github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/reporting/pullRequestReport_test.go

github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/reporting/pullRequestReport_test.go (about)

     1  //go:build unit
     2  // +build unit
     3  
     4  package reporting
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  )
    11  
    12  // Testing createMarkdownReport function
    13  func TestCreateMarkdownReport(t *testing.T) {
    14  	t.Parallel()
    15  
    16  	testCases := []struct {
    17  		testName       string
    18  		components     *Components
    19  		expectedErr    error
    20  		expectedReport string
    21  	}{
    22  
    23  		{
    24  			testName: "Vulnerabilities were found",
    25  			components: &Components{
    26  				{
    27  					ComponentName:       "qs -  QS Querystring",
    28  					ComponentVersion:    "5.2.1",
    29  					ComponentIdentifier: "npmjs:qs/5.2.1",
    30  					ViolatingPolicyNames: []string{
    31  						"High Vulnerability Security Issue",
    32  					},
    33  					PolicyViolationVulnerabilities: []PolicyViolationVulnerability{
    34  						{
    35  							Name:                 "CVE-2017-1000048",
    36  							ViolatingPolicyNames: []string{"High Vulnerability Security Issue"},
    37  							WarningMessage:       "",
    38  							ErrorMessage: "Component qs -  QS Querystring version 5.2.1 with ID npmjs:qs/5.2.1 violates policy" +
    39  								" High Vulnerability Security Issue: found vulnerability CVE-2017-1000048 with severity HIGH and CVSS score 7.5",
    40  							Meta: Meta{
    41  								Href: "https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2017-1000048",
    42  							},
    43  						},
    44  					},
    45  					PolicyViolationLicenses: nil,
    46  					WarningMessage:          "",
    47  					ErrorMessage:            "",
    48  				},
    49  				{
    50  					ComponentName:       "Lodash",
    51  					ComponentVersion:    "4.17.10",
    52  					ComponentIdentifier: "npmjs:lodash/4.17.10",
    53  					ViolatingPolicyNames: []string{
    54  						"High Vulnerability Security Issue",
    55  						"Test High Severity Vuln Filter",
    56  						"OutdatedFOSSLibraries",
    57  					},
    58  					PolicyViolationVulnerabilities: []PolicyViolationVulnerability{
    59  						{
    60  							Name: "CVE-2019-10744",
    61  							ViolatingPolicyNames: []string{
    62  								"High Vulnerability Security Issue",
    63  								"Test High Severity Vuln Filter",
    64  							},
    65  							WarningMessage: "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy Test High Severity Vuln " +
    66  								"Filter: found vulnerability CVE-2019-10744 with severity CRITICAL and CVSS score 9.1",
    67  							ErrorMessage: "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy High Vulnerability " +
    68  								"Security Issue: found vulnerability CVE-2019-10744 with severity CRITICAL and CVSS score 9.1",
    69  							Meta: Meta{
    70  								Href: "https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2019-10744"},
    71  						},
    72  						{
    73  							Name: "CVE-2020-8203",
    74  							ViolatingPolicyNames: []string{
    75  								"High Vulnerability Security Issue",
    76  								"Test High Severity Vuln Filter",
    77  							},
    78  							WarningMessage: "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy Test " +
    79  								"High Severity Vuln Filter: found vulnerability CVE-2020-8203 with severity HIGH and CVSS score 7.4",
    80  							ErrorMessage: "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy Test High Severity Vuln Filter: " +
    81  								"found vulnerability CVE-2020-8203 with severity HIGH and CVSS score 7.4",
    82  							Meta: Meta{
    83  								Href: "https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2020-8203",
    84  							},
    85  						},
    86  						{
    87  							Name: "BDSA-2019-3842",
    88  							ViolatingPolicyNames: []string{
    89  								"High Vulnerability Security Issue",
    90  								"Test High Severity Vuln Filter",
    91  							},
