diff options
| author | mo khan <mo.khan@gmail.com> | 2020-03-31 16:35:33 +0000 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-03-31 16:35:33 +0000 |
| commit | fec5e888a10f6d6c0a64d17242d293fc9da6d3d2 (patch) | |
| tree | 92e14683798648106e573555ed4a97658dfb7122 /spec/integration/python/pip_spec.rb | |
| parent | d0ff10b6ae1075a13827e00dd0120fac9639fde8 (diff) | |
| parent | 67e1de7e57a843622a824f68e4ffb40d8b9ff320 (diff) | |
Merge branch '199059-setup-py' into 'master'v3.3.0
Use virtualenv and pip-licenses to scan python projects
See merge request gitlab-org/security-products/license-management!128
Diffstat (limited to 'spec/integration/python/pip_spec.rb')
| -rw-r--r-- | spec/integration/python/pip_spec.rb | 51 |
1 files changed, 41 insertions, 10 deletions
diff --git a/spec/integration/python/pip_spec.rb b/spec/integration/python/pip_spec.rb index e54aa19..d22121b 100644 --- a/spec/integration/python/pip_spec.rb +++ b/spec/integration/python/pip_spec.rb @@ -13,7 +13,7 @@ RSpec.describe "pip" do expect(report).to match_schema(version: '2.0') expect(report[:version]).to start_with('2') expect(report[:dependencies].map { |x| x[:name] }).to include("sentry-sdk") - expect(report[:dependencies].find { |x| x[:name] == 'sentry-sdk' }[:licenses]).to match_array(["BSD-4-Clause"]) + expect(find_in(report, 'sentry-sdk')[:licenses]).to match_array(["BSD-4-Clause"]) end end @@ -54,30 +54,31 @@ RSpec.describe "pip" do let(:language) { 'python' } let(:package_manager) { 'pip' } let(:environment) { { 'LM_REPORT_VERSION' => report_version, 'LM_PYTHON_VERSION' => python[:version] } } + let(:expected_content) { fixture_file_content("expected/#{language}/#{python[:version]}/#{package_manager}/v#{report_version}.json").chomp } it 'matches the expected report' do runner.clone(url, branch: python[:commit]) report = runner.scan(env: environment) - content = fixture_file_content("expected/#{language}/#{python[:version]}/#{package_manager}/v#{report_version}.json") - expect(report).to eq(JSON.parse(content, symbolize_names: true)) + + expect(JSON.pretty_generate(report)).to eq(expected_content) expect(report).to match_schema(version: report_version) end end end end - context "when scanning projects with a `setup.py` but do not have a `requirements.txt` files" do - pending 'detects licenses in a simple `setup.py`' do + context "when scanning projects with a `setup.py` and does not have a `requirements.txt` file" do + it 'detects licenses in a simple `setup.py`' do runner.add_file('setup.py', fixture_file_content('python/simple-setup.py')) report = runner.scan expect(report).to match_schema(version: '2.0') expect(report[:dependencies]).not_to be_empty - expect(find_in(report, 'boto3')[:licenses]).to match_array(['MIT']) + expect(find_in(report, 'boto3')[:licenses]).to match_array(['Apache-2.0']) end - pending 'detects licenses in a more complicated `setup.py`' do - runner.add_file('setup.py', fixture_file_content('python/complex-setup.py')) + it 'detects licenses in a more complicated `setup.py`' do + runner.clone('https://github.com/pypa/sampleproject.git', branch: 'd09af3dbd851d385e56f0aed29875bfa3d3df230') report = runner.scan expect(report).to match_schema(version: '2.0') @@ -88,14 +89,44 @@ RSpec.describe "pip" do context "when scanning projects that have a custom index-url" do before do - runner.add_file('requirements.txt', 'pip==18.1') + runner.add_file('requirements.txt', 'six') end it 'detects the licenses from the custom index' do report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' }) expect(report).to match_schema(version: '2.0') - expect(find_in(report, 'pip')[:licenses]).to match_array(["MIT"]) + expect(find_in(report, 'six')[:licenses]).to match_array(["MIT"]) + end + end + + context "when a project uses a custom `SETUP_CMD`" do + before do + runner.add_file('requirements.txt', 'six==1.14.0') + end + + it 'detects the software licenses' do + report = runner.scan(env: { 'SETUP_CMD' => 'pip install -r requirements.txt' }) + + expect(report).to match_schema(version: '2.0') + expect(find_in(report, 'six')[:licenses]).to match_array(["MIT"]) + expect(report[:dependencies].map { |x| x[:name] }).to contain_exactly('six') + end + end + + context "when a projects is running in airgap mode" do + before do + runner.add_file('requirements.txt', '') + end + + it 'is able to scan the project' do + report = runner.scan(env: { + 'PIP_INDEX_URL' => 'https://localhost/simple/' + }) + + expect(report).to match_schema(version: '2.0') + expect(report[:licenses]).to be_empty + expect(report[:dependencies]).to be_empty end end end |