Skip to content

Commit

Permalink
Adding Test for new License report API
Browse files Browse the repository at this point in the history
  • Loading branch information
ns-dsinghal committed Aug 25, 2023
1 parent 080ef1a commit 839121d
Show file tree
Hide file tree
Showing 6 changed files with 444 additions and 53 deletions.
206 changes: 201 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,14 @@
- [Get Vulnerabilities Report Details](#get-vulnerabilities-report-details)
- [Get Vulnerabilities Report Content](#get-vulnerabilities-report-content)
- [Delete Vulnerabilities Report](#delete-vulnerabilities-report)
- [Generate Licences Report](#generate-licences-report)
- [Get Licences Report Details](#get-licences-report-details)
- [Get Licences Report Content](#get-licences-report-content)
- [Delete Licences Report](#delete-licences-report)
- [Generate Violations Report](#generate-violations-report)
- [Get Violations Report Details](#get-violations-report-details)
- [Get Violations Report Content](#get-violations-report-content)
- [Delete Violations Report](#delete-violations-report)
- [Get Artifact Summary](#get-artifact-summary)
- [Get Entitlement info](#get-entitlement-info)
- [Pipelines APIs](#pipelines-apis)
Expand Down Expand Up @@ -1916,11 +1924,30 @@ scanResults, err := xrayManager.GetScanGraphResults(scanId)
#### Generate Vulnerabilities Report
```go
reportRequest := services.ReportRequestParams{
vulnerabilitiesReportRequest := services.VulnerabilitiesReportRequestParams{
Name: "example-report",
Filters: services.Filter{
HasRemediation: &trueValue,
Severity: []string{ "High" },
Filters: services.VulnerabilitiesFilter{
VulnerableComponent: "*vulnerable:component*",
ImpactedArtifact: "some://impacted*artifact",
HasRemediation: &falseValue,
Cve: "CVE-1234-1234",
IssueId: "XRAY-1234",
Severity: []string{
"High",
"Medium"
},
CvssScore: services.CvssScore {
MinScore: float64(6.3),
MaxScore: float64(9)
},
Published: services.DateTimeRange {
Start: "2020-06-29T12:22:16Z",
End: "2020-06-29T12:22:16Z"
},
ScanDate: services.DateTimeRange {
Start: "2020-06-29T12:22:16Z",
End: "2020-06-29T12:22:16Z"
}
},
Resources: services.Resource{
IncludePathPatterns: []string{ "/example-sub-dir/**" },
Expand All @@ -1933,7 +1960,7 @@ reportRequest := services.ReportRequestParams{
}

// The reportRequestResponse will contain the report ID to use in subsequent requests
reportRequestResponse, err := xrayManager.GenerateVulnerabilitiesReport(reportRequest)
reportRequestResponse, err := xrayManager.GenerateVulnerabilitiesReport(vulnerabilitiesReportRequest)
```
#### Get Vulnerabilities Report Details
Expand Down Expand Up @@ -1963,6 +1990,175 @@ reportContent, err := xrayManager.ReportContent(reportContentRequest)
// The reportId argument value is returned as part of the xrayManager.GenerateVulnerabilitiesReport API response.
err := xrayManager.DeleteReport(reportId)
```
#### Generate Licences Report
```go
licensesReportRequest := services.LicensesReportRequestParams{
Name: "example-report",
Filters: services.LicensesFilter{
Component: "*gav:component*",
Artifact: "some://impacted*artifact",
Unknown: &falseValue,
Unrecognized: &trueValue,
LicenseNames: []string{
"Apache",
"MIT",
"AFL"
},
LicensePatterns: []string{
"*Apache*",
"The Apache*",
"AFL*"
},
ScanDate: services.DateTimeRange {
Start: "2020-06-29T12:22:16Z",
End: "2020-06-29T12:22:16Z"
}
},
Resources: services.Resource{
IncludePathPatterns: []string{ "/example-sub-dir/**" },
Repositories: []services.Repository{
{
Name: "example-repository",
},
},
},
}

// The reportRequestResponse will contain the report ID to use in subsequent requests
reportRequestResponse, err := xrayManager.GenerateLicencesReport(licensesReportRequest)
```
#### Get Licences Report Details
```go
// The reportId argument value is returned as part of the xrayManager.GenerateLicencesReport API response.
