def test_valid_args_but_no_filepath(self): with self.assertRaises(SystemExit): with capture_sys_output() as (_, stderr): parse_args(['-j']) EXPECTED = """usage: python -m pyt [-h] [-f FILEPATH] [-a ADAPTOR] [-pr PROJECT_ROOT] [-b BASELINE_JSON_FILE] [-j] [-m BLACKBOX_MAPPING_FILE] [-t TRIGGER_WORD_FILE] [-o OUTPUT_FILE] [--ignore-nosec] [-trim] [-i] python -m pyt: error: The -f/--filepath argument is required\n""" self.assertEqual(stderr.getvalue(), EXPECTED)
def test_no_args(self): with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, _): parse_args([]) self.maxDiff = None EXPECTED = """usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT] [-b BASELINE_JSON_FILE] [-j] [-m BLACKBOX_MAPPING_FILE] [-t TRIGGER_WORD_FILE] [-o OUTPUT_FILE] [--ignore-nosec] [-r] [-x EXCLUDED_PATHS] [--dont-prepend-root] [--no-local-imports] [-trim] [-i] targets [targets ...] required arguments: targets source file(s) or directory(s) to be tested optional arguments: -a ADAPTOR, --adaptor ADAPTOR Choose a web framework adaptor: Flask(Default), Django, Every or Pylons -pr PROJECT_ROOT, --project-root PROJECT_ROOT Add project root, only important when the entry file is not at the root of the project. -b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE Path of a baseline report to compare against (only JSON-formatted files are accepted) -j, --json Prints JSON instead of report. -m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE Input blackbox mapping file. -t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE Input file with a list of sources and sinks -o OUTPUT_FILE, --output OUTPUT_FILE write report to filename --ignore-nosec do not skip lines with # nosec comments -r, --recursive find and process files in subdirectories -x EXCLUDED_PATHS, --exclude EXCLUDED_PATHS Separate files with commas --dont-prepend-root In project root e.g. /app, imports are not prepended with app.* --no-local-imports If set, absolute imports must be relative to the project root. If not set, modules in the same directory can be imported just by their names. print arguments: -trim, --trim-reassigned-in Trims the reassigned list to just the vulnerability chain. -i, --interactive Will ask you about each blackbox function call in vulnerability chains.\n""" self.assertEqual(stdout.getvalue(), EXPECTED)
def test_valid_args_but_no_targets(self): with self.assertRaises(SystemExit): with capture_sys_output() as (_, stderr): parse_args(['-j']) EXPECTED = """usage: python -m pyt [-h] [-a ADAPTOR] [-pr PROJECT_ROOT] [-b BASELINE_JSON_FILE] [-j] [-m BLACKBOX_MAPPING_FILE] [-t TRIGGER_WORD_FILE] [-o OUTPUT_FILE] [--ignore-nosec] [-r] [-x EXCLUDED_PATHS] [-trim] [-i] targets [targets ...] python -m pyt: error: the following arguments are required: targets\n""" self.assertEqual(stderr.getvalue(), EXPECTED)
def test_no_args(self): with self.assertRaises(SystemExit): with capture_sys_output() as (stdout, _): parse_args([]) self.maxDiff = None EXPECTED = """usage: python -m pyt [-h] [-f FILEPATH] [-a ADAPTOR] [-pr PROJECT_ROOT] [-b BASELINE_JSON_FILE] [-j] [-m BLACKBOX_MAPPING_FILE] [-t TRIGGER_WORD_FILE] [-o OUTPUT_FILE] [--ignore-nosec] [-trim] [-i] required arguments: -f FILEPATH, --filepath FILEPATH Path to the file that should be analysed. optional arguments: -a ADAPTOR, --adaptor ADAPTOR Choose a web framework adaptor: Flask(Default), Django, Every or Pylons -pr PROJECT_ROOT, --project-root PROJECT_ROOT Add project root, only important when the entry file is not at the root of the project. -b BASELINE_JSON_FILE, --baseline BASELINE_JSON_FILE Path of a baseline report to compare against (only JSON-formatted files are accepted) -j, --json Prints JSON instead of report. -m BLACKBOX_MAPPING_FILE, --blackbox-mapping-file BLACKBOX_MAPPING_FILE Input blackbox mapping file. -t TRIGGER_WORD_FILE, --trigger-word-file TRIGGER_WORD_FILE Input file with a list of sources and sinks -o OUTPUT_FILE, --output OUTPUT_FILE write report to filename --ignore-nosec do not skip lines with # nosec comments print arguments: -trim, --trim-reassigned-in Trims the reassigned list to just the vulnerability chain. -i, --interactive Will ask you about each blackbox function call in vulnerability chains.\n""" self.assertEqual(stdout.getvalue(), EXPECTED)
def test_normal_usage(self): with capture_sys_output() as (stdout, stderr): parse_args(['foo.py']) self.assertEqual(stdout.getvalue(), '') self.assertEqual(stderr.getvalue(), '')