initial unit & integration test

Author: wahyudibo

cmd/common.go

@@ -11,8 +11,3 @@ func fail(err error) {
 	fmt.Println(prettyFmt.Error(err))
 	os.Exit(1)
 }
-
-func success(message string) {
-	fmt.Println(prettyFmt.Success(message))
-	os.Exit(0)
-}

etc/run-test.sh

@@ -1,3 +1,4 @@
 #!/usr/bin/env sh
 
-golangci-lint run --fix ./... && go test -coverprofile=coverage.out -v -p 1 ./...
+docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.49.0 golangci-lint run --fix ./... && \
+go test -coverprofile=coverage.out -v -p 1 ./...

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/enescakir/emoji v1.0.0
 	github.com/go-ozzo/ozzo-validation/v4 v4.3.0
 	github.com/golang/mock v1.6.0
+	github.com/google/uuid v1.1.2
 	github.com/spf13/cobra v1.5.0
 	github.com/spf13/viper v1.13.0
 )
@@ -17,6 +18,7 @@ require (
 	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emirpasic/gods v1.12.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
@@ -31,6 +33,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.0 // indirect
@@ -41,6 +44,7 @@ require (
 )
 
 require (
+	github.com/brianvoe/gofakeit/v6 v6.19.0
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -54,6 +58,7 @@ require (
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.8.0
 	github.com/subosito/gotenv v1.4.1 // indirect
 	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/text v0.3.7 // indirect

go.sum

@@ -54,6 +54,8 @@ github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef h1:46PFijGL
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/briandowns/spinner v1.19.0 h1:s8aq38H+Qju89yhp89b4iIiMzMm8YN3p6vGpwyh/a8E=
 github.com/briandowns/spinner v1.19.0/go.mod h1:mQak9GHqbspjC/5iUx3qMlIho8xBS/ppAL/hX5SmPJU=
+github.com/brianvoe/gofakeit/v6 v6.19.0 h1:g+yJ+meWVEsAmR+bV4mNM/eXI0N+0pZ3D+Mi+G5+YQo=
+github.com/brianvoe/gofakeit/v6 v6.19.0/go.mod h1:Ow6qC71xtwm79anlwKRlWZW6zVq9D2XHE4QSSMP/rU8=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=

internal/client/guardrails/mock/get_scan_data.json

@@ -0,0 +1,89 @@
+{
+  "idScan": "3cd76071-f869-4b7e-bcc7-568a2004ecdb",
+  "type": "CLI",
+  "branch": "fix-cve",
+  "sha": "7797b477716310ceff32aa705a97ea0fcd03011a",
+  "ok": false,
+  "results": {
+    "count": {
+      "total": 7,
+      "new": 7,
+      "open": 7,
+      "resolved": 0,
+      "fixed": 0,
+      "findings": 0
+    },
+    "rules": [
+      {
+        "rule": {
+          "idRule": 7,
+          "title": "Vulnerable Libraries",
+          "name": "GR0013",
+          "docs": "using_vulnerable_libraries.html"
+        },
+        "languages": ["javascript"],
+        "count": {
+          "total": 3,
+          "open": 3,
+          "resolved": 0,
+          "fixed": 0,
+          "findings": 0
+        },
+        "vulnerabilities": [
+          {
+            "idFinding": "eda2569d-020e-4ff7-bd8d-874d7d4359d1",
+            "status": "VULNERABILITY",
+            "language": "javascript",
+            "branch": "refs/tags/v1.21.3",
+            "path": "package-lock.json",
+            "lineNumber": 24788,
+            "introducedBy": "yamilfrich",
+            "type": "sca",
+            "metadata": {
+              "dependencyName": "pkg:npm/hoek@6.1.3",
+              "currentVersion": "6.1.3",
+              "patchedVersions": "<0.0.0",
+              "references": [
+                "https://ossindex.sonatype.org/vulnerability/sonatype-2020-0074?component-type=npm&component-name=hoek&utm_source=go-http-client&utm_medium=integration&utm_content=1.1"
+              ],
+              "cvssSeverity": "Medium",
+              "cvssScore": "5.60",
+              "cvssVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+            },
+            "severity": {
+              "idSeverity": 1003,
+              "name": "Medium"
+            },
+            "engineRule": {
+              "idEngineRule": 5893,
+              "title": "Vulnerable Dependency",
+              "name": "SBOM001",
+              "docs": null,
+              "engineName": "sbom",
+              "cvssSeverity": null,
+              "cvssScore": 0,
+              "cvssVector": null
+            }
+          }
+        ]
+      }
+    ]
+  },
+  "repository": {
+    "idRepository": 28909,
+    "name": "core-api",
+    "defaultBranch": "develop",
+    "provider": "GITHUB",
+    "isPrivate": true,
+    "isEnabled": true,
+    "createdAt": "2019-11-15T12:52:51.727+00:00",
+    "updatedAt": "2019-11-15T12:52:51.727+00:00",
+    "fullName": "guardrailsio/core-api",
+    "description": "⚡ GuardRails Core API",
+    "language": "JavaScript"
+  },
+  "report": "https://dashboard.guardrails.io/gh/guardrailsio/scans?sha=3cd76071-f869-4b7e-bcc7-568a2004ecdb&type=CLI",
+  "queuedAt": "2022-09-13T02:55:04.97+00:00",
+  "scanningAt": "2022-09-13T02:55:07.203+00:00",
+  "finishedAt": "2022-09-13T02:55:33.534+00:00"
+}

