Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tests: Unit tests refactor #718

Open
56 of 88 tasks
iancardosozup opened this issue Oct 25, 2021 · 3 comments
Open
56 of 88 tasks

tests: Unit tests refactor #718

iancardosozup opened this issue Oct 25, 2021 · 3 comments
Labels
good first issue Good for newcomers kind/improvement This issue is not a Bug nor a Feature kind/tests This issue is related with tests project/horusec-cli This issue is related to the project https://github.com/ZupIT/horusec

Comments

@iancardosozup
Copy link
Contributor

iancardosozup commented Oct 25, 2021

We currently refactoring unit test in every package of horusec, and we have a lot of code to cover. I'm opening this issue as a report and invite to community to contribute and improve our application. Currently i'm in start package refactor and we have some cases to cover and you can base on #701 to write your code

Update: Since #731 we moved flags constants to package testutil you should use them instead of the old way to write your code

Tests to be implemented of the start command:
  • FlagAnalysisTimeout = "--analysis-timeout"
  • FlagAuthorization = "--authorization"
  • FlagCertificatePath = "--certificate-path"
  • FlagContainerBindProjectPath = "--container-bind-project-path"
  • FlagCustomRulesPath = "--custom-rules-path"
  • FlagDisableDocker = "--disable-docker"
  • FlagEnableCommitAuthor = "--enable-commit-author"
  • FlagEnableGitHistory = "--enable-git-history"
  • FlagEnableOwaspDependencyCheck = "--enable-owasp-dependency-check"
  • FlagEnableShellcheck = "--enable-shellcheck"
  • FlagFalsePositive = "--false-positive"
  • FlagHeaders = "--headers"
  • FlagHorusecUrl = "--horusec-url"
  • FlagIgnore = "--ignore"
  • FlagIgnoreSeverity = "--ignore-severity"
  • FlagInformationSeverity = "--information-severity"
  • FlagInsecureSkipVerify = "--insecure-skip-verify"
  • FlagJsonOutputFile = "--json-output-file"
  • FlagMonitorRetryCount = "--monitor-retry-count"
  • FlagOutputFormat = "--output-format"
  • FlagProjectPath = "--project-path"
  • FlagRepositoryName = "--repository-name"
  • FlagRequestTimeout = "--request-timeout"
  • FlagReturnError = "--return-error"
  • FlagRiskAccept = "--risk-accept"
  • FlagShowVulnerabilitiesTypes = "--show-vulnerabilities-types"
Tests of the packages
  • cmd/app/generate
  • cmd/app/version
  • config
  • config/dist
  • internal/controllers/analyzer
  • internal/controllers/language_detect
  • internal/controllers/printresults
  • internal/controllers/requirements
  • internal/controllers/requirements/docker
  • internal/controllers/requirements/git
  • internal/entities/commit_author
  • internal/entities/custom_images
  • internal/entities/custom_rules
  • internal/entities/docker
  • internal/entities/sonarqube
  • internal/entities/toolsconfig
  • internal/entities/workdir
  • internal/services/custom_rules
  • internal/services/docker
  • internal/services/docker/client
  • internal/services/engines
  • internal/services/formatters
  • internal/services/formatters/c/flawfinder
  • internal/services/formatters/csharp/dotnet_cli
  • internal/services/formatters/csharp/horuseccsharp
  • internal/services/formatters/csharp/scs
  • internal/services/formatters/dart/horusecdart
  • internal/services/formatters/elixir/mixaudit
  • internal/services/formatters/elixir/sobelow
  • internal/services/formatters/generic/dependency_check
  • internal/services/formatters/generic/semgrep
  • internal/services/formatters/generic/trivy
  • internal/services/formatters/go/gosec
  • internal/services/formatters/go/nancy
  • internal/services/formatters/hcl/checkov
  • internal/services/formatters/hcl/tfsec
  • internal/services/formatters/java/horusecjava
  • internal/services/formatters/javascript/horusecnodejs
  • internal/services/formatters/javascript/npmaudit
  • internal/services/formatters/javascript/yarnaudit
  • internal/services/formatters/kotlin/horuseckotlin
  • internal/services/formatters/leaks/gitleaks
  • internal/services/formatters/leaks/horusecleaks
  • internal/services/formatters/nginx/horusecnginx
  • internal/services/formatters/php/phpcs
  • internal/services/formatters/python/bandit
  • internal/services/formatters/python/safety
  • internal/services/formatters/ruby/brakeman
  • internal/services/formatters/ruby/bundler
  • internal/services/formatters/shell/shellcheck
  • internal/services/formatters/swift/horusecswift
  • internal/services/formatters/yaml/horuseckubernetes
  • internal/services/git
  • internal/services/horusec_api
  • internal/services/sonarqube
  • internal/usecases/cli
  • internal/utils/copy
  • internal/utils/file
  • internal/utils/json
  • internal/utils/prompt
  • internal/utils/valueordefault
  • internal/utils/vuln_hash
@iancardosozup iancardosozup added kind/improvement This issue is not a Bug nor a Feature good first issue Good for newcomers labels Oct 25, 2021
@wiliansilvazup wiliansilvazup pinned this issue Oct 27, 2021
@filipemelo
Copy link
Contributor

