-
Notifications
You must be signed in to change notification settings - Fork 42
/
component_analysis.feature
199 lines (168 loc) · 9.29 KB
/
component_analysis.feature
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
Feature: Unknown licenses
Scenario Outline: Check the component analysis REST API endpoint for components without recommendations
Given System is running
Given Three scale preview service is running
When I acquire the use_key for 3scale
Then I should get the proper user_key
When I start component analyses <ecosystem>/<package>/<version> with user_key
Then I should get 200 status code
And I should receive a valid JSON response
And I should receive JSON response containing the result key
And I should find one analyzed package in the component analysis
And I should find the package <package> from <ecosystem> ecosystem in the component analysis
And I should find the component <package> version <version> from <ecosystem> ecosystem in the component analysis
And I should find no recommendations in the component analysis
Examples: EPV
| ecosystem | package | version |
| npm | sequence | 3.0.0 |
| npm | aargh | 1.1.0 |
| npm | arrays | 0.1.1 |
| npm | jquery | 3.5.0 |
| npm | mocha | 6.1.4 |
| npm | underscore | 1.9.1 |
| npm | markdown | 0.5.0 |
| npm | babel-core | 6.26.3 |
| npm | babel-core | 6.26.2 |
| npm | babel-core | 7.0.0-bridge.0 |
| npm | babel-core | 7.0.0-beta.3 |
| npm | babel-core | 7.0.0-beta.2 |
| npm | babel-core | 7.0.0-beta.1 |
| npm | babel-core | 7.0.0-beta.0 |
| npm | babel-core | 7.0.0-alpha.20 |
| npm | babel-core | 6.26.0 |
| npm | babel-core | 7.0.0-alpha.19 |
| npm | babel-core | 7.0.0-alpha.18 |
| npm | babel-core | 7.0.0-alpha.17 |
| npm | babel-core | 7.0.0-alpha.16 |
| npm | babel-core | 7.0.0-alpha.15 |
| npm | babel-core | 7.0.0-alpha.14 |
| npm | babel-core | 6.25.0 |
| npm | babel-core | 7.0.0-alpha.12 |
| npm | babel-core | 7.0.0-alpha.11 |
| npm | babel-core | 7.0.0-alpha.10 |
| npm | babel-core | 7.0.0-alpha.9 |
| npm | babel-core | 7.0.0-alpha.8 |
| npm | babel-core | 6.24.1 |
| npm | babel-core | 7.0.0-alpha.7 |
| npm | babel-core | 7.0.0-alpha.6 |
| npm | babel-core | 7.0.0-alpha.3 |
| npm | babel-core | 6.24.0 |
| npm | babel-core | 7.0.0-alpha.2 |
| npm | babel-core | 7.0.0-alpha.1 |
| npm | react | 16.8.6 |
| npm | wisp | 0.11.1 |
| maven | io.vertx:vertx-core | 3.7.0 |
| maven | io.vertx:vertx-core | 3.6.3 |
| maven | io.vertx:vertx-core | 3.6.2 |
| maven | io.vertx:vertx-core | 3.6.1 |
| maven | io.vertx:vertx-core | 3.6.0 |
| maven | org.json:json | 20180813 |
| maven | org.json:json | 20180130 |
| maven | org.json:json | 20171018 |
| maven | org.json:json | 20170516 |
| maven | org.python:jython | 2.7.1b3 |
| maven | org.python:jython | 2.7.1b2 |
| maven | org.clojure:clojure | 1.10.1-beta2 |
| maven | org.clojure:clojure | 1.10.1-beta1 |
| maven | org.clojure:clojure | 1.10.0 |
| pypi | clojure_py | 0.2.4 |
| pypi | six | 1.10.0 |
| pypi | ansicolors | 1.1.8 |
| pypi | flask | 1.0.2 |
| pypi | flask | 1.0.1 |
| pypi | flask | 1.0 |
| pypi | numpy | 1.16.3 |
| pypi | scipy | 1.2.1 |
| pypi | scipy | 1.2.0 |
| pypi | pygame | 1.9.6rc1 |
| pypi | pygame | 1.9.5 |
| pypi | pyglet | 1.4.0a1 |
| pypi | pyglet | 1.3.2 |
| pypi | requests | 2.21.0 |
| pypi | requests | 2.20.1 |
| pypi | requests | 2.20.0 |
| pypi | dash | 1.0.0a1 |
| pypi | dash | 0.43.0rc3 |
| pypi | dash | 0.43.0rc2 |
| pypi | dash | 0.43.0rc1 |
| pypi | pudb | 2018.1 |
| pypi | pudb | 2017.1.4 |
| pypi | pudb | 2017.1.3 |
| pypi | pudb | 2017.1.2 |
| pypi | pudb | 2017.1.1 |
| pypi | pytest | 3.2.1 |
| pypi | pytest | 3.2.2 |
Scenario: Check the component analysis REST API endpoint for unknown ecosystem
Given System is running
Given Three scale preview service is running
When I acquire the use_key for 3scale
Then I should get the proper user_key
When I start component analyses really_unknown_ecosystem/foobar/1.0.0 with user_key
Then I should get 400 status code
And I should receive a valid JSON response
