jfrog-cli-security/maliciousscan_test.go at main · jfrog/jfrog-cli-security · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package main

import (
	"strconv"
	"strings"
	"testing"

	"path/filepath"

	"github.com/jfrog/jfrog-cli-security/commands/maliciousscan"
	securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils"
	"github.com/jfrog/jfrog-cli-security/tests/validations"
	"github.com/stretchr/testify/assert"

	"github.com/jfrog/jfrog-cli-core/v2/common/format"
	securityTests "github.com/jfrog/jfrog-cli-security/tests"
	securityIntegrationTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils/integration"
)

type maliciousScanCommandTestParams struct {
	WorkingDirsToScan []string
	Format            format.OutputFormat
	Threads           int
	MinSeverity       string
}

func getMaliciousScanCmdArgs(params maliciousScanCommandTestParams) (args []string) {
	args = []string{"malicious-scan"}
	if len(params.WorkingDirsToScan) > 0 {
		args = append(args, "--working-dirs="+strings.Join(params.WorkingDirsToScan, ","))
	}
	if params.Format != "" {
		args = append(args, "--format="+string(params.Format))
	}
	if params.Threads > 0 {
		args = append(args, "--threads="+strconv.Itoa(params.Threads))
	}
	if params.MinSeverity != "" {
		args = append(args, "--min-severity="+params.MinSeverity)
	}
	return args
}

func runMaliciousScan(t *testing.T, params maliciousScanCommandTestParams) (string, error) {
	cleanUp := securityIntegrationTestUtils.UseTestHomeWithDefaultXrayConfig(t)
	defer cleanUp()
	return securityTests.PlatformCli.RunCliCmdWithOutputs(t, getMaliciousScanCmdArgs(params)...)
}

func TestMaliciousScan(t *testing.T) {
	securityIntegrationTestUtils.InitMaliciousScanTest(t, maliciousscan.MinimumXrayVersionForMaliciousScan)
	testCases := []struct {
		name           string
		format         format.OutputFormat
		projectPath    string
		expectedIssues int
	}{
		{
			name:           "Malicious scan with findings (Simple JSON)",
			format:         format.SimpleJson,
			projectPath:    filepath.Join("projects", "jas", "jas", "malicious"),
			expectedIssues: 1,
		},
		{
			name:           "Malicious scan without findings (Simple JSON)",
			format:         format.SimpleJson,
			projectPath:    filepath.Join("projects", "empty_project", "python_project_with_no_deps"),
			expectedIssues: 0,
		},
	}
	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			fullProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), tc.projectPath)
			_, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, fullProjectPath)
			defer cleanUp()

			params := maliciousScanCommandTestParams{
				Format: tc.format,
			}
			output, err := runMaliciousScan(t, params)
			assert.NoError(t, err)

			validationsParams := validations.ValidationParams{
				Vulnerabilities: &validations.VulnerabilityCount{
					ValidateScan: &validations.ScanCount{MaliciousCode: tc.expectedIssues},
				},
			}
			if tc.expectedIssues == 0 {
				validationsParams.ExactResultsMatch = true
			}
			validations.ValidateCommandOutput(t, output, tc.format, validationsParams)
		})
	}
}

func TestMaliciousScanWithWorkingDirs(t *testing.T) {
	securityIntegrationTestUtils.InitMaliciousScanTest(t, maliciousscan.MinimumXrayVersionForMaliciousScan)

	maliciousProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "jas", "jas", "malicious")
	_, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, maliciousProjectPath)
	defer cleanUp()

	params := maliciousScanCommandTestParams{
		WorkingDirsToScan: []string{"."},
		Format:            format.SimpleJson,
	}
	output, err := runMaliciousScan(t, params)
	assert.NoError(t, err)

	validationsParams := validations.ValidationParams{
		Vulnerabilities: &validations.VulnerabilityCount{
			ValidateScan: &validations.ScanCount{MaliciousCode: 1},
		},
	}
	validations.ValidateCommandOutput(t, output, format.SimpleJson, validationsParams)
}