-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tests: Unit tests refactor #718
Comments
I would like to understand how line and code works on tests. |
Hi @filipemelo. If your doubt is about the engine tests, the code and line are idenfied according to the regex type. An example, if the rule is of the This implementation is kept in another repository, and can be found here |
This commit add new tests to cover Sonarqube output type and add asserts to check if what was printed is correctly. The tests was changed to use table testings approach to make more easily to add a new testcase. The PrintResults implementation was improved too. Basically a new io.Writer field was added to customize where we will write outputs. The default constructor will always write to Stdout, but on tests we use a custom BufferString to write. This commit also make some improvements on code organization and private method names. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add new tests to cover Sonarqube output type and add asserts to check if what was printed is correctly. The tests was changed to use table testings approach to make more easily to add a new testcase. The PrintResults implementation was improved too. Basically a new io.Writer field was added to customize where we will write outputs. The default constructor will always write to Stdout, but on tests we use a custom BufferString to write. This commit also make some improvements on code organization and private method names. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add new tests to cover Sonarqube output type and add asserts to check if what was printed is correctly. The tests was changed to use table testings approach to make more easily to add a new testcase. The PrintResults implementation was improved too. Basically a new io.Writer field was added to customize where we will write outputs. The default constructor will always write to Stdout, but on tests we use a custom BufferString to write. This commit also make some improvements on code organization and private method names. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add new tests to cover Sonarqube output type and add asserts to check if what was printed is correctly. The tests was changed to use table testings approach to make more easily to add a new testcase. The PrintResults implementation was improved too. Basically a new io.Writer field was added to customize where we will write outputs. The default constructor will always write to Stdout, but on tests we use a custom BufferString to write. This commit also make some improvements on code organization and private method names. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add new tests to cover Sonarqube output type and add asserts to check if what was printed is correctly. The tests was changed to use table testings approach to make more easily to add a new testcase. The PrintResults implementation was improved too. Basically a new io.Writer field was added to customize where we will write outputs. The default constructor will always write to Stdout, but on tests we use a custom BufferString to write. This commit also make some improvements on code organization and private method names. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the toolsconfig package does not have any unit tests and the public functions and types was a bit confused, since two types was exported to represents the same "thing". This commit implements the tests to cover scenarios of toolsconfig parsing. This commit also rename ToolsConfigStruct to toolsConfig and also made private, since this struct is only used as schema to parse the values and only the Map type is used by other packages. The Map and Config struct was also renamed to don't be repetitive on names. The function ParseInterfaceToMapToolsConfig was also renamed to MustParseToolsConfig to follow the Go standards of functions that can cause errors that will be not returned. The signature was also changed to avoid bugs when accepting an empty interface{}, since the viper will always return a map[string]interface{} when we get the tools config from config file, this function does not need to accept an empty interface. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the toolsconfig package does not have any unit tests and the public functions and types was a bit confused, since two types was exported to represents the same "thing". This commit implements the tests to cover scenarios of toolsconfig parsing. This commit also rename ToolsConfigStruct to toolsConfig and also made private, since this struct is only used as schema to parse the values and only the Map type is used by other packages. The Map and Config struct was also renamed to don't be repetitive on names. The function ParseInterfaceToMapToolsConfig was also renamed to MustParseToolsConfig to follow the Go standards of functions that can cause errors that will be not returned. The signature was also changed to avoid bugs when accepting an empty interface{}, since the viper will always return a map[string]interface{} when we get the tools config from config file, this function does not need to accept an empty interface. A new function Default was also created to return the default values from tools config. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the toolsconfig package does not have any unit tests and the public functions and types was a bit confused, since two types was exported to represents the same "thing". This commit implements the tests to cover scenarios of toolsconfig parsing. This commit also rename ToolsConfigStruct to toolsConfig and also made private, since this struct is only used as schema to parse the values and only the Map type is used by other packages. The Map and Config struct was also renamed to don't be repetitive on names. The function ParseInterfaceToMapToolsConfig was also renamed to MustParseToolsConfig to follow the Go standards of functions that can cause errors that will be not returned. The signature was also changed to avoid bugs when accepting an empty interface{}, since the viper will always return a map[string]interface{} when we get the tools config from config file, this function does not need to accept an empty interface. A new function Default was also created to return the default values from tools config. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the toolsconfig package does not have any unit tests and the public functions and types was a bit confused, since two types was exported to represents the same "thing". This commit implements the tests to cover scenarios of toolsconfig parsing. This commit also rename ToolsConfigStruct to toolsConfig and also made private, since this struct is only used as schema to parse the values and only the Map type is used by other packages. The Map and Config struct was also renamed to don't be repetitive on names. The function ParseInterfaceToMapToolsConfig was also renamed to MustParseToolsConfig to follow the Go standards of functions that can cause errors that will be not returned. The signature was also changed to avoid bugs when accepting an empty interface{}, since the viper will always return a map[string]interface{} when we get the tools config from config file, this function does not need to accept an empty interface. A new function Default was also created to return the default values from tools config. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the toolsconfig package does not have any unit tests and the public functions and types was a bit confused, since two types was exported to represents the same "thing". This commit implements the tests to cover scenarios of toolsconfig parsing. This commit also rename ToolsConfigStruct to toolsConfig and also made private, since this struct is only used as schema to parse the values and only the Map type is used by other packages. The Map and Config struct was also renamed to don't be repetitive on names. The function ParseInterfaceToMapToolsConfig was also renamed to MustParseToolsConfig to follow the Go standards of functions that can cause errors that will be not returned. The signature was also changed to avoid bugs when accepting an empty interface{}, since the viper will always return a map[string]interface{} when we get the tools config from config file, this function does not need to accept an empty interface. A new function Default was also created to return the default values from tools config. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the implementation of CustomImages map was a bit redundant. Basically a map[string]string was created using the string representation of each languages.language as key, and when were we going to access this map we always receive a languages.Language and need to get the string representation of this language, which make an unnecessary type casting. This commit change the type of CustomImages to store a languages.Language as key and avoid these type casting. The function `NewCustomImages` was renamed to `Default` to make more clear and a new function `MustParseCustomImages` was created to parse the input taken from Viper. This commit also add some new tests to assert the default values and test the parsing. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the implementation of CustomImages map was a bit redundant. Basically a map[string]string was created using the string representation of each languages.language as key, and when were we going to access this map we always receive a languages.Language and need to get the string representation of this language, which make an unnecessary type casting. This commit change the type of CustomImages to store a languages.Language as key and avoid these type casting. The function `NewCustomImages` was renamed to `Default` to make more clear and a new function `MustParseCustomImages` was created to parse the input taken from Viper. This commit also add some new tests to assert the default values and test the parsing. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Update #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the testcases of vulnhash package does not assert the generated hash using all the fields used to generate the hash. This commit change the testcases to assert the generated hash with all fields filled. The testcase also was change to assert the valid and invalid generated hash Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the implementation of CustomImages map was a bit redundant. Basically a map[string]string was created using the string representation of each languages.language as key, and when were we going to access this map we always receive a languages.Language and need to get the string representation of this language, which make an unnecessary type casting. This commit change the type of CustomImages to store a languages.Language as key and avoid these type casting. The function `NewCustomImages` was renamed to `Default` to make more clear and a new function `MustParseCustomImages` was created to parse the input taken from Viper. This commit also add some new tests to assert the default values and test the parsing. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
) Update #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously the testcases of vulnhash package does not assert the generated hash using all the fields used to generate the hash. This commit change the testcases to assert the generated hash with all fields filled. The testcase also was change to assert the valid and invalid generated hash Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously if some symlink exists on project path during the copy we was creating a directory instead evaluating the sysmlink. Evaluating the symlink makes us need to deal with several scenarios, such as, how should we copy a file to the .horuse folder when it is not in the project path? Another scenario would be how do we handle symlinks from files that don't exist on the user's machine? With that in mind, this commit changes the behavior of the `Copy` function to ignore symlinks by default and only copy directories and files. Since previously we were no longer analyzing sysmlinks, this change will not be noticed by the user. This commit also change the assertiveness of tests to check if all files and directories was copied correctly. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
Previously if some symlink exists on project path during the copy we was creating a directory instead evaluating the sysmlink. Evaluating the symlink makes us need to deal with several scenarios, such as, how should we copy a file to the .horuse folder when it is not in the project path? Another scenario would be how do we handle symlinks from files that don't exist on the user's machine? With that in mind, this commit changes the behavior of the `Copy` function to ignore symlinks by default and only copy directories and files. Since previously we were no longer analyzing sysmlinks, this change will not be noticed by the user. This commit also change the assertiveness of tests to check if all files and directories was copied correctly. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Trivy results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Trivy schema output was moved to trivy package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Checkov results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Checkov schema output was moved to checkov package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Checkov results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Checkov schema output was moved to checkov package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing tfsec results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the tfsec schema output was moved to tfsec package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing npm results to verify that all fields of Vulnerability was filled. Note that the test cases from `TestParseOutputNpm` was moved to `TestNpmAuditParseOutput` to centralize all tests as it is done in the other tests of the other formatters. Some code organization was also made, and the entities packages was removed and the npm schema output was moved to npmaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing dependency check results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the dependency check schema output was moved to dependencycheck