def test_scan_and_find_dependencies_maven_ignore_test_deps(): """Test scan_and_find_dependencies function for Maven.""" manifests = [{ "filename": "dependencies.txt", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/dependencies.txt")).read() }] res = DependencyFinder().scan_and_find_dependencies( "maven", manifests, True) assert "result" in res # There are total 9 packages, but 4 are mandatory packages. assert 4 == len(res['result'][0]['details'][0]['_resolved']) # Packages expected are mandatory_packages = [ 'io.vertx:vertx-core', 'io.vertx:vertx-web', 'io.vertx:vertx-health-check', 'io.vertx:vertx-web-client' ] # Packages not expected are test_packages = [ 'io.vertx:vertx-unit', 'junit:junit', 'org.assertj:assertj-core', 'io.rest-assured:rest-assured', 'org.arquillian.cube:arquillian-cube-openshift-starter' ] # Check that only non-test packages are present. for package in res['result'][0]['details'][0]['_resolved']: assert package['package'] in mandatory_packages assert package['package'] not in test_packages
def scan_and_find_dependencies(ecosystem, manifests): """Scan the dependencies files to fetch transitive deps.""" if ecosystem == "golang": # TODO remove the logic for golang. Add the golang logic in utils return DependencyFinder.get_dependencies_from_ecosystem_list( ecosystem, manifests) return Df.scan_and_find_dependencies(ecosystem, manifests)
def execute(self, arguments): """Perform the git operations.""" self.log.info("Worker flow initiated for git operations") self._strict_assert(arguments.get('git_url')) self._strict_assert(arguments.get('ecosystem')) self._strict_assert(arguments.get('is_scan_enabled')) self._strict_assert(arguments.get('request_id')) self._strict_assert(arguments.get('gh_token')) giturl = arguments.get('git_url') ecosystem = arguments.get('ecosystem') request_id = arguments.get('request_id') is_modified_flag = arguments.get('is_modified_flag') check_license = arguments.get('check_license') auth_key = arguments.get('auth_key') gh_token = arguments.get('gh_token') is_scan_enabled = arguments.get('is_scan_enabled') manifests = self.create_repo_and_generate_files( giturl, ecosystem, gh_token) if len(manifests) == 0: self.log.error("No dependency files found or generated.") return None repo_name = giturl.split("/")[-1] path = _dir_path + "/" + repo_name data_object = [] for manifest in manifests: temp = { 'filename': manifest.filename, 'content': manifest.read(), 'filepath': path } data_object.append(temp) deps = DependencyFinder.scan_and_find_dependencies( ecosystem, data_object) # Call to the Gemini Server if is_scan_enabled == "true": self.log.info("Scan is enabled.Gemini scan call in progress") try: self.gemini_call_for_cve_scan(giturl, deps, auth_key) except Exception: self.log.exception("Failed to call the gemini scan.") # Call to the Backbone self.log.debug(deps) if len(deps) == 0: self.log.error( "Dependencies not generated properly.Backbone wont be called.") return None try: self.log.info("Calling backbone for stack analyses") self.backbone_for_stack_analysis(deps, request_id, is_modified_flag, check_license) except Exception: self.log.exception("Failed to call the backbone.") os.system("rm -rf " + path)
def test_clean_version(): """Test clean version.""" is_semver, cleaned_vr = DependencyFinder().clean_version( 'v0.0.0-20190718012654-fb15b899a751') assert is_semver assert cleaned_vr == '0.0.0-20190718012654-fb15b899a751' is_semver, cleaned_vr = DependencyFinder().clean_version( 'v2.1.4+incompatible') assert is_semver assert cleaned_vr == '2.1.4' is_semver, cleaned_vr = DependencyFinder().clean_version('v0.20.1-beta') assert is_semver assert cleaned_vr == '0.20.1-beta' is_semver, cleaned_vr = DependencyFinder().clean_version('v32$@12') assert not is_semver assert cleaned_vr == '32$@12' is_semver, cleaned_vr = DependencyFinder().clean_version('v1.1.1-dev1') assert is_semver assert cleaned_vr == '1.1.1-dev1'
def test_scan_and_find_dependencies_golang_empty_input(self): """Test scan_and_find_dependencies function for golang Empty.""" file = open(str(Path(__file__).parent / "data/gograph_empty.txt")) manifests = [{ "filename": "gograph.txt", "filepath": "/bin/local", "content": file.read() }] file.close() res = DependencyFinder().scan_and_find_dependencies self.assertRaises(ValueError, res, "golang", manifests, True)
