github.com/ActiveState/cli@v0.0.0-20240508170324-6801f60cd051/test/integration/cve_int_test.go

github.com/ActiveState/cli@v0.0.0-20240508170324-6801f60cd051/test/integration/cve_int_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/ActiveState/cli/internal/testhelpers/e2e"
     7  	"github.com/ActiveState/cli/internal/testhelpers/suite"
     8  	"github.com/ActiveState/cli/internal/testhelpers/tagsuite"
     9  )
    10  
    11  type CveIntegrationTestSuite struct {
    12  	tagsuite.Suite
    13  }
    14  
    15  func (suite *CveIntegrationTestSuite) TestCve() {
    16  	suite.OnlyRunForTags(tagsuite.Cve)
    17  
    18  	ts := e2e.New(suite.T(), false)
    19  	defer ts.Close()
    20  
    21  	ts.LoginAsPersistentUser()
    22  
    23  	cp := ts.Spawn("cve", "ActiveState-CLI/VulnerablePython-3.7")
    24  	cp.Expect("Commit ID")
    25  	cp.Expect("0b87e7a4-dc62-46fd-825b-9c35a53fe0a2")
    26  
    27  	cp.Expect("Vulnerabilities")
    28  	cp.Expect("CRITICAL")
    29  	cp.Expect("Affected Packages")
    30  	cp.Expect("tensorflow")
    31  	cp.Expect("CRITICAL")
    32  	cp.Expect("CVE-2019-16778")
    33  	cp.ExpectExitCode(0)
    34  
    35  	// make sure that we can select by commit id
    36  	cp = ts.Spawn("cve", "ActiveState-CLI/VulnerablePython-3.7#3b222e23-64b9-4ca1-93ee-7b8a75b18c30")
    37  	cp.Expect("Commit ID")
    38  	cp.Expect("3b222e23-64b9-4ca1-93ee-7b8a75b18c30")
    39  
    40  	cp.Expect("Vulnerabilities")
    41  	cp.ExpectExitCode(0)
    42  }
    43  
    44  func (suite *CveIntegrationTestSuite) TestCveNoVulnerabilities() {
    45  	// If you need to run this test comment the next line and provide a commit that has no CVE's
    46  	suite.T().Skip("Skipping test because due to the nature of CVE's it's impossible to nail down a commit without CVE's.")
    47  	suite.OnlyRunForTags(tagsuite.Cve)
    48  
    49  	ts := e2e.New(suite.T(), false)
    50  	defer ts.Close()
    51  
    52  	ts.LoginAsPersistentUser()
    53  
    54  	ts.PrepareProject("ActiveState-CLI/small-python", "9733d11a-dfb3-41de-a37a-843b7c421db4")
    55  
    56  	cp := ts.Spawn("cve")
    57  	cp.Expect("No CVEs detected")
    58  	cp.ExpectExitCode(0)
    59  
    60  	cp = ts.Spawn("cve", "report") // legacy alias
    61  	cp.Expect("No CVEs detected")
    62  	cp.ExpectExitCode(0)
    63  }
    64  
    65  func (suite *CveIntegrationTestSuite) TestCveInvalidProject() {
    66  	suite.OnlyRunForTags(tagsuite.Cve)
    67  
    68  	ts := e2e.New(suite.T(), false)
    69  	defer ts.Close()
    70  
    71  	ts.LoginAsPersistentUser()
    72  
    73  	cp := ts.Spawn("cve", "invalid/invalid")
    74  	cp.Expect("not found")
    75  
    76  	cp.ExpectNotExitCode(0)
    77  	ts.IgnoreLogErrors()
    78  }
    79  
    80  func (suite *CveIntegrationTestSuite) TestJSON() {
    81  	suite.OnlyRunForTags(tagsuite.Cve, tagsuite.JSON)
    82  	ts := e2e.New(suite.T(), false)
    83  	defer ts.Close()
    84  
    85  	ts.LoginAsPersistentUser()
    86  
    87  	cp := ts.Spawn("checkout", "ActiveState-CLI/Perl", ".")
    88  	cp.Expect("Skipping runtime setup")
    89  	cp.Expect("Checked out")
    90  	cp.ExpectExitCode(0)
    91  
    92  	cp = ts.Spawn("cve", "-o", "editor")
    93  	cp.Expect(`"project":`)
    94  	cp.Expect(`"commitID":`)
    95  	cp.ExpectExitCode(0)
    96  	// AssertValidJSON(suite.T(), cp) // report is too large to fit in terminal snapshot
    97  }
    98  
    99  func TestCveIntegrationTestSuite(t *testing.T) {
   100  	suite.Run(t, new(CveIntegrationTestSuite))
   101  }