I would like to understand how line and code works on tests.
Because I didn't understand this rule.

@nathanmartinszup
Copy link
Contributor

I would like to understand how line and code works on tests. Because I didn't understand this rule.

Hi @filipemelo.

If your doubt is about the engine tests, the code and line are idenfied according to the regex type. An example, if the rule is of the AndMatch type, if all regex matched, the first regex in the list will be used to search for the code, row and column, but in the case of OrMatch all regex that match will be used and displayed .

This implementation is kept in another repository, and can be found here

@wiliansilvazup wiliansilvazup changed the title Start command unit tests refactor tests: Unit tests refactor Nov 8, 2021
matheusalcantarazup added a commit that referenced this issue Nov 9, 2021
This commit add new tests to cover Sonarqube output type and add asserts
to check if what was printed is correctly.

The tests was changed to use table testings approach to make more easily
to add a new testcase.

The PrintResults implementation was improved too. Basically a new
io.Writer field was added to customize where we will write outputs. The
default constructor will always write to Stdout, but on tests we use a
custom BufferString to write.

This commit also make some improvements on code organization and private
method names.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 9, 2021
This commit add new tests to cover Sonarqube output type and add asserts
to check if what was printed is correctly.

The tests was changed to use table testings approach to make more easily
to add a new testcase.

The PrintResults implementation was improved too. Basically a new
io.Writer field was added to customize where we will write outputs. The
default constructor will always write to Stdout, but on tests we use a
custom BufferString to write.

This commit also make some improvements on code organization and private
method names.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 10, 2021
This commit add new tests to cover Sonarqube output type and add asserts
to check if what was printed is correctly.

The tests was changed to use table testings approach to make more easily
to add a new testcase.

The PrintResults implementation was improved too. Basically a new
io.Writer field was added to customize where we will write outputs. The
default constructor will always write to Stdout, but on tests we use a
custom BufferString to write.

This commit also make some improvements on code organization and private
method names.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 10, 2021
This commit add new tests to cover Sonarqube output type and add asserts
to check if what was printed is correctly.

The tests was changed to use table testings approach to make more easily
to add a new testcase.

The PrintResults implementation was improved too. Basically a new
io.Writer field was added to customize where we will write outputs. The
default constructor will always write to Stdout, but on tests we use a
custom BufferString to write.

This commit also make some improvements on code organization and private
method names.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 11, 2021
This commit add new tests to cover Sonarqube output type and add asserts
to check if what was printed is correctly.

The tests was changed to use table testings approach to make more easily
to add a new testcase.

The PrintResults implementation was improved too. Basically a new
io.Writer field was added to customize where we will write outputs. The
default constructor will always write to Stdout, but on tests we use a
custom BufferString to write.

This commit also make some improvements on code organization and private
method names.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 11, 2021
Previously the toolsconfig package does not have any unit tests and the
public functions and types was a bit confused, since two types was
exported to represents the same "thing".

This commit implements the tests to cover scenarios of toolsconfig
parsing.

This commit also rename ToolsConfigStruct to toolsConfig and also made
private, since this struct is only used as schema to parse the values
and only the Map type is used by other packages. The Map and Config
struct was also renamed to don't be repetitive on names.

The function ParseInterfaceToMapToolsConfig was also renamed to
MustParseToolsConfig to follow the Go standards of functions that can
cause errors that will be not returned. The signature was also changed
to avoid bugs when accepting an empty interface{}, since the viper will
always return a map[string]interface{} when we get the tools config from
config file, this function does not need to accept an empty interface.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 11, 2021
Previously the toolsconfig package does not have any unit tests and the
public functions and types was a bit confused, since two types was
exported to represents the same "thing".

