Skip to content

Commit

Permalink
added unit test cases for the new content-based Security Policy checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@shissam
shissam committed Aug 24, 2022
1 parent a4f9dcd commit dcdee96
Show file tree
Hide file tree
Showing 15 changed files with 109 additions and 12 deletions.
4 changes: 2 additions & 2 deletions checks/evaluation/security_policy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func TestSecurityPolicy(t *testing.T) {
},
},
want: checker.CheckResult{
Score: 10,
Score: 0,
},
},
{
Expand All @@ -84,7 +84,7 @@ func TestSecurityPolicy(t *testing.T) {
},
},
want: checker.CheckResult{
Score: 10,
Score: 0,
},
},
}
Expand Down
27 changes: 27 additions & 0 deletions checks/raw/security_policy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
package raw

import (
"fmt"
"os"
"testing"

"github.com/golang/mock/gomock"
Expand Down Expand Up @@ -65,6 +67,7 @@ func TestSecurityPolicy(t *testing.T) {
tests := []struct {
name string
files []string
path string
result checker.SecurityPolicyData
wantErr bool
want scut.TestReturn
Expand All @@ -74,30 +77,35 @@ func TestSecurityPolicy(t *testing.T) {
files: []string{
"security.md",
},
path: "",
},
{
name: ".github/security.md",
files: []string{
".github/security.md",
},
path: "",
},
{
name: "docs/security.md",
files: []string{
"docs/security.md",
},
path: "",
},
{
name: "docs/security.rst",
files: []string{
"docs/security.rst",
},
path: "",
},
{
name: "doc/security.rst",
files: []string{
"doc/security.rst",
},
path: "",
},
}
for _, tt := range tests {
Expand All @@ -110,6 +118,25 @@ func TestSecurityPolicy(t *testing.T) {

mockRepoClient.EXPECT().ListFiles(gomock.Any()).Return(tt.files, nil).AnyTimes()
mockRepo.EXPECT().Org().Return(nil).AnyTimes()
//
// the revised Security Policy will immediate go for the
// file contents once found. This test will return that
// mock file, but this specific unit test is not testing
// for content. As such, this test will crash without
// a mock GetFileContent, so this will return no content
// for the existing file. content test are in overall check
//
mockRepoClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(fn string) ([]byte, error) {
if tt.path == "" {
return nil, nil
}
content, err := os.ReadFile(tt.path)
if err != nil {
return content, fmt.Errorf("%w", err)
}
return content, nil
}).AnyTimes()

dl := scut.TestDetailLogger{}
c := checker.CheckRequest{
RepoClient: mockRepoClient,
Expand Down
46 changes: 36 additions & 10 deletions checks/security_policy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
package checks

import (
"fmt"
"os"
"testing"

"github.com/golang/mock/gomock"
Expand All @@ -29,12 +31,14 @@ func TestSecurityPolicy(t *testing.T) {
//nolint
tests := []struct {
name string
path string
files []string
wantErr bool
want scut.TestReturn
}{
{
name: "security.md",
path: "./testdata/securitypolicy/10_realworld",
files: []string{
"security.md",
},
Expand All @@ -45,76 +49,84 @@ func TestSecurityPolicy(t *testing.T) {
},
{
name: ".github/security.md",
path: "./testdata/securitypolicy/07_realworld",
files: []string{
".github/security.md",
},
want: scut.TestReturn{
Score: 10,
Score: 7,
NumberOfInfo: 1,
},
},
{
name: "docs/security.md",
path: "./testdata/securitypolicy/04_textAndDisclosureVuls",
files: []string{
"docs/security.md",
},
want: scut.TestReturn{
Score: 10,
Score: 4,
NumberOfInfo: 1,
},
},
{
name: "security.rst",
path: "./testdata/securitypolicy/03_textOnly",
files: []string{
"security.rst",
},
want: scut.TestReturn{
Score: 10,
Score: 3,
NumberOfInfo: 1,
},
},
{
name: ".github/security.rst",
path: "./testdata/securitypolicy/03_urlOnly",
files: []string{
".github/security.rst",
},
want: scut.TestReturn{
Score: 10,
Score: 3,
NumberOfInfo: 1,
},
},
{
name: "docs/security.rst",
path: "./testdata/securitypolicy/03_emailOnly",
files: []string{
"docs/security.rst",
},
want: scut.TestReturn{
Score: 10,
Score: 3,
NumberOfInfo: 1,
},
},
{
name: "doc/security.rst",
path: "./testdata/securitypolicy/06_urlAndEmailOnly",
files: []string{
"doc/security.rst",
},
want: scut.TestReturn{
Score: 10,
Score: 6,
NumberOfInfo: 1,
},
},
{
name: "security.adoc",
path: "./testdata/securitypolicy/09_linkedContentAndText",
files: []string{
"security.adoc",
},
want: scut.TestReturn{
Score: 10,
Score: 9,
NumberOfInfo: 1,
},
},
{
name: ".github/security.adoc",
path: "./testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls",
files: []string{
".github/security.adoc",
},
Expand All @@ -125,21 +137,23 @@ func TestSecurityPolicy(t *testing.T) {
},
{
name: "docs/security.adoc",
path: "./testdata/securitypolicy/00_empty",
files: []string{
"docs/security.adoc",
},
want: scut.TestReturn{
Score: 10,
Score: 0,
NumberOfInfo: 1,
},
},
{
name: "Pass Case: Case-insensitive testing",
path: "./testdata/securitypolicy/00_1byte",
files: []string{
"dOCs/SeCuRIty.rsT",
},
want: scut.TestReturn{
Score: 10,
Score: 0,
NumberOfInfo: 1,
},
},
Expand All @@ -153,6 +167,18 @@ func TestSecurityPolicy(t *testing.T) {
mockRepo := mockrepo.NewMockRepoClient(ctrl)

