def test_vulnerable_package_with_ignore_list_via_cli(
runner: click.testing.CliRunner, cache_dir: str,
monkeypatch: MonkeyPatch) -> None:
"""Ensure that using a .skjoldignore file ignores marked findings and can be set via '-i/--ignore-file'."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
ignore_path = os.path.join(os.path.dirname(__file__), "fixtures",
"formats", "ignore", "all")
assert os.path.exists(ignore_path)
config = Configuration()
config.use({
"report_only": False,
"report_format": "cli",
"sources": ["pypa"]
})
assert config.ignore_file == ".skjoldignore"
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(cli,
args=["audit", "-i", ignore_path, "-"],
input=input_,
obj=config)
assert "Ignored 6 finding(s)!" in result.stderr
assert "No vulnerable packages found!" in result.stderr
assert result.exit_code == 0
def test_cli_configuration_override_via_cli(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure that overriding configured values via CLI is possible."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": True,
"report_format": "json",
"sources": ["pyup"],
"cache_dir": cache_dir,
})
result = runner.invoke(cli, args=["config"], obj=config)
assert "report_only: True" in result.stderr
assert "report_format: json" in result.stderr
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-r", "-s", "github", "-o", "cli", "-"],
input=input_,
env={"SKJOLD_CACHE_DIR": cache_dir},
obj=config,
)
assert result.exit_code == 0
assert "urllib3" in result.stdout
assert "via github" in result.stdout
def test_cli_configuration_used_by_default(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure that we use options set in the configuration file if not overridden by passing CLI options."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": True,
"report_format": "json",
"sources": ["gemnasium"]
})
result = runner.invoke(cli, args=["config"], obj=config)
assert "report_only: True" in result.stderr
assert "report_format: json" in result.stderr
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-"],
env={"SKJOLD_CACHE_DIR": cache_dir},
input=input_,
obj=config,
)
assert result.exit_code == 0
json_ = json.loads(result.stdout)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
assert json_[0]["source"] == "gemnasium"
def test_cli_ensure_formats_are_handled_properly(
folder: str,
filename: str,
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": False,
"report_format": "cli",
"sources": ["pyup"]
})
path = format_fixture_path_for(filename)
result = runner.invoke(
cli,
args=["audit", "-r", "-o", "json", "-s", "github", path],
env={"SKJOLD_CACHE_DIR": cache_dir},
)
assert not result.exception
assert result.exit_code == 0
json_ = json.loads(result.stdout)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
assert json_[0]["source"] == "github"
def test_cli_json_report_with_package_list_via_stdin(
runner: click.testing.CliRunner,
cache_dir: str,
monkeypatch: MonkeyPatch,
) -> None:
"""Ensure request json output with packages via stdin results in parsable stdout."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({
"report_only": False,
"report_format": "cli",
"sources": ["pyup"]
})
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(
cli,
args=["audit", "-r", "-o", "json", "-s", "github", "-"],
input=input_)
assert not result.exception
assert result.exit_code == 0
json_ = json.loads(result.stdout)
assert len(json_) > 0
assert json_[0]["name"] == "urllib3"
def cli(
config: Configuration,
configuration_file: click.Path,
verbose: bool,
) -> None:
""" Check a given Python dependency file against a set of advisory databases."""
config.verbose = verbose
file_ = str(configuration_file)
skip_configuration = not os.environ.get("SKJOLD_SKIP_RC", None) is None
if os.path.exists(file_) and not skip_configuration:
settings = get_configuration_from_toml(file_)
config.use(config=settings)
else:
click.secho("Warning: No 'pyproject.toml' found!", err=True, fg="yellow")
if config.verbose:
print_configuration(config)
click.secho(f"Using {config.cache_dir} as cache location", err=True)
# Cache Directory
# Check for cache directory and create it if necessary.
if not os.path.isdir(config.cache_dir):
os.makedirs(config.cache_dir, exist_ok=True)
if config.verbose:
click.secho(
f"Cache '{config.cache_dir}' does not exist! Creating it.",
err=True,
)
if not os.path.isdir(config.cache_dir):
raise click.ClickException(
f"Unable to create cache directory '{config.cache_dir}'!"
)
def test_cli_run_config(
runner: click.testing.CliRunner, cache_dir: str, monkeypatch: MonkeyPatch
) -> None:
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({"report_only": False, "report_format": "cli", "sources": ["pyup"]})
result = runner.invoke(cli, args=["config"])
assert result.exit_code == 0
def test_vulnerable_package_via_cli(
runner: click.testing.CliRunner, cache_dir: str, monkeypatch: MonkeyPatch
) -> None:
"""Ensure that passing a vulnerable package via stdin produces the expected
output."""
monkeypatch.setenv("SKJOLD_CACHE_DIR", cache_dir)
config = Configuration()
config.use({"report_only": False, "report_format": "cli", "sources": ["pyup"]})
# TODO(twu): Figure out how to do this right.
input_ = make_input_stream("urllib3==1.23\nrequests==22.2.2\n", "utf-8")
setattr(input_, "name", "<stdin>")
result = runner.invoke(cli, args=["audit", "-s", "github", "-"], input=input_)
assert result.exception
assert result.exit_code == 1
assert "via github" in result.stdout
