SecurityAlertCheckTaskTest::testUpdatesAreSaved() - Code Metrics - Inspection of "API Upgrade to SilverStripe 4 compatibility" - bringyourownideas/silverstripe-composer-security-checker - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#37)

unknown

created 2018-06-06 22:51 UTC

SecurityAlertCheckTaskTest::testUpdatesAreSaved() A

↳ Parent: SecurityAlertCheckTaskTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	9
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	5
nc	1
nop	0
dl	0
loc	9
rs	9.6666
c	0
b	0
f	0

<?php

namespace BringYourOwnIdeas\SecurityChecker\Tests;

use SensioLabs\Security\SecurityChecker;



use BringYourOwnIdeas\SecurityChecker\Tasks\SecurityAlertCheckTask;
use BringYourOwnIdeas\SecurityChecker\Models\SecurityAlert;
use SilverStripe\Dev\SapphireTest;

class SecurityAlertCheckTaskTest extends SapphireTest
{
    protected $usesDatabase = true;

    /**
     * @var SecurityAlertCheckTask
     */
    private $checkTask;

    /**
     * Run task buffering the output as so that it does not interfere with the test harness output.
     *
     * @param null|HTTPRequest $request

     *
     * @return string buffered output
     */
    private function runTask($request = null)
    {
        ob_start();
        $this->checkTask->run($request);
        return ob_get_clean();
    }

    /**
     * provide a mock to remove dependency on external service
     */
    protected function getSecurityCheckerMock($empty = false)
    {
        // Mock info comes from SensioLabs API docs example output,
        // and a real (test) silverstripe/installer 3.2.0 installation
        // (using the aforementioned API)
        $mockOutput = <<<CVENOTICE
{
    "symfony\/symfony": {
        "version": "2.1.x-dev",
        "advisories": {
            "symfony\/symfony\/CVE-2013-1397.yaml": {
                "title": "Ability to enable\/disable object support in YAML parsing and dumping",
                "link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
                "cve": "CVE-2013-1397"
            }
        }
    },
    "silverstripe\/framework": {
        "version": "3.2.0",
        "advisories": {
            "silverstripe\/framework\/SS-2016-002-1.yaml": {
                "title": "SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-002\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2016-003-1.yaml": {
                "title": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-003\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-028-1.yaml": {
                "title": "SS-2015-028: Missing security check on dev\/build\/defaults",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-028\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-027-1.yaml": {
                "title": "SS-2015-027: HtmlEditor embed url sanitisation",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-027\/",
                "cve": ""
            },
            "silverstripe\/framework\/SS-2015-026-1.yaml": {
                "title": "SS-2015-026: Form field validation message XSS vulnerability",
                "link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-026\/",
                "cve": ""
            }
        }
    }
}
CVENOTICE;

        $securityCheckerMock = $this->getMockBuilder(SecurityChecker::class)->setMethods(['check'])->getMock();
        $securityCheckerMock->expects($this->any())->method('check')->will($this->returnValue(
            $empty ? [] : json_decode($mockOutput, true)
        ));

        return $securityCheckerMock;
    }

    public function setUp()
    {
        parent::setUp();
        $securityCheckerMock = $this->getSecurityCheckerMock();
        $checkTask = new SecurityAlertCheckTask;
        $checkTask->setSecurityChecker($securityCheckerMock);
        $this->checkTask = $checkTask;
    }

    public function testUpdatesAreSaved()
    {
        $preCheck = SecurityAlert::get();
        $this->assertCount(0, $preCheck, 'database is empty to begin with');

        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
    }

    public function testNoDuplicates()
    {
        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
        
        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(6, $postCheck, 'The SecurityAlert isn\'t stored twice.');
    }

    public function testSecurityAlertRemovals()
    {
        $this->runTask();

        $preCheck = SecurityAlert::get();
        $this->assertCount(6, $preCheck, 'database has stored SecurityAlerts');

        $securityCheckerMock = $this->getSecurityCheckerMock(true);
        $this->checkTask->setSecurityChecker($securityCheckerMock);

        $this->runTask();

        $postCheck = SecurityAlert::get();
        $this->assertCount(0, $postCheck, 'database is empty to finish with');
    }

    public function testIdentifierSetsFromTitleIfCVEIsNotSet()
    {
        $this->runTask();
        $frameworkAlert = SecurityAlert::get()
            ->filter('PackageName', 'silverstripe/framework')
            ->first();
        $this->assertNotEmpty($frameworkAlert->Identifier);
        $this->assertRegExp('/^SS-201[56]-\d{3}$/', $frameworkAlert->Identifier);
    }
}


1			<?php
2
3			namespace BringYourOwnIdeas\SecurityChecker\Tests;
4
5			use SensioLabs\Security\SecurityChecker;
6
7
8
9			use BringYourOwnIdeas\SecurityChecker\Tasks\SecurityAlertCheckTask;
10			use BringYourOwnIdeas\SecurityChecker\Models\SecurityAlert;
11			use SilverStripe\Dev\SapphireTest;
12
13			class SecurityAlertCheckTaskTest extends SapphireTest
14			{
15			protected $usesDatabase = true;
16
17			/**
18			* @var SecurityAlertCheckTask
19			*/
20			private $checkTask;
21
22			/**
23			* Run task buffering the output as so that it does not interfere with the test harness output.
24			*
25			* @param null\|HTTPRequest $request
			0 ignored issues – show Bug introduced 2018-06-06 22:53 UTC by Report Bug Copy Issue Report The type `BringYourOwnIdeas\Securi...ecker\Tests\HTTPRequest` was not found. Did you mean `HTTPRequest`? If so, make sure to prefix the type with `\`. Loading history...
26			*
27			* @return string buffered output
28			*/
29			private function runTask($request = null)
30			{
31			ob_start();
32			$this->checkTask->run($request);
33			return ob_get_clean();
34			}
35
36			/**
37			* provide a mock to remove dependency on external service
38			*/
39			protected function getSecurityCheckerMock($empty = false)
40			{
41			// Mock info comes from SensioLabs API docs example output,
42			// and a real (test) silverstripe/installer 3.2.0 installation
43			// (using the aforementioned API)
44			$mockOutput = <<<CVENOTICE
45			{
46			"symfony\/symfony": {
47			"version": "2.1.x-dev",
48			"advisories": {
49			"symfony\/symfony\/CVE-2013-1397.yaml": {
50			"title": "Ability to enable\/disable object support in YAML parsing and dumping",
51			"link": "http:\/\/symfony.com\/blog\/security-release-symfony-2-0-22-and-2-1-7-released",
52			"cve": "CVE-2013-1397"
53			}
54			}
55			},
56			"silverstripe\/framework": {
57			"version": "3.2.0",
58			"advisories": {
59			"silverstripe\/framework\/SS-2016-002-1.yaml": {
60			"title": "SS-2016-002: CSRF vulnerability in GridFieldAddExistingAutocompleter",
61			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-002\/",
62			"cve": ""
63			},
64			"silverstripe\/framework\/SS-2016-003-1.yaml": {
65			"title": "SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers",
66			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2016-003\/",
67			"cve": ""
68			},
69			"silverstripe\/framework\/SS-2015-028-1.yaml": {
70			"title": "SS-2015-028: Missing security check on dev\/build\/defaults",
71			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-028\/",
72			"cve": ""
73			},
74			"silverstripe\/framework\/SS-2015-027-1.yaml": {
75			"title": "SS-2015-027: HtmlEditor embed url sanitisation",
76			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-027\/",
77			"cve": ""
78			},
79			"silverstripe\/framework\/SS-2015-026-1.yaml": {
80			"title": "SS-2015-026: Form field validation message XSS vulnerability",
81			"link": "https:\/\/www.silverstripe.org\/download\/security-releases\/ss-2015-026\/",
82			"cve": ""
83			}
84			}
85			}
86			}
87			CVENOTICE;
88
89			$securityCheckerMock = $this->getMockBuilder(SecurityChecker::class)->setMethods(['check'])->getMock();
90			$securityCheckerMock->expects($this->any())->method('check')->will($this->returnValue(
91			$empty ? [] : json_decode($mockOutput, true)
92			));
93
94			return $securityCheckerMock;
95			}
96
97			public function setUp()
98			{
99			parent::setUp();
100			$securityCheckerMock = $this->getSecurityCheckerMock();
101			$checkTask = new SecurityAlertCheckTask;
102			$checkTask->setSecurityChecker($securityCheckerMock);
103			$this->checkTask = $checkTask;
104			}
105
106			public function testUpdatesAreSaved()
107			{
108			$preCheck = SecurityAlert::get();
109			$this->assertCount(0, $preCheck, 'database is empty to begin with');
110
111			$this->runTask();
112
113			$postCheck = SecurityAlert::get();
114			$this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
115			}
116
117			public function testNoDuplicates()
118			{
119			$this->runTask();
120
121			$postCheck = SecurityAlert::get();
122			$this->assertCount(6, $postCheck, 'SecurityAlert has been stored');
123
124			$this->runTask();
125
126			$postCheck = SecurityAlert::get();
127			$this->assertCount(6, $postCheck, 'The SecurityAlert isn\'t stored twice.');
128			}
129
130			public function testSecurityAlertRemovals()
131			{
132			$this->runTask();
133
134			$preCheck = SecurityAlert::get();
135			$this->assertCount(6, $preCheck, 'database has stored SecurityAlerts');
136
137			$securityCheckerMock = $this->getSecurityCheckerMock(true);
138			$this->checkTask->setSecurityChecker($securityCheckerMock);
139
140			$this->runTask();
141
142			$postCheck = SecurityAlert::get();
143			$this->assertCount(0, $postCheck, 'database is empty to finish with');
144			}
145
146			public function testIdentifierSetsFromTitleIfCVEIsNotSet()
147			{
148			$this->runTask();
149			$frameworkAlert = SecurityAlert::get()
150			->filter('PackageName', 'silverstripe/framework')
151			->first();
152			$this->assertNotEmpty($frameworkAlert->Identifier);
153			$this->assertRegExp('/^SS-201[56]-\d{3}$/', $frameworkAlert->Identifier);
154			}
155			}
156

bringyourownideas / silverstripe-composer-security-checker

Pull Request — master (#37)

SecurityAlertCheckTaskTest::testUpdatesAreSaved() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like