def test_generate_empty_json_stdout(self, capsys):
conf = MockConfig(
"JSON",
None,
)
reporter = OchronaReporter(None, conf)
reporter.generate_report("fake", MockDependencySet(), 0, 1)
captured = capsys.readouterr()
assert "Source: fake" in captured.out
assert '"findings": []' in captured.out
def test_generate_json_stdout(self, capsys):
conf = MockConfig("JSON", None)
result = MockDependencySet()
vuln = Vulnerability("fake", "", "", "", "", "", "", "", "", "", "",
"", "", "", "", "", "")
result._confirmed_vulnerabilities = [vuln]
reporter = OchronaReporter(None, conf)
reporter.generate_report("fake", result, 0, 1)
captured = capsys.readouterr()
assert "Source: fake" in captured.out
assert '"name": "fake"' in captured.out
def test_generate_empty_xml_file(self):
conf = MockConfig("XML", f"{dir_path}/test_data/output")
reporter = OchronaReporter(None, conf)
reporter.generate_report(f"{dir_path}/test_data/fail/requirements.txt",
MockDependencySet(), 0, 1)
with open(
f"{dir_path}/test_data/output/1_requirements.txt_results.xml",
"r") as out:
output = ET.parse(out)
for entry in output.getroot():
assert entry.get("tests") == "0", "expected 0 findings"
os.remove(
f"{dir_path}/test_data/output/1_requirements.txt_results.xml")
def test_generate_empty_json_file(self):
conf = MockConfig("JSON", f"{dir_path}/test_data/output")
reporter = OchronaReporter(None, conf)
reporter.generate_report(f"{dir_path}/test_data/fail/requirements.txt",
MockDependencySet(), 0, 1)
with open(
f"{dir_path}/test_data/output/1_requirements.txt_results.json",
"r") as out:
output = json.loads(out.read())
assert not output["findings"], "expected 0 findings"
assert (output["meta"]["source"] ==
f"{dir_path}/test_data/fail/requirements.txt")
os.remove(
f"{dir_path}/test_data/output/1_requirements.txt_results.json")
def test_generate_xml_stdout(self, capsys):
conf = MockConfig("XML", None)
result = MockDependencySet()
vuln = Vulnerability("fake", "123", "", "", "", "", "", "fake finding",
"", "", "", "8.4", "fake", "", "", "", "")
result._confirmed_vulnerabilities = [vuln]
result._flat_list = ["fake"]
reporter = OchronaReporter(None, conf)
reporter.generate_report(
"fake",
result,
0,
1,
)
captured = capsys.readouterr()
assert '<testsuite tests="1">' in captured.out
assert (
'<failure type="confirmed_vulnerability">Package name: fake\nVulnerability description: fake finding\nCVE: 123\nSeverity: 8.4</failure>'
in captured.out)
def test_generate_json_file(self):
conf = MockConfig("JSON", f"{dir_path}/test_data/output")
result = MockDependencySet()
vuln = Vulnerability("fake", "", "", "", "", "", "", "", "", "", "",
"", "", "", "", "", "")
result._confirmed_vulnerabilities = [vuln]
reporter = OchronaReporter(None, conf)
reporter.generate_report(
f"{dir_path}/test_data/fail/requirements.txt",
result,
0,
1,
)
with open(
f"{dir_path}/test_data/output/1_requirements.txt_results.json",
"r") as out:
output = json.loads(out.read())
assert len(output["findings"]) == 1, "expected 1 finding"
assert (output["meta"]["source"] ==
f"{dir_path}/test_data/fail/requirements.txt")
os.remove(
f"{dir_path}/test_data/output/1_requirements.txt_results.json")
def test_generate_xml_file(self):
conf = MockConfig("XML", f"{dir_path}/test_data/output")
result = MockDependencySet()
vuln = Vulnerability("fake", "123", "", "", "", "", "", "fake finding",
"", "", "", "8.4", "fake", "", "", "", "")
result._confirmed_vulnerabilities = [vuln]
result._flat_list = ["fake"]
reporter = OchronaReporter(None, conf)
reporter.generate_report(
f"{dir_path}/test_data/fail/requirements.txt",
result,
0,
1,
)
with open(
f"{dir_path}/test_data/output/1_requirements.txt_results.xml",
"r") as out:
output = ET.parse(out)
for entry in output.getroot():
assert entry.get("tests") == "1", "expected 1 finding"
os.remove(
f"{dir_path}/test_data/output/1_requirements.txt_results.xml")
def test_generate_empty_xml_stdout(self, capsys):
conf = MockConfig("XML", None)
reporter = OchronaReporter(None, conf)
reporter.generate_report("fake", MockDependencySet(), 0, 1)
captured = capsys.readouterr()
assert '<testsuite tests="0">' in captured.out
def run(
direct: Optional[str],
dir: Optional[str],
exclude_dir: Optional[str],
file: Optional[str],
debug: bool,
silent: bool,
report_type: Optional[str],
output: Optional[str],
exit: bool,
ignore: Optional[str],
include_dev: bool,
install: Optional[str],
sbom: bool,
sbom_format: Optional[str],
):
config = OchronaConfig(
dir=dir,
exclude_dir=exclude_dir,
file=file,
debug=debug,
silent=silent,
report_type=report_type,
report_location=output,
exit=exit,
ignore=ignore,
include_dev=include_dev,
sbom=sbom,
sbom_format=sbom_format,
)
log = OchronaLogger(config=config)
if install:
# Install mode
try:
importer = SafeImport(logger=log)
importer.install(package=install)
except OchronaException as ex:
OchronaLogger.static_error(ex)
sys.exit(1)
else:
# Regular operational check
reporter = OchronaReporter(log, config)
if not config.silent:
log.header()
direct = direct if direct != "" else None
try:
if direct is None:
files = rfind_all_dependencies_files(log, config.dir,
config.exclude_dir,
config.file)
else:
files = []
except OchronaFileException as ex:
OchronaLogger.static_error(ex)
sys.exit(1)
try:
results = []
for file_ in files:
payload = parse_to_payload(log, file_, config)
if payload.get("dependencies") != []:
results.append(resolve(**payload))
else:
# can't leave empty otherwise result counts are off
results.append(DependencySet())
# Generate SBOM
if config.sbom and config.report_location:
generate_sbom(
dependencies=payload.get("dependencies", []),
location=config.report_location,
format=config.sbom_format,
)
if direct is not None:
# use piped input directly and treat as PEP-508 format
payload = parse_direct_to_payload(log, direct, config)
if payload.get("dependencies") != []:
results.append(resolve(**payload))
else:
# can't leave empty otherwise result counts are off
results.append(DependencySet())
# Generate SBOM
if config.sbom and config.report_location:
generate_sbom(
dependencies=payload.get("dependencies", []),
location=config.report_location,
format=config.sbom_format,
)
if results == []:
log.warn(f"No dependencies found in {files}")
reporter.report_collector(files, results)
except OchronaException as ex:
OchronaLogger.static_error(ex)
sys.exit(1)