gosec/report/sonar/sonar_test.go

package sonar_test

import (
	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"

	"github.com/securego/gosec/v2"
	"github.com/securego/gosec/v2/issue"
	"github.com/securego/gosec/v2/report/sonar"
)

var _ = Describe("Sonar Formatter", func() {
	BeforeEach(func() {
	})
	Context("when converting to Sonarqube issues", func() {
		It("it should parse the report info", func() {
			data := &gosec.ReportInfo{
				Errors: map[string][]gosec.Error{},
				Issues: []*issue.Issue{
					{
						Severity:   2,
						Confidence: 0,
						RuleID:     "test",
						What:       "test",
						File:       "/home/src/project/test.go",
						Code:       "",
						Line:       "1-2",
					},
				},
				Stats: &gosec.Metrics{
					NumFiles: 0,
					NumLines: 0,
					NumNosec: 0,
					NumFound: 0,
				},
			}
			want := &sonar.Report{
				Issues: []*sonar.Issue{
					{
						EngineID: "gosec",
						RuleID:   "test",
						PrimaryLocation: &sonar.Location{
							Message:  "test",
							FilePath: "test.go",
							TextRange: &sonar.TextRange{
								StartLine: 1,
								EndLine:   2,
							},
						},
						Type:          "VULNERABILITY",
						Severity:      "BLOCKER",
						EffortMinutes: sonar.EffortMinutes,
					},
				},
			}

			rootPath := "/home/src/project"

			issues, err := sonar.GenerateReport([]string{rootPath}, data)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(*issues).To(Equal(*want))
		})

		It("it should parse the report info with files in subfolders", func() {
			data := &gosec.ReportInfo{
				Errors: map[string][]gosec.Error{},
				Issues: []*issue.Issue{
					{
						Severity:   2,
						Confidence: 0,
						RuleID:     "test",
						What:       "test",
						File:       "/home/src/project/subfolder/test.go",
						Code:       "",
						Line:       "1-2",
					},
				},
				Stats: &gosec.Metrics{
					NumFiles: 0,
					NumLines: 0,
					NumNosec: 0,
					NumFound: 0,
				},
			}
			want := &sonar.Report{
				Issues: []*sonar.Issue{
					{
						EngineID: "gosec",
						RuleID:   "test",
						PrimaryLocation: &sonar.Location{
							Message:  "test",
							FilePath: "subfolder/test.go",
							TextRange: &sonar.TextRange{
								StartLine: 1,
								EndLine:   2,
							},
						},
						Type:          "VULNERABILITY",
						Severity:      "BLOCKER",
						EffortMinutes: sonar.EffortMinutes,
					},
				},
			}

			rootPath := "/home/src/project"

			issues, err := sonar.GenerateReport([]string{rootPath}, data)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(*issues).To(Equal(*want))
		})
		It("it should not parse the report info for files from other projects", func() {
			data := &gosec.ReportInfo{
				Errors: map[string][]gosec.Error{},
				Issues: []*issue.Issue{
					{
						Severity:   2,
						Confidence: 0,
						RuleID:     "test",
						What:       "test",
						File:       "/home/src/project1/test.go",
						Code:       "",
						Line:       "1-2",
					},
				},
				Stats: &gosec.Metrics{
					NumFiles: 0,
					NumLines: 0,
					NumNosec: 0,
					NumFound: 0,
				},
			}
			want := &sonar.Report{
				Issues: []*sonar.Issue{},
			}

			rootPath := "/home/src/project2"

			issues, err := sonar.GenerateReport([]string{rootPath}, data)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(*issues).To(Equal(*want))
		})