mockRepo.EXPECT().ListFiles(gomock.Any()).Return(tt.files, nil).AnyTimes()

mockRepo.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(fn string) ([]byte, error) {
if tt.path == "" {
return nil, nil
}
content, err := os.ReadFile(tt.path)
if err != nil {
return content, fmt.Errorf("%w", err)
}
return content, nil
}).AnyTimes()

dl := scut.TestDetailLogger{}
c := checker.CheckRequest{
RepoClient: mockRepo,
Expand All @@ -162,7 +188,7 @@ func TestSecurityPolicy(t *testing.T) {
res := SecurityPolicy(&c)

if !scut.ValidateTestReturn(t, tt.name, &tt.want, &res, &dl) {
t.Errorf("test failed: log message not present: %+v", tt.want)
t.Errorf("test failed: log message not present: %+v on %+v", tt.want, res)
}
})
}
Expand Down
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/00_1byte
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

Empty file added checks/testdata/securitypolicy/00_empty
View file
Empty file.
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/03_emailOnly
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[email protected]
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/03_securitypolicy
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
now is the time for all goodness for vulnerabilities and disclosures
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/03_textOnly
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
now is the time for all goodness
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/03_urlOnly
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
https://security.example.com
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/04_textAndDisclosureVuls
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
now is the time for all goodness for vulnerabilities and disclosures
1 change: 1 addition & 0 deletions checks/testdata/securitypolicy/06_urlAndEmailOnly
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
https://security.example.com [email protected]
11 changes: 11 additions & 0 deletions checks/testdata/securitypolicy/07_realworld
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Reporting Security Issues

To report a security issue, please email
[[email protected]](mailto:[email protected])
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue.

Our vulnerability management team will respond within 3 working days of your
email. If the issue is confirmed as a vulnerability, we will open a
Security Advisory and acknowledge your contributions as part of it. This project
follows a 90 day disclosure timeline.
2 changes: 2 additions & 0 deletions checks/testdata/securitypolicy/09_linkedContentAndText
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
https://security.example.com [email protected]
now is the time for all goodness
2 changes: 2 additions & 0 deletions checks/testdata/securitypolicy/10_linkedContentAndTextAndDisclosureVuls
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
https://security.example.com [email protected]
now is the time for all goodness for vulnerabilities and disclosures
22 changes: 22 additions & 0 deletions checks/testdata/securitypolicy/10_realworld
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Security Policy

## Security Announcements

Join the [kubernetes-security-announce] group for security and vulnerability announcements.

You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss].

## Reporting a Vulnerability

Instructions for reporting a vulnerability can be found on the
[Kubernetes Security and Disclosure Information] page.

## Supported Versions

Information about supported Kubernetes versions can be found on the
[Kubernetes version and version skew support policy] page on the Kubernetes website.

[kubernetes-security-announce]: https://groups.google.com/forum/#!forum/kubernetes-security-announce
[kubernetes-security-announce-rss]: https://groups.google.com/forum/feed/kubernetes-security-announce/msgs/rss_v2_0.xml?num=50
[Kubernetes version and version skew support policy]: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions
[Kubernetes Security and Disclosure Information]: https://kubernetes.io/docs/reference/issues-security/security/#report-a-vulnerability

0 comments on commit dcdee96

Please sign in to comment.