    92  							WarningMessage: "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy Test High Severity Vuln Filter: found vulnerability BDSA-2019-3842 with severity HIGH and CVSS score 7.1",
    93  							ErrorMessage:   "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy High Vulnerability Security Issue: found vulnerability BDSA-2019-3842 with severity HIGH and CVSS score 7.1",
    94  							Meta: Meta{
    95  								Href: "https://sap-staging.app.blackduck.com/api/vulnerabilities/BDSA-2019-3842",
    96  							},
    97  						},
    98  					},
    99  					PolicyViolationLicenses: nil,
   100  					WarningMessage:          "Component Lodash version 4.17.10 with ID npmjs:lodash/4.17.10 violates policy OutdatedFOSSLibraries",
   101  					ErrorMessage:            "",
   102  				},
   103  				{
   104  					ComponentName:       "Chalk",
   105  					ComponentVersion:    "1.1.3",
   106  					ComponentIdentifier: "npmjs:chalk/1.1.3",
   107  					ViolatingPolicyNames: []string{
   108  						"OutdatedFOSSLibraries",
   109  					},
   110  					PolicyViolationVulnerabilities: nil,
   111  					PolicyViolationLicenses:        nil,
   112  					WarningMessage:                 "Component Chalk version 1.1.3 with ID npmjs:chalk/1.1.3 violates policy OutdatedFOSSLibraries",
   113  					ErrorMessage:                   "",
   114  				},
   115  			},
   116  			expectedReport: "\n##  :x: OSS related checks failed\n ### :clipboard: Policies violated by added OSS components\n " +
   117  				"<table>\n <tr><td><b>Component name</b></td><td><b>High Vulnerability Security Issue</b></td><td><b>OutdatedFOSSLibraries</b></td><td><b>" +
   118  				"Test High Severity Vuln Filter</b></td></tr>\n <tr><td>Chalk 1.1.3 (npmjs:chalk/1.1.3)</td><td>0</td><td>1</td><td>0</td></tr><tr><td>Lodash " +
   119  				"4.17.10 (npmjs:lodash/4.17.10)</td><td>3</td><td>1</td><td>3</td></tr><tr><td>qs -  QS Querystring 5.2.1 " +
   120  				"(npmjs:qs/5.2.1)</td><td>1</td><td>0</td><td>0</td></tr>\n </table>\n\n<details><summary>\n\n<h3> 4 Policy " +
   121  				"Violations of High Vulnerability Security Issue </h3> \n</summary>\n\t<table>\n\t\t<tr><td><b>Vulnerability ID</b></td><td><b>Vulnerability" +
   122  				" Score</b></td><td><b>Component Name</b></td></tr>\n\t\t<tr>\n\t\t\t<td> <a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2019-10744\"> CVE-2019-10744 </a> </td><td>9.1 CRITICAL</td><td>Lodash 4.17.10 " +
   123  				"(npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t<tr>\n\t\t\t<td> <a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2017-1000048\"> " +
   124  				"CVE-2017-1000048 </a> </td><td>7.5 HIGH</td><td>qs -  QS Querystring 5.2.1 (npmjs:qs/5.2.1)</td>\n\t\t\t</tr>\n\t\t<tr>\n\t\t\t<td> " +
   125  				"<a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2020-8203\"> CVE-2020-8203 </a> </td><td>7.4 HIGH</td><td>Lodash " +
   126  				"4.17.10 (npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t<tr>\n\t\t\t<td> <a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/BDSA-2019-3842\"> " +
   127  				"BDSA-2019-3842 </a> </td><td>7.1 HIGH</td><td>Lodash 4.17.10 (npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t</table>\n</details>\n<details><summary>\n\n<h3> " +
   128  				"3 Policy Violations of Test High Severity Vuln Filter </h3> \n</summary>\n\t<table>\n\t\t<tr><td><b>Vulnerability ID</b></td><td><b>Vulnerability " +
   129  				"Score</b></td><td><b>Component Name</b></td></tr>\n\t\t<tr>\n\t\t\t<td> <a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2019-10744\"> " +
   130  				"CVE-2019-10744 </a> </td><td>9.1 CRITICAL</td><td>Lodash 4.17.10 (npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t<tr>\n\t\t\t<td> " +
   131  				"<a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/CVE-2020-8203\"> CVE-2020-8203 </a> </td><td>7.4 " +
   132  				"HIGH</td><td>Lodash 4.17.10 (npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t<tr>\n\t\t\t<td> <a href=\"https://sap-staging.app.blackduck.com/api/vulnerabilities/BDSA-2019-3842\"> " +
   133  				"BDSA-2019-3842 </a> </td><td>7.1 HIGH</td><td>Lodash 4.17.10 (npmjs:lodash/4.17.10)</td>\n\t\t\t</tr>\n\t\t</table>\n</details>\n<details><summary>\n\n<h3> " +
