def test_rerun_with_edited_inputs(project, run, no_lfs_warning):
"""Test input modification."""
runner = CliRunner(mix_stderr=False)
cwd = Path(project)
data = cwd / "examples"
data.mkdir()
first = data / "first.txt"
second = data / "second.txt"
third = data / "third.txt"
run(args=["run", "echo", "hello"], stdout=first)
run(args=["run", "cat", str(first)], stdout=second)
run(args=["run", "echo", "1"], stdout=third)
with first.open("r") as first_fp:
with second.open("r") as second_fp:
assert first_fp.read() == second_fp.read()
# Change the initial input from "hello" to "hola".
from click.testing import make_input_stream
stdin = make_input_stream("hola\n", "utf-8")
assert 0 == run(args=("rerun", "--edit-inputs", str(second)), stdin=stdin)
with second.open("r") as second_fp:
assert "hola\n" == second_fp.read()
# Change the input from examples/first.txt to examples/third.txt.
stdin = make_input_stream(str(third.name), "utf-8")
old_dir = os.getcwd()
try:
# Make sure the input path is relative to the current directory.
os.chdir(str(data))
result = runner.invoke(
cli, ["rerun", "--show-inputs", "--from",
str(first),
str(second)],
catch_exceptions=False)
assert 0 == result.exit_code
assert result.output.startswith("https://")
assert result.output[:-1].endswith(first.name)
assert 0 == run(args=("rerun", "--edit-inputs", "--from", str(first),
str(second)),
stdin=stdin)
finally:
os.chdir(old_dir)
with third.open("r") as third_fp:
with second.open("r") as second_fp:
assert third_fp.read() == second_fp.read()
def test_rerun_with_edited_inputs(project, run, no_lfs_warning):
"""Test input modification."""
runner = CliRunner(mix_stderr=False)
cwd = Path(project)
data = cwd / 'examples'
data.mkdir()
first = data / 'first.txt'
second = data / 'second.txt'
third = data / 'third.txt'
run(args=['run', 'echo', 'hello'], stdout=first)
run(args=['run', 'cat', str(first)], stdout=second)
run(args=['run', 'echo', '1'], stdout=third)
with first.open('r') as first_fp:
with second.open('r') as second_fp:
assert first_fp.read() == second_fp.read()
# Change the initial input from "hello" to "hola".
from click.testing import make_input_stream
stdin = make_input_stream('hola\n', 'utf-8')
assert 0 == run(args=('rerun', '--edit-inputs', str(second)), stdin=stdin)
with second.open('r') as second_fp:
assert 'hola\n' == second_fp.read()
# Change the input from examples/first.txt to examples/third.txt.
stdin = make_input_stream(str(third.name), 'utf-8')
old_dir = os.getcwd()
try:
# Make sure the input path is relative to the current directory.
os.chdir(str(data))
result = runner.invoke(
cli, ['rerun', '--show-inputs', '--from',
str(first),
str(second)],
catch_exceptions=False)
assert 0 == result.exit_code
assert result.output.startswith('_:CommandInput')
assert result.output[:-1].endswith(first.name)
assert 0 == run(args=('rerun', '--edit-inputs', '--from', str(first),
str(second)),
stdin=stdin)
finally:
os.chdir(old_dir)
with third.open('r') as third_fp:
with second.open('r') as second_fp:
assert third_fp.read() == second_fp.read()
def test_vulnerable_package_with_ignore_list_via_cli(
runner: click.testing.CliRunner, cache_dir: str,
monkeypatch: MonkeyPatch) -> None:
"""Ensure that using a .skjoldignore file ignores marked findings and can be set via '-i/--ignore-file'."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
ignore_path = os.path.join(os.path.dirname(__file__), "fixtures",
"formats", "ignore", "all")
assert os.path.exists(ignore_path)
config = Configuration()
config.use({
"report_only": False,
"report_format": "cli",
"sources": ["pypa"]
})
assert config.ignore_file == ".skjoldignore"
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(cli,
args=["audit", "-i", ignore_path, "-"],
input=input_,
obj=config)
assert "Ignored 6 finding(s)!" in result.stderr
assert "No vulnerable packages found!" in result.stderr
assert result.exit_code == 0
def test_cli_configuration_used_by_default(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure that we use options set in the configuration file if not overridden by passing CLI options."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": True,
"report_format": "json",
"sources": ["gemnasium"]
})
result = runner.invoke(cli, args=["config"], obj=config)
assert "report_only: True" in result.stderr
assert "report_format: json" in result.stderr
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-"],
env={"SKJOLD_CACHE_DIR": cache_dir},
input=input_,
obj=config,
)
assert result.exit_code == 0
json_ = json.loads(result.stdout)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
assert json_[0]["source"] == "gemnasium"
def test_cli_configuration_override_via_cli(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure that overriding configured values via CLI is possible."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": True,
"report_format": "json",
"sources": ["pyup"],
"cache_dir": cache_dir,
})
result = runner.invoke(cli, args=["config"], obj=config)
assert "report_only: True" in result.stderr
assert "report_format: json" in result.stderr
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-r", "-s", "github", "-o", "cli", "-"],
input=input_,
env={"SKJOLD_CACHE_DIR": cache_dir},
obj=config,
)
assert result.exit_code == 0
assert "urllib3" in result.stdout
assert "via github" in result.stdout
def test_cli_json_report_with_package_list_via_stdin(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure request json output with packages via stdin results in parsable stdout."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": False,
"report_format": "cli",
"sources": ["pyup"]
})
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-r", "-o", "json", "-s", "github", "-"],
input=input_)
assert not result.exception
assert result.exit_code == 0
json_ = json.loads(result.stdout)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
def test_vulnerable_package_via_cli(runner: click.testing.CliRunner) -> None:
"""Ensure that passing a vulnerable package via stdin produces the expected
output."""
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(cli.cli, args=["audit", "-s", "github", "-"], input=input_)
assert result.exception
assert result.exit_code == 1
assert "via github" in result.output
def test_vulnerable_package_via_cli(
runner: click.testing.CliRunner, cache_dir: str, monkeypatch: MonkeyPatch
) -> None:
"""Ensure that passing a vulnerable package via stdin produces the expected
output."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({"report_only": False, "report_format": "cli", "sources": ["pyup"]})
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(cli, args=["audit", "-s", "github", "-"], input=input_)
assert result.exception
assert result.exit_code == 1
assert "via github" in result.stdout
def test_cli_json_report_with_package_list_via_stdin(
runner: click.testing.CliRunner,
) -> None:
"""Ensure request json output with packages via stdin results in parsable stdout."""
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli.cli, args=["audit", "-r", "-o", "json", "-s", "github", "-"], input=input_
)
assert not result.exception
assert result.exit_code == 0
json_ = json.loads(result.output)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
def test_rerun_with_edited_inputs(runner, project, capsys):
"""Test input modification."""
cwd = Path(project)
data = cwd / 'examples'
data.mkdir()
first = data / 'first.txt'
second = data / 'second.txt'
third = data / 'third.txt'
def _generate(output, cmd):
"""Generate an output."""
with capsys.disabled():
with output.open('wb') as stdout:
try:
old_stdout = sys.stdout
sys.stdout = stdout
try:
cli.cli.main(
args=cmd,
prog_name=runner.get_default_prog_name(cli.cli),
)
except SystemExit as e:
assert e.code in {None, 0}
finally:
sys.stdout = old_stdout
_generate(first, ['run', 'echo', 'hello'])
_generate(second, ['run', 'cat', str(first)])
_generate(third, ['run', 'echo', '1'])
with first.open('r') as first_fp:
with second.open('r') as second_fp:
assert first_fp.read() == second_fp.read()
# Change the initial input from "hello" to "hola".
from click.testing import make_input_stream
stdin = make_input_stream('hola\n', 'utf-8')
old_stdin = sys.stdin
try:
sys.stdin = stdin
assert 0 == _run_update(runner,
capsys,
args=('rerun', '--edit-inputs', str(second)))
finally:
sys.stdin = old_stdin
with second.open('r') as second_fp:
assert 'hola\n' == second_fp.read()
# Change the input from examples/first.txt to examples/third.txt.
stdin = make_input_stream(str(third.name), 'utf-8')
old_stdin = sys.stdin
old_dir = os.getcwd()
try:
# Make sure the input path is relative to the current directory.
os.chdir(str(data))
result = runner.invoke(
cli.cli,
['rerun', '--show-inputs', '--from',
str(first),
str(second)],
catch_exceptions=False)
assert 0 == result.exit_code
assert 'input_1: {0}\n'.format(first.name) == result.output
sys.stdin = stdin
assert 0 == _run_update(runner,
capsys,
args=('rerun', '--edit-inputs', '--from',
str(first), str(second)))
finally:
os.chdir(old_dir)
sys.stdin = old_stdin
with third.open('r') as third_fp:
with second.open('r') as second_fp:
assert third_fp.read() == second_fp.read()