internal/command/scan/args_test.go

@@ -0,0 +1,34 @@
+package scan
+
+import (
+	"testing"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestScanCommandArgsValidationFailed(t *testing.T) {
+	type testCase struct {
+		name  string
+		input Args
+	}
+
+	testCases := []testCase{
+		{
+			name:  "missing_token",
+			input: Args{},
+		},
+		{
+			name: "invalid_format",
+			input: Args{
+				Token:  gofakeit.HexUint32(),
+				Format: "invalid-format",
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		err := tc.input.Validate()
+		assert.NotNil(t, err)
+	}
+}

internal/command/scan/handler.go

@@ -154,7 +154,7 @@ func (h *Handler) Execute(ctx context.Context) error {
 	}
 
 	if h.Args.Output != "" {
-		if err := outputter.SaveToFile(h.Args.Output, getScanDataResp); err != nil {
+		if err := outputter.SaveScanDataToFile(h.Args.Output, getScanDataResp); err != nil {
 			return fmt.Errorf("Couldn't save output, %s", err.Error())
 		} else if !h.Args.Quiet {
 			fmt.Printf("\n%s\n", prettyFmt.Success("Output saved"))

internal/command/scan/handler_test.go

@@ -0,0 +1,140 @@
+package scan
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha1"
+	"encoding/json"
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/brianvoe/gofakeit/v6"
+	"github.com/golang/mock/gomock"
+	"github.com/google/uuid"
+	mockarchiver "github.com/guardrailsio/guardrails-cli/internal/archiver/mock"
+	grclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails"
+	mockgrclient "github.com/guardrailsio/guardrails-cli/internal/client/guardrails/mock"
+	"github.com/guardrailsio/guardrails-cli/internal/config"
+	"github.com/guardrailsio/guardrails-cli/internal/repository"
+	mockrepository "github.com/guardrailsio/guardrails-cli/internal/repository/mock"
+	"github.com/guardrailsio/guardrails-cli/internal/tools/spinner"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestScanCommandExecuteSuccess(t *testing.T) {
+	ctx := context.Background()
+	args := &Args{
+		Token:  "test-token",
+		Path:   "/var/www/guardrails-cli",
+		Format: "pretty",
+		Output: "",
+		Quiet:  true,
+	}
+	cfg := config.New()
+	spinner := spinner.New()
+
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+
+	mockRepo := mockrepository.NewMockRepository(mockCtrl)
+	mockArc := mockarchiver.NewMockArchiver(mockCtrl)
+	mockGrClient := mockgrclient.NewMockGuardRailsClient(mockCtrl)
+
+	commitMessage := gofakeit.Sentence(5)
+	sha := sha1.New()
+	sha.Write([]byte(commitMessage))
+	encrypted := sha.Sum(nil)
+	commitHash := fmt.Sprintf("%x", encrypted)
+
+	repoMetadata := &repository.Metadata{
+		Path:       args.Path,
+		Protocol:   "https",
+		Provider:   "github",
+		Name:       gofakeit.AppName(),
+		Branch:     gofakeit.Word(),
+		CommitHash: commitHash,
+	}
+	listOfFiles := []string{
+		".gitignore",
+		"LICENSE",
+		"Makefile",
+		"README.md",
+		"bin/.gitignore",
+		"cmd/common.go",
+		"cmd/root.go",
+		"cmd/scan.go",
+		"etc/run-test.sh",
+		"go.mod",
+		"go.sum",
+		"internal/archiver/archiver.go",
+		"internal/archiver/mock/archiver.go",
+		"internal/client/client.go",
+		"internal/client/errors.go",
