def test_scan_and_find_dependencies_maven_ignore_test_deps():
"""Test scan_and_find_dependencies function for Maven."""
manifests = [{
"filename":
"dependencies.txt",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/dependencies.txt")).read()
}]
res = DependencyFinder().scan_and_find_dependencies(
"maven", manifests, True)
assert "result" in res
# There are total 9 packages, but 4 are mandatory packages.
assert 4 == len(res['result'][0]['details'][0]['_resolved'])
# Packages expected are
mandatory_packages = [
'io.vertx:vertx-core', 'io.vertx:vertx-web',
'io.vertx:vertx-health-check', 'io.vertx:vertx-web-client'
]
# Packages not expected are
test_packages = [
'io.vertx:vertx-unit', 'junit:junit', 'org.assertj:assertj-core',
'io.rest-assured:rest-assured',
'org.arquillian.cube:arquillian-cube-openshift-starter'
]
# Check that only non-test packages are present.
for package in res['result'][0]['details'][0]['_resolved']:
assert package['package'] in mandatory_packages
assert package['package'] not in test_packages
def scan_and_find_dependencies(ecosystem, manifests):
"""Scan the dependencies files to fetch transitive deps."""
if ecosystem == "golang":
# TODO remove the logic for golang. Add the golang logic in utils
return DependencyFinder.get_dependencies_from_ecosystem_list(
ecosystem, manifests)
return Df.scan_and_find_dependencies(ecosystem, manifests)
def execute(self, arguments):
"""Perform the git operations."""
self.log.info("Worker flow initiated for git operations")
self._strict_assert(arguments.get('git_url'))
self._strict_assert(arguments.get('ecosystem'))
self._strict_assert(arguments.get('is_scan_enabled'))
self._strict_assert(arguments.get('request_id'))
self._strict_assert(arguments.get('gh_token'))
giturl = arguments.get('git_url')
ecosystem = arguments.get('ecosystem')
request_id = arguments.get('request_id')
is_modified_flag = arguments.get('is_modified_flag')
check_license = arguments.get('check_license')
auth_key = arguments.get('auth_key')
gh_token = arguments.get('gh_token')
is_scan_enabled = arguments.get('is_scan_enabled')
manifests = self.create_repo_and_generate_files(
giturl, ecosystem, gh_token)
if len(manifests) == 0:
self.log.error("No dependency files found or generated.")
return None
repo_name = giturl.split("/")[-1]
path = _dir_path + "/" + repo_name
data_object = []
for manifest in manifests:
temp = {
'filename': manifest.filename,
'content': manifest.read(),
'filepath': path
}
data_object.append(temp)
deps = DependencyFinder.scan_and_find_dependencies(
ecosystem, data_object)
# Call to the Gemini Server
if is_scan_enabled == "true":
self.log.info("Scan is enabled.Gemini scan call in progress")
try:
self.gemini_call_for_cve_scan(giturl, deps, auth_key)
except Exception:
self.log.exception("Failed to call the gemini scan.")
# Call to the Backbone
self.log.debug(deps)
if len(deps) == 0:
self.log.error(
"Dependencies not generated properly.Backbone wont be called.")
return None
try:
self.log.info("Calling backbone for stack analyses")
self.backbone_for_stack_analysis(deps, request_id,
is_modified_flag, check_license)
except Exception:
self.log.exception("Failed to call the backbone.")
os.system("rm -rf " + path)
def test_clean_version():
"""Test clean version."""
is_semver, cleaned_vr = DependencyFinder().clean_version(
'v0.0.0-20190718012654-fb15b899a751')
assert is_semver
assert cleaned_vr == '0.0.0-20190718012654-fb15b899a751'
is_semver, cleaned_vr = DependencyFinder().clean_version(
'v2.1.4+incompatible')
assert is_semver
assert cleaned_vr == '2.1.4'
is_semver, cleaned_vr = DependencyFinder().clean_version('v0.20.1-beta')
assert is_semver
assert cleaned_vr == '0.20.1-beta'
is_semver, cleaned_vr = DependencyFinder().clean_version('v32$@12')
assert not is_semver
assert cleaned_vr == '32$@12'
is_semver, cleaned_vr = DependencyFinder().clean_version('v1.1.1-dev1')
assert is_semver
assert cleaned_vr == '1.1.1-dev1'
def test_scan_and_find_dependencies_golang_empty_input(self):
"""Test scan_and_find_dependencies function for golang Empty."""
