diff --git a/tests/json/bandit.json b/tests/data/bandit.json similarity index 100% rename from tests/json/bandit.json rename to tests/data/bandit.json diff --git a/tests/json/bandit_error.json b/tests/data/bandit_error.json similarity index 91% rename from tests/json/bandit_error.json rename to tests/data/bandit_error.json index c13b5c1..b0c01e0 100644 --- a/tests/json/bandit_error.json +++ b/tests/data/bandit_error.json @@ -5,7 +5,7 @@ "reason": "syntax error while parsing AST from file" }, { - "filename": "tests/data/py2.py", + "filename": "tests/data/python-01/py2.py", "reason": "syntax error while parsing AST from file" } ], @@ -43,7 +43,7 @@ "results": [ { "code": "2 \n3 print(randint(0, 10))\n4 \n", - "filename": "tests/canary.py", + "filename": "tests/data/python-01/canary.py", "issue_confidence": "HIGH", "issue_severity": "LOW", "issue_text": "Standard pseudo-random generators are not suitable for security/cryptographic purposes.", @@ -57,7 +57,7 @@ }, { "code": "4 \n5 password = \"secret\"\n6 \n7 a = eval(\"\"\"\n", - "filename": "tests/canary.py", + "filename": "tests/data/python-01/canary.py", "issue_confidence": "MEDIUM", "issue_severity": "LOW", "issue_text": "Possible hardcoded password: 'secret'", @@ -72,7 +72,7 @@ }, { "code": "6 \n7 a = eval(\"\"\"\n8 3 + 2 \\\n9 + randint(0, 10)\n10 \n11 \"\"\")\n12 assert a\n", - "filename": "tests/canary.py", + "filename": "tests/data/python-01/canary.py", "issue_confidence": "HIGH", "issue_severity": "MEDIUM", "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", @@ -90,7 +90,7 @@ }, { "code": "11 \"\"\")\n12 assert a\n", - "filename": "tests/canary.py", + "filename": "tests/data/python-01/canary.py", "issue_confidence": "HIGH", "issue_severity": "LOW", "issue_text": "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.", diff --git a/tests/data/checkov_input.json b/tests/data/checkov-01.annotations.json similarity index 100% rename from tests/data/checkov_input.json rename to tests/data/checkov-01.annotations.json diff --git a/tests/json/checkov.json b/tests/data/checkov-01.json similarity index 100% rename from tests/json/checkov.json rename to tests/data/checkov-01.json diff --git a/tests/data/canary.py b/tests/data/python-01/canary.py similarity index 100% rename from tests/data/canary.py rename to tests/data/python-01/canary.py diff --git a/tests/data/py2.py b/tests/data/python-01/py2.py similarity index 100% rename from tests/data/py2.py rename to tests/data/python-01/py2.py diff --git a/tests/json/safety.json b/tests/data/safety.json similarity index 100% rename from tests/json/safety.json rename to tests/data/safety.json diff --git a/tests/data/semgrep-01.annotations.json b/tests/data/semgrep-01.annotations.json new file mode 100644 index 0000000..1eeb5c9 --- /dev/null +++ b/tests/data/semgrep-01.annotations.json @@ -0,0 +1,23 @@ +{ + "name": "Semgrep Comments", + "head_sha": "stuff", + "completed_at": "2023-11-09T15:29:33.821590Z", + "conclusion": "failure", + "output": { + "title": "Semgrep: ", + "summary": "Semgrep statistics: {\n \"Total_errors\": 1,\n \"Semgrep_Version\": \"1.34.0\",\n \"paths_scanned\": 36\n}", + "text": "", + "annotations": [ + { + "path": ".github/workflows/test.yml", + "start_line": 31, + "end_line": 31, + "start_column": 114, + "end_column": 117, + "annotation_level": "warning", + "title": "Syntax error", + "message": " When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval'" + } + ] + } +} diff --git a/tests/json/semgrep.json b/tests/data/semgrep-01.json similarity index 100% rename from tests/json/semgrep.json rename to