ZupIT/horusec

tests: Unit tests refactor

Opened this issue · 3 comments

iancardosozup commented

We currently refactoring unit test in every package of horusec, and we have a lot of code to cover. I'm opening this issue as a report and invite to community to contribute and improve our application. Currently i'm in start package refactor and we have some cases to cover and you can base on #701 to write your code

Update: Since #731 we moved flags constants to package testutil you should use them instead of the old way to write your code

Tests to be implemented of the start command:
  • FlagAnalysisTimeout = "--analysis-timeout"
  • FlagAuthorization = "--authorization"
  • FlagCertificatePath = "--certificate-path"
  • FlagContainerBindProjectPath = "--container-bind-project-path"
  • FlagCustomRulesPath = "--custom-rules-path"
  • FlagDisableDocker = "--disable-docker"
  • FlagEnableCommitAuthor = "--enable-commit-author"
  • FlagEnableGitHistory = "--enable-git-history"
  • FlagEnableOwaspDependencyCheck = "--enable-owasp-dependency-check"
  • FlagEnableShellcheck = "--enable-shellcheck"
  • FlagFalsePositive = "--false-positive"
  • FlagHeaders = "--headers"
  • FlagHorusecUrl = "--horusec-url"
  • FlagIgnore = "--ignore"
  • FlagIgnoreSeverity = "--ignore-severity"
  • FlagInformationSeverity = "--information-severity"
  • FlagInsecureSkipVerify = "--insecure-skip-verify"
  • FlagJsonOutputFile = "--json-output-file"
  • FlagMonitorRetryCount = "--monitor-retry-count"
  • FlagOutputFormat = "--output-format"
  • FlagProjectPath = "--project-path"
  • FlagRepositoryName = "--repository-name"
  • FlagRequestTimeout = "--request-timeout"
  • FlagReturnError = "--return-error"
  • FlagRiskAccept = "--risk-accept"
  • FlagShowVulnerabilitiesTypes = "--show-vulnerabilities-types"
Tests of the packages
  • cmd/app/generate
  • cmd/app/version
  • config
  • config/dist
  • internal/controllers/analyzer
  • internal/controllers/language_detect
  • internal/controllers/printresults
  • internal/controllers/requirements
  • internal/controllers/requirements/docker
  • internal/controllers/requirements/git
  • internal/entities/commit_author
  • internal/entities/custom_images
  • internal/entities/custom_rules
  • internal/entities/docker
  • internal/entities/sonarqube
  • internal/entities/toolsconfig
  • internal/entities/workdir
  • internal/services/custom_rules
  • internal/services/docker
  • internal/services/docker/client
  • internal/services/engines
  • internal/services/formatters
  • internal/services/formatters/c/flawfinder
  • internal/services/formatters/csharp/dotnet_cli
  • internal/services/formatters/csharp/horuseccsharp
  • internal/services/formatters/csharp/scs
  • internal/services/formatters/dart/horusecdart
  • internal/services/formatters/elixir/mixaudit
  • internal/services/formatters/elixir/sobelow
  • internal/services/formatters/generic/dependency_check
  • internal/services/formatters/generic/semgrep
  • internal/services/formatters/generic/trivy
  • internal/services/formatters/go/gosec
  • internal/services/formatters/go/nancy
  • internal/services/formatters/hcl/checkov
  • internal/services/formatters/hcl/tfsec
  • internal/services/formatters/java/horusecjava
  • internal/services/formatters/javascript/horusecnodejs
  • internal/services/formatters/javascript/npmaudit
  • internal/services/formatters/javascript/yarnaudit
  • internal/services/formatters/kotlin/horuseckotlin
  • internal/services/formatters/leaks/gitleaks
  • internal/services/formatters/leaks/horusecleaks
  • internal/services/formatters/nginx/horusecnginx
  • internal/services/formatters/php/phpcs
  • internal/services/formatters/python/bandit
  • internal/services/formatters/python/safety
  • internal/services/formatters/ruby/brakeman
  • internal/services/formatters/ruby/bundler
  • internal/services/formatters/shell/shellcheck
  • internal/services/formatters/swift/horusecswift
  • internal/services/formatters/yaml/horuseckubernetes
  • internal/services/git
  • internal/services/horusec_api
  • internal/services/sonarqube
  • internal/usecases/cli
  • internal/utils/copy
  • internal/utils/file
  • internal/utils/json
  • internal/utils/prompt
  • internal/utils/valueordefault
  • internal/utils/vuln_hash
filipemelo commented

I would like to understand how line and code works on tests.
Because I didn't understand this rule.

nathanmartinszup commented

I would like to understand how line and code works on tests. Because I didn't understand this rule.

Hi @filipemelo.

If your doubt is about the engine tests, the code and line are idenfied according to the regex type. An example, if the rule is of the AndMatch type, if all regex matched, the first regex in the list will be used to search for the code, row and column, but in the case of OrMatch all regex that match will be used and displayed .

This implementation is kept in another repository, and can be found here

  • ❤️1
AliAkberAakash commented

Hi, I was thinking of taking the internal/utils/json refactoring. I'm not sure what I'm supposed to do. I'm new to golang but not new to coding, would really appreciate if someone gave me directions on getting started with this.

I know I need to write tests or refactor them, I need to know what the endgoal/outcome is.