npm-audit-mirror/go/allowlists/allowlist_test.go - buildbot - Git at Google

 package allowlists

 import (
 	"encoding/json"
 	"net/http"
 	"testing"

 	"github.com/stretchr/testify/require"

 	"go.skia.org/infra/go/mockhttpclient"
 	"go.skia.org/infra/go/testutils/unittest"
 	"go.skia.org/infra/npm-audit-mirror/go/types"
 )

 var (
 	startPackageName        = "start-pkg"
 	startPackageExactVer    = "1.4.0"
 	startPackageNonExactVer = "^1.4.0"

 	dep1PackageName        = "dep1-pkg"
 	dep1PackageExactVer    = "4.0"
 	dep1PackageNonExactVer = "^4.0"

 	dep1_1PackageName = "dep1_1-pkg"
 	dep1_1PackageVer  = "^9.1"

 	dep2PackageName        = "dep2-pkg"
 	dep2PackageExactVer    = "5.0.1"
 	dep2PackageNonExactVer = "<5.0.1"
 )

 func setupAllowlistHttpClient(t *testing.T, dep1PackageUseNonExactVer, dep2PackageUseNonExactVer bool) *http.Client {
 	dep1PackageVer := dep1PackageExactVer
 	if dep1PackageUseNonExactVer {
 		dep1PackageVer = dep1PackageNonExactVer
 	}
 	dep2PackageVer := dep2PackageExactVer
 	if dep2PackageUseNonExactVer {
 		dep2PackageVer = dep2PackageNonExactVer
 	}

 	mockClient := mockhttpclient.NewURLMock()
 	startPackageResp, err := json.Marshal(&types.NpmPackage{
 		Versions: map[string]types.NpmVersion{
 			startPackageExactVer: {
 				Dependencies: map[string]string{
 					dep1PackageName: dep1PackageVer,
 					dep2PackageName: dep2PackageVer,
 				},
 			},
 		},
 	})
 	dep1PackageResp, err := json.Marshal(&types.NpmPackage{
 		Versions: map[string]types.NpmVersion{
 			dep1PackageExactVer: {
 				Dependencies: map[string]string{
 					dep1_1PackageName: dep1_1PackageVer,
 				},
 			},
 		},
 	})
 	dep1_1PackageResp, err := json.Marshal(&types.NpmPackage{
 		Versions: map[string]types.NpmVersion{
 			dep1_1PackageVer: {
 				Dependencies: map[string]string{},
 			},
 		},
 	})
 	dep2PackageResp, err := json.Marshal(&types.NpmPackage{
 		Versions: map[string]types.NpmVersion{
 			dep2PackageExactVer: {
 				Dependencies: map[string]string{},
 			},
 		},
 	})
 	require.Nil(t, err)

 	mockClient.Mock("https://registry.npmjs.org/"+startPackageName, mockhttpclient.MockGetDialogue(startPackageResp))
 	mockClient.Mock("https://registry.npmjs.org/"+dep1PackageName, mockhttpclient.MockGetDialogue(dep1PackageResp))
 	mockClient.Mock("https://registry.npmjs.org/"+dep1_1PackageName, mockhttpclient.MockGetDialogue(dep1_1PackageResp))
 	mockClient.Mock("https://registry.npmjs.org/"+dep2PackageName, mockhttpclient.MockGetDialogue(dep2PackageResp))

 	return mockClient.Client()
 }

 func TestGetDependencies_StartPackageWithExactVerDeps_ReturnsAllDeps(t *testing.T) {
 	unittest.SmallTest(t)
 	mockHttpClient := setupAllowlistHttpClient(t, false, false)

 	// All 3 dependencies should be returned.
 	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
 	require.NoError(t, err)
 	require.Len(t, deps, 3)
 	require.Equal(t, dep1PackageName, deps[0].Name)
 	require.Equal(t, dep1PackageExactVer, deps[0].Version)
 	require.Equal(t, dep1_1PackageName, deps[1].Name)
 	require.Equal(t, dep1_1PackageVer, deps[1].Version)
 	require.Equal(t, dep2PackageName, deps[2].Name)
 	require.Equal(t, dep2PackageExactVer, deps[2].Version)
 }

 func TestGetDependencies_StartPackageWithNonExactVerDeps_ReturnsNoDeps(t *testing.T) {
 	unittest.SmallTest(t)
 	mockHttpClient := setupAllowlistHttpClient(t, false, false)