		It("it should parse the report info for multiple projects", func() {
			data := &gosec.ReportInfo{
				Errors: map[string][]gosec.Error{},
				Issues: []*issue.Issue{
					{
						Severity:   2,
						Confidence: 0,
						RuleID:     "test",
						What:       "test",
						File:       "/home/src/project1/test-project1.go",
						Code:       "",
						Line:       "1-2",
					},
					{
						Severity:   2,
						Confidence: 0,
						RuleID:     "test",
						What:       "test",
						File:       "/home/src/project2/test-project2.go",
						Code:       "",
						Line:       "1-2",
					},
				},
				Stats: &gosec.Metrics{
					NumFiles: 0,
					NumLines: 0,
					NumNosec: 0,
					NumFound: 0,
				},
			}
			want := &sonar.Report{
				Issues: []*sonar.Issue{
					{
						EngineID: "gosec",
						RuleID:   "test",
						PrimaryLocation: &sonar.Location{
							Message:  "test",
							FilePath: "test-project1.go",
							TextRange: &sonar.TextRange{
								StartLine: 1,
								EndLine:   2,
							},
						},
						Type:          "VULNERABILITY",
						Severity:      "BLOCKER",
						EffortMinutes: sonar.EffortMinutes,
					},
					{
						EngineID: "gosec",
						RuleID:   "test",
						PrimaryLocation: &sonar.Location{
							Message:  "test",
							FilePath: "test-project2.go",
							TextRange: &sonar.TextRange{
								StartLine: 1,
								EndLine:   2,
							},
						},
						Type:          "VULNERABILITY",
						Severity:      "BLOCKER",
						EffortMinutes: sonar.EffortMinutes,
					},
				},
			}

			rootPaths := []string{"/home/src/project1", "/home/src/project2"}

			issues, err := sonar.GenerateReport(rootPaths, data)
			Expect(err).ShouldNot(HaveOccurred())
			Expect(*issues).To(Equal(*want))
		})
	})
})
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`package sonar_test`

			`import (`
Update to ginkgo v2 (#753) 2022-01-03 17:11:35 +00:00			`. "github.com/onsi/ginkgo/v2"`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`. "github.com/onsi/gomega"`
correct gci linter (#946) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> 2023-03-30 08:31:24 +01:00
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`"github.com/securego/gosec/v2"`
Extract the issue in its own package 2023-02-15 19:44:13 +00:00			`"github.com/securego/gosec/v2/issue"`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`"github.com/securego/gosec/v2/report/sonar"`
			`)`

			`var _ = Describe("Sonar Formatter", func() {`
			`BeforeEach(func() {`
			`})`
			`Context("when converting to Sonarqube issues", func() {`
			`It("it should parse the report info", func() {`
Handle gosec version in SARIF report 2021-05-20 09:16:42 +01:00			`data := &gosec.ReportInfo{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`Errors: map[string][]gosec.Error{},`
Extract the issue in its own package 2023-02-15 19:44:13 +00:00			`Issues: []*issue.Issue{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`{`
			`Severity: 2,`
			`Confidence: 0,`
			`RuleID: "test",`
			`What: "test",`
			`File: "/home/src/project/test.go",`
			`Code: "",`
			`Line: "1-2",`
			`},`
			`},`
			`Stats: &gosec.Metrics{`
			`NumFiles: 0,`
			`NumLines: 0,`
			`NumNosec: 0,`
			`NumFound: 0,`
			`},`
			`}`
			`want := &sonar.Report{`
			`Issues: []*sonar.Issue{`
			`{`
			`EngineID: "gosec",`
			`RuleID: "test",`
			`PrimaryLocation: &sonar.Location{`
			`Message: "test",`
			`FilePath: "test.go",`
			`TextRange: &sonar.TextRange{`
			`StartLine: 1,`
			`EndLine: 2,`
			`},`
			`},`
			`Type: "VULNERABILITY",`
			`Severity: "BLOCKER",`
			`EffortMinutes: sonar.EffortMinutes,`
			`},`
			`},`
			`}`

			`rootPath := "/home/src/project"`

			`issues, err := sonar.GenerateReport([]string{rootPath}, data)`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(issues).To(Equal(want))`
			`})`

			`It("it should parse the report info with files in subfolders", func() {`
Handle gosec version in SARIF report 2021-05-20 09:16:42 +01:00			`data := &gosec.ReportInfo{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`Errors: map[string][]gosec.Error{},`
Extract the issue in its own package 2023-02-15 19:44:13 +00:00			`Issues: []*issue.Issue{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`{`
			`Severity: 2,`
			`Confidence: 0,`
			`RuleID: "test",`
			`What: "test",`
			`File: "/home/src/project/subfolder/test.go",`
			`Code: "",`
			`Line: "1-2",`
			`},`
			`},`
			`Stats: &gosec.Metrics{`
			`NumFiles: 0,`
			`NumLines: 0,`
			`NumNosec: 0,`
			`NumFound: 0,`
			`},`
			`}`
			`want := &sonar.Report{`
			`Issues: []*sonar.Issue{`
			`{`
			`EngineID: "gosec",`
			`RuleID: "test",`
			`PrimaryLocation: &sonar.Location{`
			`Message: "test",`
			`FilePath: "subfolder/test.go",`
			`TextRange: &sonar.TextRange{`
			`StartLine: 1,`
			`EndLine: 2,`
			`},`
			`},`
			`Type: "VULNERABILITY",`
			`Severity: "BLOCKER",`
			`EffortMinutes: sonar.EffortMinutes,`
			`},`
			`},`
			`}`

