tools: add golden tests to validate the parser

Fixes #100

Author: TristanCacqueray

.github/workflows/haskell-ci.yml

@@ -219,6 +219,9 @@ jobs:
       - name: build
         run: |
           $CABAL v2-build $ARG_COMPILER $ARG_TESTS $ARG_BENCH all --write-ghc-environment-files=always
+      - name: tests
+        run: |
+          $CABAL v2-test $ARG_COMPILER $ARG_TESTS $ARG_BENCH all --test-show-details=direct
       - name: hlint
         run: |
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_tools} && hlint -XHaskell2010 src) ; fi

code/hsec-tools/README.md

@@ -5,3 +5,11 @@
 ## Building
 
 We aim to support both regular cabal-based and nix-based builds.
+
+## Testing
+
+Run (and auto update) the golden test:
+
+```ShellSession
+cabal test -O0 --test-show-details=direct --test-option=--accept
+```

code/hsec-tools/hsec-tools.cabal

@@ -21,6 +21,8 @@ maintainer:         [email protected]
 -- copyright:
 category: Data
 extra-doc-files: CHANGELOG.md
+extra-source-files: test/golden/*.md
+                    test/golden/*.golden
 
 tested-with:
   GHC ==8.10.7 || ==9.0.2 || ==9.2.7 || ==9.4.5 || ==9.6.2
@@ -86,3 +88,24 @@ executable hsec-tools
                       -Wincomplete-uni-patterns
                       -Wpartial-fields
                       -Wredundant-constraints
+
+test-suite spec
+    type:             exitcode-stdio-1.0
+    hs-source-dirs:   test
+    main-is:          Spec.hs
+    build-depends:    base < 5
+                    , directory
+                    , hsec-tools
+                    , pretty-simple < 5
+                    , tasty < 1.5
+                    , tasty-golden < 2.4
+                    , time
+                    , text
+    default-language: Haskell2010
+    ghc-options:      -Wall
+                      -Wcompat
+                      -Widentities
+                      -Wincomplete-record-updates
+                      -Wincomplete-uni-patterns
+                      -Wpartial-fields
+                      -Wredundant-constraints

code/hsec-tools/test/Spec.hs

@@ -0,0 +1,46 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Main where
+
+import Data.List (isSuffixOf)
+import qualified Data.Text.IO as T
+import qualified Data.Text.Lazy as LText
+import qualified Data.Text.Lazy.Encoding as LText
+import Data.Time.Calendar.OrdinalDate (fromOrdinalDate)
+import Data.Time.LocalTime
+import System.Directory (listDirectory)
+import Test.Tasty
+import Test.Tasty.Golden (goldenVsString)
+import Text.Pretty.Simple (pShowNoColor)
+
+import Security.Advisories.Parse
+
+main :: IO ()
+main = do
+    goldenFiles <- listGoldenFiles
+    defaultMain (testGroup "Tests" (tests goldenFiles))
+
+listGoldenFiles :: IO [FilePath]
+listGoldenFiles = map (mappend dpath) . filter (not . isSuffixOf ".golden") <$> listDirectory dpath
+  where
+    dpath = "test/golden/"
+
+tests :: [FilePath] -> [TestTree]
+tests goldenFiles =
+    [ testGroup "Golden test" $ map doGoldenTest goldenFiles
+    ]
+
+doGoldenTest :: FilePath -> TestTree
+doGoldenTest fp = goldenVsString fp (fp <> ".golden") (flip mappend "\n" . LText.encodeUtf8 <$> doCheck)
+  where
+    doCheck :: IO LText.Text
+    doCheck = do
+        input <- T.readFile fp
+        let fakeDate = ZonedTime (LocalTime (fromOrdinalDate 1970 0) midnight) utc
+            attr =
+                emptyOutOfBandAttributes
+                    { oobPublished = Just fakeDate
+                    , oobModified = Just fakeDate
+                    }
+            res = parseAdvisory NoOverrides attr input
+        pure . pShowNoColor $ res

code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md

@@ -0,0 +1,32 @@
+```toml
+
+[advisory]
+id = "HSEC-0000-0000"
+cwe = []
+keywords = ["example", "freeform", "keywords"]
+aliases = ["CVE-2022-XXXX"]
+related = ["CVE-2022-YYYY", "CVE-2022-ZZZZ"]
+
+[[affected]]
+package = "package-name"
+cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+
+[[affected.versions]]
+introduced = "1.0.8"
+fixed = "1.1"
+[[affected.versions]]
+introduced = "1.1.2"
+
+[[references]]
+type = "ARTICLE"
+url = "https://example.com"
+```
+
+# Advisory Template - Title Goes Here
+
+This is an example template.
+
+ * Markdown
+ * TOML "front matter".
+
+ > Acme Broken.

