def test_npm_audit_parser_with_one_criticle_vuln_has_one_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/one_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))
self.assertEqual("growl", findings[0].component_name)
self.assertEqual("1.9.2", findings[0].component_version)
def test_npm_audit_parser_many_vuln_npm7(self):
with self.assertRaises(ValueError) as context:
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln_npm7.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertTrue("npm7 with auditReportVersion 2 or higher not yet supported" in str(context.exception))
self.assertEqual(findings, None)
def test_npm_audit_parser_empty_with_error(self):
with self.assertRaises(ValueError) as context:
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/empty_with_error.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertTrue("npm audit report contains errors:" in str(context.exception))
self.assertTrue("ENOAUDIT" in str(context.exception))
def test_npm_audit_parser_with_many_vuln_has_many_findings(self):
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(5, len(findings))
for find in findings:
if find.cve == "CVE-2017-16138":
self.assertEqual(find.file_path, "censored_by_npm_audit>send>mime")
elif find.cve == "CVE-2017-16119":
self.assertEqual(find.file_path, "express>fresh")
def test_npm_audit_parser_with_many_vuln_has_many_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/many_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(5, len(findings))
for find in findings:
if find.cve == 'CVE-2017-16138':
self.assertEqual(find.file_path,
'censored_by_npm_audit>send>mime')
elif find.cve == 'CVE-2017-16119':
self.assertEqual(find.file_path, 'express>fresh')
def test_npm_audit_parser_with_no_vuln_has_no_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/no_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(0, len(findings))
def test_npm_audit_parser_with_no_vuln_has_no_findings(self):
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/no_vuln.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(0, len(findings))