Scenario: Check the component analysis REST API endpoint for unknown component in NPM ecosystem
Given System is running
Given Three scale preview service is running
When I acquire the use_key for 3scale
Then I should get the proper user_key
When I start component analyses npm/really_unknown_component/1.0.0 with user_key
Then I should get 202 status code
And I should receive a valid JSON response
Scenario: Check the component analysis REST API endpoint for unknown component in PyPi ecosystem
Given System is running
Given Three scale preview service is running
When I acquire the use_key for 3scale
Then I should get the proper user_key
When I start component analyses pypi/really_unknown_component/1.0.0 with user_key
Then I should get 202 status code
And I should receive a valid JSON response
# There's an error on the stage, so let's let this test commented for a while
#Scenario: Check the component analysis REST API endpoint for unknown component in Maven ecosystem
# Given System is running
# When I acquire the authorization token
# Then I should get the proper authorization token#
# When I start analysis for component maven/really_unknown_component/1.0.0 with authorization token
# Then I should get 202 status code
# And I should receive a valid JSON response
@data-sanity
Scenario Outline: Check the component analysis REST API endpoint for components with recommendation and one CVE
Given System is running
Given Three scale preview service is running
When I acquire the use_key for 3scale
Then I should get the proper user_key
When I start component analyses <ecosystem>/<package>/<version> with user_key
Then I should get 200 status code
And I should receive a valid JSON response
And I should receive JSON response containing the result key
And I should find the package <package> from <ecosystem> ecosystem in the component analysis
And I should find the component <package> version <version> from <ecosystem> ecosystem in the component analysis
And I should find recommendation to change to version <recommended-version> in the component analysis
And I should find CVE report <cve> with score <score> in the component analysis
Examples: EPV
| ecosystem | package | version | recommended-version | cve | score |
| npm | nuxt | 2.0.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| npm | nuxt | 2.1.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| npm | nuxt | 2.3.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| npm | nuxt | 2.4.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| npm | nuxt | 2.5.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| npm | nuxt | 2.6.0 | 2.12.2 | CVE-2019-13506 | 4.3 |
| maven | io.vertx:vertx-core | 3.5.3 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| maven | io.vertx:vertx-core | 3.5.3.CR1 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| maven | io.vertx:vertx-core | 3.5.2 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| maven | io.vertx:vertx-core | 3.5.2.CR3 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| maven | io.vertx:vertx-core | 3.5.2.CR2 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| maven | io.vertx:vertx-core | 3.5.2.CR1 | 4.0.0-milestone5 | CVE-2018-12541 | 5.0 |
| pypi | flask | 0.12 | 1.1.2 | CVE-2018-1000656 | 5.0 |
| pypi | flask | 0.12.1 | 1.1.2 | CVE-2018-1000656 | 5.0 |
| pypi | flask | 0.12.2 | 1.1.2 | CVE-2018-1000656 | 5.0 |
| pypi | numpy | 1.16.0 | 1.18.5 | CVE-2019-6446 | 7.5 |
| pypi | numpy | 1.15.4 | 1.18.5 | CVE-2019-6446 | 7.5 |
| pypi | numpy | 1.15.3 | 1.18.5 | CVE-2019-6446 | 7.5 |
| pypi | numpy | 1.15.2 | 1.18.5 | CVE-2019-6446 | 7.5 |
| pypi | numpy | 1.15.1 | 1.18.5 | CVE-2019-6446 | 7.5 |
| pypi | requests | 2.19.1 | 2.24.0 | CVE-2018-18074 | 5.0 |
| pypi | requests | 2.19.0 | 2.24.0 | CVE-2018-18074 | 5.0 |
| pypi | requests | 2.18.4 | 2.24.0 | CVE-2018-18074 | 5.0 |
| pypi | requests | 2.18.3 | 2.24.0 | CVE-2018-18074 | 5.0 |
| pypi | requests | 2.18.2 | 2.24.0 | CVE-2018-18074 | 5.0 |
| pypi | requests | 2.17.3 | 2.24.0 | CVE-2018-18074 | 5.0 |