code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden

@@ -0,0 +1,142 @@
+Right
+    ( Advisory
+        { advisoryId = HSEC-0000-0000
+        , advisoryModified = 1970-01-01 00:00:00 UTC
+        , advisoryPublished = 1970-01-01 00:00:00 UTC
+        , advisoryCWEs = []
+        , advisoryKeywords =
+            [ "example"
+            , "freeform"
+            , "keywords"
+            ]
+        , advisoryAliases = [ "CVE-2022-XXXX" ]
+        , advisoryRelated =
+            [ "CVE-2022-YYYY"
+            , "CVE-2022-ZZZZ"
+            ]
+        , advisoryAffected =
+            [ Affected
+                { affectedPackage = "package-name"
+                , affectedCVSS = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+                , affectedVersions =
+                    [ AffectedVersionRange
+                        { affectedVersionRangeIntroduced = "1.0.8"
+                        , affectedVersionRangeFixed = Just "1.1"
+                        }
+                    , AffectedVersionRange
+                        { affectedVersionRangeIntroduced = "1.1.2"
+                        , affectedVersionRangeFixed = Nothing
+                        }
+                    ]
+                , affectedArchitectures = Nothing
+                , affectedOS = Nothing
+                , affectedDeclarations = []
+                }
+            ]
+        , advisoryReferences =
+            [ Reference
+                { referencesType = ReferenceTypeArticle
+                , referencesUrl = "https://example.com"
+                }
+            ]
+        , advisoryPandoc = Pandoc
+            ( Meta
+                { unMeta = fromList [] }
+            )
+            [ Header 1
+                ( ""
+                , []
+                , []
+                )
+                [ Str "Advisory"
+                , Space
+                , Str "Template"
+                , Space
+                , Str "-"
+                , Space
+                , Str "Title"
+                , Space
+                , Str "Goes"
+                , Space
+                , Str "Here"
+                ]
+            , Para
+                [ Str "This"
+                , Space
+                , Str "is"
+                , Space
+                , Str "an"
+                , Space
+                , Str "example"
+                , Space
+                , Str "template."
+                ]
+            , BulletList
+                [
+                    [ Plain
+                        [ Str "Markdown" ]
+                    ]
+                ,
+                    [ Plain
+                        [ Str "TOML"
+                        , Space
+                        , Str ""front"
+                        , Space
+                        , Str "matter"."
+                        ]
+                    ]
+                ]
+            , BlockQuote
+                [ Para
+                    [ Str "Acme"
+                    , Space
+                    , Str "Broken."
+                    ]
+                ]
+            ]
+        , advisoryHtml = "<pre><code class="language-toml">
+          [advisory]
+          id = &quot;HSEC-0000-0000&quot;
+          cwe = []
+          keywords = [&quot;example&quot;, &quot;freeform&quot;, &quot;keywords&quot;]
+          aliases = [&quot;CVE-2022-XXXX&quot;]
+          related = [&quot;CVE-2022-YYYY&quot;, &quot;CVE-2022-ZZZZ&quot;]
+
+          [[affected]]
+          package = &quot;package-name&quot;
+          cvss = &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&quot;
+
+          [[affected.versions]]
+          introduced = &quot;1.0.8&quot;
+          fixed = &quot;1.1&quot;
+          [[affected.versions]]
+          introduced = &quot;1.1.2&quot;
+
+          [[references]]
+          type = &quot;ARTICLE&quot;
+          url = &quot;https://example.com&quot;
+          </code></pre>
+          <h1>Advisory Template - Title Goes Here</h1>
+          <p>This is an example template.</p>
+          <ul>
+          <li>Markdown
+          </li>
+          <li>TOML &quot;front matter&quot;.
+          </li>
+          </ul>
+          <blockquote>
+          <p>Acme Broken.</p>
+          </blockquote>
+          "
+        , advisorySummary = "Advisory Template - Title Goes Here"
+        , advisoryDetails = "# Advisory Template - Title Goes Here
+
+          This is an example template.
+
+           * Markdown
+           * TOML "front matter".
+
+           > Acme Broken.
+          "
+        }
+    )

code/hsec-tools/test/golden/MISSING_AFFECTED.md

@@ -0,0 +1,7 @@
+```toml
+[advisory]
+id = "HSEC-0000-0000"
+cwe = []
+```
+
+## Title

code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden

@@ -0,0 +1,4 @@
+Left
+    ( AdvisoryError
+        ( MissingKey "affected" ) "MissingKey "affected""
+    )

code/hsec-tools/test/golden/MISSING_TITLE.md

@@ -0,0 +1,6 @@
+```toml
+[advisory]
+id = "HSEC-0000-0000"
+cwe = []
+date = 1970-01-01
+```

code/hsec-tools/test/golden/MISSING_TITLE.md.golden

@@ -0,0 +1,2 @@
+Left
+    ( MarkdownFormatError "Does not have summary heading" )