Support scan vorpal command (AST-42348) #329
Conversation
pedrompflopes
requested review from
a team,
helderfvieira and
danielcaldeiracx
and removed request for
a team
|
No New Or Fixed Issues Found |
| @@ -19,6 +20,22 @@ void testScanShow() throws Exception { | |||
| Assertions.assertEquals(scanList.get(0).getId(), scan.getId()); | |||
| } | |||
|
|
|||
| @Test | |||
| void testScanVorpalSuccessfulResponse() throws Exception { | |||
| ScanResult scanResult = wrapper.ScanVorpal("my-file.cs", true); | |||
There was a problem hiding this comment.
where is this file? Don't you need a real file to send?
There was a problem hiding this comment.
I have to add additional tests after I have real responses anyway. if I add some file now I will not see real results anyway.
There was a problem hiding this comment.
After discussion:
will modify tests according to real behavior.
|
|
||
| @Test | ||
| void testScanVorpalFailureResponse() throws Exception { | ||
| ScanResult scanResult = wrapper.ScanVorpal("my-file.cs", false); |
There was a problem hiding this comment.
this test will work for now but with the real vorpal it will fail,
you can send an invalid file path and then the test will return error and you will not need to change it again
| @JsonDeserialize() | ||
| @JsonInclude(JsonInclude.Include.NON_NULL) | ||
| @JsonIgnoreProperties(ignoreUnknown = true) | ||
| public class ScanResult extends CxBaseObject { |
There was a problem hiding this comment.
why are you extending CxBaseObject if you don't use any of his properties?
There was a problem hiding this comment.
It uses the method "parse" that's defined there..
if we really want to get rid of this inheritance we can take "parse" and the method it uses - "isValidJson" to JSON utils, because these two method don't seem related to CxBaseObject logically.
What do you think?
There was a problem hiding this comment.
I think it better idea then have empty base clas fields
| @Test | ||
| void testScanVorpalFailureResponse() throws Exception { | ||
| ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/csharp-file.cs", false); | ||
| Assertions.assertEquals("1111", scanResult.getRequestId()); |
There was a problem hiding this comment.
please have a case with a real error as not a good file name.
Please validate the message
| @@ -19,6 +23,22 @@ void testScanShow() throws Exception { | |||
| Assertions.assertEquals(scanList.get(0).getId(), scan.getId()); | |||
| } | |||
|
|
|||
| @Test | |||
| void testScanVorpalSuccessfulResponse() throws Exception { | |||
There was a problem hiding this comment.
can we have a happy case too ?
There was a problem hiding this comment.
This is the happy case.. or you mean more assertions?
|
|
||
| namespace ast_visual_studio_extension.CxCLI | ||
| { | ||
| public class CxWrapper |
There was a problem hiding this comment.
what is this file? is this file the test file but it's the wrapper .cs?
maybe we can have a simpler file (or 2 files one. with a real vulnerability, only one, and other one that will return an err?)
| arguments.add(CxConstants.VORPAL_LATEST_VERSION); | ||
| } | ||
|
|
||
| return Execution.executeCommand(withConfigArguments(arguments), logger, ScanResult::fromLine); |
There was a problem hiding this comment.
if you have error, how it handles it? error in the CLI or error that not part of the scan results object error
There was a problem hiding this comment.
In case of an error, the java-wrapper's CxException will be thrown. added test:
void testScanVorpal_WhenMissingFileExtension_ReturnFileExtensionIsRequiredFailure() throws Exception {
// ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/python-vul-file", false);
Assertions.assertThrowsExactly(CxException.class, () -> {
wrapper.ScanVorpal("src/test/resources/python-vul-file", false);
}, "file must have an extension");
}
There was a problem hiding this comment.
We dont want to throw an error and break the IDE.. We want to show the errors in the IDE and the wrapper should return the error message
| Assertions.assertNull(scanResult.getScanDetails()); | ||
| Error error = scanResult.getError(); | ||
| Assertions.assertNotNull(error); | ||
| Assertions.assertEquals("An internal error occurred.", error.description); |
There was a problem hiding this comment.
please have a test with error and not a scan results model
No description provided.