reportDetails, err := xrayManager.ReportDetails(reportId)
```
#### Get Licences Report Content
```go
// The ReportId value is returned as part of the xrayManager.GenerateLicencesReport API response.
reportContentRequest := services.ReportContentRequestParams{
ReportId: "example-report-id",
Direction: "asc",
PageNum: 0,
NumRows: 0,
OrderBy: "severity",
}
reportContent, err := xrayManager.ReportContent(reportContentRequest)
```
#### Delete Licences Report
```go
// The reportId argument value is returned as part of the xrayManager.GenerateLicencesReport API response.
err := xrayManager.DeleteReport(reportId)
```
#### Generate Violations Report
```go
violationsReportRequest := services.ViolationsReportRequestParams{
Name: "example-report",
Filters: Type: "security|license|operational_risk",
WatchNames: []string{
"NameOfWatch1",
"NameOfWatch2"
},
WatchPatterns: []string{
"WildcardWatch*"
},
Component: "*vulnerable:component*",
Artifact: "some://impacted*artifact",
PolicyNames: []string{
"NameOfPolicy"
},
Severities: []string{
"High",
"Medium"
},
Updated: services.DateTimeRange {
Start: "2020-01-02T15:00:00Z",
End: "2020-12-15T00:00:00Z"
},
SecurityFilters: services.VulnerabilitiesFilter{
Cve: "CVE-2020-10693",
IssueId: "XRAY-87343",
Severity: []string{
"High",
"Medium"
},
CvssScore: services.CvssScore {
MinScore: float64(6.3),
MaxScore: float64(9)
},
Published: services.DateTimeRange {
Start: "2020-06-29T12:22:16Z",
End: "2020-06-29T12:22:16Z"
},
ScanDate: services.DateTimeRange {
Start: "2020-06-29T12:22:16Z",
End: "2020-06-29T12:22:16Z"
},
SummaryContains: "kernel",
HasRemediation: &falseValue,
},
LicenseFilters: services.LicensesFilter {
Unknown: &falseValue,
Unrecognized: &trueValue,
LicenseNames: []string{
"Apache",
"MIT",
"AFL"
},
LicensePatterns: []string{
"*Apache*",
"AFL*"
},
}
Resources: services.Resource{
IncludePathPatterns: []string{ "/example-sub-dir/**" },
Repositories: []services.Repository{
{
Name: "example-repository",
},
},
},
}

// The reportRequestResponse will contain the report ID to use in subsequent requests
reportRequestResponse, err := xrayManager.GenerateViolationsReport(violationsReportRequest)
```
#### Get Violations Report Details
```go
// The reportId argument value is returned as part of the xrayManager.GenerateViolationsReport API response.
reportDetails, err := xrayManager.ReportDetails(reportId)
```
#### Get Violations Report Content
```go
// The ReportId value is returned as part of the xrayManager.GenerateViolationsReport API response.
reportContentRequest := services.ReportContentRequestParams{
ReportId: "example-report-id",
Direction: "asc",
PageNum: 0,
NumRows: 0,
OrderBy: "severity",
}
reportContent, err := xrayManager.ReportContent(reportContentRequest)
```
#### Delete Violations Report
```go
// The reportId argument value is returned as part of the xrayManager.GenerateViolationsReport API response.
err := xrayManager.DeleteReport(reportId)
```
#### Get Artifact Summary
Expand Down
69 changes: 67 additions & 2 deletions artifactory/services/utils/tests/xray/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -1105,13 +1105,20 @@ const VulnerableXrayScanResponse = `{
}
`

const VulnerabilityRequestResponse = `
const VulnerabilityXrayReportRequestResponse = `
{
"report_id": 777,
"status": "pending"
}
`

const LicensesXrayReportRequestResponse = `
{
"report_id": 888,
"status": "pending"
}
`

const VulnerabilityReportStatusResponse = `
{
"id": 301,
Expand All @@ -1128,7 +1135,23 @@ const VulnerabilityReportStatusResponse = `
}
`

const VulnerabilityReportDeleteResponse = `
const LicensesReportStatusResponse = `
{
"id": 301,
"name": "test-generic",
"report_type": "license",
"status": "completed",
"total_artifacts": 4,
"num_of_processed_artifacts": 4,
"progress": 100,
"number_of_rows": 64,
"start_time": "2021-09-03T21:17:41Z",
"end_time": "2021-09-03T21:17:42Z",
"author": "test"
}
`

const XrayReportDeleteResponse = `
{
"info": "report deleted successfully"
}
Expand Down Expand Up @@ -1221,6 +1244,29 @@ const VulnerabilityReportDetailsResponse = `
}
`

const LicensesReportDetailsResponse = `
{
"total_rows": 1,
"rows" :[
{
"license": "MIT",
"license_name" : "The MIT License",
"component": "deb://debian:buster:glibc:2.28-10",
"artifact": "docker://redis:latest-07142020122937",
"path": "repo1/folder1/artifact",
"artifact_scan_time": "2020-07-14T09:32:00Z",
"unknown" : false,
"unrecognized" : false,
"custom" : false,
"references": [
"https://spdx.org/licenses/AFL-1.1.html",
"https://spdx.org/licenses/AFL-1.1"
]
}
]
}
`

const VulnerableXraySummaryArtifactResponse = `
{
"artifacts": [
Expand Down Expand Up @@ -1368,3 +1414,22 @@ const BuildScanResultsResponse = `
]
}
`


var MapReportIdEndpoint = map[int]string {
777: VulnerabilitiesEndpoint,
888: LicensesEndpoint,
}

var MapResponse = map[string]map[string]string {
VulnerabilitiesEndpoint: {
"XrayReportRequest": VulnerabilityXrayReportRequestResponse,
"ReportStatus": VulnerabilityReportStatusResponse,
"ReportDetails": VulnerabilityReportDetailsResponse,
},
LicensesEndpoint: {
"XrayReportRequest": LicensesXrayReportRequestResponse,
"ReportStatus": LicensesReportStatusResponse,
"ReportDetails": LicensesReportDetailsResponse,
},
}
16 changes: 9 additions & 7 deletions artifactory/services/utils/tests/xray/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ const (
FatalScanBuildName = "fatalBuildName"
VulnerableBuildName = "vulnerableBuildName"
VulnerabilitiesEndpoint = "vulnerabilities"
LicensesEndpoint = "licenses"
ContextualAnalysisFeatureId = "contextual_analysis"
BadFeatureId = "unknown"
)
Expand Down Expand Up @@ -73,22 +74,23 @@ func reportHandler(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case http.MethodGet:
if numSegments == 1 {
_, err := strconv.Atoi(addlSegments[0])
id, err := strconv.Atoi(addlSegments[0])
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
_, err = fmt.Fprint(w, VulnerabilityReportStatusResponse)
_, err = fmt.Fprint(w, MapResponse[MapReportIdEndpoint[id]]["ReportStatus"])
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
}

return
}
case http.MethodPost:
if numSegments == 1 {
if addlSegments[0] == VulnerabilitiesEndpoint {
_, err := fmt.Fprint(w, VulnerabilityRequestResponse)
if addlSegments[0] == VulnerabilitiesEndpoint || addlSegments[0] == LicensesEndpoint {
_, err := fmt.Fprint(w, MapResponse[addlSegments[0]]["XrayReportRequest"])
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand All @@ -101,8 +103,8 @@ func reportHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if addlSegments[0] == VulnerabilitiesEndpoint {
_, err := fmt.Fprint(w, VulnerabilityReportDetailsResponse)
if addlSegments[0] == VulnerabilitiesEndpoint || addlSegments[0] == LicensesEndpoint {
_, err := fmt.Fprint(w, MapResponse[addlSegments[0]]["ReportDetails"])
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand All @@ -112,7 +114,7 @@ func reportHandler(w http.ResponseWriter, r *http.Request) {
}
case http.MethodDelete:
if numSegments == 0 {
_, err := fmt.Fprint(w, VulnerabilityReportDeleteResponse)
_, err := fmt.Fprint(w, XrayReportDeleteResponse)
if err != nil {
log.Error(err)
http.Error(w, err.Error(), http.StatusInternalServerError)
Expand Down
Loading

0 comments on commit 839121d

Please sign in to comment.