This commit implements the tests to cover scenarios of toolsconfig
parsing.

This commit also rename ToolsConfigStruct to toolsConfig and also made
private, since this struct is only used as schema to parse the values
and only the Map type is used by other packages. The Map and Config
struct was also renamed to don't be repetitive on names.

The function ParseInterfaceToMapToolsConfig was also renamed to
MustParseToolsConfig to follow the Go standards of functions that can
cause errors that will be not returned. The signature was also changed
to avoid bugs when accepting an empty interface{}, since the viper will
always return a map[string]interface{} when we get the tools config from
config file, this function does not need to accept an empty interface.

A new function Default was also created to return the default values
from tools config.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 11, 2021
Previously the toolsconfig package does not have any unit tests and the
public functions and types was a bit confused, since two types was
exported to represents the same "thing".

This commit implements the tests to cover scenarios of toolsconfig
parsing.

This commit also rename ToolsConfigStruct to toolsConfig and also made
private, since this struct is only used as schema to parse the values
and only the Map type is used by other packages. The Map and Config
struct was also renamed to don't be repetitive on names.

The function ParseInterfaceToMapToolsConfig was also renamed to
MustParseToolsConfig to follow the Go standards of functions that can
cause errors that will be not returned. The signature was also changed
to avoid bugs when accepting an empty interface{}, since the viper will
always return a map[string]interface{} when we get the tools config from
config file, this function does not need to accept an empty interface.

A new function Default was also created to return the default values
from tools config.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 11, 2021
Previously the toolsconfig package does not have any unit tests and the
public functions and types was a bit confused, since two types was
exported to represents the same "thing".

This commit implements the tests to cover scenarios of toolsconfig
parsing.

This commit also rename ToolsConfigStruct to toolsConfig and also made
private, since this struct is only used as schema to parse the values
and only the Map type is used by other packages. The Map and Config
struct was also renamed to don't be repetitive on names.

The function ParseInterfaceToMapToolsConfig was also renamed to
MustParseToolsConfig to follow the Go standards of functions that can
cause errors that will be not returned. The signature was also changed
to avoid bugs when accepting an empty interface{}, since the viper will
always return a map[string]interface{} when we get the tools config from
config file, this function does not need to accept an empty interface.

A new function Default was also created to return the default values
from tools config.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 12, 2021
Previously the toolsconfig package does not have any unit tests and the
public functions and types was a bit confused, since two types was
exported to represents the same "thing".

This commit implements the tests to cover scenarios of toolsconfig
parsing.

This commit also rename ToolsConfigStruct to toolsConfig and also made
private, since this struct is only used as schema to parse the values
and only the Map type is used by other packages. The Map and Config
struct was also renamed to don't be repetitive on names.

The function ParseInterfaceToMapToolsConfig was also renamed to
MustParseToolsConfig to follow the Go standards of functions that can
cause errors that will be not returned. The signature was also changed
to avoid bugs when accepting an empty interface{}, since the viper will
always return a map[string]interface{} when we get the tools config from
config file, this function does not need to accept an empty interface.

A new function Default was also created to return the default values
from tools config.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 12, 2021
Previously the implementation of CustomImages map was a bit redundant.
Basically a map[string]string was created using the string
representation of each languages.language as key, and when were we going
to access this map we always receive a languages.Language and need to get
the string representation of this language, which make an unnecessary type
casting.

This commit change the type of CustomImages to store a
languages.Language as key and avoid these type casting.

The function `NewCustomImages` was renamed to `Default` to make more
clear and a new function `MustParseCustomImages` was created to parse
the input taken from Viper.

This commit also add some new tests to assert the default values and
test the parsing.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 12, 2021
Previously the implementation of CustomImages map was a bit redundant.
Basically a map[string]string was created using the string
representation of each languages.language as key, and when were we going
to access this map we always receive a languages.Language and need to get
the string representation of this language, which make an unnecessary type
casting.

This commit change the type of CustomImages to store a
languages.Language as key and avoid these type casting.

The function `NewCustomImages` was renamed to `Default` to make more
clear and a new function `MustParseCustomImages` was created to parse
the input taken from Viper.

This commit also add some new tests to assert the default values and
test the parsing.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 16, 2021
Update #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 16, 2021
Previously the testcases of vulnhash package does not assert the
generated hash using all the fields used to generate the hash.