 	// 0 dependencies should be returned because we cannot find the dependencies
 	// of a start package with a non-exact version.
 	deps, err := getDependencies(startPackageName, startPackageNonExactVer, mockHttpClient)
 	require.NoError(t, err)
 	require.Len(t, deps, 0)
 }

 func TestGetDependencies_Dep2WithNonExactVer_ReturnsAllDeps(t *testing.T) {
 	unittest.SmallTest(t)
 	mockHttpClient := setupAllowlistHttpClient(t, false, true)

 	// All 3 dependencies should be returned because dep2 has no dependencies.
 	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
 	require.NoError(t, err)
 	require.Len(t, deps, 3)
 	require.Equal(t, dep1PackageName, deps[0].Name)
 	require.Equal(t, dep1PackageExactVer, deps[0].Version)
 	require.Equal(t, dep1_1PackageName, deps[1].Name)
 	require.Equal(t, dep1_1PackageVer, deps[1].Version)
 	require.Equal(t, dep2PackageName, deps[2].Name)
 	require.Equal(t, dep2PackageNonExactVer, deps[2].Version)
 }

 func TestGetDependencies_Dep1WithNonExactVer_ReturnsTwoDeps(t *testing.T) {
 	unittest.SmallTest(t)
 	mockHttpClient := setupAllowlistHttpClient(t, true, false)

 	// pkg1 uses non-exact versioning so we will not be able to find pkg1_1.
 	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
 	require.NoError(t, err)
 	require.Len(t, deps, 2)
 	require.Equal(t, dep1PackageName, deps[0].Name)
 	require.Equal(t, dep1PackageNonExactVer, deps[0].Version)
 	require.Equal(t, dep2PackageName, deps[1].Name)
 	require.Equal(t, dep2PackageExactVer, deps[1].Version)
 }
	package allowlists

	import (
	"encoding/json"
	"net/http"
	"testing"

	"github.com/stretchr/testify/require"

	"go.skia.org/infra/go/mockhttpclient"
	"go.skia.org/infra/go/testutils/unittest"
	"go.skia.org/infra/npm-audit-mirror/go/types"
	)

	var (
	startPackageName = "start-pkg"
	startPackageExactVer = "1.4.0"
	startPackageNonExactVer = "^1.4.0"

	dep1PackageName = "dep1-pkg"
	dep1PackageExactVer = "4.0"
	dep1PackageNonExactVer = "^4.0"

	dep1_1PackageName = "dep1_1-pkg"
	dep1_1PackageVer = "^9.1"

	dep2PackageName = "dep2-pkg"
	dep2PackageExactVer = "5.0.1"
	dep2PackageNonExactVer = "<5.0.1"
	)

	func setupAllowlistHttpClient(t testing.T, dep1PackageUseNonExactVer, dep2PackageUseNonExactVer bool) http.Client {
	dep1PackageVer := dep1PackageExactVer
	if dep1PackageUseNonExactVer {
	dep1PackageVer = dep1PackageNonExactVer
	}
	dep2PackageVer := dep2PackageExactVer
	if dep2PackageUseNonExactVer {
	dep2PackageVer = dep2PackageNonExactVer
	}