   134  				"2 Policy Violations of OutdatedFOSSLibraries </h3> \n</summary>\n\t<table>\n\t\t<tr><td><b>Component Name</b></td></tr>\n\t\t<tr><td>Chalk 1.1.3 " +
   135  				"(npmjs:chalk/1.1.3)</td></tr>\n\t\t<tr><td>Lodash 4.17.10 (npmjs:lodash/4.17.10)</td></tr>\n\t\t</table>\n</details>\n\n",
   136  		},
   137  		{
   138  			testName:   "No vulnerabilities && successful build",
   139  			components: &Components{},
   140  			expectedReport: "\n## :heavy_check_mark: OSS related checks passed successfully\n ### :clipboard: OSS related checks executed by Black Duck " +
   141  				"- rapid scan passed successfully.\n" +
   142  				" <a href=\"https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=downloadingandrunning%2Frapidscan.html&_LANG=enus\">" +
   143  				"<h3>RAPID SCAN</h3> </a>\n\n\n",
   144  		},
   145  	}
   146  
   147  	for _, c := range testCases {
   148  		t.Run(c.testName, func(t *testing.T) {
   149  			t.Parallel()
   150  
   151  			buf, err := createMarkdownReport(c.components)
   152  
   153  			assert.Equal(t, c.expectedErr, err)
   154  			assert.Equal(t, c.expectedReport, buf.String())
   155  		})
   156  	}
   157  }
   158  
   159  // Testing getScore function
   160  func TestGetScore(t *testing.T) {
   161  	t.Parallel()
   162  
   163  	testCases := []struct {
   164  		testName string
   165  		message  string
   166  		key      string
   167  		expected string
   168  	}{
   169  		{
   170  			testName: "Score 7.5",
   171  			message: "Component qs -  QS Querystring version 5.2.1 with ID npmjs:qs/5.2.1 violates policy High " +
   172  				"Vulnerability Security Issue: found vulnerability CVE-2017-1000048 with severity HIGH and CVSS score 7.5",
   173  			key:      "score",
   174  			expected: "7.5",
   175  		},
   176  		{
   177  			testName: "CRITICAL severity",
   178  			message: "Component minimist version 0.0.8 with ID npmjs:minimist/0.0.8 violates policy High " +
   179  				"Vulnerability Security Issue: found vulnerability CVE-2021-44906 with severity CRITICAL and CVSS score 9.8",
   180  			key:      "severity",
   181  			expected: "CRITICAL",
   182  		},
   183  		{
   184  			testName: "No severity",
   185  			message: "Component minimist version 0.0.8 with ID npmjs:minimist/0.0.8 violates policy High " +
   186  				"Vulnerability Security Issue: found vulnerability CVE-2021-44906 with CVSS score 9.8",
   187  			key:      "severity",
   188  			expected: "",
   189  		},
   190  	}
   191  
   192  	for _, c := range testCases {
   193  		t.Run(c.testName, func(t *testing.T) {
   194  			t.Parallel()
   195  
   196  			got := getScore(c.message, c.key)
   197  			assert.Equal(t, c.expected, got)
   198  		})
   199  	}
   200  }
   201  
   202  // Testing scoreLogicSort function
   203  func TestScoreLogicSort(t *testing.T) {
   204  	t.Parallel()
   205  
   206  	testCases := []struct {
   207  		testName   string
   208  		leftScore  string
   209  		rightScore string
   210  		expected   bool
   211  	}{
   212  		{
   213  			testName:   "left score is higher",
   214  			leftScore:  "8.8 HIGH",
   215  			rightScore: "8.1 HIGH",
   216  			expected:   true,
   217  		},
   218  		{
   219  			testName:   "right score is higher",
   220  			leftScore:  "7.9 HIGH",
   221  			rightScore: "9.3 CRITICAL",
   222  			expected:   false,
   223  		},
   224  		{
   225  			testName:   "left score equals 10.0",
   226  			leftScore:  "10.0 CRITICAL",
   227  			rightScore: "8.1 HIGH",
   228  			expected:   true,
   229  		},
   230  		{
   231  			testName:   "right score equals 10.0",
   232  			leftScore:  "7.9 HIGH",
   233  			rightScore: "10.0 CRITICAL",
   234  			expected:   false,
   235  		},
   236  		{
   237  			testName:   "both scores equal 10.0",
   238  			leftScore:  "10.0 CRITICAL",
   239  			rightScore: "10.0 CRITICAL",
   240  			expected:   true,
   241  		},
   242  	}
   243  
   244  	for _, c := range testCases {
   245  		t.Run(c.testName, func(t *testing.T) {
   246  			t.Parallel()
   247  
   248  			got := scoreLogicSort(c.leftScore, c.rightScore)
   249  			assert.Equal(t, c.expected, got)
   250  		})
   251  	}
   252  }