-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: create unit tests for rules of horusec-engine #630
Open
Labels
good first issue
Good for newcomers
help wanted
This issue needs extra attention
kind/improvement
This issue is not a Bug nor a Feature
kind/tests
This issue is related with tests
Comments
matheusalcantarazup
added
good first issue
Good for newcomers
help wanted
This issue needs extra attention
kind/improvement
This issue is not a Bug nor a Feature
labels
Oct 4, 2021
matheusalcantarazup
added a commit
that referenced
this issue
Oct 14, 2021
Add tests to HS-JAVA-1, HS-JAVASCRIPT-1, HS-JAVASCRIPT-2 and HS-JAVASCRIPT-2 rules. This commit also make a improvement on HS-JAVASCRIPT-2 to match the correct way to set NODE_TLS_REJECT_UNAUTHORIZED env on Nodejs. Previously the rule was just match with the following code `"NODE_TLS_REJECT_UNAUTHORIZED" = "0";` with the change the rule will match `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";` Update #630 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup
added a commit
that referenced
this issue
Oct 18, 2021
Add tests to HS-JAVA-1, HS-JAVASCRIPT-1, HS-JAVASCRIPT-2 and HS-JAVASCRIPT-2 rules. This commit also make a improvement on HS-JAVASCRIPT-2 to match the correct way to set NODE_TLS_REJECT_UNAUTHORIZED env on Nodejs. Previously the rule was just match with the following code `"NODE_TLS_REJECT_UNAUTHORIZED" = "0";` with the change the rule will match `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";` Update #630 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup
added a commit
that referenced
this issue
Oct 19, 2021
Add tests to HS-JAVA-1, HS-JAVASCRIPT-1, HS-JAVASCRIPT-2 and HS-JAVASCRIPT-2 rules. This commit also make a improvement on HS-JAVASCRIPT-2 to match the correct way to set NODE_TLS_REJECT_UNAUTHORIZED env on Nodejs. Previously the rule was just match with the following code `"NODE_TLS_REJECT_UNAUTHORIZED" = "0";` with the change the rule will match `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";` Update #630 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup
added a commit
that referenced
this issue
Oct 19, 2021
Add tests to HS-JAVA-1, HS-JAVASCRIPT-1, HS-JAVASCRIPT-2 and HS-JAVASCRIPT-2 rules. This commit also make a improvement on HS-JAVASCRIPT-2 to match the correct way to set NODE_TLS_REJECT_UNAUTHORIZED env on Nodejs. Previously the rule was just match with the following code `"NODE_TLS_REJECT_UNAUTHORIZED" = "0";` with the change the rule will match `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";` Update #630 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This was
linked to
pull requests
Oct 21, 2021
wiliansilvazup
added a commit
that referenced
this issue
Mar 21, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 21, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 23, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 23, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 23, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 23, 2022
wiliansilvazup
added a commit
that referenced
this issue
Mar 23, 2022
wiliansilvazup
added a commit
that referenced
this issue
Jun 20, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
good first issue
Good for newcomers
help wanted
This issue needs extra attention
kind/improvement
This issue is not a Bug nor a Feature
kind/tests
This issue is related with tests
We currently only have unit tests for the Leaks rules. We need to implement tests for other languages/technologies. These tests need to validate both safe code and insecure code to ensure that false positive and false negative coverage.
Theses tests should be added on the respective packages for each language that engine support. These packages can be founded on engines package.
To implement these tests we can use the tests already created for Leaks as example.
These tests should fill an array of
testutil.RuleTestCase
with all scenarios of tests. In theTestRulesVulnerableCode
test fill thename
,rule
,src
andfindings
fields, and in theTestRulesSafeCode
test thename
,rule
andsrc
fields.The
name
field should have the rule id as in the existing examples of Leaks. Thefindings
field must contain a list of vulnerabilities that the rule informed in therule
parameter must return using as input thesrc
field which contains the vulnerable code. For better organization it is recommended that vulnerable and safe codes be created in a filesamples_test.go
like in leaks tests and referenced in the test cases.Tests to be implemented of the leaks language:
Tests to be implemented of the csharp language:
Tests to be implemented of the dart language:
Tests to be implemented of the java language:
Tests to be implemented of the java and kotlin languages for JVM based:
Tests to be implemented of the kubernetes files:
Tests to be implemented of the nginx files:
Tests to be implemented of the javascript language:
Tests to be implemented of the swift language:
The text was updated successfully, but these errors were encountered: