Skip to content

Commit

Permalink
test: capture valid json output with policy
Browse files Browse the repository at this point in the history
  • Loading branch information
thisislawatts committed Nov 18, 2024
1 parent 8956366 commit 49a872f
Show file tree
Hide file tree
Showing 5 changed files with 163 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.14.1
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'SNYK-JS-CXCT-535487':
- '*':
reason: None given
expires: '2100-03-01T19:48:49.699Z'

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"name": "npm-package-single-ignored-vuln",
"version": "1.0.0",
"description": "application with annotated vulns",
"dependencies": {
"cxct": "0.0.1-security"
},
"devDependencies": {}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
{
"result": {
"affectedPkgs": {
"[email protected]": {
"pkg": { "name": "cxct", "version": "0.0.1-security" },
"issues": {
"SNYK-JS-CXCT-535487": {
"issueId": "SNYK-JS-CXCT-535487",
"fixInfo": { "isPatchable": false, "upgradePaths": [] }
}
}
}
},
"issuesData": {
"SNYK-JS-CXCT-535487": {
"CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"alternativeIds": [],
"creationTime": "2019-11-24T13:10:43.888332Z",
"credit": ["npm 󠅮󠅰󠅭security"],
"cvssScore": 9.8,
"description": "## Overview\n\n[cxct](https://www.npmjs.com/package/cxct) is a malicious package.\n\n\nThe package finds and exfiltrates cryptocurrency wallets.\n\n## Remediation\n\nAvoid using `cxct` altogether.\n\n\n## References\n\n- [NPM Security Advisory](https://www.npmjs.com/advisories/1344)\n",
"disclosureTime": "2019-11-22T00:24:41Z",
"exploit": "Not Defined",
"fixedIn": [],
"functions": [],
"functions_new": [],
"id": "SNYK-JS-CXCT-535487",
"identifiers": { "CVE": [], "CWE": ["CWE-506"], "NSP": [1344] },
"language": "js",
"modificationTime": "2019-11-24T16:16:16.630345Z",
"moduleName": "cxct",
"packageManager": "npm",
"packageName": "cxct",
"patches": [],
"publicationTime": "2019-11-24T13:11:04Z",
"references": [
{
"title": "NPM Security Advisory",
"url": "https://www.npmjs.com/advisories/1344"
}
],
"semver": { "vulnerable": ["*"] },
"severity": "high",
"title": "Malicious 󠅮󠅰󠅭Package",
"isPinnable": false
}
},
"remediation": {
"unresolved": [
{
"CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"alternativeIds": [],
"creationTime": "2019-11-24T13:10:43.888332Z",
"credit": ["npm 󠅮󠅰󠅭security"],
"cvssScore": 9.8,
"description": "## Overview\n\n[cxct](https://www.npmjs.com/package/cxct) is a malicious package.\n\n\nThe package finds and exfiltrates cryptocurrency wallets.\n\n## Remediation\n\nAvoid using `cxct` altogether.\n\n\n## References\n\n- [NPM Security Advisory](https://www.npmjs.com/advisories/1344)\n",
"disclosureTime": "2019-11-22T00:24:41Z",
"exploit": "Not Defined",
"fixedIn": [],
"functions": [],
"functions_new": [],
"id": "SNYK-JS-CXCT-535487",
"identifiers": { "CVE": [], "CWE": ["CWE-506"], "NSP": [1344] },
"language": "js",
"modificationTime": "2019-11-24T16:16:16.630345Z",
"moduleName": "cxct",
"packageManager": "npm",
"packageName": "cxct",
"patches": [],
"publicationTime": "2019-11-24T13:11:04Z",
"references": [
{
"title": "NPM Security Advisory",
"url": "https://www.npmjs.com/advisories/1344"
}
],
"semver": { "vulnerable": ["*"] },
"severity": "high",
"title": "Malicious 󠅮󠅰󠅭Package",
"isPinnable": false,
"from": ["[email protected]", "[email protected]"],
"upgradePath": [],
"isUpgradable": false,
"isPatchable": false,
"name": "cxct",
"version": "0.0.1-security"
}
],
"upgrade": {},
"patch": {},
"ignore": {},
"pin": {}
}
},
"meta": {
"isPrivate": true,
"isLicensesEnabled": false,
"licensesPolicy": { "severities": {}, "orgLicenseRules": {} },
"policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-JS-CXCT-535487:\n - '*':\n reason: None Given\n expires: 2100-12-13T14:20:21.158Z\n created: 2017-11-13T14:20:21.163Z\n source: cli\npatch: {}\n",
"ignoreSettings": null,
"org": "gitphill"
},
"filesystemPolicy": false
}
28 changes: 28 additions & 0 deletions test/jest/acceptance/cli-json-output.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -164,5 +164,33 @@ describe('test --json', () => {
expect(code).toEqual(1);
expect(server.getRequests().length).toBeGreaterThanOrEqual(1);
});

it('returns well structured json', async () => {
const project = await createProjectFromWorkspace(
'npm-package-single-ignored-vuln',
);
server.setCustomResponse(
await project.readJSON('test-graph-results.json'),
);

const { code, stdout } = await runSnykCLI(
`test -d --json --log-level=trace`,
{
cwd: project.path(),
env,
},
);

try {
const returnedJson = JSON.parse(stdout);

expect(returnedJson.vulnerabilities).toHaveLength(0);
expect(code).toEqual(0);
expect(server.getRequests().length).toBeGreaterThanOrEqual(1);
} catch (err) {
console.log(stdout);
throw err;
}
});
});
});

0 comments on commit 49a872f

Please sign in to comment.