	mockClient := mockhttpclient.NewURLMock()
	startPackageResp, err := json.Marshal(&types.NpmPackage{
	Versions: map[string]types.NpmVersion{
	startPackageExactVer: {
	Dependencies: map[string]string{
	dep1PackageName: dep1PackageVer,
	dep2PackageName: dep2PackageVer,
	},
	},
	},
	})
	dep1PackageResp, err := json.Marshal(&types.NpmPackage{
	Versions: map[string]types.NpmVersion{
	dep1PackageExactVer: {
	Dependencies: map[string]string{
	dep1_1PackageName: dep1_1PackageVer,
	},
	},
	},
	})
	dep1_1PackageResp, err := json.Marshal(&types.NpmPackage{
	Versions: map[string]types.NpmVersion{
	dep1_1PackageVer: {
	Dependencies: map[string]string{},
	},
	},
	})
	dep2PackageResp, err := json.Marshal(&types.NpmPackage{
	Versions: map[string]types.NpmVersion{
	dep2PackageExactVer: {
	Dependencies: map[string]string{},
	},
	},
	})
	require.Nil(t, err)

	mockClient.Mock("https://registry.npmjs.org/"+startPackageName, mockhttpclient.MockGetDialogue(startPackageResp))
	mockClient.Mock("https://registry.npmjs.org/"+dep1PackageName, mockhttpclient.MockGetDialogue(dep1PackageResp))
	mockClient.Mock("https://registry.npmjs.org/"+dep1_1PackageName, mockhttpclient.MockGetDialogue(dep1_1PackageResp))
	mockClient.Mock("https://registry.npmjs.org/"+dep2PackageName, mockhttpclient.MockGetDialogue(dep2PackageResp))

	return mockClient.Client()
	}

	func TestGetDependencies_StartPackageWithExactVerDeps_ReturnsAllDeps(t *testing.T) {
	unittest.SmallTest(t)
	mockHttpClient := setupAllowlistHttpClient(t, false, false)

	// All 3 dependencies should be returned.
	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
	require.NoError(t, err)
	require.Len(t, deps, 3)
	require.Equal(t, dep1PackageName, deps[0].Name)
	require.Equal(t, dep1PackageExactVer, deps[0].Version)
	require.Equal(t, dep1_1PackageName, deps[1].Name)
	require.Equal(t, dep1_1PackageVer, deps[1].Version)
	require.Equal(t, dep2PackageName, deps[2].Name)
	require.Equal(t, dep2PackageExactVer, deps[2].Version)
	}

	func TestGetDependencies_StartPackageWithNonExactVerDeps_ReturnsNoDeps(t *testing.T) {
	unittest.SmallTest(t)
	mockHttpClient := setupAllowlistHttpClient(t, false, false)

	// 0 dependencies should be returned because we cannot find the dependencies
	// of a start package with a non-exact version.
	deps, err := getDependencies(startPackageName, startPackageNonExactVer, mockHttpClient)
	require.NoError(t, err)
	require.Len(t, deps, 0)
	}

	func TestGetDependencies_Dep2WithNonExactVer_ReturnsAllDeps(t *testing.T) {
	unittest.SmallTest(t)
	mockHttpClient := setupAllowlistHttpClient(t, false, true)

	// All 3 dependencies should be returned because dep2 has no dependencies.
	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
	require.NoError(t, err)
	require.Len(t, deps, 3)
	require.Equal(t, dep1PackageName, deps[0].Name)
	require.Equal(t, dep1PackageExactVer, deps[0].Version)
	require.Equal(t, dep1_1PackageName, deps[1].Name)
	require.Equal(t, dep1_1PackageVer, deps[1].Version)
	require.Equal(t, dep2PackageName, deps[2].Name)
	require.Equal(t, dep2PackageNonExactVer, deps[2].Version)
	}

	func TestGetDependencies_Dep1WithNonExactVer_ReturnsTwoDeps(t *testing.T) {
	unittest.SmallTest(t)
	mockHttpClient := setupAllowlistHttpClient(t, true, false)

	// pkg1 uses non-exact versioning so we will not be able to find pkg1_1.
	deps, err := getDependencies(startPackageName, startPackageExactVer, mockHttpClient)
	require.NoError(t, err)
	require.Len(t, deps, 2)
	require.Equal(t, dep1PackageName, deps[0].Name)
	require.Equal(t, dep1PackageNonExactVer, deps[0].Version)
	require.Equal(t, dep2PackageName, deps[1].Name)
	require.Equal(t, dep2PackageExactVer, deps[1].Version)
	}