Merge branch '217905-net-integration-test' into 'master'v3.18.0

Resolve nuget dependencies from a custom registry. See merge request gitlab-org/security-products/license-management!189
author: Can Eldem <celdem@gitlab.com> 2020-07-15 09:24:27 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-07-15 09:24:27 +0000
commit: f04805cf7b490b9ef9492e4ddc115ab7c2845ab6 (patch)
tree: 290e40b1b3f3c24579ed780e83ce55293e4b1de7 /spec/integration/dotnet/nuget_spec.rb
parent: d8b18764499ed0378d5f5caf0d68460c39510cfe (diff)
parent: 4b9540b7724f89b2c3d2850193721abd415421f6 (diff)
1 files changed, 145 insertions, 20 deletions
diff --git a/spec/integration/dotnet/nuget_spec.rb b/spec/integration/dotnet/nuget_spec.rb
index c97c352..1d9a62c 100644
--- a/spec/integration/dotnet/nuget_spec.rb
+++ b/spec/integration/dotnet/nuget_spec.rb
@@ -73,30 +73,155 @@ RSpec.describe "nuget" do
     end
   end
 
-  context "when a project has a dependency that has it's own dependencies" do
-    let(:packages) do
-      <<-XML
-<?xml version="1.0" encoding="utf-8"?>
-<packages>
-  <package id="NHibernate" version="5.2.6" />
-</packages>
-      XML
+  context "when a project has a dependency that has indirect dependencies" do
+    subject { runner.scan }
+
+    before do
+      runner.mount(dir: fixture_file('dotnet/nuget-transient-dependencies'))
     end
 
-    pending 'produces a report that includes the dependencies of each dependency' do
-      runner.add_file('packages.config', packages)
-      report = runner.scan
+    specify 'produces a report that includes the dependencies of each dependency' do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to include('Iesi.Collections')
+      expect(subject.dependency_names).to include('Remotion.Linq')
+      expect(subject.dependency_names).to include('Remotion.Linq.EagerFetching')
+      expect(subject.dependency_names).to include("Antlr3.Runtime")
+      expect(subject.dependency_names).to include("NHibernate")
 
-      expect(report).to match_schema
-      expect(report[:licenses].count).not_to be_zero
-      expect(report[:licenses].map { |x| x[:id] }.uniq).to match_array(['LGPL-2.1', 'Apache-2.0', 'BSD-3-Clause'])
-      expect(report.dependency_names).to match_array([
-        'Iesi.Collections',
-        'Remotion.Linq',
-        'Remotion.Linq.EagerFetching',
-        "Antlr3.Runtime",
-        "NHibernate"
+      expect(subject.licenses_for('Antlr3.Runtime')).to match_array(["https://raw.githubusercontent.com/antlr/antlrcs/master/license.txt"])
+      expect(subject.licenses_for('Iesi.Collections')).to match_array(['unknown'])
+      expect(subject.licenses_for('NHibernate')).to match_array(["https://raw.githubusercontent.com/nhibernate/nhibernate-core/master/license.txt"])
+      expect(subject.licenses_for('Remotion.Linq')).to match_array(['Apache-2.0'])
+      expect(subject.licenses_for('Remotion.Linq.EagerFetching')).to match_array(['LGPL-2.1'])
+    end
+  end
+
+  context "when scanning a VB.NET project" do
+    subject { runner.scan }
+
+    before do
+      runner.mount(dir: fixture_file('dotnet/nuget-vbproj'))
+    end
+
+    specify do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to match_array(["jive"])
+      expect(subject.licenses_for('jive')).to match_array('MIT')
+    end
+  end
+
+  context "when scanning a F# project" do
+    subject { runner.scan }
+
+    before do
+      runner.mount(dir: fixture_file('dotnet/nuget-fsproj'))
+    end
+
+    specify do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to match_array(["FSharp.Core", "jive"])
+      expect(subject.licenses_for('jive')).to match_array('MIT')
+    end
+  end
+
+  context "when scanning a solution file with multiple projects" do
+    subject { runner.scan }
+
+    before do
+      runner.mount(dir: fixture_file('dotnet/nuget-sln'))
+    end
+
+    specify do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to match_array([
+        "FSharp.Core",
+        "Microsoft.CSharp",
+        "Microsoft.CodeCoverage",
+        "Microsoft.NET.Test.Sdk",
+        "Microsoft.NETCore.Platforms",
+        "Microsoft.NETCore.Platforms",
+        "Microsoft.NETCore.Targets",
+        "Microsoft.TestPlatform.ObjectModel",
+        "Microsoft.TestPlatform.TestHost",
+        "NETStandard.Library",
+        "Newtonsoft.Json",
+        "NuGet.Frameworks",
+        "System.Collections",
+        "System.Diagnostics.Debug",
+        "System.Diagnostics.Tools",
+        "System.Dynamic.Runtime",
+        "System.Globalization",
+        "System.IO",
+        "System.IO.FileSystem",
+        "System.IO.FileSystem.Primitives",
+        "System.Linq",
+        "System.Linq.Expressions",
+        "System.ObjectModel",
+        "System.Reflection",
+        "System.Reflection.Emit",
+        "System.Reflection.Emit.ILGeneration",
+        "System.Reflection.Emit.Lightweight",
+        "System.Reflection.Extensions",
+        "System.Reflection.Primitives",
+        "System.Reflection.TypeExtensions",
+        "System.Resources.ResourceManager",
+        "System.Runtime",
+        "System.Runtime.Extensions",
+        "System.Runtime.Handles",
+        "System.Runtime.InteropServices",
+        "System.Runtime.Serialization.Primitives",
+        "System.Text.Encoding",
+        "System.Text.Encoding.Extensions",
+        "System.Text.RegularExpressions",
+        "System.Threading",
+        "System.Threading.Tasks",
+        "System.Threading.Tasks.Extensions",
+        "System.Xml.ReaderWriter",
+        "System.Xml.XDocument",
+        "coverlet.collector",
+        "xunit",
+        "xunit.abstractions",
+        "xunit.analyzers",
+        "xunit.assert",
+        "xunit.core",
+        "xunit.extensibility.core",
+        "xunit.extensibility.execution",
+        "xunit.runner.visualstudio"
       ])
+
+      expect(subject.licenses_for('NuGet.Frameworks')).to match_array('Apache-2.0')
+      expect(subject.licenses_for('FSharp.Core')).to match_array('MIT')
+    end
+  end
+
+  context "when fetching dependencies from a custom registry" do
+    subject { runner.scan(env: env) }
+
+    let(:env) { {} }
+
+    before do
+      add_host('nuget.test', '127.0.0.1')
+      start_proxy_server
+      runner.mount(dir: fixture_file('dotnet/nuget-custom-tls'))
+    end
+
+    context "when the CA certificate is provided" do
+      let(:env) { { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read } }
+
+      specify do
+        expect(subject).to match_schema
+        expect(subject.dependency_names).to match_array(["jive"])
+        expect(subject.licenses_for('jive')).to match_array('MIT')
+      end
+    end
+
+    context "when the CA certificate is NOT provided" do
+      let(:env) { {} }
+
+      specify do
+        expect(subject).to match_schema
+        expect(subject.dependency_names).to match_array(["jive"])
+      end
     end
   end
 end
author	Can Eldem <celdem@gitlab.com>	2020-07-15 09:24:27 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-07-15 09:24:27 +0000
commit	f04805cf7b490b9ef9492e4ddc115ab7c2845ab6 (patch)
tree	290e40b1b3f3c24579ed780e83ce55293e4b1de7 /spec/integration/dotnet/nuget_spec.rb
parent	d8b18764499ed0378d5f5caf0d68460c39510cfe (diff)
parent	4b9540b7724f89b2c3d2850193721abd415421f6 (diff)