dependency_check:chore - improve tests and code cleaning (#895)

This commit add some new asserts on successful parsing dependency check results, to verify that all fields of Vulnerability was filled. Some code organization was also made, and the entities packages was removed and the dependency check schema output was moved to dependencycheck package. Updates #718 Signed-off-by: Matheus Alcantara <[email protected]>
ZupIT · Dec 27, 2021 · 94ea253 · 94ea253
1 parent d358b62
commit 94ea253
Show file tree

Hide file tree

Showing 7 changed files with 221 additions and 135 deletions.
diff --git a/...ric/dependency_check/entities/analysis.go → ...ters/generic/dependency_check/analysis.go b/...ric/dependency_check/entities/analysis.go → ...ters/generic/dependency_check/analysis.go
@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package entities
+package dependencycheck
 
-type Analysis struct {
-	Dependencies []*Dependency `json:"dependencies"`
+type dependencyCheckAnalysis struct {
+	Dependencies []*dependencyCheckDependency `json:"dependencies"`
 }
diff --git a/...c/dependency_check/entities/dependency.go → ...rs/generic/dependency_check/dependency.go b/...c/dependency_check/entities/dependency.go → ...rs/generic/dependency_check/dependency.go
@@ -12,19 +12,19 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package entities
+package dependencycheck
 
 import (
 	"strings"
 )
 
-type Dependency struct {
-	FileName        string           `json:"fileName"`
-	FilePath        string           `json:"filePath"`
-	Vulnerabilities []*Vulnerability `json:"vulnerabilities"`
+type dependencyCheckDependency struct {
+	FileName        string                          `json:"fileName"`
+	FilePath        string                          `json:"filePath"`
+	Vulnerabilities []*dependencyCheckVulnerability `json:"vulnerabilities"`
 }
 
-func (d *Dependency) GetVulnerability() *Vulnerability {
+func (d *dependencyCheckDependency) getVulnerability() *dependencyCheckVulnerability {
 	for _, vulnerability := range d.Vulnerabilities {
 		if strings.Contains(vulnerability.Name, "CWE") {
 			return vulnerability
@@ -38,7 +38,7 @@ func (d *Dependency) GetVulnerability() *Vulnerability {
 	return nil
 }
 
-func (d *Dependency) GetFile() string {
+func (d *dependencyCheckDependency) getFile() string {
 	index := strings.Index(d.FilePath, "?")
 	if index < 0 {
 		return d.FilePath

diff --git a/...endency_check/entities/dependency_test.go → ...neric/dependency_check/dependency_test.go b/...endency_check/entities/dependency_test.go → ...neric/dependency_check/dependency_test.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package entities
+package dependencycheck
 
 import (
 	"testing"
@@ -22,10 +22,10 @@ import (
 
 func TestGetVulnerability(t *testing.T) {
 	t.Run("should success get vulnerability without cwe", func(t *testing.T) {
-		dependency := &Dependency{
+		dependency := &dependencyCheckDependency{
 			FileName: "test",
 			FilePath: "test",
-			Vulnerabilities: []*Vulnerability{
+			Vulnerabilities: []*dependencyCheckVulnerability{
 				{
 					Description: "test",
 					Severity:    "test",
@@ -34,14 +34,14 @@ func TestGetVulnerability(t *testing.T) {
 			},
 		}
 
-		assert.NotNil(t, dependency.GetVulnerability())
+		assert.NotNil(t, dependency.getVulnerability())
 	})
 
 	t.Run("should success get vulnerability with cwe", func(t *testing.T) {
-		dependency := &Dependency{
+		dependency := &dependencyCheckDependency{
 			FileName: "test",
 			FilePath: "test",
-			Vulnerabilities: []*Vulnerability{
+			Vulnerabilities: []*dependencyCheckVulnerability{
 				{
 					Description: "test",
 					Severity:    "test",
@@ -50,33 +50,33 @@ func TestGetVulnerability(t *testing.T) {
 			},
 		}
 
-		assert.NotNil(t, dependency.GetVulnerability())
+		assert.NotNil(t, dependency.getVulnerability())
 	})
 
 	t.Run("should return nil when do not contains vulnerability", func(t *testing.T) {
-		dependency := &Dependency{}
+		dependency := &dependencyCheckDependency{}
 
-		assert.Nil(t, dependency.GetVulnerability())
+		assert.Nil(t, dependency.getVulnerability())
 	})
 }
 
 func TestGetFile(t *testing.T) {
 	t.Run("should success get file", func(t *testing.T) {
-		dependency := &Dependency{
+		dependency := &dependencyCheckDependency{
 			FilePath: "test?test",
 		}
 
-		file := dependency.GetFile()
+		file := dependency.getFile()
 		assert.NotEmpty(t, file)
 		assert.Equal(t, "test", file)
 	})
 
 	t.Run("should success get file", func(t *testing.T) {
-		dependency := &Dependency{
+		dependency := &dependencyCheckDependency{
 			FilePath: "test2",
 		}
 
