Convert tests to typescript

RetireJS · Aug 19, 2024 · 241ca38 · 241ca38
1 parent e4b9136
commit 241ca38
Show file tree

Hide file tree

Showing 16 changed files with 366 additions and 335 deletions.
diff --git a/node/package-lock.json b/node/package-lock.json
diff --git a/node/package.json b/node/package.json
@@ -22,6 +22,8 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
+    "@types/chai": "^4.3.17",
+    "@types/mocha": "^10.0.7",
     "@types/node": "^18.13.0",
     "@types/uuid": "^9.0.0",
     "@typescript-eslint/eslint-plugin": "^7.1.1",

diff --git a/node/spec/assert.js b/node/spec/assert.js
diff --git a/node/spec/assert.ts b/node/spec/assert.ts
@@ -0,0 +1,11 @@
+import * as retire from '../lib/retire';
+import { should } from 'chai';
+import { Component } from '../lib/types';
+should();
+
+export function isVulnerable(results: Component[]) {
+  retire.isVulnerable(results).should.equal(true);
+}
+export function isNotVulnerable(results: Component[]) {
+  retire.isVulnerable(results).should.equal(false);
+}
diff --git a/node/spec/tests/contentscan.spec.js b/node/spec/tests/contentscan.spec.js
diff --git a/node/spec/tests/contentscan.spec.ts b/node/spec/tests/contentscan.spec.ts
@@ -0,0 +1,48 @@
+import * as fs from 'fs';
+import * as retire from '../../lib/retire';
+import * as assert from '../assert';
+import * as crypto from 'crypto';
+
+const data = fs.readFileSync('spec/repository.json', 'utf8');
+const repo = JSON.parse(data);
+
+const hasher = {
+  sha1: function (data: string) {
+    const shasum = crypto.createHash('sha1');
+    shasum.update(data);
+    return shasum.digest('hex');
+  },
+};
+
+describe('content scan', function () {
+  it('should_be_vulnerable_between', function (done) {
+    const result = retire.scanFileContent('/*! jQuery v1.8.1 asdasd ', repo, hasher);
+    assert.isVulnerable(result);
+    done();
+  });
+  it('should_not_be_vulnerable_before', function (done) {
+    const result = retire.scanFileContent('/*! jQuery v1.6.1 asdasd ', repo, hasher);
+    assert.isNotVulnerable(result);
+    done();
+  });
+  it('should_not_be_vulnerable_at', function (done) {
+    const result = retire.scanFileContent('/*! jQuery v1.9.0 asdasd ', repo, hasher);
+    assert.isNotVulnerable(result);
+    done();
+  });
+  it('should_not_be_vulnerable_above', function (done) {
+    const result = retire.scanFileContent('/*! jQuery v1.9.1 asdasd ', repo, hasher);
+    assert.isNotVulnerable(result);
+    done();
+  });
+  it('should_be_vulnerable_before', function (done) {
+    const result = retire.scanFileContent('/*! jQuery v1.4 asdasd ', repo, hasher);
+    assert.isVulnerable(result);
+    done();
+  });
+  it('should_be_vulnerable_before_prolog', function (done) {
+    const result = retire.scanFileContent('var a = 1; /*! jQuery v1.4 asdasd ', repo, hasher);
+    assert.isVulnerable(result);
+    done();
+  });
+});
diff --git a/node/spec/tests/cyclonedx.spec.js b/node/spec/tests/cyclonedx.spec.js
diff --git a/node/spec/tests/cyclonedx.spec.ts b/node/spec/tests/cyclonedx.spec.ts
@@ -0,0 +1,116 @@
+import jsonLogger from '../../lib/reporters/cyclonedx-json';
+import jsonLogger1_6 from '../../lib/reporters/cyclonedx-1_6-json';
+import xmlLogger from '../../lib/reporters/cyclonedx';
+import * as fs from 'fs';
+import { Schema, Validator } from 'jsonschema';
+import * as retire from '../../lib/retire';
+import { hash, LoggerOptions, Writer } from '../../lib/reporting';
+import * as reporting from '../../lib/reporting';
+
+function readJson<T>(path: string): T {
+  const data = fs.readFileSync(path, 'utf8');
+  return JSON.parse(data) as T;
+}
+
+const repo = readJson<Repository>('spec/repository.json');
+
+import * as xsdValidator from 'xsd-schema-validator';
