|
8 | 8 | # |
9 | 9 |
|
10 | 10 | import os |
11 | | -from collections import OrderedDict |
12 | | -from unittest import TestCase |
13 | 11 |
|
14 | | -from packageurl import PackageURL |
15 | | - |
16 | | -from vulnerabilities.importer import AdvisoryData |
17 | | -from vulnerabilities.importer import Reference |
18 | 12 | from vulnerabilities.importers.elixir_security import ElixirSecurityImporter |
19 | | -from vulnerabilities.package_managers import HexVersionAPI |
20 | | -from vulnerabilities.package_managers import Version |
21 | | -from vulnerabilities.utils import AffectedPackage |
| 13 | +from vulnerabilities.tests import util_tests |
22 | 14 |
|
23 | 15 | BASE_DIR = os.path.dirname(os.path.abspath(__file__)) |
| 16 | +TEST_DIR = os.path.join(BASE_DIR, "test_data/elixir_security/") |
24 | 17 |
|
25 | 18 |
|
26 | | -class TestElixirSecurityImporter(TestCase): |
27 | | - @classmethod |
28 | | - def setUpClass(cls): |
29 | | - data_source_cfg = { |
30 | | - "repository_url": "https://github.com/dependabot/elixir-security-advisories", |
31 | | - } |
32 | | - cls.data_src = ElixirSecurityImporter(1, config=data_source_cfg) |
33 | | - cls.data_src.pkg_manager_api = HexVersionAPI( |
34 | | - { |
35 | | - "coherence": [ |
36 | | - Version("0.5.2"), |
37 | | - Version("0.5.1"), |
38 | | - Version("0.5.0"), |
39 | | - Version("0.4.0"), |
40 | | - Version("0.3.1"), |
41 | | - Version("0.3.0"), |
42 | | - Version("0.2.0"), |
43 | | - Version("0.1.3"), |
44 | | - Version("0.1.2"), |
45 | | - Version("0.1.1"), |
46 | | - Version("0.1.0"), |
47 | | - ] |
48 | | - } |
49 | | - ) |
50 | | - |
51 | | - def test_process_file(self): |
52 | | - |
53 | | - path = os.path.join(BASE_DIR, "test_data/elixir_security/test_file.yml") |
54 | | - expected_advisory = Advisory( |
55 | | - summary=('The Coherence library has "Mass Assignment"-like vulnerabilities.\n'), |
56 | | - affected_packages=[ |
57 | | - AffectedPackage( |
58 | | - vulnerable_package=PackageURL( |
59 | | - type="hex", |
60 | | - namespace=None, |
61 | | - name="coherence", |
62 | | - version="0.1.0", |
63 | | - qualifiers={}, |
64 | | - subpath=None, |
65 | | - ), |
66 | | - patched_package=PackageURL( |
67 | | - type="hex", |
68 | | - namespace=None, |
69 | | - name="coherence", |
70 | | - version="0.5.2", |
71 | | - qualifiers={}, |
72 | | - subpath=None, |
73 | | - ), |
74 | | - ), |
75 | | - AffectedPackage( |
76 | | - vulnerable_package=PackageURL( |
77 | | - type="hex", |
78 | | - namespace=None, |
79 | | - name="coherence", |
80 | | - version="0.1.1", |
81 | | - qualifiers={}, |
82 | | - subpath=None, |
83 | | - ), |
84 | | - patched_package=PackageURL( |
85 | | - type="hex", |
86 | | - namespace=None, |
87 | | - name="coherence", |
88 | | - version="0.5.2", |
89 | | - qualifiers={}, |
90 | | - subpath=None, |
91 | | - ), |
92 | | - ), |
93 | | - AffectedPackage( |
94 | | - vulnerable_package=PackageURL( |
95 | | - type="hex", |
96 | | - namespace=None, |
97 | | - name="coherence", |
98 | | - version="0.1.2", |
99 | | - qualifiers={}, |
100 | | - subpath=None, |
101 | | - ), |
102 | | - patched_package=PackageURL( |
103 | | - type="hex", |
104 | | - namespace=None, |
105 | | - name="coherence", |
106 | | - version="0.5.2", |
107 | | - qualifiers={}, |
108 | | - subpath=None, |
109 | | - ), |
110 | | - ), |
111 | | - AffectedPackage( |
112 | | - vulnerable_package=PackageURL( |
113 | | - type="hex", |
114 | | - namespace=None, |
115 | | - name="coherence", |
116 | | - version="0.1.3", |
117 | | - qualifiers={}, |
118 | | - subpath=None, |
119 | | - ), |
120 | | - patched_package=PackageURL( |
121 | | - type="hex", |
122 | | - namespace=None, |
123 | | - name="coherence", |
124 | | - version="0.5.2", |
125 | | - qualifiers={}, |
126 | | - subpath=None, |
