fx trivy tests

zhamborova · zhamborova · commit d6678cf8e7c9 · 2025-04-07T13:48:20.000+02:00
diff --git a/tools/test/trivy/trivyConfigCreator_test.go b/tools/test/trivy/trivyConfigCreator_test.go
@@ -0,0 +1,241 @@
+package tools
+
+import (
+	"testing"
+
+	"codacy/cli-v2/tools"
+	"codacy/cli-v2/tools/trivy"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func testTrivyConfig(t *testing.T, configuration tools.ToolConfiguration, expected string) {
+	actual := trivy.CreateTrivyConfig(configuration)
+	assert.Equal(t, expected, actual)
+}
+
+func TestCreateTrivyConfigEmptyConfig(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{},
+		`severity:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret
+`)
+}
+
+func TestCreateTrivyConfigAllEnabled(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{
+			PatternsConfiguration: []tools.PatternConfiguration{
+				{
+					PatternId: "Trivy_vulnerability_minor",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "true",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability_medium",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "true",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "true",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_secret",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "true",
+						},
+					},
+				},
+			},
+		},
+		`severity:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret
+`)
+}
+
+func TestCreateTrivyConfigNoLow(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{
+			PatternsConfiguration: []tools.PatternConfiguration{
+				{
+					PatternId: "Trivy_vulnerability_minor",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+			},
+		},
+		`severity:
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret
+`)
+}
+
+func TestCreateTrivyConfigOnlyHigh(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{
+			PatternsConfiguration: []tools.PatternConfiguration{
+				{
+					PatternId: "Trivy_vulnerability_minor",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability_medium",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_secret",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+			},
+		},
+		`severity:
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+`)
+}
+
+func TestCreateTrivyConfigNoVulnerabilities(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{
+			PatternsConfiguration: []tools.PatternConfiguration{
+				{
+					PatternId: "Trivy_vulnerability_minor",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability_medium",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+			},
+		},
+		`severity:
+
+scan:
+  scanners:
+    - vuln
+    - secret
+`)
+}
+
+func TestCreateTrivyConfigOnlySecretsLow(t *testing.T) {
+	testTrivyConfig(t,
+		tools.ToolConfiguration{
+			PatternsConfiguration: []tools.PatternConfiguration{
+				{
+					PatternId: "Trivy_vulnerability_minor",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "true",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability_medium",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+				{
+					PatternId: "Trivy_vulnerability",
+					ParameterConfigurations: []tools.PatternParameterConfiguration{
+						{
+							Name:  "enabled",
+							Value: "false",
+						},
+					},
+				},
+			},
+		},
+		`severity:
+  - LOW
+
+scan:
+  scanners:
+    - vuln
+    - secret
+`)
+}
diff --git a/tools/test/trivy/trivyRunner_test.go b/tools/test/trivy/trivyRunner_test.go
@@ -0,0 +1,61 @@
+package tools
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"codacy/cli-v2/tools/trivy"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRunTrivyToFile(t *testing.T) {
+	homeDirectory, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+	currentDirectory, err := os.Getwd()
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+
+	testDirectory := currentDirectory
+	tempResultFile := filepath.Join(os.TempDir(), "trivy.sarif")
+	defer os.Remove(tempResultFile)
+
+	repositoryToAnalyze := filepath.Join(testDirectory, "src")
+
+	trivyBinary := filepath.Join(homeDirectory, ".cache/codacy/tools/trivy@0.59.1/trivy")
+
+	err = trivy.RunTrivy(repositoryToAnalyze, trivyBinary, nil, tempResultFile, "sarif")
+	if err != nil {
+		t.Fatalf("Failed to run trivy: %v", err)
+	}
+
+	// Check if the output file was created
+	obtainedSarifBytes, err := os.ReadFile(tempResultFile)
+	if err != nil {
+		t.Fatalf("Failed to read output file: %v", err)
+	}
+	obtainedSarif := string(obtainedSarifBytes)
+	filePrefix := "file://" + currentDirectory + "/"
+	fmt.Println(filePrefix)
+	actualSarif := strings.ReplaceAll(obtainedSarif, filePrefix, "")
+
+	// Normalize paths in the SARIF output
+	actualSarif = strings.ReplaceAll(actualSarif, `"uri": "src/"`, `"uri": "testdata/repositories/trivy/src/"`)
+
+	// Read the expected SARIF
+	expectedSarifFile := filepath.Join(testDirectory, "expected.sarif")
+	expectedSarifBytes, err := os.ReadFile(expectedSarifFile)
+	if err != nil {
+		log.Fatal(err)
+	}
+	expectedSarif := strings.TrimSpace(string(expectedSarifBytes))
+
+	assert.Equal(t, expectedSarif, actualSarif, "output did not match expected")
+}