+
+const jsonSchema = readJson<Schema>('spec/schema/bom-1.4.schema.json');
+const jsonSchema1_6 = readJson<Schema>('spec/schema/bom-1.6.schema.json');
+const jsfSchema = readJson<Schema>('spec/schema/jsf-0.82.schema.json');
+
+import * as path from 'path';
+
+import { fail } from 'assert';
+import * as os from 'os';
+import { Repository } from '../../lib/types';
+
+const tmpDir = os.tmpdir();
+const jqFile = tmpDir + '/jquery.js';
+fs.writeFileSync(jqFile, '/*! jQuery v1.8.1 asdasd ');
+const relative = path.relative(process.cwd(), jqFile);
+
+const loggerOptions: LoggerOptions = {
+  outputformat: 'cyclonedx',
+  outputpath: '',
+  verbose: false,
+  colors: false,
+  path: '.',
+  colorwarn: () => '',
+  jsRepo: 'testrepo.json',
+};
+
+describe('cyclonedx-json', () => {
+  it('should validate report according to schema', () => {
+    const data: unknown[] = [];
+    const writer: Writer = {
+      out: (a) => data.push(a),
+      err: (a) => data.push(a),
+      close: () => undefined,
+    };
+    const logger = reporting.open(loggerOptions);
+    jsonLogger.configure(logger, writer, loggerOptions, hash);
+    const result1 = retire.scanFileContent('/*! jQuery v1.8.1 asdasd ', repo, hash);
+    result1[0].licenses = ['MIT'];
+    logger.logVulnerableDependency({ results: result1, file: jqFile });
+    logger.close();
+    const validator = new Validator();
+    validator.addSchema(jsfSchema, 'jsf-0.82.schema.json#/definitions/signature');
+    const output = JSON.parse(data.join(''));
+    data.join('').should.contain('pkg:npm/[email protected]');
+    const res = validator.validate(output, jsonSchema);
+    res.valid.should.equal(true);
+    output.bomFormat.should.equal('CycloneDX');
+    output.specVersion.should.equal('1.4');
+  });
+
+  it('should validate report according to schema 1.6', () => {
+    const data: unknown[] = [];
+    const writer: Writer = {
+      out: (a) => data.push(a),
+      err: (a) => data.push(a),
+      close: () => undefined,
+    };
+    const logger = reporting.open(loggerOptions);
+    jsonLogger1_6.configure(logger, writer, loggerOptions, hash);
+    const result1 = retire.scanFileContent('/*! jQuery v1.8.1 asdasd ', repo, hash);
+    result1[0].licenses = ['MIT'];
+    logger.logVulnerableDependency({ results: result1, file: jqFile });
+    logger.close();
+    const validator = new Validator();
+    validator.addSchema(jsfSchema, 'jsf-0.82.schema.json#/definitions/signature');
+    const output = JSON.parse(data.join(''));
+    data.join('').should.contain('pkg:npm/[email protected]');
+    const res = validator.validate(output, jsonSchema1_6);
+    res.valid.should.equal(true);
+    output.bomFormat.should.equal('CycloneDX');
+    output.specVersion.should.equal('1.6');
+    output.components[0].evidence.occurrences[0].location.should.equal(relative);
+  });
+
+  it('should validate report according to xml schema', async () => {
+    const data: unknown[] = [];
+    const writer: Writer = {
+      out: (a) => data.push(a),
+      err: (a) => data.push(a),
+      close: () => undefined,
+    };
+    const logger = reporting.open(loggerOptions);
+    xmlLogger.configure(logger, writer, loggerOptions, hash);
+    const result = retire.scanFileContent('/*! jQuery v1.8.1 asdasd ', repo, hash);
+    result[0].licenses = ['MIT'];
+    logger.logVulnerableDependency({ results: result, file: jqFile });
+    logger.close();
+    const xml = data.join('');
+    xml.should.contain('pkg:npm/[email protected]');
+    try {
+      const xsdResult = await xsdValidator.validateXML(xml, 'spec/schema/bom-1.4.xsd');
+      if (!xsdResult.valid) {
+        fail('XML not seen as valid');
+      }
+    } catch (e) {
+      fail(e as Error);
+    }
+  });
+});