test(twistlock): improve coverage

swingletree-oss · Sep 28, 2019 · fd99f54 · fd99f54
1 parent 30b2dee
commit fd99f54
Showing 1 changed file with 61 additions and 3 deletions.
diff --git a/test/twistlock/integration.spec.ts b/test/twistlock/integration.spec.ts
@@ -17,6 +17,10 @@ import { TwistlockModel } from "../../src/twistlock/model";
 
 const sandbox = sinon.createSandbox();
 
+function mockResult(file: string): any {
+	return JSON.parse(JSON.stringify(require(file)));
+}
+
 describe("Twistlock", () => {
 
 	describe("status emitter", () => {
@@ -34,7 +38,7 @@ describe("Twistlock", () => {
 			source.repo = "repo";
 
 			const event = new TwistlockReportReceivedEvent(
-				require("../mock/twistlock-report-all.json"),
+				mockResult("../mock/twistlock-report-all.json"),
 				source
 			);
 
@@ -60,7 +64,7 @@ describe("Twistlock", () => {
 			source.repo = "repo";
 
 			const event = new TwistlockReportReceivedEvent(
-				Object.assign({}, require("../mock/twistlock-report-clean.json")),
+				mockResult("../mock/twistlock-report-clean.json"),
 				source
 			);
 
@@ -90,6 +94,60 @@ describe("Twistlock", () => {
 
 			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.has("eventType", Events.NotificationEvent));
 			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.hasNested("payload.checkStatus", sinon.match(Swingletree.Conclusion.PASSED)));
+			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.hasNested("payload.annotations", sinon.match(value => {
+				return value.length == 1 &&
+					value[0].title == "CVE-2019-3857";
+			})));
+		});
+
+		it("should mark check run with failure on findings equal HIGH", async () => {
+			const eventBusMock = new EventBusMock();
+
+			const uut = new TwistlockStatusEmitter(
+				eventBusMock,
+				new ConfigurationServiceMock(),
+				new TemplateEngineMock()
+			);
+
+			const source = new Swingletree.GithubSource();
+			source.owner = "org";
+			source.repo = "repo";
+
+			const event = new TwistlockReportReceivedEvent(
+				mockResult("../mock/twistlock-report-clean.json"),
+				source
+			);
+
+			event.report.results[0].vulnerabilities = [
+				{
+					"id": "CVE-2019-3857",
+					"status": "fixed in 1.4.3-12.el7_6.2",
+					"cvss": 8.8,
+					"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+					"description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
+					"severity": TwistlockModel.VulnerabilitySeverity.MEDIUM,
+					"packageName": "libssh2",
+					"packageVersion": "1.4.3-12.el7",
+					"link": "https://access.redhat.com/security/cve/CVE-2019-3857",
+					"riskFactors": {
+						"Attack vector: network": {},
+						"Has fix": {},
+						"High severity": {},
+						"Recent vulnerability": {}
+					}
+				}
+			];
+
+			uut.reportReceivedHandler(event);
+
+			sinon.assert.calledOnce(eventBusMock.emit as any);
+
+			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.has("eventType", Events.NotificationEvent));
+			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.hasNested("payload.checkStatus", sinon.match(Swingletree.Conclusion.BLOCKED)));
+			sinon.assert.calledWith(eventBusMock.emit as any, sinon.match.hasNested("payload.annotations", sinon.match(value => {
+				return value.length == 1 &&
+					value[0].title == "CVE-2019-3857";
+			})));
 		});
 
 		it("should mark check run with success on clean report", async () => {
@@ -106,7 +164,7 @@ describe("Twistlock", () => {
 			source.repo = "repo";
 
 			const event = new TwistlockReportReceivedEvent(
-				require("../mock/twistlock-report-clean.json"),
+				mockResult("../mock/twistlock-report-clean.json"),
 				source
 			);