-		file := dependency.GetFile()
+		file := dependency.getFile()
 		assert.NotEmpty(t, file)
 		assert.Equal(t, "test2", file)
 	})

diff --git a/internal/services/formatters/generic/dependency_check/formatter.go b/internal/services/formatters/generic/dependency_check/formatter.go
@@ -23,19 +23,18 @@ import (
 	"github.com/ZupIT/horusec-devkit/pkg/enums/tools"
 	"github.com/ZupIT/horusec-devkit/pkg/utils/logger"
 
-	dockerEntities "github.com/ZupIT/horusec/internal/entities/docker"
+	"github.com/ZupIT/horusec/internal/entities/docker"
 	"github.com/ZupIT/horusec/internal/enums/images"
 	"github.com/ZupIT/horusec/internal/helpers/messages"
 	"github.com/ZupIT/horusec/internal/services/formatters"
-	dependencyCheckEntities "github.com/ZupIT/horusec/internal/services/formatters/generic/dependency_check/entities"
 	vulnhash "github.com/ZupIT/horusec/internal/utils/vuln_hash"
 )
 
 type Formatter struct {
 	formatters.IService
 }
 
-func NewFormatter(service formatters.IService) formatters.IFormatter {
+func NewFormatter(service formatters.IService) *Formatter {
 	return &Formatter{
 		service,
 	}
@@ -63,8 +62,8 @@ func (f *Formatter) startDependencyCheck(projectSubPath string) (string, error)
 	return output, f.parseOutput(output)
 }
 
-func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.AnalysisData {
-	analysisData := &dockerEntities.AnalysisData{
+func (f *Formatter) getConfigData(projectSubPath string) *docker.AnalysisData {
+	analysisData := &docker.AnalysisData{
 		CMD:      f.AddWorkDirInCmd(CMD, projectSubPath, tools.OwaspDependencyCheck),
 		Language: languages.Generic,
 	}
@@ -73,7 +72,7 @@ func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.Analysi
 }
 
 func (f *Formatter) parseOutput(output string) error {
-	var analysis *dependencyCheckEntities.Analysis
+	var analysis *dependencyCheckAnalysis
 
 	index := strings.Index(output, "{")
 	if index < 0 || output == "" {
@@ -88,30 +87,28 @@ func (f *Formatter) parseOutput(output string) error {
 	return nil
 }
 
-func (f *Formatter) parseToVulnerability(analysis *dependencyCheckEntities.Analysis) {
+func (f *Formatter) parseToVulnerability(analysis *dependencyCheckAnalysis) {
 	for _, dependency := range analysis.Dependencies {
-		vulnData := dependency.GetVulnerability()
+		vulnData := dependency.getVulnerability()
 		if vulnData == nil {
 			continue
 		}
 
-		f.AddNewVulnerabilityIntoAnalysis(f.setVulnerabilityData(vulnData, dependency))
+		f.AddNewVulnerabilityIntoAnalysis(f.newVulnerability(vulnData, dependency))
 	}
 }
 
-func (f *Formatter) setVulnerabilityData(vulnData *dependencyCheckEntities.Vulnerability,
-	dependency *dependencyCheckEntities.Dependency) *vulnerability.Vulnerability {
-	vuln := f.getDefaultVulnerabilitySeverity()
-	vuln.Severity = vulnData.GetSeverity()
-	vuln.Details = vulnData.Description
-	vuln.Code = f.GetCodeWithMaxCharacters(dependency.FileName, 0)
-	vuln.File = f.RemoveSrcFolderFromPath(dependency.GetFile())
-	return vulnhash.Bind(vuln)
-}
+func (f *Formatter) newVulnerability(
+	vulnData *dependencyCheckVulnerability, dependency *dependencyCheckDependency,
+) *vulnerability.Vulnerability {
+	vuln := &vulnerability.Vulnerability{
+		SecurityTool: tools.OwaspDependencyCheck,
+		Language:     languages.Generic,
+		Severity:     vulnData.getSeverity(),
+		Details:      vulnData.Description,
+		Code:         f.GetCodeWithMaxCharacters(dependency.FileName, 0),
+		File:         f.RemoveSrcFolderFromPath(dependency.getFile()),
+	}
 
-func (f *Formatter) getDefaultVulnerabilitySeverity() *vulnerability.Vulnerability {
-	vulnerabilitySeverity := &vulnerability.Vulnerability{}
-	vulnerabilitySeverity.SecurityTool = tools.OwaspDependencyCheck
-	vulnerabilitySeverity.Language = languages.Generic
-	return vulnerabilitySeverity
+	return f.SetCommitAuthor(vulnhash.Bind(vuln))
 }