
persistScannedProjects(config, scan, &cpe)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, []string{"project-app - 1", "project-db - 1"}, cpe.custom.whitesourceProjectNames)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("write no projects", func(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// init
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
config := &ScanOptions{Version: "1"}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(config)
// test
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
persistScannedProjects(config, scan, &cpe)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, []string{}, cpe.custom.whitesourceProjectNames)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
})
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
t.Run("write aggregated project", func(t *testing.T) {
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// init
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
cpe := whitesourceExecuteScanCommonPipelineEnvironment{}
config := &ScanOptions{ProjectName: "project", Version: "1"}
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
scan := newWhitesourceScan(config)
// test
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
persistScannedProjects(config, scan, &cpe)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
// assert
feat(whitesource): consolidated reporting and versioning alignment (#2571) * update reporting and add todo comments * enhance reporting, allow directory creation for reports * properly pass reports * update templating and increase verbosity of errors * add todo * add detail table * update sorting * add test and improve error message * fix error message in test * extend tests * enhance tests * enhance versioning behavior accoring to #1846 * create markdown overview report * small fix * fix small issue * make sure that report directory exists * align reporting directory with default directory from UA * add missing comments * add policy check incl. tests * enhance logging and tests * update versioning to allow custom version usage properly * fix report paths and golang image * update styling of md * update test
2021-02-10 17:18:00 +02:00
assert.Equal(t, []string{"project - 1"}, cpe.custom.whitesourceProjectNames)
whitesourceExecuteScan: bypass UA for mta, maven, npm and yarn (#1879) Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
2020-09-29 12:44:31 +02:00
})
Refactor whitesourceExecuteScan, fix polling, error handling (#2036)
2020-09-18 11:54:45 +02:00
}
Reference in New Issue Copy Permalink