From 116c874052d6be12563341eb44d50c7e3dde1978 Mon Sep 17 00:00:00 2001 From: Or Toren Date: Sun, 29 Sep 2024 14:54:41 +0300 Subject: [PATCH] after code review --- audit_test.go | 65 ++++++++++++++++++++++++++------------------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/audit_test.go b/audit_test.go index 8f09bec6..86c2829c 100644 --- a/audit_test.go +++ b/audit_test.go @@ -33,38 +33,6 @@ import ( "github.com/jfrog/jfrog-client-go/xray/services" ) -func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) { - output := testAuditC(t, string(format.SimpleJson), true) - securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 0, 0, 0, 0, 0, 0, 0, 0) - -} - -func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) { - output := testAuditC(t, string(format.SimpleJson), false) - securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0) -} - -func testAuditC(t *testing.T, format string, enableCppFlag bool) string { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getJasAuditMockCommand) - defer cleanUp() - securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion) - tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t) - defer createTempDirCallback() - cProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "c") - // Copy the c project from the testdata to a temp dir - assert.NoError(t, biutils.CopyDir(cProjectPath, tempDirPath, true, nil)) - prevWd := securityTestUtils.ChangeWD(t, tempDirPath) - defer clientTests.ChangeDirAndAssert(t, prevWd) - watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High) - defer deleteWatch() - if enableCppFlag { - unsetEnv := clientTests.SetEnvWithCallbackAndAssert(t, "JFROG_SAST_ENABLE_CPP", "1") - defer unsetEnv() - } - args := []string{"audit", "--licenses", "--vuln", "--format=" + format, "--watches=" + watchName, "--fail=false"} - return cliToRun.WithoutCredentials().RunCliCmdWithOutput(t, args...) -} - func TestXrayAuditNpmJson(t *testing.T) { output := testAuditNpm(t, string(format.Json), false) securityTestUtils.VerifyJsonScanResults(t, output, 1, 0, 1) @@ -505,6 +473,39 @@ func addDummyPackageDescriptor(t *testing.T, hasPackageJson bool) { // JAS +func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) { + output := testAuditC(t, string(format.SimpleJson), true) + securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 0, 0, 0, 0, 0, 0, 0, 0) + +} + +func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) { + output := testAuditC(t, string(format.SimpleJson), false) + securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0) +} + +// Helper for both C & Cpp Sast scans tests +func testAuditC(t *testing.T, format string, enableCppFlag bool) string { + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getJasAuditMockCommand) + defer cleanUp() + securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion) + tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t) + defer createTempDirCallback() + cProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "c") + // Copy the c project from the testdata to a temp dir + assert.NoError(t, biutils.CopyDir(cProjectPath, tempDirPath, true, nil)) + prevWd := securityTestUtils.ChangeWD(t, tempDirPath) + defer clientTests.ChangeDirAndAssert(t, prevWd) + watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High) + defer deleteWatch() + if enableCppFlag { + unsetEnv := clientTests.SetEnvWithCallbackAndAssert(t, "JFROG_SAST_ENABLE_CPP", "1") + defer unsetEnv() + } + args := []string{"audit", "--licenses", "--vuln", "--format=" + format, "--watches=" + watchName, "--fail=false"} + return cliToRun.WithoutCredentials().RunCliCmdWithOutput(t, args...) +} + func TestXrayAuditNotEntitledForJas(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand) defer cleanUp()