This commit change the testcases to assert the generated hash with all
fields filled.

The testcase also was change to assert the valid and invalid generated
hash

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 17, 2021
Previously the implementation of CustomImages map was a bit redundant.
Basically a map[string]string was created using the string
representation of each languages.language as key, and when were we going
to access this map we always receive a languages.Language and need to get
the string representation of this language, which make an unnecessary type
casting.

This commit change the type of CustomImages to store a
languages.Language as key and avoid these type casting.

The function `NewCustomImages` was renamed to `Default` to make more
clear and a new function `MustParseCustomImages` was created to parse
the input taken from Viper.

This commit also add some new tests to assert the default values and
test the parsing.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
nathanmartinszup pushed a commit that referenced this issue Nov 17, 2021
)

Update #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 17, 2021
Previously the testcases of vulnhash package does not assert the
generated hash using all the fields used to generate the hash.

This commit change the testcases to assert the generated hash with all
fields filled.

The testcase also was change to assert the valid and invalid generated
hash

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 17, 2021
Previously if some symlink exists on project path during the copy we was
creating a directory instead evaluating the sysmlink.

Evaluating the symlink makes us need to deal with several scenarios,
such as, how should we copy a file to the .horuse folder when it is not
in the project path? Another scenario would be how do we handle symlinks
from files that don't exist on the user's machine?

With that in mind, this commit changes the behavior of the `Copy` function
to ignore symlinks by default and only copy directories and files. Since
previously we were no longer analyzing sysmlinks, this change will not be
noticed by the user.

This commit also change the assertiveness of tests to check if all files
and directories was copied correctly.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Nov 17, 2021
Previously if some symlink exists on project path during the copy we was
creating a directory instead evaluating the sysmlink.

Evaluating the symlink makes us need to deal with several scenarios,
such as, how should we copy a file to the .horuse folder when it is not
in the project path? Another scenario would be how do we handle symlinks
from files that don't exist on the user's machine?

With that in mind, this commit changes the behavior of the `Copy` function
to ignore symlinks by default and only copy directories and files. Since
previously we were no longer analyzing sysmlinks, this change will not be
noticed by the user.

This commit also change the assertiveness of tests to check if all files
and directories was copied correctly.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Dec 23, 2021
This commit add some new asserts on successful parsing Trivy results, to
verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Trivy schema output was moved to trivy package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Dec 23, 2021
This commit add some new asserts on successful parsing Checkov results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Checkov schema output was moved to checkov package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Dec 23, 2021
This commit add some new asserts on successful parsing Checkov results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Checkov schema output was moved to checkov package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Dec 23, 2021
This commit add some new asserts on successful parsing tfsec results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the tfsec schema output was moved to tfsec package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Dec 23, 2021
This commit add some new asserts on successful parsing npm results
to verify that all fields of Vulnerability was filled.

Note that the test cases from `TestParseOutputNpm` was moved to
`TestNpmAuditParseOutput` to centralize all tests as it is done in
the other tests of the other formatters.

Some code organization was also made, and the entities packages was
removed and the npm schema output was moved to npmaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing dependency check
results, to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the dependency check schema output was moved to
dependencycheck package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing Mix Audit
results, to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the mix audit schema output was moved to
mixaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing Sobelow
results, to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Sobelow schema output was moved to sobelow package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing Trivy results, to
verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Trivy schema output was moved to trivy package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing Checkov results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the Checkov schema output was moved to checkov package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing tfsec results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities packages was
removed and the tfsec schema output was moved to tfsec package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
wiliansilvazup pushed a commit that referenced this issue Dec 27, 2021
This commit add some new asserts on successful parsing npm results
to verify that all fields of Vulnerability was filled.

Note that the test cases from `TestParseOutputNpm` was moved to
`TestNpmAuditParseOutput` to centralize all tests as it is done in
the other tests of the other formatters.

Some code organization was also made, and the entities packages was
removed and the npm schema output was moved to npmaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 3, 2022
This commit add some new asserts on successful parsing yarn results
to verify that all fields of Vulnerability was filled.

Note that the test cases from `TestParseOutputNpm`(yes, it was
misspelled) was moved to `TestYarnAuditParseOutput` to centralize
all tests as it is done in the other tests of the other formatters.

