def test_json_load_basic_to_dict(datafiles: py.path,
pypi_config: RepositoryConfiguration) -> None:
"""Small baseline test of the string representation."""
pkg = PyPiPackageMetadata(
pypi_config.base_url,
load_test_json_data(datafiles, "basic_package.json"))
val = pkg.to_dict()
assert val["name"] == "Demo"
assert val["version"] == "0"
assert val["summary"] == "A short summary."
def test_json_load(
input_file: str,
expected: Dict,
datafiles: py.path,
pypi_config: RepositoryConfiguration,
) -> None:
"""Validate loading against sample data from pypi.org.
This is different to test_data_load.py as this test is more than
just a basic load. The DATAFILE_VALIDATION consttruct lays out
a set of attributes to test against for the various inputs.
"""
source_data = Path(datafiles.join(input_file))
with open(source_data, "r") as f:
data = json.load(f)
pkg = PyPiPackageMetadata(pypi_config.base_url, data)
assert pkg.name == expected["name"]
assert pkg.version == expected["version"]
assert pkg.license == expected["license"]
assert pkg.url_code == expected["url_code"]
assert pkg.url_documentation == expected["url_documentation"]
assert pkg.url_project == expected["url_project"]
assert pkg.url_issue_tracker == expected["url_issue_tracker"]
assert pkg.requires_python == expected["requires_python"]
# This now gets messy - sorry
# TODO: Tidy this up
for k in expected["requires_dist"].keys():
assert k in pkg.requires_dist
reqs = [
pkg._requirement_to_dict(item) for item in pkg.requires_dist[k]
]
expected_reqs = expected["requires_dist"][k]
assert len(reqs) == len(expected["requires_dist"][k])
# Iterate over the requirements in the source dependency
for req in reqs:
flag = False
assert (
k == req["name"]
), "All of the Requirements instances in the list must have the same name"
# Inner loop - blech
for ereq in expected_reqs:
assert ereq["name"] == req["name"]
print(f"Comparing {req} with {ereq}")
if ereq == req:
flag = True
break
assert flag, f"No match for requires_dist item: {ereq}."
def test_basic_report_project_not_found() -> None:
"""Check a missing project link is reported."""
from valiant.reports import FindingCategory, FindingLevel
from valiant.plugins.reports.basic import BasicReportPlugin
from valiant.plugins.reports.basic.provider import BasicId
from valiant.repositories.pypi import PyPiPackageMetadata
from data.package_no_project import NO_PROJECT_PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=NO_PROJECT_PACKAGE)
report = BasicReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.findings) == 1
for finding in report.all_findings:
if finding.id == BasicId.PROJECT_NOT_FOUND.id:
assert finding.level == FindingLevel.WARNING
assert finding.category == FindingCategory.PROJECT.value
assert finding.title == "No link to project site"
return
assert False # noqa:B011
def test_basic_report_artifact_not_signed() -> None:
"""Check an unsigned artifact is reported."""
from valiant.reports import FindingCategory, FindingLevel
from valiant.plugins.reports.basic import BasicReportPlugin
from valiant.plugins.reports.basic.provider import BasicId
from valiant.repositories.pypi import PyPiPackageMetadata
from data.package_not_signed import PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=PACKAGE)
report = BasicReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.findings) == 1
for finding in report.all_findings:
if finding.id == BasicId.ARTIFACT_NOT_SIGNED.id:
assert finding.level == FindingLevel.WARNING
assert finding.category == FindingCategory.PROJECT.value
assert finding.title == "An artifact has not been signed"
return
assert False # noqa:B011
def test_basic_report_dev_release() -> None:
"""Check a dev release is reported."""
from valiant.reports import FindingCategory, FindingLevel
from valiant.plugins.reports.basic import BasicReportPlugin
from valiant.plugins.reports.basic.provider import BasicId
from valiant.repositories.pypi import PyPiPackageMetadata
from data.package_dev import PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=PACKAGE)
report = BasicReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.findings) == 1
for finding in report.all_findings:
if finding.id == BasicId.NON_PRODUCTION_RELEASE.id:
assert finding.level == FindingLevel.WARNING
assert finding.category == FindingCategory.PROJECT.value
assert finding.title == "Package not production ready"
return
assert False # noqa:B011
def test_demo_report() -> None:
"""Check theonly finding that demo produces."""
from valiant.reports import FindingLevel
from valiant.plugins.reports.demo import DemoReportPlugin
from valiant.repositories.pypi import PyPiPackageMetadata
from data.basic_package import BASIC_PACKAGE
metadata = PyPiPackageMetadata(
repository_url="https://pypi.example.com", package_data=BASIC_PACKAGE
)
report = DemoReportPlugin.prepare_report(
package_metadata=metadata, configuration_dir=None
)
assert len(report.findings) == 1
finding = report.all_findings[0]
assert finding.id == "DEMO001"
assert finding.title == "Demo finding"
assert finding.level == FindingLevel.INFO
assert finding.category == "project"
assert finding.message == "This is a demo finding"
assert finding.url == "http://www.example.com"
assert finding.data["value"] == "demo"
def test_spdx_report() -> None:
"""Check there are no adverse findings on a well-covered package."""
from valiant.plugins.reports.spdx import SpdxLicenseReportPlugin
from valiant.reports import FindingLevel
from valiant.repositories.pypi import PyPiPackageMetadata
from .data.basic_package import PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=PACKAGE)
report = SpdxLicenseReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.all_findings) == 1
assert report.all_findings[0].id == "SPDX001"
assert report.all_findings[0].level == FindingLevel.INFO
assert report.all_findings[0].category == "license"
assert report.all_findings[0].title == "SPDX License found"
data = report.all_findings[0].data
assert data["name"] == "MIT License"
assert data["id"] == "MIT"
assert data["reference_number"] == "256"
assert data["details_url"] == "http://spdx.org/licenses/MIT.json"
def test_json_load_basic3(datafiles: py.path,
pypi_config: RepositoryConfiguration) -> None:
"""Small baseline test."""
pkg = PyPiPackageMetadata(
pypi_config.base_url,
load_test_json_data(datafiles, "basic_package_3.json"))
assert pkg.name == "Demo 2"
assert pkg.description == "Basic description"
assert pkg.summary == "A short summary."
assert pkg.url_documentation == "http://docs.example.com"
assert pkg.url_project == "http://project.example.com"
assert pkg.url_issue_tracker == "http://bugs.example.com"
def test_basic_report() -> None:
"""Check there are no findings on a well-covered package."""
from valiant.plugins.reports.basic import BasicReportPlugin
from valiant.repositories.pypi import PyPiPackageMetadata
from data.basic_package import BASIC_PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=BASIC_PACKAGE)
report = BasicReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.findings) == 0
def test_spdx_report_non_spdx_license() -> None:
"""Check findings on a package with an unknown licence."""
from valiant.plugins.reports.spdx import SpdxLicenseReportPlugin
from valiant.reports import FindingLevel
from valiant.repositories.pypi import PyPiPackageMetadata
from .data.package_non_spdx import PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=PACKAGE)
report = SpdxLicenseReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.all_findings) == 1
assert report.all_findings[0].id == "SPDX002"
assert report.all_findings[0].level == FindingLevel.INFO
assert report.all_findings[0].category == "license"
assert report.all_findings[0].title == "SPDX License not found"
data = report.all_findings[0].data
assert data["original"] == "License :: I AM NOT REAL"
def test_spdx_report_deprecated_license() -> None:
"""Check findings on a package with a deprecated licence.""" # noqa: DAR401
from valiant.plugins.reports.spdx import SpdxLicenseReportPlugin
from valiant.reports import FindingLevel
from valiant.repositories.pypi import PyPiPackageMetadata
from .data.package_deprecated import PACKAGE
metadata = PyPiPackageMetadata(repository_url="https://pypi.example.com",
package_data=PACKAGE)
report = SpdxLicenseReportPlugin.prepare_report(package_metadata=metadata,
configuration_dir=None)
assert len(report.all_findings) >= 2
for finding in report.all_findings:
if finding.id == "SPDX003":
assert finding.level == FindingLevel.WARNING
assert finding.category == "license"
assert finding.title == "Deprecated license"
return
raise AssertionError("Test failed to validate finding.")
def test_empty_package_data() -> None:
"""Ensures exception when constructor is passed an empty dict."""
with pytest.raises(ValidationError):
PyPiPackageMetadata("", {})