github.com/kubeshop/testkube@v1.17.23/contrib/executor/zap/pkg/runner/runner_test.go (about) 1 package runner 2 3 import ( 4 "context" 5 "os" 6 "path/filepath" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 11 "github.com/kubeshop/testkube/pkg/api/v1/testkube" 12 "github.com/kubeshop/testkube/pkg/envs" 13 ) 14 15 func TestRun(t *testing.T) { 16 // setup 17 os.Setenv("ZAP_HOME", "../../zap/") 18 19 t.Run("Run successful API scan", func(t *testing.T) { 20 // given 21 tempDir, err := os.MkdirTemp(os.TempDir(), "") 22 assert.NoError(t, err) 23 runner, err := NewRunner(context.TODO(), envs.Params{ 24 DataDir: tempDir, 25 }) 26 assert.NoError(t, err) 27 execution := testkube.NewQueuedExecution() 28 execution.Command = []string{"<pythonScriptPath>"} 29 execution.Args = []string{"<fileArgs>"} 30 execution.TestName = "simple-api-scan" 31 execution.TestType = "zap/api" 32 execution.Content = testkube.NewStringTestContent("") 33 writeTestContent(t, tempDir, "../../examples/test-api-pass.yaml") 34 35 // when 36 result, err := runner.Run(context.TODO(), *execution) 37 38 // then 39 assert.NoError(t, err) 40 assert.Equal(t, result.Status, testkube.ExecutionStatusPassed) 41 assert.Len(t, result.Steps, 2) 42 assert.Equal(t, result.Steps[0].Name, "Vulnerable JS Library [10003]") 43 assert.Equal(t, result.Steps[0].Status, string(testkube.PASSED_ExecutionStatus)) 44 45 // clean-up 46 err = os.RemoveAll(tempDir) 47 assert.NoError(t, err) 48 }) 49 50 t.Run("Run API scan with PASS and WARN", func(t *testing.T) { 51 // given 52 tempDir, err := os.MkdirTemp(os.TempDir(), "") 53 assert.NoError(t, err) 54 runner, err := NewRunner(context.TODO(), envs.Params{ 55 DataDir: tempDir, 56 }) 57 assert.NoError(t, err) 58 execution := testkube.NewQueuedExecution() 59 execution.Command = []string{"<pythonScriptPath>"} 60 execution.Args = []string{"<fileArgs>"} 61 execution.TestName = "warn-api-scan" 62 execution.TestType = "zap/api" 63 execution.Content = testkube.NewStringTestContent("") 64 writeTestContent(t, tempDir, "../../examples/test-api-warn.yaml") 65 66 // when 67 result, err := runner.Run(context.TODO(), *execution) 68 69 // then 70 assert.NoError(t, err) 71 assert.Equal(t, result.Status, testkube.ExecutionStatusPassed) 72 assert.Len(t, result.Steps, 2) 73 assert.Equal(t, result.Steps[1].Name, "Re-examine Cache-control Directives [10015] x 12") 74 assert.Equal(t, result.Steps[1].Status, string(testkube.PASSED_ExecutionStatus)) 75 76 // clean-up 77 err = os.RemoveAll(tempDir) 78 assert.NoError(t, err) 79 }) 80 81 t.Run("Run API scan with WARN and FailOnWarn", func(t *testing.T) { 82 // given 83 tempDir, err := os.MkdirTemp(os.TempDir(), "") 84 assert.NoError(t, err) 85 runner, err := NewRunner(context.TODO(), envs.Params{ 86 DataDir: tempDir, 87 }) 88 assert.NoError(t, err) 89 execution := testkube.NewQueuedExecution() 90 execution.Command = []string{"<pythonScriptPath>"} 91 execution.Args = []string{"<fileArgs>"} 92 execution.TestName = "fail-on-warn-api-scan" 93 execution.TestType = "zap/api" 94 execution.Content = testkube.NewStringTestContent("") 95 writeTestContent(t, tempDir, "../../examples/test-api-fail-on-warn.yaml") 96 97 // when 98 result, err := runner.Run(context.TODO(), *execution) 99 100 // then 101 assert.Error(t, err) 102 assert.Equal(t, result.Status, testkube.ExecutionStatusFailed) 103 assert.Len(t, result.Steps, 2) 104 assert.Equal(t, result.Steps[1].Name, "Re-examine Cache-control Directives [10015] x 12") 105 assert.Equal(t, result.Steps[1].Status, string(testkube.FAILED_ExecutionStatus)) 106 107 // clean-up 108 err = os.RemoveAll(tempDir) 109 assert.NoError(t, err) 110 }) 111 112 t.Run("Run API scan with FAIL", func(t *testing.T) { 113 // given 114 tempDir, err := os.MkdirTemp(os.TempDir(), "") 115 assert.NoError(t, err) 116 runner, err := NewRunner(context.TODO(), envs.Params{ 117 DataDir: tempDir, 118 }) 119 assert.NoError(t, err) 120 execution := testkube.NewQueuedExecution() 121 execution.Command = []string{"<pythonScriptPath>"} 122 execution.Args = []string{"<fileArgs>"} 123 execution.TestName = "fail-api-scan" 124 execution.TestType = "zap/api" 125 execution.Content = testkube.NewStringTestContent("") 126 writeTestContent(t, tempDir, "../../examples/test-api-fail.yaml") 127 128 // when 129 result, err := runner.Run(context.TODO(), *execution) 130 131 // then 132 assert.Error(t, err) 133 assert.Equal(t, result.Status, testkube.ExecutionStatusFailed) 134 assert.Len(t, result.Steps, 1) 135 assert.Equal(t, result.Steps[0].Name, "Unknown issue") 136 assert.Equal(t, result.Steps[0].Status, string(testkube.FAILED_ExecutionStatus)) 137 138 // clean-up 139 err = os.RemoveAll(tempDir) 140 assert.NoError(t, err) 141 }) 142 143 t.Run("Run Baseline scan with PASS", func(t *testing.T) { 144 // given 145 tempDir, err := os.MkdirTemp(os.TempDir(), "") 146 assert.NoError(t, err) 147 runner, err := NewRunner(context.TODO(), envs.Params{ 148 DataDir: tempDir, 149 }) 150 assert.NoError(t, err) 151 execution := testkube.NewQueuedExecution() 152 execution.Command = []string{"<pythonScriptPath>"} 153 execution.Args = []string{"<fileArgs>"} 154 execution.TestName = "baseline-scan" 155 execution.TestType = "zap/baseline" 156 execution.Content = testkube.NewStringTestContent("") 157 writeTestContent(t, tempDir, "../../examples/test-baseline-pass.yaml") 158 159 // when 160 result, err := runner.Run(context.TODO(), *execution) 161 162 // then 163 assert.NoError(t, err) 164 assert.Equal(t, result.Status, testkube.ExecutionStatusPassed) 165 assert.Len(t, result.Steps, 2) 166 167 // clean-up 168 err = os.RemoveAll(tempDir) 169 assert.NoError(t, err) 170 }) 171 172 t.Run("Run Baseline scan with WARN", func(t *testing.T) { 173 // given 174 tempDir, err := os.MkdirTemp(os.TempDir(), "") 175 assert.NoError(t, err) 176 runner, err := NewRunner(context.TODO(), envs.Params{ 177 DataDir: tempDir, 178 }) 179 assert.NoError(t, err) 180 execution := testkube.NewQueuedExecution() 181 execution.Command = []string{"<pythonScriptPath>"} 182 execution.Args = []string{"<fileArgs>"} 183 execution.TestName = "baseline-warn-scan" 184 execution.TestType = "zap/baseline" 185 execution.Content = testkube.NewStringTestContent("") 186 writeTestContent(t, tempDir, "../../examples/test-baseline-warn.yaml") 187 188 // when 189 result, err := runner.Run(context.TODO(), *execution) 190 191 // then 192 assert.NoError(t, err) 193 assert.Equal(t, result.Status, testkube.ExecutionStatusPassed) 194 assert.Len(t, result.Steps, 2) 195 assert.Equal(t, result.Steps[1].Status, string(testkube.PASSED_ExecutionStatus)) 196 197 // clean-up 198 err = os.RemoveAll(tempDir) 199 assert.NoError(t, err) 200 }) 201 202 t.Run("Run Full scan with FAIL", func(t *testing.T) { 203 // given 204 tempDir, err := os.MkdirTemp(os.TempDir(), "") 205 assert.NoError(t, err) 206 runner, err := NewRunner(context.TODO(), envs.Params{ 207 DataDir: tempDir, 208 }) 209 assert.NoError(t, err) 210 execution := testkube.NewQueuedExecution() 211 execution.Command = []string{"<pythonScriptPath>"} 212 execution.Args = []string{"<fileArgs>"} 213 execution.TestName = "full-fail-scan" 214 execution.TestType = "zap/full" 215 execution.Content = testkube.NewStringTestContent("") 216 writeTestContent(t, tempDir, "../../examples/test-full-fail.yaml") 217 218 // when 219 result, err := runner.Run(context.TODO(), *execution) 220 221 // then 222 assert.Error(t, err) 223 assert.Equal(t, result.Status, testkube.ExecutionStatusFailed) 224 assert.Len(t, result.Steps, 2) 225 assert.Equal(t, result.Steps[0].Status, string(testkube.FAILED_ExecutionStatus)) 226 assert.Equal(t, result.Steps[1].Status, string(testkube.FAILED_ExecutionStatus)) 227 228 // clean-up 229 err = os.RemoveAll(tempDir) 230 assert.NoError(t, err) 231 }) 232 } 233 234 func writeTestContent(t *testing.T, dir string, configFile string) { 235 data, err := os.ReadFile(configFile) 236 if err != nil { 237 assert.FailNow(t, "Unable to read ZAP config file") 238 } 239 240 err = os.WriteFile(filepath.Join(dir, "test-content"), data, 0644) 241 if err != nil { 242 assert.FailNow(t, "Unable to write ZAP test-content file") 243 } 244 }