test: make sure absolute paths work

Author: G-Rath

__snapshots__/main_test.snap

@@ -698,6 +698,101 @@ testdata/locks-one/yarn.lock: found 1 package
   Using db npm (%% vulnerabilities, including withdrawn - last updated %%)
 
 
+---
+
+[TestRun_Lockfile_AbsolutePath/#00 - 1]
+Loaded the following OSV databases:
+  npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+<rootdir>/testdata/locks-one/yarn.lock: found 1 package
+  Using db npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+  no known vulnerabilities found
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#00 - 2]
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#01 - 1]
+Loaded the following OSV databases:
+  RubyGems (%% vulnerabilities, including withdrawn - last updated %%)
+  Packagist (%% vulnerabilities, including withdrawn - last updated %%)
+  npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+<rootdir>/testdata/locks-many/Gemfile.lock: found 1 package
+  Using db RubyGems (%% vulnerabilities, including withdrawn - last updated %%)
+
+  no known vulnerabilities found
+
+<rootdir>/testdata/locks-many/composer.lock: found 1 package
+  Using db Packagist (%% vulnerabilities, including withdrawn - last updated %%)
+
+  no known vulnerabilities found
+
+<rootdir>/testdata/locks-many/yarn.lock: found 1 package
+  Using db npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+  no known vulnerabilities found
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#01 - 2]
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#02 - 1]
+Loaded the following OSV databases:
+
+<rootdir>/testdata/locks-empty/Gemfile.lock: found 0 packages
+
+  no known vulnerabilities found
+
+<rootdir>/testdata/locks-empty/composer.lock: found 0 packages
+
+  no known vulnerabilities found
+
+<rootdir>/testdata/locks-empty/yarn.lock: found 0 packages
+
+  no known vulnerabilities found
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#02 - 2]
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#03 - 1]
+Loaded the following OSV databases:
+  npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+<rootdir>/testdata/locks-insecure/my-package-lock.json: found 1 package
+  Using db npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+  ansi-html@0.0.1 is affected by the following vulnerabilities:
+    GHSA-whgm-jr23-g3j9: Uncontrolled Resource Consumption in ansi-html (https://github.com/advisories/GHSA-whgm-jr23-g3j9)
+
+  1 known vulnerability found in <rootdir>/testdata/locks-insecure/my-package-lock.json
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#03 - 2]
+
+---
+
+[TestRun_Lockfile_AbsolutePath/#04 - 1]
+{"results":[{"filePath":"<rootdir>/testdata/locks-one/yarn.lock","parsedAs":"yarn.lock","packages":[{"name":"balanced-match","version":"1.0.2","ecosystem":"npm","compareAs":"npm","vulnerabilities":[],"ignored":[]}]}]}
+---
+
+[TestRun_Lockfile_AbsolutePath/#04 - 2]
+Loaded the following OSV databases:
+  npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+<rootdir>/testdata/locks-one/yarn.lock: found 1 package
+  Using db npm (%% vulnerabilities, including withdrawn - last updated %%)
+
+
 ---
 
 [TestRun_ParseAsGlobal/#00 - 1]

main_test.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"strings"
 	"testing"
 
@@ -84,6 +85,33 @@ func normalizeLocalhostCalls(str string) string {
 	return re.ReplaceAllString(str, "://localhost:9999")
 }
 
+func pathWithoutRoot(str string) string {
+	// Replace versions without the root as well
+	var root string
+	if runtime.GOOS == "windows" {
+		root = filepath.VolumeName(str) + "\\"
+	}
+
+	if strings.HasPrefix(str, "/") {
+		root = "/"
+	}
+
+	return str[len(root):]
+}
+
+// normalizeLocalhostCalls attempts to replace uses of localhost that come from httptest.NewServer,
+// which will have a random port
+func normalizeRootDirectory(str string, cwd string) string {
+	// file uris with Windows end up with three slashes, so we normalize that too
+	str = strings.ReplaceAll(str, "file:///"+cwd, "file://<rootdir>")
+	str = strings.ReplaceAll(str, cwd, "<rootdir>")
+
+	// Replace versions without the root as well
+	str = strings.ReplaceAll(str, pathWithoutRoot(cwd), "<rootdir>")
+
+	return str
+}
+
 func testCli(t *testing.T, tc cliTestCase) {
 	t.Helper()
 
@@ -107,6 +135,14 @@ func testCli(t *testing.T, tc cliTestCase) {
 	stdout = normalizeTempDirectories(stdout, t.Name())
 	stderr = normalizeTempDirectories(stderr, t.Name())
 
+	cwd, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("failed to get current directory: %v", err)
+	}
+
+	stdout = normalizeRootDirectory(stdout, cwd)
+	stderr = normalizeRootDirectory(stderr, cwd)
+
 	if ec != tc.exit {
 		t.Errorf("cli exited with code %d, not %d", ec, tc.exit)
 	}
@@ -290,6 +326,53 @@ func TestRun_Lockfile(t *testing.T) {
 	}
 }
 
+func TestRun_Lockfile_AbsolutePath(t *testing.T) {
+	t.Parallel()
+
+	testdataDir, err := filepath.Abs("./testdata")
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []cliTestCase{
+		{
+			name: "",
+			args: []string{filepath.Join(testdataDir, "locks-one")},
+			exit: 0,
+		},
+		{
+			name: "",
+			args: []string{filepath.Join(testdataDir, "locks-many")},
+			exit: 0,
+		},
+		{
+			name: "",
+			args: []string{filepath.Join(testdataDir, "locks-empty")},
+			exit: 0,
+		},
+		// parse-as + known vulnerability exits with error code 1
+		{
+			name: "",
+			args: []string{"--parse-as", "package-lock.json", filepath.Join(testdataDir, "locks-insecure/my-package-lock.json")},
+			exit: 1,
+		},
+		// json results in non-json output going to stderr
+		{
+			name: "",
+			args: []string{"--json", filepath.Join(testdataDir, "locks-one")},
+			exit: 0,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			testCli(t, tt)
+		})
+	}
+}
+
 func TestRun_DBs(t *testing.T) {
 	t.Parallel()