-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathtest_alert_selection.py
More file actions
101 lines (86 loc) · 3.41 KB
/
test_alert_selection.py
File metadata and controls
101 lines (86 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import json
from socketsecurity.core.alert_selection import (
filter_alerts_by_reachability,
select_diff_alerts,
)
from socketsecurity.core.classes import Diff, Issue
def _issue(pkg_name: str, ghsa_id: str, error: bool = False) -> Issue:
return Issue(
pkg_name=pkg_name,
pkg_version="1.0.0",
severity="high",
title=f"Vuln in {pkg_name}",
description="test",
type="vulnerability",
manifests="package.json",
pkg_type="npm",
key=f"key-{pkg_name}",
purl=f"pkg:npm/{pkg_name}@1.0.0",
error=error,
props={"ghsaId": ghsa_id},
)
def test_select_diff_alerts_uses_new_only_without_strict():
diff = Diff()
diff.new_alerts = [Issue(title="new")]
diff.unchanged_alerts = [Issue(title="unchanged")]
selected = select_diff_alerts(diff, strict_blocking=False)
assert [a.title for a in selected] == ["new"]
def test_select_diff_alerts_includes_unchanged_with_strict():
diff = Diff()
diff.new_alerts = [Issue(title="new")]
diff.unchanged_alerts = [Issue(title="unchanged")]
selected = select_diff_alerts(diff, strict_blocking=True)
assert {a.title for a in selected} == {"new", "unchanged"}
def test_filter_alerts_by_reachability_supports_reachability_selectors(tmp_path):
facts_path = tmp_path / ".socket.facts.json"
facts_path.write_text(json.dumps({
"components": [
{
"type": "npm",
"name": "reachable-pkg",
"version": "1.0.0",
"vulnerabilities": [{"ghsaId": "GHSA-AAAA-BBBB-CCCC", "severity": "HIGH"}],
"reachability": [{
"ghsa_id": "GHSA-AAAA-BBBB-CCCC",
"reachability": [{"type": "reachable"}],
}],
},
{
"type": "npm",
"name": "potential-pkg",
"version": "1.0.0",
"vulnerabilities": [{"ghsaId": "GHSA-DDDD-EEEE-FFFF", "severity": "HIGH"}],
"reachability": [{
"ghsa_id": "GHSA-DDDD-EEEE-FFFF",
"reachability": [{"type": "potentially_reachable"}],
}],
},
{
"type": "npm",
"name": "unreachable-pkg",
"version": "1.0.0",
"vulnerabilities": [{"ghsaId": "GHSA-GGGG-HHHH-IIII", "severity": "HIGH"}],
"reachability": [{
"ghsa_id": "GHSA-GGGG-HHHH-IIII",
"reachability": [{"type": "unreachable"}],
}],
},
],
}), encoding="utf-8")
alerts = [
_issue("reachable-pkg", "GHSA-AAAA-BBBB-CCCC"),
_issue("potential-pkg", "GHSA-DDDD-EEEE-FFFF"),
_issue("unreachable-pkg", "GHSA-GGGG-HHHH-IIII"),
]
reachable = filter_alerts_by_reachability(
alerts, "reachable", str(tmp_path), ".socket.facts.json"
)
assert [a.pkg_name for a in reachable] == ["reachable-pkg"]
potentially = filter_alerts_by_reachability(
alerts, "potentially", str(tmp_path), ".socket.facts.json"
)
assert [a.pkg_name for a in potentially] == ["potential-pkg"]
reachable_or_potentially = filter_alerts_by_reachability(
alerts, "reachable-or-potentially", str(tmp_path), ".socket.facts.json"
)
assert {a.pkg_name for a in reachable_or_potentially} == {"reachable-pkg", "potential-pkg"}