path: root/spec/integration/python/pip_spec.rb

require 'spec_helper'

RSpec.describe "pip" do
  context "when a project depends on the latest version of pip" do
    let(:requirements) { "sentry-sdk>=0.7.7" }

    it 'produces a valid report' do
      runner.add_file('requirements.txt', requirements)

      report = runner.scan

      expect(report).not_to be_empty
      expect(report).to match_schema(version: '2.0')
      expect(report[:version]).to start_with('2')
      expect(report[:dependencies].map { |x| x[:name] }).to include("sentry-sdk")
      expect(report[:dependencies].find { |x| x[:name] == 'sentry-sdk' }[:licenses]).to match_array(["BSD-4-Clause"])
    end
  end

  context "when the project has a dependency that depends on a minimum of python 3.6" do
    let(:requirements) do
      [
        'boto3',
        'aws-lambda-context>=1.0.0',
        'jsonschema>=3.0.0',
        'python-json-logger>=0.1.10',
        'sentry-sdk>=0.7.7',
        'https://s3-eu-west-1.amazonaws.com/new10-pypi/new10-logging-1.1.4.tar.gz',
        'ptvsd',
        'pylint',
        'flake8',
        'bandit',
        'pydocstyle'
      ].join("\n")
    end

    it 'produces a valid report' do
      runner.add_file('requirements.txt', requirements)

      report = runner.scan

      expect(report).not_to be_empty
      expect(report).to match_schema(version: '2.0')
      expect(report[:version]).to start_with('2')
      expect(report[:licenses]).not_to be_empty
      expect(report[:dependencies]).not_to be_empty
    end
  end

  [{ version: '2', commit: '04dce91b' }, { version: '3', commit: '48e250a1' }].each do |python|
    ['1.0', '1.1', '2.0'].each do |report_version|
      context "when generating a `#{report_version}` report using Python `#{python[:version]}`" do
        let(:url) { "https://gitlab.com/gitlab-org/security-products/tests/#{language}-#{package_manager}.git" }
        let(:language) { 'python' }
        let(:package_manager) { 'pip' }
        let(:environment) { { 'LM_REPORT_VERSION' => report_version, 'LM_PYTHON_VERSION' => python[:version] } }

        it 'matches the expected report' do
          runner.clone(url, branch: python[:commit])
          report = runner.scan(env: environment)
          content = fixture_file_content("expected/#{language}/#{python[:version]}/#{package_manager}/v#{report_version}.json")
          expect(report).to eq(JSON.parse(content, symbolize_names: true))
          expect(report).to match_schema(version: report_version)
        end
      end
    end
  end

  context "when scanning projects with a `setup.py` but do not have a `requirements.txt` files" do
    pending 'detects licenses in a simple `setup.py`' do
      runner.add_file('setup.py', fixture_file_content('python/simple-setup.py'))
      report = runner.scan

      expect(report).to match_schema(version: '2.0')
      expect(report[:dependencies]).not_to be_empty
      expect(find_in(report, 'boto3')[:licenses]).to match_array(['MIT'])
    end

    pending 'detects licenses in a more complicated `setup.py`' do
      runner.add_file('setup.py', fixture_file_content('python/complex-setup.py'))
      report = runner.scan

      expect(report).to match_schema(version: '2.0')
      expect(report[:dependencies]).not_to be_empty
      expect(find_in(report, 'peppercorn')[:licenses]).to match_array(['BSD-2-Clause'])
    end
  end

  context "when scanning projects that have a custom index-url" do
    before do
      runner.add_file('requirements.txt', 'pip==18.1')
    end

    it 'detects the licenses from the custom index' do
      report = runner.scan(env: { 'PIP_INDEX_URL' => 'https://test.pypi.org/simple/' })

      expect(report).to match_schema(version: '2.0')
      expect(find_in(report, 'pip')[:licenses]).to match_array(["MIT"])
    end
  end
end