def scanner(options):
base_dir = Path(__file__).parents[0]
files_dir = base_dir / 'assets' / 'files'
paths = [files_dir.as_posix()]
rules_dir = base_dir / 'assets' / 'rules'
options['match_rules'] = rules_dir.as_posix()
return libsast.Scanner(options, paths)
def test_load_file_invalid_path():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
rule_file = base_dir / 'assets' / 'rules' / 'patterns.yoo'
options = {'match_rules': rule_file.as_posix()}
paths = [files_dir.as_posix()]
with pytest.raises(libsast.exceptions.InvalidRuleError):
libsast.Scanner(options, paths).scan()
def test_load_file_invalid_yaml():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
rule_file = base_dir / 'assets' / 'invalid' / 'invalid_yaml.yaml'
options = {'match_rules': rule_file.as_posix()}
paths = [files_dir.as_posix()]
with pytest.raises(libsast.exceptions.YamlRuleParseError):
libsast.Scanner(options, paths).scan()
def test_load_file_invalid_type():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
rule_file = base_dir / 'assets' / 'invalid' / 'invalid_type.yaml'
options = {'match_rules': rule_file.as_posix()}
paths = [files_dir.as_posix()]
with pytest.raises(libsast.exceptions.MatcherNotFoundException):
libsast.Scanner(options, paths).scan()
def test_load_dir():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
rules_dir = base_dir / 'assets' / 'rules' / 'pattern_matcher'
options = {'match_rules': rules_dir.as_posix()}
paths = [files_dir.as_posix()]
res = libsast.Scanner(options, paths).scan()
assert res['pattern_matcher']['test_regex_or']
def test_load_file_missing_type():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
rule_file = base_dir / 'assets' / 'invalid' / 'missing_type.yaml'
options = {'match_rules': rule_file.as_posix()}
paths = [files_dir.as_posix()]
with pytest.raises(libsast.exceptions.TypeKeyMissingError):
libsast.Scanner(options, paths).scan()
def test_ignore_comments():
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files' / 'comments.java'
rule_file = base_dir / 'assets' / 'rules'
rule_file = rule_file / 'pattern_matcher' / 'patterns.yaml'
options = {'match_rules': rule_file.as_posix()}
paths = [files_dir.as_posix()]
res = libsast.Scanner(options, paths).scan()
assert res['pattern_matcher'] == {}
def scanner(options):
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
paths = [files_dir.as_posix()]
rules_dir = base_dir / 'assets' / 'rules' / 'pattern_matcher'
sgrep_dir = base_dir / 'assets' / 'rules' / 'semantic_grep'
options['match_rules'] = rules_dir.as_posix()
options['sgrep_rules'] = sgrep_dir.as_posix()
return libsast.Scanner(options, paths)
def test_load_url():
rule_url = ('https://raw.githubusercontent.com/ajinabraham/'
'libsast/master/tests/unit/assets/rules/patterns.yaml')
base_dir = Path(__file__).parents[0]
files_dir = base_dir / 'assets' / 'files'
options = {'match_rules': rule_url}
paths = [files_dir.as_posix()]
res = libsast.Scanner(options, paths).scan()
assert res['pattern_matcher']['test_regex_or']
def test_load_invalid_url():
rule_url = ('https://raw.githubusercontent.com/ajinabraham/'
'libsast/master/tests/assets/rules')
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
options = {'match_rules': rule_url}
paths = [files_dir.as_posix()]
with pytest.raises(libsast.exceptions.RuleDownloadException):
libsast.Scanner(options, paths).scan()
def test_load_multiple_rules():
base_dir = Path(__file__).parents[0]
files_dir = base_dir / 'assets' / 'files'
rules_dir = base_dir / 'assets' / 'multiple'
options = {'match_rules': rules_dir.as_posix()}
paths = [files_dir.as_posix()]
res = libsast.Scanner(options, paths).scan()['pattern_matcher']
assert res['test_regex_or']
assert res['test_regex']
assert res['test_regex_and']
assert res['test_regex_or']
assert res['test_regex_and_not']
assert res['test_regex_or']
def scanner(options):
base_dir = Path(__file__).parents[1]
files_dir = base_dir / 'assets' / 'files'
paths = [files_dir.as_posix()]
rules_dir = base_dir / 'assets' / 'rules' / 'pattern_matcher'
sgrep_dir = base_dir / 'assets' / 'rules' / 'semantic_grep'
choice_dir = base_dir / 'assets' / 'rules' / 'choice_matcher'
options['match_rules'] = rules_dir.as_posix()
options['sgrep_rules'] = sgrep_dir.as_posix()
options['choice_rules'] = choice_dir.as_posix()
options['choice_extensions'] = {'.python'}
options['alternative_path'] = files_dir / 'alternate.python'
return libsast.Scanner(options, paths)
def test_standards_mapping():
a10 = 'A10: Insufficient Logging & Monitoring'
m1 = 'M1: Improper Platform Usage'
base_dir = Path(__file__).parents[0]
files_dir = base_dir / 'assets' / 'files'
rules_dir = base_dir / 'assets' / 'rules' / 'pattern_matcher'
options = {'match_rules': rules_dir.as_posix()}
paths = [files_dir.as_posix()]
res = libsast.Scanner(options, paths).scan()
match = res['pattern_matcher']['test_regex_multiline']
assert match
assert match['metadata']
assert match['metadata']['cwe'] == 'cwe-1002'
assert match['metadata']['owasp-mobile'] == m1
assert match['metadata']['owasp-web'] == a10
assert match['metadata']['masvs'] == 'MSTG-STORAGE-3'
def test_pattern_matcher_file():
options, paths = get_config()
file_path = [paths[0] + '/test_matcher.test']
result = libsast.Scanner(options, file_path).scan()
assert result['pattern_matcher']['test_regex']
def test_no_rule():
assert libsast.Scanner({}, []).scan() is None
def test_no_path():
options, _ = get_config()
assert libsast.Scanner(options, []).scan() is None
def test_pattern_matcher_dir():
options, paths = get_config()
result = libsast.Scanner(options, paths).scan()
assert result['pattern_matcher']['test_regex_or']