127 | | - ), |
128 | | - ), |
129 | | - AffectedPackage( |
130 | | - vulnerable_package=PackageURL( |
131 | | - type="hex", |
132 | | - namespace=None, |
133 | | - name="coherence", |
134 | | - version="0.2.0", |
135 | | - qualifiers={}, |
136 | | - subpath=None, |
137 | | - ), |
138 | | - patched_package=PackageURL( |
139 | | - type="hex", |
140 | | - namespace=None, |
141 | | - name="coherence", |
142 | | - version="0.5.2", |
143 | | - qualifiers={}, |
144 | | - subpath=None, |
145 | | - ), |
146 | | - ), |
147 | | - AffectedPackage( |
148 | | - vulnerable_package=PackageURL( |
149 | | - type="hex", |
150 | | - namespace=None, |
151 | | - name="coherence", |
152 | | - version="0.3.0", |
153 | | - qualifiers={}, |
154 | | - subpath=None, |
155 | | - ), |
156 | | - patched_package=PackageURL( |
157 | | - type="hex", |
158 | | - namespace=None, |
159 | | - name="coherence", |
160 | | - version="0.5.2", |
161 | | - qualifiers={}, |
162 | | - subpath=None, |
163 | | - ), |
164 | | - ), |
165 | | - AffectedPackage( |
166 | | - vulnerable_package=PackageURL( |
167 | | - type="hex", |
168 | | - namespace=None, |
169 | | - name="coherence", |
170 | | - version="0.3.1", |
171 | | - qualifiers={}, |
172 | | - subpath=None, |
173 | | - ), |
174 | | - patched_package=PackageURL( |
175 | | - type="hex", |
176 | | - namespace=None, |
177 | | - name="coherence", |
178 | | - version="0.5.2", |
179 | | - qualifiers={}, |
180 | | - subpath=None, |
181 | | - ), |
182 | | - ), |
183 | | - AffectedPackage( |
184 | | - vulnerable_package=PackageURL( |
185 | | - type="hex", |
186 | | - namespace=None, |
187 | | - name="coherence", |
188 | | - version="0.4.0", |
189 | | - qualifiers={}, |
190 | | - subpath=None, |
191 | | - ), |
192 | | - patched_package=PackageURL( |
193 | | - type="hex", |
194 | | - namespace=None, |
195 | | - name="coherence", |
196 | | - version="0.5.2", |
197 | | - qualifiers={}, |
198 | | - subpath=None, |
199 | | - ), |
200 | | - ), |
201 | | - AffectedPackage( |
202 | | - vulnerable_package=PackageURL( |
203 | | - type="hex", |
204 | | - namespace=None, |
205 | | - name="coherence", |
206 | | - version="0.5.0", |
207 | | - qualifiers={}, |
208 | | - subpath=None, |
209 | | - ), |
210 | | - patched_package=PackageURL( |
211 | | - type="hex", |
212 | | - namespace=None, |
213 | | - name="coherence", |
214 | | - version="0.5.2", |
215 | | - qualifiers={}, |
216 | | - subpath=None, |
217 | | - ), |
218 | | - ), |
219 | | - AffectedPackage( |
220 | | - vulnerable_package=PackageURL( |
221 | | - type="hex", |
222 | | - namespace=None, |
223 | | - name="coherence", |
224 | | - version="0.5.1", |
225 | | - qualifiers={}, |
226 | | - subpath=None, |
227 | | - ), |
228 | | - patched_package=PackageURL( |
229 | | - type="hex", |
230 | | - namespace=None, |
231 | | - name="coherence", |
232 | | - version="0.5.2", |
233 | | - qualifiers={}, |
234 | | - subpath=None, |
235 | | - ), |
236 | | - ), |
237 | | - ], |
238 | | - references=[ |
239 | | - Reference( |
240 | | - reference_id="2aae6e3a-24a3-4d5f-86ff-b964eaf7c6d1", |
241 | | - ), |
242 | | - Reference(url="https://github.com/smpallen99/coherence/issues/270"), |
243 | | - ], |
244 | | - vulnerability_id="CVE-2018-20301", |
245 | | - ) |
246 | | - |
247 | | - found_advisory = self.data_src.process_file(path) |
248 | | - |
249 | | - assert expected_advisory.normalized() == found_advisory.normalized() |
| 19 | +def test_elixir_process_file(): |
| 20 | + path = os.path.join(TEST_DIR, "test_file.yml") |
| 21 | + expected_file = os.path.join(TEST_DIR, f"elixir-expected.json") |
| 22 | + result = [data.to_dict() for data in list(ElixirSecurityImporter().process_file(path))] |
| 23 | + util_tests.check_results_against_json(result, expected_file) |
0 commit comments