-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathtest_socketcli.py
More file actions
230 lines (185 loc) · 7.6 KB
/
Copy pathtest_socketcli.py
File metadata and controls
230 lines (185 loc) · 7.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
import sys
import pytest
from socketsecurity.core.classes import Diff, Package
from socketsecurity import socketcli
from socketsecurity.socketcli import build_license_artifact_payload
# ---------------------------------------------------------------------------
# Exit-code-on-api-error (flag-only, non-breaking for 2.3.x).
#
# Default behavior is unchanged from prior releases: unexpected errors exit 3,
# and --disable-blocking forces exit 0 for everything. The flag only changes
# the code when explicitly set, and --disable-blocking still takes precedence.
# ---------------------------------------------------------------------------
def _run_cli_expecting_exit(monkeypatch, argv, boom=None):
def fail_main_code():
raise (boom or RuntimeError("infra boom"))
monkeypatch.setattr(socketcli, "main_code", fail_main_code)
monkeypatch.setattr(sys, "argv", argv)
with pytest.raises(SystemExit) as exc_info:
socketcli.cli()
return exc_info.value.code
def test_unexpected_error_exits_3_by_default(monkeypatch):
code = _run_cli_expecting_exit(monkeypatch, ["socketcli", "--api-token", "test"])
assert code == 3
def test_exit_code_on_api_error_remaps_failure(monkeypatch):
code = _run_cli_expecting_exit(
monkeypatch,
["socketcli", "--api-token", "test", "--exit-code-on-api-error", "100"],
)
assert code == 100
def test_disable_blocking_overrides_exit_code_on_api_error(monkeypatch):
# The documented interaction: --disable-blocking forces exit 0 for ALL
# outcomes and therefore overrides --exit-code-on-api-error. A user who
# sets both gets 0, NOT 100 -- this guards against silently regressing
# that precedence (which would break the documented soft_fail guidance).
code = _run_cli_expecting_exit(
monkeypatch,
[
"socketcli", "--api-token", "test",
"--exit-code-on-api-error", "100",
"--disable-blocking",
],
)
assert code == 0
def test_keyboard_interrupt_still_exits_2(monkeypatch):
code = _run_cli_expecting_exit(
monkeypatch, ["socketcli", "--api-token", "test"], boom=KeyboardInterrupt()
)
assert code == 2
# ---------------------------------------------------------------------------
# Buildkite-aware infrastructure error formatting.
# ---------------------------------------------------------------------------
def test_emit_infra_error_no_buildkite_has_no_markers(monkeypatch, capsys, caplog):
monkeypatch.setattr(socketcli, "IS_BUILDKITE", False)
with caplog.at_level("ERROR", logger="socketcli"):
socketcli._emit_infrastructure_error("something failed")
out = capsys.readouterr().out
assert "^^^ +++" not in out
assert "--- :warning:" not in out
assert "soft_fail" not in "\n".join(r.getMessage() for r in caplog.records)
def test_emit_infra_error_buildkite_emits_markers(monkeypatch, capsys, caplog):
monkeypatch.setattr(socketcli, "IS_BUILDKITE", True)
with caplog.at_level("ERROR", logger="socketcli"):
socketcli._emit_infrastructure_error("something failed")
out = capsys.readouterr().out
assert "^^^ +++" in out
assert "--- :warning: Socket infrastructure error" in out
assert "soft_fail" in "\n".join(r.getMessage() for r in caplog.records)
def test_emit_infra_error_traceback_gated(monkeypatch, capsys):
monkeypatch.setattr(socketcli, "IS_BUILDKITE", False)
try:
raise ValueError("boom")
except ValueError:
socketcli._emit_infrastructure_error("wrapped", include_traceback=True)
err = capsys.readouterr().err
assert "Traceback" in err and "ValueError: boom" in err
def test_build_license_artifact_payload_without_packages_returns_empty_dict():
diff = Diff()
payload = build_license_artifact_payload(diff)
assert payload == {}
def test_build_license_artifact_payload_serializes_package_fields():
diff = Diff()
diff.packages = {
"pypi/requests@2.31.0": Package(
id="pkg-1",
name="requests",
version="2.31.0",
type="pypi",
score={},
alerts=[],
direct=True,
url="https://socket.dev/pypi/package/requests/overview/2.31.0",
license="Apache-2.0",
licenseDetails=[{"id": "Apache-2.0"}],
licenseAttrib=[{"id": "Apache-2.0"}],
purl="requests@2.31.0",
)
}
payload = build_license_artifact_payload(diff)
assert payload == {
"pkg-1": {
"id": "pkg-1",
"name": "requests",
"version": "2.31.0",
"ecosystem": "pypi",
"direct": True,
"url": "https://socket.dev/pypi/package/requests/overview/2.31.0",
"license": "Apache-2.0",
"licenseDetails": [{"id": "Apache-2.0"}],
"licenseAttrib": [{"id": "Apache-2.0"}],
"purl": "requests@2.31.0",
}
}
def test_build_license_artifact_payload_fossa_format_without_packages():
class Config:
repo = "owner/repo"
branch = "main"
diff = Diff(id="scan-1", report_url="https://socket.dev/report/1")
payload = build_license_artifact_payload(diff, legal_format="fossa", config=Config())
assert payload == {
"copyrightsByLicense": {},
"deepDependencies": [],
"directDependencies": [],
"licenses": {},
"project": {"name": "owner/repo", "revision": "scan-1"},
}
def test_fossa_attribution_file_is_written_indented(tmp_path):
"""fossa-sbom.json should be written with indent=2, matching fossa-analyze.json."""
import json
from types import SimpleNamespace
from socketsecurity import socketcli
target = tmp_path / "fossa-sbom.json"
config = SimpleNamespace(license_file_name=str(target))
payload = {
"copyrightsByLicense": {},
"deepDependencies": [],
"directDependencies": [],
"licenses": {},
"project": {"name": "x", "revision": "y"},
}
socketcli._write_attribution_file(config, payload)
content = target.read_text()
assert "\n " in content, f"Expected indented JSON, got: {content!r}"
assert json.loads(content) == payload
def test_build_license_artifact_payload_fossa_format_serializes_dependencies():
class Config:
repo = "owner/repo"
branch = "main"
diff = Diff(id="scan-1", report_url="https://socket.dev/report/1")
diff.packages = {
"pkg:pypi/requests@2.31.0": Package(
id="pkg-1",
name="requests",
version="2.31.0",
type="pypi",
score={},
alerts=[],
direct=True,
url="https://socket.dev/pypi/package/requests/overview/2.31.0",
license="Apache-2.0",
licenseDetails=[{"id": "Apache-2.0"}],
licenseAttrib=[{"id": "Apache-2.0"}],
purl="pkg:pypi/requests@2.31.0",
)
}
payload = build_license_artifact_payload(diff, legal_format="fossa", config=Config())
assert payload["project"] == {"name": "owner/repo", "revision": "scan-1"}
assert payload["directDependencies"] == [{
"authors": [],
"dependencyPaths": ["requests"],
"description": "",
"downloadUrl": "",
"hash": None,
"isGolang": None,
"licenses": [{"attribution": "", "name": "Apache-2.0"}],
"notes": [],
"otherLicenses": [],
"package": "requests",
"projectUrl": "",
"source": "pip",
"title": "requests",
"version": "2.31.0",
}]
assert payload["deepDependencies"] == []
assert payload["copyrightsByLicense"] == {}
assert payload["licenses"] == {}