From 4ab6c40e02b8f0cf51596e0d0be5dcc752c29730 Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 13 Dec 2023 21:56:41 +0000 Subject: [PATCH] Add OSV export golden test This change prevents regression in the OSV output. --- code/hsec-tools/hsec-tools.cabal | 1 + code/hsec-tools/test/Spec.hs | 14 ++- .../test/golden/EXAMPLE_ADVISORY.md.golden | 103 ++++++++++++++++++ .../test/golden/MISSING_AFFECTED.md.golden | 1 + .../test/golden/MISSING_TITLE.md.golden | 1 + 5 files changed, 118 insertions(+), 2 deletions(-) diff --git a/code/hsec-tools/hsec-tools.cabal b/code/hsec-tools/hsec-tools.cabal index bcc67ae9..9c0c0fe2 100644 --- a/code/hsec-tools/hsec-tools.cabal +++ b/code/hsec-tools/hsec-tools.cabal @@ -103,6 +103,7 @@ test-suite spec main-is: Spec.hs other-modules: Spec.QueriesSpec build-depends: + , aeson-pretty <2 , base <5 , Cabal-syntax , cvss diff --git a/code/hsec-tools/test/Spec.hs b/code/hsec-tools/test/Spec.hs index e1a2c08c..d8981c2b 100644 --- a/code/hsec-tools/test/Spec.hs +++ b/code/hsec-tools/test/Spec.hs @@ -2,6 +2,7 @@ module Main where +import Data.Aeson.Encode.Pretty (encodePretty) import Data.List (isSuffixOf) import qualified Data.Text.IO as T import qualified Data.Text.Lazy as LText @@ -13,6 +14,7 @@ import Test.Tasty import Test.Tasty.Golden (goldenVsString) import Text.Pretty.Simple (pShowNoColor) +import qualified Security.Advisories.Convert.OSV as OSV import Security.Advisories.Parse import qualified Spec.QueriesSpec as QueriesSpec @@ -34,7 +36,7 @@ goldenTestsSpec :: [FilePath] -> TestTree goldenTestsSpec goldenFiles = testGroup "Golden test" $ map doGoldenTest goldenFiles doGoldenTest :: FilePath -> TestTree -doGoldenTest fp = goldenVsString fp (fp <> ".golden") (flip mappend "\n" . LText.encodeUtf8 <$> doCheck) +doGoldenTest fp = goldenVsString fp (fp <> ".golden") (LText.encodeUtf8 <$> doCheck) where doCheck :: IO LText.Text doCheck = do @@ -46,4 +48,12 @@ doGoldenTest fp = goldenVsString fp (fp <> ".golden") (flip mappend "\n" . LText , oobModified = Just fakeDate } res = parseAdvisory NoOverrides attr input - pure . pShowNoColor $ res + osvExport = case res of + Right adv -> + let osv = OSV.convert adv + in LText.unlines + [ pShowNoColor osv + , LText.decodeUtf8 (encodePretty osv) + ] + Left _ -> "" + pure (LText.unlines [pShowNoColor res, osvExport]) diff --git a/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden b/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden index 47792edb..5bbafcb4 100644 --- a/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden +++ b/code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden @@ -153,3 +153,106 @@ Right " } ) +Model + { modelSchemaVersion = "1.5.0" + , modelId = "HSEC-0000-0000" + , modelModified = 1970-01-01 00:00:00 UTC + , modelPublished = Just 1970-01-01 00:00:00 UTC + , modelWithdrawn = Nothing + , modelAliases = [ "CVE-2022-XXXX" ] + , modelRelated = + [ "CVE-2022-YYYY" + , "CVE-2022-ZZZZ" + ] + , modelSummary = Just "Advisory Template - Title Goes Here" + , modelDetails = Just "# Advisory Template - Title Goes Here + + This is an example template. + + * Markdown + * TOML "front matter". + + > Acme Broken. + " + , modelSeverity = [] + , modelAffected = + [ Affected + { affectedRanges = + [ RangeEcosystem + [ EventIntroduced "1.0.8" + , EventFixed "1.1" + , EventIntroduced "1.1.2" + ] Nothing + ] + , affectedPackage = Package + { packageName = "package-name" + , packageEcosystem = "Hackage" + , packagePurl = Nothing + } + , affectedSeverity = + [ Severity CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ] + , affectedEcosystemSpecific = Nothing + , affectedDatabaseSpecific = Nothing + } + ] + , modelReferences = + [ Reference + { referencesType = ReferenceTypeArticle + , referencesUrl = "https://example.com" + } + ] + , modelCredits = [] + , modelDatabaseSpecific = Nothing + } +{ + "affected": [ + { + "package": { + "ecosystem": "Hackage", + "name": "package-name" + }, + "ranges": [ + { + "events": [ + { + "introduced": "1.0.8" + }, + { + "fixed": "1.1" + }, + { + "introduced": "1.1.2" + } + ], + "type": "ECOSYSTEM" + } + ], + "severity": [ + { + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "type": "CVSS_V3" + } + ] + } + ], + "aliases": [ + "CVE-2022-XXXX" + ], + "details": "# Advisory Template - Title Goes Here\n\nThis is an example template.\n\n * Markdown\n * TOML \"front matter\".\n\n > Acme Broken.\n", + "id": "HSEC-0000-0000", + "modified": "1970-01-01T00:00:00Z", + "published": "1970-01-01T00:00:00Z", + "references": [ + { + "type": "ARTICLE", + "url": "https://example.com" + } + ], + "related": [ + "CVE-2022-YYYY", + "CVE-2022-ZZZZ" + ], + "schema_version": "1.5.0", + "summary": "Advisory Template - Title Goes Here" +} + diff --git a/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden b/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden index 68ccb3ea..9d67c8f2 100644 --- a/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden +++ b/code/hsec-tools/test/golden/MISSING_AFFECTED.md.golden @@ -7,3 +7,4 @@ Left ] "missing key: affected in top " ) + diff --git a/code/hsec-tools/test/golden/MISSING_TITLE.md.golden b/code/hsec-tools/test/golden/MISSING_TITLE.md.golden index 868477e4..60d66e48 100644 --- a/code/hsec-tools/test/golden/MISSING_TITLE.md.golden +++ b/code/hsec-tools/test/golden/MISSING_TITLE.md.golden @@ -1,2 +1,3 @@ Left ( MarkdownFormatError "Does not have summary heading" ) +