Fixing specs

coinbase · Sep 29, 2023 · 0ec9d56 · 0ec9d56
1 parent ff26621
commit 0ec9d56
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 26 deletions.
diff --git a/lib/salus/scanners/base.rb b/lib/salus/scanners/base.rb
@@ -532,19 +532,6 @@ def build_options(prefix:, suffix:, separator:, args:, join_by: ',', config_over
                        join_by: join_by,
                        regex: type_value
                      )
-                     # In new versions of gosec, nosec-tag matches the exact string
-                     # For example, In previous versions;
-                     #  - running the command `gosec -nosec-tag=falsepositive .`
-                     #    would match all occurrences of /* #falsepositive */ in go files
-                     # In current versions:
-                     #  - running the command `gosec -nosec-tag=falsepositive .`
-                     #    would match only match /* falsepositive */ in go files
-                     #  - you would have to modify your string to match #falsepositive
-                     #    running the command `gosec -nosec-tag=#falsepositive .`
-                     #    would match all occurrences of /* #falsepositive */ in go files
-                     # To prevent salus functionality from changing, this line adds a pound
-                     # sign to alternative nosec string
-                     result = "-nosec-tag=##{config_value} " if result.include? "-nosec-tag="
                      result
                    else
                      warning = "Could not interpolate config for #{keyword} "\

diff --git a/spec/fixtures/npm_audit/success_with_exceptions/salus-sarif.yaml b/spec/fixtures/npm_audit/success_with_exceptions/salus-sarif.yaml
@@ -20,4 +20,14 @@ scanner_configs:
                 advisory_id: "1091018",
                 changed_by: "joshua.ostrom",
                 notes: "See https://www.npmjs.com/advisories/48. We're not vulnerable to this because this is a regex dos and we have nothing that puts user input into it. The impact is also minimal.",
-              }
+              }
+            - {
+                advisory_id: "1091686",
+                changed_by: "joshua.ostrom",
+                notes: "False positive",
+              }
+            - {
+                advisory_id: "1091710",
+                changed_by: "joshua.ostrom",
+                notes: "False positive",
+              }
diff --git a/spec/lib/salus/scanners/yarn_audit_spec.rb b/spec/lib/salus/scanners/yarn_audit_spec.rb
@@ -71,7 +71,7 @@
 
       expect(scanner.report.to_h.fetch(:passed)).to eq(false)
       vulns = JSON.parse(scanner.report.to_h[:info][:stdout]).sort { |a, b| a["ID"] <=> b["ID"] }
-      expect(vulns.size).to eq(17)
+      expect(vulns.size).to eq(18)
 
       vulns.each do |vul|
         ["Package", "Patched in", "Dependency of", "More info", "Severity", "Title"].each do |attr|
@@ -81,22 +81,24 @@
         expect(vul["ID"]).to be_kind_of(Integer)
       end
 
-      id_vuls = vulns.find { |v| v['ID'] == 1_091_360 }
+      id_vuls = vulns.find { |v| v['ID'] == 1_091_832 }
+
       # vul has 1 dependency of
-      expected_vul = { "Package" => "trim-newlines",
-                       "Patched in" => ">=3.0.1",
-                       "Dependency of" => "gulp-cssmin",
-                       "More info" => "https://www.npmjs.com/advisories/1091360",
+      expected_vul = { "Package" => "lodash",
+                       "Patched in" => ">=4.17.21",
+                       "Dependency of" => "gulp-modify-file",
+                       "More info" => "https://www.npmjs.com/advisories/1091832",
                        "Severity" => "high",
-                       "Title" => "Uncontrolled Resource Consumption in trim-newlines",
-                       "ID" => 1_091_360 }
+                       "Title" => "Command Injection in lodash",
+                       "ID" => 1_091_832 }
+
       expect(id_vuls).to eq(expected_vul)
 
       id_vuls_w_paths = scanner.instance_variable_get(:@vulns_w_paths)
-        .find { |v| v['ID'] == 1_091_360 }
+        .find { |v| v['ID'] == 1_091_832 }
 
-      expected_vul['Path'] = "gulp-cssmin > gulp-util > "\
-        "dateformat > meow > trim-newlines"
+      expected_vul['Path'] = "gulp-modify-file > gulp > "\
+        "vinyl-fs > glob-watcher > gaze > globule > lodash"
       expect(id_vuls_w_paths).to eq(expected_vul)
     end
 

diff --git a/spec/lib/sarif/cargo_audit_sarif_spec.rb b/spec/lib/sarif/cargo_audit_sarif_spec.rb
@@ -34,7 +34,7 @@
                           "title": { "text": "MultiDecoder::read() drops uninitialized memory of"\
                           " arbitrary type on panic in client code" },
                           "severity": { "text": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" },
-                          "cwe": { "text": "[\"CVE-2019-15552\"]" },
+                          "cwe": { "text": "[\"CVE-2019-15552\", \"GHSA-rpcm-whqc-jfw8\"]" },
                           "patched_versions": { "text": "[\">=0.1.25\"]" },
                           "unaffected_versions": { "text": "[\"<0.1.14\"]" } },
           help_url: "https://github.com/sile/libflate/issues/35",

diff --git a/spec/lib/sarif/npm_audit_sarif_spec.rb b/spec/lib/sarif/npm_audit_sarif_spec.rb
@@ -165,6 +165,7 @@
         report = Salus::Report.new(project_name: "Neon Genesis")
         report.add_scan_report(scanner.report, required: false)
         report_object = JSON.parse(report.to_sarif)['runs'][0]
+
         expect(report_object['results'].length).to eq(0)
         expect(report_object['invocations'][0]['executionSuccessful']).to eq(true)
       end