SecurityAlertCheckTaskTest - Code Metrics - bringyourownideas/silverstripe-composer-security-checker - Measure and Improve Code Quality continuously with Scrutinizer

SecurityAlertCheckTaskTest A
last analyzed 2023-06-21 21:13 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	144
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
eloc	85
c	2
b	0
f	0
dl	0
loc	144
rs	10
wmc	8

7 Methods

Rating	Name	Size	Complexity
A	testUpdatesAreSaved()	9	1
A	testIdentifierSetsFromTitleIfCVEIsNotSet()	8	1
A	testNoDuplicates()	11	1
A	getSecurityCheckerMock()	56	2
A	testSecurityAlertRemovals()	14	1
A	runTask()	5	1
A	setUp()	10	1

<?php

namespace BringYourOwnIdeas\SecurityChecker\Tests;

use BringYourOwnIdeas\SecurityChecker\Models\SecurityAlert;
use BringYourOwnIdeas\SecurityChecker\Tasks\SecurityAlertCheckTask;
use SensioLabs\Security\Result;
use SensioLabs\Security\SecurityChecker;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Dev\SapphireTest;
use Symbiote\QueuedJobs\Services\QueuedJobService;

class SecurityAlertCheckTaskTest extends SapphireTest
{
    protected $usesDatabase = true;

    /**
     * @var SecurityAlertCheckTask
     */
    private $checkTask;

    protected function setUp()
    {
        parent::setUp();

        QueuedJobService::config()->set('use_shutdown_function', false);

        $securityCheckerMock = $this->getSecurityCheckerMock();
        $checkTask = new SecurityAlertCheckTask;
        $checkTask->setSecurityChecker($securityCheckerMock);
        $this->checkTask = $checkTask;
    }

    /**
     * Run task buffering the output as so that it does not interfere with the test harness output.
     *
     * @param null|HTTPRequest $request
     *
     * @return string buffered output
     */
    private function runTask($request = null)
    {
        ob_start();
        $this->checkTask->run($request);
        return ob_get_clean();
    }

    /**
     * provide a mock to remove dependency on external service
     */
    protected function getSecurityCheckerMock($empty = false)
    {
        // Mock info comes from SensioLabs API docs example output,
        // and a real (test) silverstripe/installer 3.2.0 installation
        // (using the aforementioned API)
        $mockOutput = <<<CVENOTICE
{
    "symfony\/symfony": {
        "version": "2.1.x-dev",
        "advisories": {
            "symfony\/symfony\/CVE-2013-1397.yaml": {
                "title": "Ability to enable\/disable object support in YAML parsing and dumping",
                "link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
                "cve": "CVE-2013-1397"
            }
        }
    },
    "silverstripe\/framework": {
        "version": "3.2.0",
        "advisories": {
            "silverstripe\/framework\/SS-2016-002-1.yaml": {
                "title": "SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-002\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2016-003-1.yaml": {
                "title": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-003\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-028-1.yaml": {
                "title": "SS-2015-028: Missing security check on dev\/build\/defaults",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-028\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-027-1.yaml": {
                "title": "SS-2015-027: HtmlEditor embed url sanitisation",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-027\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-026-1.yaml": {
                "title": "SS-2015-026: Form field validation message XSS vulnerability",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-026\/",
                "cve": ""
            }
        }
    }
}
CVENOTICE;

        $securityCheckerMock = $this->getMockBuilder(SecurityChecker::class)->setMethods(['check'])->getMock();
        $securityCheckerMock->expects($this->any())->method('check')->will($this->returnValue(
            $empty ? new Result(0, '{}', 'json') : new Result(6, $mockOutput, 'json')
        ));

        return $securityCheckerMock;
    }

    public function testUpdatesAreSaved()
    {
        $preCheck = SecurityAlert::get();
        $this->assertCount(0, $preCheck, 'database is empty to begin with');

        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
    }

    public function testNoDuplicates()
    {
        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'SecurityAlert has been stored');

        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'The SecurityAlert isn\'t stored twice.');
    }

    public function testSecurityAlertRemovals()
    {
        $this->runTask();

        $preCheck = SecurityAlert::get();
        $this->assertCount(6, $preCheck, 'database has stored SecurityAlerts');

        $securityCheckerMock = $this->getSecurityCheckerMock(true);
        $this->checkTask->setSecurityChecker($securityCheckerMock);

        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(0, $postCheck, 'database is empty to finish with');
    }

    public function testIdentifierSetsFromTitleIfCVEIsNotSet()
    {
        $this->runTask();
        $frameworkAlert = SecurityAlert::get()
            ->filter('PackageName', 'silverstripe/framework')
            ->first();
        $this->assertNotEmpty($frameworkAlert->Identifier);
        $this->assertRegExp('/^SS-201[56]-\d{3}$/', $frameworkAlert->Identifier);
    }
}


