42e6d27a29
* feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com>
133 lines
3.1 KiB
TypeScript
133 lines
3.1 KiB
TypeScript
import * as child_process from 'child_process'
|
|
import * as fs from 'fs'
|
|
import * as path from 'path'
|
|
import {mocked} from 'ts-jest/utils'
|
|
import {Audit} from '../src/audit'
|
|
|
|
jest.mock('child_process')
|
|
|
|
const audit = new Audit()
|
|
|
|
describe('run', () => {
|
|
beforeEach(() => {
|
|
mocked(child_process).spawnSync.mockClear()
|
|
})
|
|
|
|
test('finds vulnerabilities with default values', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
const stdout = fs.readFileSync(
|
|
path.join(__dirname, 'testdata/audit/error.txt')
|
|
)
|
|
|
|
return {
|
|
pid: 100,
|
|
output: [stdout],
|
|
stdout,
|
|
stderr: '',
|
|
status: 1,
|
|
signal: null,
|
|
error: null
|
|
}
|
|
})
|
|
|
|
audit.run('low', 'false')
|
|
expect(audit.foundVulnerability()).toBeTruthy()
|
|
})
|
|
|
|
test('finds vulnerabilities with production flag enabled', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
const stdout = fs.readFileSync(
|
|
path.join(__dirname, 'testdata/audit/error.txt')
|
|
)
|
|
|
|
return {
|
|
pid: 100,
|
|
output: [stdout],
|
|
stdout,
|
|
stderr: '',
|
|
status: 1,
|
|
signal: null,
|
|
error: null
|
|
}
|
|
})
|
|
|
|
audit.run('low', 'true')
|
|
expect(audit.foundVulnerability()).toBeTruthy()
|
|
})
|
|
|
|
test('does not find vulnerabilities', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
const stdout = fs.readFileSync(
|
|
path.join(__dirname, 'testdata/audit/success.txt')
|
|
)
|
|
|
|
return {
|
|
pid: 100,
|
|
output: [stdout],
|
|
stdout,
|
|
stderr: '',
|
|
status: 0,
|
|
signal: null,
|
|
error: null
|
|
}
|
|
})
|
|
|
|
audit.run('low', 'false')
|
|
expect(audit.foundVulnerability()).toBeFalsy()
|
|
})
|
|
|
|
test('throws an error if error is not null', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
return {
|
|
pid: 100,
|
|
output: '',
|
|
stdout: '',
|
|
stderr: '',
|
|
status: 0,
|
|
signal: null,
|
|
error: new Error('Something is wrong')
|
|
}
|
|
})
|
|
|
|
expect.assertions(1)
|
|
const e = new Error('Something is wrong')
|
|
expect(() => audit.run('low', 'false')).toThrowError(e)
|
|
})
|
|
|
|
test('throws an error if status is null', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
return {
|
|
pid: 100,
|
|
output: '',
|
|
stdout: '',
|
|
stderr: '',
|
|
status: null,
|
|
signal: 'SIGTERM',
|
|
error: null
|
|
}
|
|
})
|
|
|
|
expect.assertions(1)
|
|
const e = new Error('the subprocess terminated due to a signal.')
|
|
expect(() => audit.run('low', 'false')).toThrowError(e)
|
|
})
|
|
|
|
test('throws an error if stderr is null', () => {
|
|
mocked(child_process).spawnSync.mockImplementation((): any => {
|
|
return {
|
|
pid: 100,
|
|
output: '',
|
|
stdout: '',
|
|
stderr: 'Something is wrong',
|
|
status: 1,
|
|
signal: null,
|
|
error: null
|
|
}
|
|
})
|
|
|
|
expect.assertions(1)
|
|
const e = new Error('Something is wrong')
|
|
expect(() => audit.run('low', 'false')).toThrowError(e)
|
|
})
|
|
})
|