Added wrapper for generating dummy repositories with vulnerabilities

Author: CharlyReux

osv/impact_git_test.py

@@ -0,0 +1,29 @@
+from .test_tools.test_repository import TestRepository
+import unittest
+from . import impact
+import logging
+
+
+class TestImpactTest(unittest.TestCase):
+
+  def test_range_simple(self):
+    """TODO see doc """
+    
+    
+    repo_analyzer = impact.RepoAnalyzer()
+    ## create a mock repo
+    repo = TestRepository('test')
+    first = repo.add_empty_commit(
+        vulnerability=TestRepository.VulnerabilityType.INTRODUCED)
+    second = repo.add_empty_commit(parents=[first])
+    third = repo.add_empty_commit(
+        parents=[second], vulnerability=TestRepository.VulnerabilityType.FIXED)
+
+    (all_introduced, all_fixed, all_last_affected,
+     all_limit) = repo.get_ranges()
+
+    result = repo_analyzer.get_affected(repo.repo, all_introduced, all_fixed,
+                                        all_limit, all_last_affected)
+    for commit in result.commits:
+        print(commit)
+        

osv/impact_test.py

@@ -15,6 +15,8 @@
 
 import codecs
 import unittest
+import pygit2
+
 
 from . import impact
 from . import tests
@@ -144,3 +146,12 @@ def test_update_no_commits(self):
     impact.update_affected_commits('BUG-1', set(), True)
     affected_commits = list(models.AffectedCommits.query())
     self.assertEqual(0, len(affected_commits))
+
+
+  def test_range_simple():
+    repo_analyzer = impact.RepoAnalyzer()
+    linear3_repo = pygit2.Repository
+    linear3_repo.ad
+
+
+    repo_analyzer.get_affected()

osv/test_tools/test_repository.py

@@ -0,0 +1,130 @@
+import pygit2
+import json
+from datetime import datetime
+from enum import Enum
+import os
+import shutil
+
+
+class TestRepository:
+
+  class VulnerabilityType(Enum):
+    INTRODUCED = 1
+    FIXED = 2
+    LAST_AFFECTED = 3
+    LIMIT = 4
+    NONE = 5
+
+  __AUTHOR = pygit2.Signature('John Smith', '[email protected]')
+  __COMMITER = pygit2.Signature('John Smith', '[email protected]')
+
+  introduced = []
+  fixed = []
+  last_affected = []
+  limit = []
+
+  def __init__(self, name: str):
+    self.name = name
+    if (os.path.exists(f"osv/testdata/test_repositories/{name}")):
+      shutil.rmtree(f"osv/testdata/test_repositories/{name}")
+    self.repo = pygit2.init_repository(
+        f"osv/testdata/test_repositories/{name}", bare=False)
+
+  def add_empty_commit(
+      self,
+      vulnerability: VulnerabilityType = VulnerabilityType.NONE,
+      parents: list[pygit2.Oid] = [],
+      message: str = "Empty") -> pygit2.Oid:
+    """
+        Adds a empty commit to the repository, tags it with the vulnerability type and adds it to the vulnerability list if specified 
+        """
+
+    tree = self.repo.TreeBuilder().write()
+
+    commit = None
+
+    if (self.repo.is_empty):
+      commit = self.repo.create_commit('refs/heads/master', self.__AUTHOR,
+                                       self.__COMMITER, message, tree, [])
+    else:
+
+      created_branch: pygit2.Branch = None
+      branch_commit: pygit2.Commit = None
+      for parent in parents:
+        if (self.__has_children(parent)):
+          created_branch = self.repo.create_branch(
+              f'branch_{parent.hex}', self.repo.revparse_single(parent.hex))
+          branch_commit = parent
+          self.repo.checkout(created_branch.name)
+          break
+
+      if (created_branch is None):
+        commit = self.repo.create_commit('refs/heads/master', self.__AUTHOR,
+                                         self.__COMMITER, message, tree,
+                                         parents)
+      else:
+        parents.remove(branch_commit)
+        parents.insert(0, branch_commit)
+        commit = self.repo.create_commit(created_branch.name, self.__AUTHOR,
+                                         self.__COMMITER, message, tree,
+                                         parents)
+
+        self.repo.checkout('refs/heads/master')
+
+        #self.repo.branches.delete(created_branch.branch_name)
+
+    match vulnerability:
+      case self.VulnerabilityType.INTRODUCED:
+        self.introduced.append(commit.hex)
+      case self.VulnerabilityType.FIXED:
+        self.fixed.append(commit.hex)
+      case self.VulnerabilityType.LAST_AFFECTED:
+        self.last_affected.append(commit.hex)
+      case self.VulnerabilityType.LIMIT:
+        self.limit.append(commit.hex)
+      case self.VulnerabilityType.NONE:
+        pass
+      case _:
+        raise ValueError("Invalid vulnerability type")
+    return commit
+
+  def __has_children(self, commit: pygit2.Commit) -> bool:
+    for current_commit in self.repo.walk(self.repo.head.target,
+                                         pygit2.GIT_SORT_TOPOLOGICAL):
+      for parent in current_commit.parents:
+        if parent.hex == commit.hex:
+          return True
+    return False
+
+  def get_ranges(self):
+    """
+        return the ranges of the repository
+        """
+    return (self.introduced, self.fixed, self.last_affected, self.limit)
+
+  def print_commits(self):
+
+    commits = []
+    for ref in self.repo.listall_reference_objects():
+      print(ref.target)
+      for commit in self.repo.walk(ref.target, pygit2.GIT_SORT_TIME):
+
+        curCommit = {
+            'hash':
+                commit.hex,
+            'message':
+                commit.message,
+            'commit_date':
+                datetime.utcfromtimestamp(commit.commit_time
+                                         ).strftime('%Y-%m-%dT%H:%M:%SZ'),
+            'author_name':
+                commit.author.name,
+            'author_email':
+                commit.author.email,
+            'parents': [c.hex for c in commit.parents],
+        }
+        if (curCommit in commits):
+          break
+        commits.append(curCommit)
+
+    print(json.dumps(commits, indent=2))

osv/testdata/.gitignore

@@ -1 +1,2 @@
-version_enum
+version_enum
+test_repositories/**

run_tests.sh

@@ -6,6 +6,7 @@ python3 -m pipenv run python -m unittest osv.bug_test
 python3 -m pipenv run python -m unittest osv.purl_helpers_test
 python3 -m pipenv run python -m unittest osv.request_helper_test
 python3 -m pipenv run python -m unittest osv.semver_index_test
+python3 -m pipenv run python -m unittest osv.impact_git_test
 python3 -m pipenv run python -m unittest osv.impact_test
 
 # Run all osv.ecosystems tests