package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Mix Audit results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the mix audit schema output was moved to mixaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Sobelow results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Sobelow schema output was moved to sobelow package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Trivy results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Trivy schema output was moved to trivy package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing Checkov results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the Checkov schema output was moved to checkov package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing tfsec results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the tfsec schema output was moved to tfsec package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing npm results to verify that all fields of Vulnerability was filled. Note that the test cases from `TestParseOutputNpm` was moved to `TestNpmAuditParseOutput` to centralize all tests as it is done in the other tests of the other formatters. Some code organization was also made, and the entities packages was removed and the npm schema output was moved to npmaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing yarn results to verify that all fields of Vulnerability was filled. Note that the test cases from `TestParseOutputNpm`(yes, it was misspelled) was moved to `TestYarnAuditParseOutput` to centralize all tests as it is done in the other tests of the other formatters. Some code organization was also made, and the entities packages was removed and the yarn schema output was moved to yarnaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing yarn results to verify that all fields of Vulnerability was filled. Note that the test cases from `TestParseOutputNpm`(yes, it was misspelled) was moved to `TestYarnAuditParseOutput` to centralize all tests as it is done in the other tests of the other formatters. Some code organization was also made, and the entities packages was removed and the yarn schema output was moved to yarnaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing bundler results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities and enum packages was removed and the bundler schema output was moved to bundler package. This commit also fix a bug when parsing invalid output from Bundler. The `strings.Split(output, "Name:")` on `parseOutput` return a list with one element when the split fails, so when Bundler return an output that is not expected we still try to parse this invalid output which results invalid vulnerabilities. To fix this a validation was added before the split to check if output contains the `Name:` field. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing bundler results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities and enum packages was removed and the bundler schema output was moved to bundler package. This commit also fix a bug when parsing invalid output from Bundler. The `strings.Split(output, "Name:")` on `parseOutput` return a list with one element when the split fails, so when Bundler return an output that is not expected we still try to parse this invalid output which results invalid vulnerabilities. To fix this a validation was added before the split to check if output contains the `Name:` field. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing bundler results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities and enum packages was removed and the bundler schema output was moved to bundler package. This commit also fix a bug when parsing invalid output from Bundler. The `strings.Split(output, "Name:")` on `parseOutput` return a list with one element when the split fails, so when Bundler return an output that is not expected we still try to parse this invalid output which results invalid vulnerabilities. To fix this a validation was added before the split to check if output contains the `Name:` field. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing bundler results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities and enum packages was removed and the bundler schema output was moved to bundler package. This commit also fix a bug when parsing invalid output from Bundler. The `strings.Split(output, "Name:")` on `parseOutput` return a list with one element when the split fails, so when Bundler return an output that is not expected we still try to parse this invalid output which results invalid vulnerabilities. To fix this a validation was added before the split to check if output contains the `Name:` field. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
This commit add some new asserts on successful parsing bundler results to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities and enum packages was removed and the bundler schema output was moved to bundler package. This commit also fix a bug when parsing invalid output from Bundler. The `strings.Split(output, "Name:")` on `parseOutput` return a list with one element when the split fails, so when Bundler return an output that is not expected we still try to parse this invalid output which results invalid vulnerabilities. To fix this a validation was added before the split to check if output contains the `Name:` field. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br> (cherry picked from commit 112e82e)
This commit add some new asserts on successful parsing yarn results to verify that all fields of Vulnerability was filled. Note that the test cases from `TestParseOutputNpm`(yes, it was misspelled) was moved to `TestYarnAuditParseOutput` to centralize all tests as it is done in the other tests of the other formatters. Some code organization was also made, and the entities packages was removed and the yarn schema output was moved to yarnaudit package. Updates #718 Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br> (cherry picked from commit f2c500d)
Hi, I was thinking of taking the I know I need to write tests or refactor them, I need to know what the endgoal/outcome is. |
We currently refactoring unit test in every package of horusec, and we have a lot of code to cover. I'm opening this issue as a report and invite to community to contribute and improve our application. Currently i'm in start package refactor and we have some cases to cover and you can base on #701 to write your code
Update: Since #731 we moved flags constants to package testutil you should use them instead of the old way to write your code
Tests to be implemented of the start command:
"--analysis-timeout"
"--authorization"
--certificate-path"
"--container-bind-project-path"
"--disable-docker"
"--enable-commit-author"
"--enable-git-history"
"--enable-owasp-dependency-check"
"--enable-shellcheck"
"--false-positive"
"--headers"
"--horusec-url"
"--ignore"
"--ignore-severity"
"--information-severity"
"--insecure-skip-verify"
"--json-output-file"
"--monitor-retry-count"
"--output-format"
"--project-path"
"--repository-name"
"--request-timeout"
"--return-error"
"--risk-accept"
"--show-vulnerabilities-types"
Tests of the packages
The text was updated successfully, but these errors were encountered: