def test_report(self, cx_klass):
self.mock_return_json.return_value = BUG_BAR_CSS
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
self.assertEqual(EXPECTED_REPORT, cx_report.report)
self.assertEqual({'Checkmarx': set()}, cx_report.new_items)
def test_report_not_in_bug_bar(self, cx_klass):
self.mock_return_json.return_value = BUG_BAR_SQLI
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
self.assertEqual([], cx_report.report)
self.assertEqual({'Checkmarx': {'Reflected_XSS_All_Clients'}},
cx_report.new_items)
def test_report_with_lower_risk_rating(self, cx_klass):
self.mock_return_json.return_value = BUG_BAR_CSS_CRITICAL_RISK
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
report = cx_report.report
self.assertNotEqual(report, [])
for _ in report:
self.assertEqual(_['Issue Severity'], 'Critical')
def test_report_not_an_issue(self, cx_klass):
new_bug_bar = copy.deepcopy(BUG_BAR_CSS)
new_bug_bar['Cross-site Scripting (XSS)']['is_issue'] = 'FALSE'
self.mock_return_json.return_value = new_bug_bar
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
self.assertEqual([], cx_report.report)
self.assertEqual({'Checkmarx': set()}, cx_report.new_items)
def test_report_git(self, cx_klass):
self.mock_return_json.return_value = BUG_BAR_CSS
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
expected = copy.deepcopy(EXPECTED_REPORT)
for _ in expected:
_['Instances'] = \
'File ' \
'https://github.com/myrepo/blob/develop/code/src/MyApp.Api.Web/Controllers/ArticlesController.cs'
self.assertEqual(expected, cx_report.report)
self.assertEqual({'Checkmarx': set()}, cx_report.new_items)
def test_report_bug_bar_desc_csharp(self, cx_klass):
# possible languages in CX: javascript ; csharp; java; scala
expected = "test custom description"
expected_rec = "test custom rec"
test = copy.deepcopy(BUG_BAR_CSS)
test["Cross-site Scripting (XSS)"]['description'] = {
"csharp": expected
}
test["Cross-site Scripting (XSS)"]['recommendation'] = {
"csharp": expected_rec
}
self.mock_return_json.return_value = test
cx_report = CheckmarxReport.CheckmarxReport(
os.path.dirname(os.path.abspath(__file__)) +
'/checkmarx_report.xml')
item = cx_report.report[0]
self.assertIn(expected, item['Description'])
self.assertEqual(expected_rec, item['Recommendations'])