file = open(str(Path(__file__).parent / "data/gograph_empty.txt"))
manifests = [{
"filename": "gograph.txt",
"filepath": "/bin/local",
"content": file.read()
}]
file.close()
res = DependencyFinder().scan_and_find_dependencies
self.assertRaises(ValueError, res, "golang", manifests, True)
def test_parse_go_string():
"""Test for Parse go string."""
ideal_res = {
'from': 'github.com/hashicorp/consul/[email protected]',
'package': 'github.com/hashicorp/consul/sdk',
'given_version': 'v0.1.1',
'is_semver': True,
'version': '0.1.1'
}
res = DependencyFinder().parse_go_string(
'github.com/hashicorp/consul/[email protected]')
assert res == ideal_res
def test_scan_and_find_dependencies_maven():
"""Test scan_and_find_dependencies function for Maven."""
manifests = [{
"filename":
"dependencies.txt",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/dependencies.txt")).read()
}]
res = DependencyFinder().scan_and_find_dependencies("maven", manifests)
assert "result" in res
resolved = res['result'][0]['details'][0]['_resolved'][0]
assert resolved['package'] == "io.vertx:vertx-core"
assert len(resolved['deps']) == 15
def test_scan_and_find_dependencies_npm():
"""Test scan_and_find_dependencies function for NPM."""
manifests = [{
"filename":
"npmlist.json",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/npmlist.json")).read()
}]
res = DependencyFinder().scan_and_find_dependencies("npm", manifests)
assert "result" in res
assert res['result'][0]['details'][0]['_resolved'][0][
'package'] == "body-parser"
assert len(res['result'][0]['details'][0]['_resolved'][0]['deps']) == 2
def test_scan_and_find_dependencies_pypi_pylist_as_bytes():
"""Test scan_and_find_dependencies function for PyPi."""
manifests = [{
"filename":
"pylist.json",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/pylist.json"), "rb").read()
}]
res = DependencyFinder().scan_and_find_dependencies("pypi", manifests)
assert "result" in res
assert res['result'][0]['details'][0]['_resolved'][0][
'package'] == "django"
assert len(res['result'][0]['details'][0]['_resolved'][0]['deps']) == 1
def test_scan_and_find_dependencies_golang():
"""Test scan_and_find_dependencies function for golang."""
manifests = [{
"filename":
"gograph.txt",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/gograph.txt")).read()
}]
with open(str(Path(__file__).parent / "data/golang_dep_tree.json")) as fp:
dep_tree = json.load(fp)
res = DependencyFinder().scan_and_find_dependencies(
"golang", manifests, True)
assert res == dep_tree
def test_scan_and_find_dependencies_maven_invalid_coordinates():
"""Test scan_and_find_dependencies function for Maven."""
manifests = [{
"filename":
"dependencies.txt",
"filepath":
"/bin/local",
"content":
open(
str(
Path(__file__).parent /
"data/dependencies_invalid_coordinates.txt")).read()
}]
with pytest.raises(ValueError):
res = DependencyFinder().scan_and_find_dependencies("maven", manifests)
assert res
def test_scan_and_find_dependencies_maven_manifest_as_bytes():
"""Test scan_and_find_dependencies function for Maven."""
# file containing content should be opened as binary stream
manifests = [{
"filename":
"dependencies.txt",
"filepath":
"/bin/local",
"content":
open(str(Path(__file__).parent / "data/dependencies.txt"),
"rb").read()
}]
res = DependencyFinder().scan_and_find_dependencies(
"maven", manifests, "false")
assert "result" in res
resolved = res['result'][0]['details'][0]['_resolved'][0]
assert resolved['package'] == "io.vertx:vertx-core"
assert len(resolved['deps']) == 0
def test_scan_and_find_dependencies_golang_only_direct(self):
"""Test scan_and_find_dependencies function for golang Only Direct Deps."""
file = open(str(
Path(__file__).parent / "data/gograph_only_direct.txt"))
manifests = [{
"filename": "gograph.txt",
"filepath": "/bin/local",
"content": file.read()
}]
file.close()
with open(
str(
Path(__file__).parent /
"data/golist_response_only_direct.json")) as fp:
ideal_response = json.load(fp)
res = DependencyFinder().scan_and_find_dependencies(
"golang", manifests, True)
self.assertEqual(res, ideal_response)
def scan_and_find_dependencies(ecosystem, manifests, show_transitive):
"""Scan the dependencies files to fetch transitive deps."""
return Df.scan_and_find_dependencies(ecosystem, manifests,
show_transitive)