def test_parse_go_string(): """Test for Parse go string.""" ideal_res = { 'from': 'github.com/hashicorp/consul/[email protected]', 'package': 'github.com/hashicorp/consul/sdk', 'given_version': 'v0.1.1', 'is_semver': True, 'version': '0.1.1' } res = DependencyFinder().parse_go_string( 'github.com/hashicorp/consul/[email protected]') assert res == ideal_res
def test_scan_and_find_dependencies_maven(): """Test scan_and_find_dependencies function for Maven.""" manifests = [{ "filename": "dependencies.txt", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/dependencies.txt")).read() }] res = DependencyFinder().scan_and_find_dependencies("maven", manifests) assert "result" in res resolved = res['result'][0]['details'][0]['_resolved'][0] assert resolved['package'] == "io.vertx:vertx-core" assert len(resolved['deps']) == 15
def test_scan_and_find_dependencies_npm(): """Test scan_and_find_dependencies function for NPM.""" manifests = [{ "filename": "npmlist.json", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/npmlist.json")).read() }] res = DependencyFinder().scan_and_find_dependencies("npm", manifests) assert "result" in res assert res['result'][0]['details'][0]['_resolved'][0][ 'package'] == "body-parser" assert len(res['result'][0]['details'][0]['_resolved'][0]['deps']) == 2
def test_scan_and_find_dependencies_pypi_pylist_as_bytes(): """Test scan_and_find_dependencies function for PyPi.""" manifests = [{ "filename": "pylist.json", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/pylist.json"), "rb").read() }] res = DependencyFinder().scan_and_find_dependencies("pypi", manifests) assert "result" in res assert res['result'][0]['details'][0]['_resolved'][0][ 'package'] == "django" assert len(res['result'][0]['details'][0]['_resolved'][0]['deps']) == 1
def test_scan_and_find_dependencies_golang(): """Test scan_and_find_dependencies function for golang.""" manifests = [{ "filename": "gograph.txt", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/gograph.txt")).read() }] with open(str(Path(__file__).parent / "data/golang_dep_tree.json")) as fp: dep_tree = json.load(fp) res = DependencyFinder().scan_and_find_dependencies( "golang", manifests, True) assert res == dep_tree
def test_scan_and_find_dependencies_maven_invalid_coordinates(): """Test scan_and_find_dependencies function for Maven.""" manifests = [{ "filename": "dependencies.txt", "filepath": "/bin/local", "content": open( str( Path(__file__).parent / "data/dependencies_invalid_coordinates.txt")).read() }] with pytest.raises(ValueError): res = DependencyFinder().scan_and_find_dependencies("maven", manifests) assert res
def test_scan_and_find_dependencies_maven_manifest_as_bytes(): """Test scan_and_find_dependencies function for Maven.""" # file containing content should be opened as binary stream manifests = [{ "filename": "dependencies.txt", "filepath": "/bin/local", "content": open(str(Path(__file__).parent / "data/dependencies.txt"), "rb").read() }] res = DependencyFinder().scan_and_find_dependencies( "maven", manifests, "false") assert "result" in res resolved = res['result'][0]['details'][0]['_resolved'][0] assert resolved['package'] == "io.vertx:vertx-core" assert len(resolved['deps']) == 0
def test_scan_and_find_dependencies_golang_only_direct(self): """Test scan_and_find_dependencies function for golang Only Direct Deps.""" file = open(str( Path(__file__).parent / "data/gograph_only_direct.txt")) manifests = [{ "filename": "gograph.txt", "filepath": "/bin/local", "content": file.read() }] file.close() with open( str( Path(__file__).parent / "data/golist_response_only_direct.json")) as fp: ideal_response = json.load(fp) res = DependencyFinder().scan_and_find_dependencies( "golang", manifests, True) self.assertEqual(res, ideal_response)
def scan_and_find_dependencies(ecosystem, manifests, show_transitive): """Scan the dependencies files to fetch transitive deps.""" return Df.scan_and_find_dependencies(ecosystem, manifests, show_transitive)