1			<?php
2
3			namespace BringYourOwnIdeas\SecurityChecker\Tests;
4
5			use BringYourOwnIdeas\SecurityChecker\Models\SecurityAlert;
6			use BringYourOwnIdeas\SecurityChecker\Tasks\SecurityAlertCheckTask;
7			use SensioLabs\Security\Result;
8			use SensioLabs\Security\SecurityChecker;
9			use SilverStripe\Control\HTTPRequest;
10			use SilverStripe\Dev\SapphireTest;
11			use Symbiote\QueuedJobs\Services\QueuedJobService;
12
13			class SecurityAlertCheckTaskTest extends SapphireTest
14			{
15			protected $usesDatabase = true;
16
17			/**
18			* @var SecurityAlertCheckTask
19			*/
20			private $checkTask;
21
22			protected function setUp()
23			{
24			parent::setUp();
25
26			QueuedJobService::config()->set('use_shutdown_function', false);
27
28			$securityCheckerMock = $this->getSecurityCheckerMock();
29			$checkTask = new SecurityAlertCheckTask;
30			$checkTask->setSecurityChecker($securityCheckerMock);
31			$this->checkTask = $checkTask;
32			}
33
34			/**
35			* Run task buffering the output as so that it does not interfere with the test harness output.
36			*
37			* @param null\|HTTPRequest $request
38			*
39			* @return string buffered output
40			*/
41			private function runTask($request = null)
42			{
43			ob_start();
44			$this->checkTask->run($request);
45			return ob_get_clean();
46			}
47
48			/**
49			* provide a mock to remove dependency on external service
50			*/
51			protected function getSecurityCheckerMock($empty = false)
52			{
53			// Mock info comes from SensioLabs API docs example output,
54			// and a real (test) silverstripe/installer 3.2.0 installation
55			// (using the aforementioned API)
56			$mockOutput = <<<CVENOTICE
57			{
58			"symfony\/symfony": {
59			"version": "2.1.x-dev",
60			"advisories": {
61			"symfony\/symfony\/CVE-2013-1397.yaml": {
62			"title": "Ability to enable\/disable object support in YAML parsing and dumping",
63			"link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
64			"cve": "CVE-2013-1397"
65			}
66			}
67			},
68			"silverstripe\/framework": {
69			"version": "3.2.0",
70			"advisories": {
71			"silverstripe\/framework\/SS-2016-002-1.yaml": {
72			"title": "SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter",
73			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-002\/",
74			"cve": ""
75			},
76			"silverstripe\/framework\/SS-2016-003-1.yaml": {
77			"title": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers",
78			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-003\/",
79			"cve": ""
80			},
81			"silverstripe\/framework\/SS-2015-028-1.yaml": {
82			"title": "SS-2015-028: Missing security check on dev\/build\/defaults",
83			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-028\/",
84			"cve": ""
85			},
86			"silverstripe\/framework\/SS-2015-027-1.yaml": {
87			"title": "SS-2015-027: HtmlEditor embed url sanitisation",
88			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-027\/",
89			"cve": ""
90			},
91			"silverstripe\/framework\/SS-2015-026-1.yaml": {
92			"title": "SS-2015-026: Form field validation message XSS vulnerability",
93			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-026\/",
94			"cve": ""
95			}
96			}
97			}
98			}
99			CVENOTICE;
100
101			$securityCheckerMock = $this->getMockBuilder(SecurityChecker::class)->setMethods(['check'])->getMock();
102			$securityCheckerMock->expects($this->any())->method('check')->will($this->returnValue(
103			$empty ? new Result(0, '{}', 'json') : new Result(6, $mockOutput, 'json')
104			));
105
106			return $securityCheckerMock;
107			}
108
109			public function testUpdatesAreSaved()
110			{
111			$preCheck = SecurityAlert::get();
112			$this->assertCount(0, $preCheck, 'database is empty to begin with');
113
114			$this->runTask();
115
116			$postCheck = SecurityAlert::get();
117			$this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
118			}
119
120			public function testNoDuplicates()
121			{
122			$this->runTask();
123
124			$postCheck = SecurityAlert::get();
125			$this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
126
127			$this->runTask();
128
129			$postCheck = SecurityAlert::get();
130			$this->assertCount(6, $postCheck, 'The SecurityAlert isn\'t stored twice.');
131			}
132
133			public function testSecurityAlertRemovals()
134			{
135			$this->runTask();
136
137			$preCheck = SecurityAlert::get();
138			$this->assertCount(6, $preCheck, 'database has stored SecurityAlerts');
139
140			$securityCheckerMock = $this->getSecurityCheckerMock(true);
141			$this->checkTask->setSecurityChecker($securityCheckerMock);
142
143			$this->runTask();
144
145			$postCheck = SecurityAlert::get();
146			$this->assertCount(0, $postCheck, 'database is empty to finish with');
147			}
148
149			public function testIdentifierSetsFromTitleIfCVEIsNotSet()
150			{
151			$this->runTask();
152			$frameworkAlert = SecurityAlert::get()
153			->filter('PackageName', 'silverstripe/framework')
154			->first();
155			$this->assertNotEmpty($frameworkAlert->Identifier);
156			$this->assertRegExp('/^SS-201[56]-\d{3}$/', $frameworkAlert->Identifier);
157			}
158			}
159

bringyourownideas / silverstripe-composer-security-checker

SecurityAlertCheckTaskTest A last analyzed 2023-06-21 21:13 UTC

Complexity

Size/Duplication

Importance

7 Methods

Duplication Side-by-Side

Filter issues like

SecurityAlertCheckTaskTest A
last analyzed 2023-06-21 21:13 UTC