+		"internal/client/guardrails/client.go",
+		"internal/client/guardrails/message.go",
+		"internal/client/guardrails/mock/client.go",
+		"internal/command/scan/args.go",
+		"internal/command/scan/handler.go",
+		"internal/command/scan/message.go",
+		"internal/config/config.go",
+		"internal/formatter/csv/csv.go",
+		"internal/formatter/json/json.go",
+		"internal/formatter/pretty/pretty.go",
+		"internal/formatter/sarif/sarif.go",
+		"internal/outputter/outputter.go",
+		"internal/repository/ignorelist.go",
+		"internal/repository/mock/repository.go",
+		"internal/repository/repository.go",
+		"internal/tools/spinner/spinner.go",
+		"main.go",
+	}
+	fileZipName := fmt.Sprintf("%s.zip", repoMetadata.Name)
+	fileZipByte := bytes.NewReader([]byte{})
+	createUploadURLReq := &grclient.CreateUploadURLReq{
+		File: fileZipName,
+	}
+	createUploadURLResp := &grclient.CreateUploadURLResp{
+		SignedURL: gofakeit.URL(),
+	}
+	uploadProjectReq := &grclient.UploadProjectReq{
+		UploadURL: createUploadURLResp.SignedURL,
+		File:      fileZipByte,
+	}
+	triggerScanReq := &grclient.TriggerScanReq{
+		Repository: repoMetadata.Name,
+		SHA:        repoMetadata.CommitHash,
+		Branch:     repoMetadata.Branch,
+		FileName:   fileZipName,
+	}
+	triggerScanResp := &grclient.TriggerScanResp{
+		ScanID:       uuid.New().String(),
+		DashboardURL: gofakeit.URL(),
+	}
+	getScanDataReq := &grclient.GetScanDataReq{
+		ScanID: triggerScanResp.ScanID,
+	}
+
+	file, err := os.Open("../../client/guardrails/mock/get_scan_data.json")
+	require.NoError(t, err)
+	defer file.Close()
+
+	getScanDataResp := new(grclient.GetScanDataResp)
+	err = json.NewDecoder(file).Decode(getScanDataResp)
+	require.NoError(t, err)
+
+	gomock.InOrder(
+		mockRepo.EXPECT().GetMetadataFromRemoteURL().Return(repoMetadata, nil),
+		mockRepo.EXPECT().ListFiles().Return(listOfFiles, nil),
+		mockArc.EXPECT().OutputZipToIOReader(repoMetadata.Path, listOfFiles).Return(fileZipByte, nil),
+		mockGrClient.EXPECT().CreateUploadURL(ctx, createUploadURLReq).Return(createUploadURLResp, nil),
+		mockGrClient.EXPECT().UploadProject(ctx, uploadProjectReq).Return(nil),
+		mockGrClient.EXPECT().TriggerScan(ctx, triggerScanReq).Return(triggerScanResp, nil),
+		mockGrClient.EXPECT().GetScanData(ctx, getScanDataReq).Return(getScanDataResp, nil),
+	)
+
+	cmd := New(args, spinner, cfg, mockRepo, mockArc, mockGrClient)
+	err = cmd.Execute(ctx)
+	assert.Nil(t, err)
+}

internal/formatter/csv/csv.go

@@ -38,7 +38,7 @@ func ScanResult(result *guardrailsclient.GetScanDataResp) error {
 		return err
 	}
 
-	fmt.Printf("%s", string(buf.Bytes()))
+	fmt.Printf("%s", buf.String())
 
 	return nil
 }

internal/formatter/pretty/pretty.go

@@ -50,7 +50,7 @@ func ScanResult(result *guardrailsclient.GetScanDataResp) {
 
 			fmt.Println("Not sure how to fix this ?")
 			for _, l := range r.Languages {
-				fmt.Printf(text.FgBlue.Sprintf("https://docs.guardrails.io/docs/vulnerabilities/%s/%s\n", l, r.Rule.Docs))
+				fmt.Println(text.FgBlue.Sprintf("https://docs.guardrails.io/docs/vulnerabilities/%s/%s\n", l, r.Rule.Docs))
 			}
 		}
 	}