From a047af7bc4550110d00a1bec1bec7d312b39e6a7 Mon Sep 17 00:00:00 2001 From: balteravishay Date: Wed, 22 Jan 2025 22:04:37 +0000 Subject: [PATCH] more coverage Signed-off-by: balteravishay --- probes/memorysafe/impl_test.go | 59 ++++++++++++++++++++- probes/memorysafe/testdata/malformed.csproj | 2 + probes/memorysafe/testdata/malformed.go | 6 +++ 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 probes/memorysafe/testdata/malformed.csproj create mode 100644 probes/memorysafe/testdata/malformed.go diff --git a/probes/memorysafe/impl_test.go b/probes/memorysafe/impl_test.go index a111c224b3b..ba704dd48b3 100644 --- a/probes/memorysafe/impl_test.go +++ b/probes/memorysafe/impl_test.go @@ -47,6 +47,16 @@ func Test_Run(t *testing.T) { expected: []finding.Finding{}, err: nil, }, + // unimplemented languages + { + name: "unimplemented languages", + repoLanguages: []clients.Language{ + {Name: clients.Erlang, NumLines: 0}, + }, + filenames: []string{}, + expected: []finding.Finding{}, + err: nil, + }, // golang { name: "golang - no files", @@ -142,6 +152,29 @@ func Test_Run(t *testing.T) { }, err: nil, }, + { + name: "golang - malformed file with unsafe", + repoLanguages: []clients.Language{ + {Name: clients.Go, NumLines: 0}, + }, + filenames: []string{ + "testdata/malformed.go", + "testdata/unsafe.go", + }, + expected: []finding.Finding{ + { + Probe: Probe, + Message: "Golang code uses the unsafe package", + Outcome: finding.OutcomeFalse, + Remediation: &finding.Remediation{ + Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)", + Effort: 2, + }, + Location: &finding.Location{Path: "testdata/unsafe.go"}, + }, + }, + err: nil, + }, // csharp { name: "C# - no files", @@ -237,6 +270,29 @@ func Test_Run(t *testing.T) { }, err: nil, }, + { + name: "C# - malformed file with unsafe", + repoLanguages: []clients.Language{ + {Name: clients.CSharp, NumLines: 0}, + }, + filenames: []string{ + "testdata/malformed.csproj", + "testdata/unsafe.csproj", + }, + expected: []finding.Finding{ + { + Probe: Probe, + Message: "C# code allows the use of unsafe blocks", + Outcome: finding.OutcomeFalse, + Remediation: &finding.Remediation{ + Text: "Visit the OpenSSF Memory Safety SIG guidance on how to make your project memory safe.\nGuidance for [Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-memory-safe-by-default-languages.md)\nGuidance for [Non Memory-Safe By Default Languages](https://github.com/ossf/Memory-Safety/blob/main/docs/best-practice-non-memory-safe-by-default-languages.md)", + Effort: 2, + }, + Location: &finding.Location{Path: "testdata/unsafe.csproj"}, + }, + }, + err: nil, + }, // all languages { @@ -394,7 +450,8 @@ func Test_Run(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - if diff := cmp.Diff(findings, tt.expected, cmpopts.IgnoreUnexported(finding.Finding{})); diff != "" { + sortFindings := func(a, b finding.Finding) bool { return a.Message < b.Message } + if diff := cmp.Diff(findings, tt.expected, cmpopts.IgnoreUnexported(finding.Finding{}), cmpopts.SortSlices(sortFindings)); diff != "" { t.Error(diff) } }) diff --git a/probes/memorysafe/testdata/malformed.csproj b/probes/memorysafe/testdata/malformed.csproj new file mode 100644 index 00000000000..b0b3bb7ccad --- /dev/null +++ b/probes/memorysafe/testdata/malformed.csproj @@ -0,0 +1,2 @@ + + false diff --git a/probes/memorysafe/testdata/malformed.go b/probes/memorysafe/testdata/malformed.go new file mode 100644 index 00000000000..38d7c30462d --- /dev/null +++ b/probes/memorysafe/testdata/malformed.go @@ -0,0 +1,6 @@ + +imp ort "unsafe" + +fu SafeFoo(inpu string { + +