			`rootPath := "/home/src/project"`

			`issues, err := sonar.GenerateReport([]string{rootPath}, data)`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(issues).To(Equal(want))`
			`})`
			`It("it should not parse the report info for files from other projects", func() {`
Handle gosec version in SARIF report 2021-05-20 09:16:42 +01:00			`data := &gosec.ReportInfo{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`Errors: map[string][]gosec.Error{},`
Extract the issue in its own package 2023-02-15 19:44:13 +00:00			`Issues: []*issue.Issue{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`{`
			`Severity: 2,`
			`Confidence: 0,`
			`RuleID: "test",`
			`What: "test",`
			`File: "/home/src/project1/test.go",`
			`Code: "",`
			`Line: "1-2",`
			`},`
			`},`
			`Stats: &gosec.Metrics{`
			`NumFiles: 0,`
			`NumLines: 0,`
			`NumNosec: 0,`
			`NumFound: 0,`
			`},`
			`}`
			`want := &sonar.Report{`
			`Issues: []*sonar.Issue{},`
			`}`

			`rootPath := "/home/src/project2"`

			`issues, err := sonar.GenerateReport([]string{rootPath}, data)`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(issues).To(Equal(want))`
			`})`

Fix typos in comments, vars and tests 2023-05-26 16:03:54 +01:00			`It("it should parse the report info for multiple projects", func() {`
Handle gosec version in SARIF report 2021-05-20 09:16:42 +01:00			`data := &gosec.ReportInfo{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`Errors: map[string][]gosec.Error{},`
Extract the issue in its own package 2023-02-15 19:44:13 +00:00			`Issues: []*issue.Issue{`
Enable golangcli and improve testing for formatters 2021-05-10 09:08:04 +01:00			`{`
			`Severity: 2,`
			`Confidence: 0,`
			`RuleID: "test",`
			`What: "test",`
			`File: "/home/src/project1/test-project1.go",`
			`Code: "",`
			`Line: "1-2",`
			`},`
			`{`
			`Severity: 2,`
			`Confidence: 0,`
			`RuleID: "test",`
			`What: "test",`
			`File: "/home/src/project2/test-project2.go",`
			`Code: "",`
			`Line: "1-2",`
			`},`
			`},`
			`Stats: &gosec.Metrics{`
			`NumFiles: 0,`
			`NumLines: 0,`
			`NumNosec: 0,`
			`NumFound: 0,`
			`},`
			`}`
			`want := &sonar.Report{`
			`Issues: []*sonar.Issue{`
			`{`
			`EngineID: "gosec",`
			`RuleID: "test",`
			`PrimaryLocation: &sonar.Location{`
			`Message: "test",`
			`FilePath: "test-project1.go",`
			`TextRange: &sonar.TextRange{`
			`StartLine: 1,`
			`EndLine: 2,`
			`},`
			`},`
			`Type: "VULNERABILITY",`
			`Severity: "BLOCKER",`
			`EffortMinutes: sonar.EffortMinutes,`
			`},`
			`{`
			`EngineID: "gosec",`
			`RuleID: "test",`
			`PrimaryLocation: &sonar.Location{`
			`Message: "test",`
			`FilePath: "test-project2.go",`
			`TextRange: &sonar.TextRange{`
			`StartLine: 1,`
			`EndLine: 2,`
			`},`
			`},`
			`Type: "VULNERABILITY",`
			`Severity: "BLOCKER",`
			`EffortMinutes: sonar.EffortMinutes,`
			`},`
			`},`
			`}`

			`rootPaths := []string{"/home/src/project1", "/home/src/project2"}`

			`issues, err := sonar.GenerateReport(rootPaths, data)`
			`Expect(err).ShouldNot(HaveOccurred())`
			`Expect(issues).To(Equal(want))`
			`})`
			`})`
			`})`