tests/data/semgrep-01.json diff --git a/tests/test_bandit.py b/tests/test_bandit.py index c3aa2ca..4a4765c 100644 --- a/tests/test_bandit.py +++ b/tests/test_bandit.py @@ -4,15 +4,15 @@ from parse_scripts.util import json_load TEST_DIR = Path(__file__).parent -JSON_DIR = TEST_DIR / "json" +DATA_DIR = TEST_DIR / "data" def test_errors(): - results = json_load(JSON_DIR / "bandit_error.json") + results = json_load(DATA_DIR / "bandit_error.json") errors = [bandit.bandit_error(error) for error in results["errors"]] assert errors[0]["path"] == "LICENSE" assert errors[1] == { - "path": "tests/data/py2.py", + "path": "tests/data/python-01/py2.py", "start_line": 2, "end_line": 2, "annotation_level": "failure", @@ -22,13 +22,13 @@ def test_errors(): def test_annotations(): - data = json_load(JSON_DIR / "bandit.json") + data = json_load(DATA_DIR / "bandit.json") annotations = bandit.bandit_annotations(data) assert annotations[0]["path"] == "canary.py" assert annotations[0]["start_line"] == 3 def test_run_check(): - data = json_load(JSON_DIR / "bandit.json") + data = json_load(DATA_DIR / "bandit.json") run_check_body = bandit.bandit_run_check(data) assert run_check_body["conclusion"] == "failure" diff --git a/tests/test_checkov.py b/tests/test_checkov.py index 883b86c..9526444 100644 --- a/tests/test_checkov.py +++ b/tests/test_checkov.py @@ -1,16 +1,24 @@ from pathlib import Path +import pytest + from parse_scripts import checkov from parse_scripts.util import json_load TEST_DIR = Path(__file__).parent -JSON_DIR = TEST_DIR / "json" DATA_DIR = TEST_DIR / "data" -def test_parse(): - expected_comments = json_load(DATA_DIR / "checkov_input.json") - data = json_load(JSON_DIR / "checkov.json") +@pytest.mark.parametrize( + "infile,expected", + [ + (f, f.with_suffix(".annotations.json")) + for f in DATA_DIR.glob("checkov-[0-9][0-9].json") + ], +) +def test_parse(infile, expected): + expected_comments = json_load(expected) + data = json_load(infile) actual_comments = checkov.checkov_results(log=data, github_sha="stuff") actual_comments["completed_at"] = "00:00" assert expected_comments == actual_comments diff --git a/tests/test_semgrep.py b/tests/test_semgrep.py index 863b5e3..7c77777 100644 --- a/tests/test_semgrep.py +++ b/tests/test_semgrep.py @@ -1,37 +1,23 @@ from pathlib import Path +import pytest + import parse_scripts.semgrep from parse_scripts.util import json_load -DATA_DIR = Path(__file__).parent / "json" - -expected_results = { - "name": "Semgrep Comments", - "head_sha": "stuff", - "completed_at": "2023-11-09T15:29:33.821590Z", - "conclusion": "failure", - "output": { - "title": "Semgrep: ", - "summary": 'Semgrep statistics: {\n "Total_errors": 1,\n "Semgrep_Version": "1.34.0",\n "paths_scanned": 36\n}', - "text": "", - "annotations": [ - { - "path": ".github/workflows/test.yml", - "start_line": 31, - "end_line": 31, - "start_column": 114, - "end_column": 117, - "annotation_level": "warning", - "title": "Syntax error", - "message": " When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval'", - } - ], - }, -} +DATA_DIR = Path(__file__).parent / "data" -def test_parse_data(): - data = json_load(DATA_DIR / "semgrep.json") +@pytest.mark.parametrize( + "infile,expected", + [ + (f, f.with_suffix(".annotations.json")) + for f in DATA_DIR.glob("semgrep-[0-9][0-9].json") + ], +) +def test_parse_data(infile, expected): + data = json_load(infile) + expected_results = json_load(expected) actual_results = parse_scripts.semgrep.parse_data(data, "stuff") actual_results["completed_at"] = "2023-11-09T15:29:33.821590Z" assert expected_results == actual_results