[chore] add empty testsuite - something with the toml-parsing is off, I

cannot use the `advisories` directory usefully
haskell · Mar 29, 2024 · e81f0e1 · e81f0e1
1 parent ceaaf27
commit e81f0e1
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 20 deletions.
diff --git a/code/cabal-audit/cabal-audit.cabal b/code/cabal-audit/cabal-audit.cabal
@@ -42,7 +42,9 @@ common common-all
     ImportQualifiedPost
     LambdaCase
     NamedFieldPuns
+    NoStarIsType
     OverloadedStrings
+    PartialTypeSignatures
     ScopedTypeVariables
     StandaloneDeriving
     StandaloneKindSignatures
@@ -89,6 +91,13 @@ test-suite spec
   type:             exitcode-stdio-1.0
   hs-source-dirs:   test
   main-is:          Main.hs
-  other-modules:
-  build-depends:    base <5
+  other-modules:    Spec
+  build-depends:
+    , base           <5
+    , Cabal
+    , cabal-audit
+    , cabal-install
+    , containers
+    , hspec
+
   default-language: Haskell2010
diff --git a/code/cabal-audit/src/Distribution/Audit.hs b/code/cabal-audit/src/Distribution/Audit.hs
@@ -1,4 +1,4 @@
-module Distribution.Audit (auditMain) where
+module Distribution.Audit (auditMain, buildAdvisories, AuditConfig(..), AuditException(..)) where
 
 import Colourista.Pure (blue, bold, formatWith, green, red, yellow)
 import Control.Exception (Exception (displayException), throwIO)
@@ -56,17 +56,23 @@ data AuditConfig = MkAuditConfig
   -- ^ verbosity of cabal
   }
 
+-- | the main action to invoke
 auditMain :: IO ()
 auditMain = do
-  (MkAuditConfig {advisoriesPathOrURL, verbosity}, flags) <- customExecParser (prefs showHelpOnEmpty) do
-    info
-      do helper <*> auditCommandParser
-      do
-        mconcat
-          [ fullDesc
-          , progDesc (formatWith [blue] "audit your cabal projects for vulnerabilities")
-          , header (formatWith [bold, blue] "Welcome to cabal audit")
-          ]
+  handleBuiltAdvisories
+    =<< uncurry buildAdvisories
+    =<< customExecParser (prefs showHelpOnEmpty) do
+      info
+        do helper <*> auditCommandParser
+        do
+          mconcat
+            [ fullDesc
+            , progDesc (formatWith [blue] "audit your cabal projects for vulnerabilities")
+            , header (formatWith [bold, blue] "Welcome to cabal audit")
+            ]
+
+buildAdvisories :: AuditConfig -> NixStyleFlags () -> IO (M.Map PackageName ElaboratedPackageInfoAdvised)
+buildAdvisories MkAuditConfig {advisoriesPathOrURL, verbosity} flags = do
   let cliConfig = projectConfigFromFlags flags
 
   ProjectBaseContext {distDirLayout, cabalDirLayout, projectConfig, localPackages} <-
@@ -80,17 +86,23 @@ auditMain = do
   when (verbosity > Verbosity.normal) do
     putStrLn (formatWith [blue] "Finished building the cabal install plan, looking for advisories...")
 
-  advisories <- withSystemTempDirectory "cabal-audit" \tmp -> do
+  advisories <- do
     realPath <- case advisoriesPathOrURL of
       Left fp -> pure fp
-      Right url -> do
+      Right url -> withSystemTempDirectory "cabal-audit" \tmp -> do
         putStrLn $ formatWith [blue] $ "trying to clone " <> url
         callProcess "git" ["clone", url, tmp]
         pure tmp
     listAdvisories realPath
       >>= validation (throwIO . ListAdvisoryValidationError realPath) pure
 
-  humanReadableHandler (M.toList (matchAdvisoriesForPlan plan advisories))
+  pure $ matchAdvisoriesForPlan plan advisories
+
+-- | provides the built advisories in some consumable form, e.g. as human readable form
+--
+-- FUTUREWORK(mangoiv): provide output as JSON
+handleBuiltAdvisories :: M.Map PackageName ElaboratedPackageInfoAdvised -> IO ()
+handleBuiltAdvisories = humanReadableHandler . M.toList
 
 {-# INLINE prettyVersion #-}
 prettyVersion :: IsString s => Version -> s
@@ -126,9 +138,6 @@ humanReadableHandler = \case
       putStrLn ("dependency " <> pkgName <> " at version " <> verString <> " is vulnerable for:")
       for_ (runIdentity (packageAdvisories i)) (T.putStrLn . uncurry prettyAdvisory)
 
--- print $ matchAdvisoriesForPlan plan' advisories
--- TODO(mangoiv): find out what's the correct plan
-
 projectConfigFromFlags :: NixStyleFlags a -> ProjectConfig
 projectConfigFromFlags flags = commandLineFlagsToProjectConfig defaultGlobalFlags flags mempty
 

diff --git a/code/cabal-audit/test/Main.hs b/code/cabal-audit/test/Main.hs
@@ -1,4 +1,7 @@
 module Main where
 
+import Spec qualified (spec)
+import Test.Hspec (hspec)
+
 main :: IO ()
-main = pure ()
+main = hspec Spec.spec
diff --git a/code/cabal-audit/test/Spec.hs b/code/cabal-audit/test/Spec.hs
@@ -0,0 +1,6 @@
+module Spec (spec) where
+
+import Test.Hspec
+
+spec :: Spec
+spec = pure ()
diff --git a/code/cabal.project b/code/cabal.project
@@ -5,3 +5,5 @@ packages:
     ./hsec-sync
     ./cvss
     ./osv
+
+test-show-details: direct
diff --git a/flake.nix b/flake.nix
@@ -45,7 +45,9 @@
               hsec-sync.justStaticExecutables = true;
             };
             projectRoot = ./code;
-            devShell.mkShellArgs.shellHook = config.pre-commit.installationScript;
+            devShell.mkShellArgs = {
+              shellHook = config.pre-commit.installationScript;
+            };
           };
 
           packages.default = config.packages.hsec-tools;