Some code organization was also made, and the entities packages was
removed and the yarn schema output was moved to yarnaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 3, 2022
This commit add some new asserts on successful parsing yarn results
to verify that all fields of Vulnerability was filled.

Note that the test cases from `TestParseOutputNpm`(yes, it was
misspelled) was moved to `TestYarnAuditParseOutput` to centralize
all tests as it is done in the other tests of the other formatters.

Some code organization was also made, and the entities packages was
removed and the yarn schema output was moved to yarnaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 14, 2022
This commit add some new asserts on successful parsing bundler results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities and enum packages
was removed and the bundler schema output was moved to bundler package.

This commit also fix a bug when parsing invalid output from Bundler.
The `strings.Split(output, "Name:")` on `parseOutput` return a list with
one element when the split fails, so when Bundler return an output that
is not expected we still try to parse this invalid output which results
invalid vulnerabilities. To fix this a validation was added before the
split to check if output contains the `Name:` field.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 14, 2022
This commit add some new asserts on successful parsing bundler results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities and enum packages
was removed and the bundler schema output was moved to bundler package.

This commit also fix a bug when parsing invalid output from Bundler.
The `strings.Split(output, "Name:")` on `parseOutput` return a list with
one element when the split fails, so when Bundler return an output that
is not expected we still try to parse this invalid output which results
invalid vulnerabilities. To fix this a validation was added before the
split to check if output contains the `Name:` field.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 14, 2022
This commit add some new asserts on successful parsing bundler results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities and enum packages
was removed and the bundler schema output was moved to bundler package.

This commit also fix a bug when parsing invalid output from Bundler.
The `strings.Split(output, "Name:")` on `parseOutput` return a list with
one element when the split fails, so when Bundler return an output that
is not expected we still try to parse this invalid output which results
invalid vulnerabilities. To fix this a validation was added before the
split to check if output contains the `Name:` field.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
matheusalcantarazup added a commit that referenced this issue Jan 19, 2022
This commit add some new asserts on successful parsing bundler results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities and enum packages
was removed and the bundler schema output was moved to bundler package.

This commit also fix a bug when parsing invalid output from Bundler.
The `strings.Split(output, "Name:")` on `parseOutput` return a list with
one element when the split fails, so when Bundler return an output that
is not expected we still try to parse this invalid output which results
invalid vulnerabilities. To fix this a validation was added before the
split to check if output contains the `Name:` field.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
@matheusalcantarazup matheusalcantarazup added the kind/tests This issue is related with tests label Jan 21, 2022
matheusalcantarazup added a commit that referenced this issue Jan 21, 2022
This commit add some new asserts on successful parsing bundler results
to verify that all fields of Vulnerability was filled.

Some code organization was also made, and the entities and enum packages
was removed and the bundler schema output was moved to bundler package.

This commit also fix a bug when parsing invalid output from Bundler.
The `strings.Split(output, "Name:")` on `parseOutput` return a list with
one element when the split fails, so when Bundler return an output that
is not expected we still try to parse this invalid output which results
invalid vulnerabilities. To fix this a validation was added before the
split to check if output contains the `Name:` field.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
(cherry picked from commit 112e82e)
@matheusalcantarazup matheusalcantarazup added the project/horusec-cli This issue is related to the project https://github.com/ZupIT/horusec label Feb 8, 2022
nathanmartinszup pushed a commit that referenced this issue Feb 10, 2022
This commit add some new asserts on successful parsing yarn results
to verify that all fields of Vulnerability was filled.

Note that the test cases from `TestParseOutputNpm`(yes, it was
misspelled) was moved to `TestYarnAuditParseOutput` to centralize
all tests as it is done in the other tests of the other formatters.

Some code organization was also made, and the entities packages was
removed and the yarn schema output was moved to yarnaudit package.

Updates #718

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
(cherry picked from commit f2c500d)
@AliAkberAakash
Copy link

AliAkberAakash commented Jun 23, 2022

Hi, I was thinking of taking the internal/utils/json refactoring. I'm not sure what I'm supposed to do. I'm new to golang but not new to coding, would really appreciate if someone gave me directions on getting started with this.

I know I need to write tests or refactor them, I need to know what the endgoal/outcome is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Good for newcomers kind/improvement This issue is not a Bug nor a Feature kind/tests This issue is related with tests project/horusec-cli This issue is related to the project https://github.com/ZupIT/horusec
Projects
None yet
Development

No branches or pull requests

5 participants