github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/language/dotnet/nuget/nuget_test.go (about) 1 package nuget 2 3 import ( 4 "context" 5 "os" 6 "testing" 7 8 "github.com/stretchr/testify/assert" 9 "github.com/stretchr/testify/require" 10 11 "github.com/devseccon/trivy/pkg/fanal/analyzer" 12 "github.com/devseccon/trivy/pkg/fanal/types" 13 ) 14 15 func Test_nugetibraryAnalyzer_Analyze(t *testing.T) { 16 tests := []struct { 17 name string 18 dir string 19 env map[string]string 20 want *analyzer.AnalysisResult 21 }{ 22 { 23 name: "happy path config file.", 24 dir: "testdata/config", 25 env: map[string]string{ 26 "HOME": "testdata/repository", 27 }, 28 want: &analyzer.AnalysisResult{ 29 Applications: []types.Application{ 30 { 31 Type: types.NuGet, 32 FilePath: "packages.config", 33 Libraries: types.Packages{ 34 { 35 Name: "Microsoft.AspNet.WebApi", 36 Version: "5.2.2", 37 }, 38 { 39 Name: "Newtonsoft.Json", 40 Version: "6.0.4", 41 }, 42 }, 43 }, 44 }, 45 }, 46 }, 47 { 48 name: "happy path lock file.", 49 dir: "testdata/lock", 50 env: map[string]string{ 51 "HOME": "testdata/repository", 52 }, 53 want: &analyzer.AnalysisResult{ 54 Applications: []types.Application{ 55 { 56 Type: types.NuGet, 57 FilePath: "packages.lock.json", 58 Libraries: types.Packages{ 59 { 60 ID: "Newtonsoft.Json@12.0.3", 61 Name: "Newtonsoft.Json", 62 Version: "12.0.3", 63 Locations: []types.Location{ 64 { 65 StartLine: 5, 66 EndLine: 10, 67 }, 68 }, 69 Licenses: []string{"MIT"}, 70 }, 71 { 72 ID: "NuGet.Frameworks@5.7.0", 73 Name: "NuGet.Frameworks", 74 Version: "5.7.0", 75 Locations: []types.Location{ 76 { 77 StartLine: 11, 78 EndLine: 19, 79 }, 80 }, 81 DependsOn: []string{"Newtonsoft.Json@12.0.3"}, 82 }, 83 }, 84 }, 85 }, 86 }, 87 }, 88 { 89 name: "happy path lock file. `NUGET_PACKAGES` env is used", 90 dir: "testdata/lock", 91 env: map[string]string{ 92 "NUGET_PACKAGES": "testdata/repository/.nuget/packages", 93 }, 94 want: &analyzer.AnalysisResult{ 95 Applications: []types.Application{ 96 { 97 Type: types.NuGet, 98 FilePath: "packages.lock.json", 99 Libraries: types.Packages{ 100 { 101 ID: "Newtonsoft.Json@12.0.3", 102 Name: "Newtonsoft.Json", 103 Version: "12.0.3", 104 Locations: []types.Location{ 105 { 106 StartLine: 5, 107 EndLine: 10, 108 }, 109 }, 110 Licenses: []string{"MIT"}, 111 }, 112 { 113 ID: "NuGet.Frameworks@5.7.0", 114 Name: "NuGet.Frameworks", 115 Version: "5.7.0", 116 Locations: []types.Location{ 117 { 118 StartLine: 11, 119 EndLine: 19, 120 }, 121 }, 122 DependsOn: []string{"Newtonsoft.Json@12.0.3"}, 123 }, 124 }, 125 }, 126 }, 127 }, 128 }, 129 { 130 name: "happy path lock file. `.nuget` directory doesn't exist", 131 dir: "testdata/lock", 132 env: map[string]string{ 133 "HOME": "testdata/invalid", 134 }, 135 want: &analyzer.AnalysisResult{ 136 Applications: []types.Application{ 137 { 138 Type: types.NuGet, 139 FilePath: "packages.lock.json", 140 Libraries: types.Packages{ 141 { 142 ID: "Newtonsoft.Json@12.0.3", 143 Name: "Newtonsoft.Json", 144 Version: "12.0.3", 145 Locations: []types.Location{ 146 { 147 StartLine: 5, 148 EndLine: 10, 149 }, 150 }, 151 }, 152 { 153 ID: "NuGet.Frameworks@5.7.0", 154 Name: "NuGet.Frameworks", 155 Version: "5.7.0", 156 Locations: []types.Location{ 157 { 158 StartLine: 11, 159 EndLine: 19, 160 }, 161 }, 162 DependsOn: []string{"Newtonsoft.Json@12.0.3"}, 163 }, 164 }, 165 }, 166 }, 167 }, 168 }, 169 { 170 name: "happy path lock file without dependencies.", 171 dir: "testdata/lock-without-deps", 172 env: map[string]string{ 173 "HOME": "testdata/repository", 174 }, 175 want: &analyzer.AnalysisResult{}, 176 }, 177 { 178 name: "sad path", 179 dir: "testdata/sad", 180 env: map[string]string{ 181 "HOME": "testdata/repository", 182 }, 183 want: &analyzer.AnalysisResult{}, 184 }, 185 } 186 for _, tt := range tests { 187 t.Run(tt.name, func(t *testing.T) { 188 for env, path := range tt.env { 189 t.Setenv(env, path) 190 } 191 a, err := newNugetLibraryAnalyzer(analyzer.AnalyzerOptions{}) 192 require.NoError(t, err) 193 194 got, err := a.PostAnalyze(context.Background(), analyzer.PostAnalysisInput{ 195 FS: os.DirFS(tt.dir), 196 }) 197 198 assert.NoError(t, err) 199 assert.Equal(t, tt.want, got) 200 }) 201 } 202 } 203 204 func Test_nugetLibraryAnalyzer_Required(t *testing.T) { 205 tests := []struct { 206 name string 207 filePath string 208 want bool 209 }{ 210 { 211 name: "config", 212 filePath: "test/packages.config", 213 want: true, 214 }, 215 { 216 name: "lock", 217 filePath: "test/packages.lock.json", 218 want: true, 219 }, 220 { 221 name: "zip", 222 filePath: "test.zip", 223 want: false, 224 }, 225 } 226 for _, tt := range tests { 227 t.Run(tt.name, func(t *testing.T) { 228 a := nugetLibraryAnalyzer{} 229 got := a.Required(tt.filePath, nil) 230 assert.Equal(t, tt.want, got) 231 }) 232 } 233 }