diff options
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/api/entities/release_spec.rb | 8 | ||||
-rw-r--r-- | spec/lib/gitlab/gon_helper_spec.rb | 62 | ||||
-rw-r--r-- | spec/lib/sbom/package_url/argument_validator_spec.rb | 51 | ||||
-rw-r--r-- | spec/lib/sbom/package_url/decoder_spec.rb | 22 | ||||
-rw-r--r-- | spec/lib/sbom/package_url/encoder_spec.rb | 4 | ||||
-rw-r--r-- | spec/lib/sbom/package_url/normalizer_spec.rb | 76 | ||||
-rw-r--r-- | spec/lib/sbom/package_url_spec.rb | 66 |
7 files changed, 210 insertions, 79 deletions
diff --git a/spec/lib/api/entities/release_spec.rb b/spec/lib/api/entities/release_spec.rb index aa2c5126bb9..d1e5f191614 100644 --- a/spec/lib/api/entities/release_spec.rb +++ b/spec/lib/api/entities/release_spec.rb @@ -16,13 +16,13 @@ RSpec.describe API::Entities::Release do end describe 'evidences' do - context 'when the current user can download code' do + context 'when the current user can read code' do let(:entity_evidence) { entity[:evidences].first } it 'exposes the evidence sha and the json path' do allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?) - .with(user, :download_code, project).and_return(true) + .with(user, :read_code, project).and_return(true) expect(entity_evidence[:sha]).to eq(evidence.summary_sha) expect(entity_evidence[:collected_at]).to eq(evidence.collected_at) @@ -36,11 +36,11 @@ RSpec.describe API::Entities::Release do end end - context 'when the current user cannot download code' do + context 'when the current user cannot read code' do it 'does not expose any evidence data' do allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?) - .with(user, :download_code, project).and_return(false) + .with(user, :read_code, project).and_return(false) expect(entity.keys).not_to include(:evidences) end diff --git a/spec/lib/gitlab/gon_helper_spec.rb b/spec/lib/gitlab/gon_helper_spec.rb index 94192a9257c..5a1fcc5e2dc 100644 --- a/spec/lib/gitlab/gon_helper_spec.rb +++ b/spec/lib/gitlab/gon_helper_spec.rb @@ -41,67 +41,53 @@ RSpec.describe Gitlab::GonHelper do end describe 'sentry configuration' do - let(:legacy_clientside_dsn) { 'https://xxx@sentry-legacy.example.com/1' } let(:clientside_dsn) { 'https://xxx@sentry.example.com/1' } - let(:environment) { 'production' } + let(:environment) { 'staging' } - context 'with enable_old_sentry_clientside_integration enabled' do + describe 'sentry integration' do before do - stub_feature_flags( - enable_old_sentry_clientside_integration: true, - enable_new_sentry_clientside_integration: false - ) - - stub_config(sentry: { enabled: true, clientside_dsn: legacy_clientside_dsn, environment: environment }) + stub_config(sentry: { enabled: true, clientside_dsn: clientside_dsn, environment: environment }) end it 'sets sentry dsn and environment from config' do - expect(gon).to receive(:sentry_dsn=).with(legacy_clientside_dsn) + expect(gon).to receive(:sentry_dsn=).with(clientside_dsn) expect(gon).to receive(:sentry_environment=).with(environment) helper.add_gon_variables end end - context 'with enable_new_sentry_clientside_integration enabled' do + describe 'new sentry integration' do before do - stub_feature_flags( - enable_old_sentry_clientside_integration: false, - enable_new_sentry_clientside_integration: true - ) - stub_application_setting(sentry_enabled: true) stub_application_setting(sentry_clientside_dsn: clientside_dsn) stub_application_setting(sentry_environment: environment) end - it 'sets sentry dsn and environment from application settings' do - expect(gon).to receive(:sentry_dsn=).with(clientside_dsn) - expect(gon).to receive(:sentry_environment=).with(environment) - - helper.add_gon_variables - end - end - - context 'with enable_old_sentry_clientside_integration and enable_new_sentry_clientside_integration enabled' do - before do - stub_feature_flags( - enable_old_sentry_clientside_integration: true, - enable_new_sentry_clientside_integration: true - ) + context 'when enable_new_sentry_clientside_integration is disabled' do + before do + stub_feature_flags(enable_new_sentry_clientside_integration: false) + end - stub_config(sentry: { enabled: true, clientside_dsn: legacy_clientside_dsn, environment: environment }) + it 'does not set sentry dsn and environment from config' do + expect(gon).not_to receive(:sentry_dsn=).with(clientside_dsn) + expect(gon).not_to receive(:sentry_environment=).with(environment) - stub_application_setting(sentry_enabled: true) - stub_application_setting(sentry_clientside_dsn: clientside_dsn) - stub_application_setting(sentry_environment: environment) + helper.add_gon_variables + end end - it 'sets sentry dsn and environment from application settings' do - expect(gon).to receive(:sentry_dsn=).with(clientside_dsn) - expect(gon).to receive(:sentry_environment=).with(environment) + context 'when enable_new_sentry_clientside_integration is enabled' do + before do + stub_feature_flags(enable_new_sentry_clientside_integration: true) + end - helper.add_gon_variables + it 'sets sentry dsn and environment from config' do + expect(gon).to receive(:sentry_dsn=).with(clientside_dsn) + expect(gon).to receive(:sentry_environment=).with(environment) + + helper.add_gon_variables + end end end end diff --git a/spec/lib/sbom/package_url/argument_validator_spec.rb b/spec/lib/sbom/package_url/argument_validator_spec.rb new file mode 100644 index 00000000000..246da1c0bda --- /dev/null +++ b/spec/lib/sbom/package_url/argument_validator_spec.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +require 'fast_spec_helper' +require 'rspec-parameterized' + +require_relative '../../../support/shared_contexts/lib/sbom/package_url_shared_contexts' + +RSpec.describe Sbom::PackageUrl::ArgumentValidator do + let(:mock_package_url) { Struct.new(:type, :namespace, :name, :version, :qualifiers, keyword_init: true) } + let(:package) do + mock_package_url.new( + type: type, + namespace: namespace, + name: name, + version: version, + qualifiers: qualifiers + ) + end + + subject(:validate) { described_class.new(package).validate! } + + context 'with valid arguments' do + include_context 'with valid purl examples' + + with_them do + it 'does not raise error' do + expect { validate }.not_to raise_error + end + end + end + + context 'with invalid arguments' do + include_context 'with invalid purl examples' + + with_them do + it 'raises an ArgumentError' do + expect { validate }.to raise_error(ArgumentError) + end + end + end + + context 'with multiple errors' do + let(:type) { nil } + let(:name) { nil } + let(:package) { mock_package_url.new(type: type, name: name) } + + it 'reports all errors' do + expect { validate }.to raise_error(ArgumentError, 'Type is required, Name is required') + end + end +end diff --git a/spec/lib/sbom/package_url/decoder_spec.rb b/spec/lib/sbom/package_url/decoder_spec.rb index 1da3c35f403..5b480475b7c 100644 --- a/spec/lib/sbom/package_url/decoder_spec.rb +++ b/spec/lib/sbom/package_url/decoder_spec.rb @@ -7,9 +7,9 @@ require_relative '../../../support/shared_contexts/lib/sbom/package_url_shared_c RSpec.describe Sbom::PackageUrl::Decoder do describe '#decode' do - subject(:decode) { described_class.new(url).decode! } + subject(:decode) { described_class.new(purl).decode! } - include_context 'with purl matrix' + include_context 'with valid purl examples' with_them do it do @@ -25,7 +25,7 @@ RSpec.describe Sbom::PackageUrl::Decoder do end context 'when no argument is passed' do - let(:url) { nil } + let(:purl) { nil } it 'raises an error' do expect { decode }.to raise_error(ArgumentError) @@ -33,17 +33,17 @@ RSpec.describe Sbom::PackageUrl::Decoder do end context 'when an invalid package URL string is passed' do - where(:url) { ['invalid', 'pkg:nil'] } + include_context 'with invalid purl examples' with_them do it 'raises an error' do - expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageURL) + expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageUrl) end end end context 'when namespace or subpath contains an encoded slash' do - where(:url) do + where(:purl) do [ 'pkg:golang/google.org/golang/genproto#googleapis%2fapi%2fannotations', 'pkg:golang/google.org%2fgolang/genproto#googleapis/api/annotations' @@ -51,12 +51,12 @@ RSpec.describe Sbom::PackageUrl::Decoder do end with_them do - it { expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageURL) } + it { expect { decode }.to raise_error(Sbom::PackageUrl::InvalidPackageUrl) } end end context 'when name contains an encoded slash' do - let(:url) { 'pkg:golang/google.org/golang%2fgenproto#googleapis/api/annotations' } + let(:purl) { 'pkg:golang/google.org/golang%2fgenproto#googleapis/api/annotations' } it do is_expected.to have_attributes( @@ -71,7 +71,7 @@ RSpec.describe Sbom::PackageUrl::Decoder do end context 'with URL encoded segments' do - let(:url) do + let(:purl) do 'pkg:golang/namespace%21/google.golang.org%20genproto@version%21?k=v%21#googleapis%20api%20annotations' end @@ -88,7 +88,7 @@ RSpec.describe Sbom::PackageUrl::Decoder do end context 'when segments contain empty values' do - let(:url) { 'pkg:golang/google.golang.org//.././genproto#googleapis/..//./api/annotations' } + let(:purl) { 'pkg:golang/google.golang.org//.././genproto#googleapis/..//./api/annotations' } it 'removes them from the segments' do is_expected.to have_attributes( @@ -103,7 +103,7 @@ RSpec.describe Sbom::PackageUrl::Decoder do end context 'when qualifiers have no value' do - let(:url) { 'pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25&foo=&bar=' } + let(:purl) { 'pkg:rpm/fedora/curl@7.50.3-1.fc25?arch=i386&distro=fedora-25&foo=&bar=' } it 'they are ignored' do is_expected.to have_attributes( diff --git a/spec/lib/sbom/package_url/encoder_spec.rb b/spec/lib/sbom/package_url/encoder_spec.rb index ff672170050..bdbd61636b5 100644 --- a/spec/lib/sbom/package_url/encoder_spec.rb +++ b/spec/lib/sbom/package_url/encoder_spec.rb @@ -20,10 +20,10 @@ RSpec.describe Sbom::PackageUrl::Encoder do subject(:encode) { described_class.new(package).encode } - include_context 'with purl matrix' + include_context 'with valid purl examples' with_them do - it { is_expected.to eq(url) } + it { is_expected.to eq(canonical_purl) } end end end diff --git a/spec/lib/sbom/package_url/normalizer_spec.rb b/spec/lib/sbom/package_url/normalizer_spec.rb new file mode 100644 index 00000000000..bbc2bd3ca13 --- /dev/null +++ b/spec/lib/sbom/package_url/normalizer_spec.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +require 'fast_spec_helper' +require 'rspec-parameterized' + +require_relative '../../../support/shared_contexts/lib/sbom/package_url_shared_contexts' + +RSpec.describe Sbom::PackageUrl::Normalizer do + shared_examples 'name normalization' do + context 'with bitbucket url' do + let(:type) { 'bitbucket' } + let(:text) { 'Purl_Spec' } + + it 'downcases text' do + is_expected.to eq('purl_spec') + end + end + + context 'with github url' do + let(:type) { 'github' } + let(:text) { 'Purl_Spec' } + + it 'downcases text' do + is_expected.to eq('purl_spec') + end + end + + context 'with pypi url' do + let(:type) { 'pypi' } + let(:text) { 'Purl_Spec' } + + it 'downcases text and replaces underscores' do + is_expected.to eq('purl-spec') + end + end + + context 'with other urls' do + let(:type) { 'npm' } + let(:text) { 'Purl_Spec' } + + it 'does not change the text' do + is_expected.to eq(text) + end + end + end + + describe '#normalize_name' do + subject(:normalize_name) { described_class.new(type: type, text: text).normalize_name } + + it_behaves_like 'name normalization' + + context 'when text is nil' do + let(:type) { 'npm' } + let(:text) { nil } + + it 'raises an error' do + expect { normalize_name }.to raise_error(ArgumentError, 'Name is required') + end + end + end + + describe '#normalize_namespace' do + subject(:normalize_namespace) { described_class.new(type: type, text: text).normalize_namespace } + + it_behaves_like 'name normalization' + + context 'when text is nil' do + let(:type) { 'npm' } + let(:text) { nil } + + it 'allows nil values' do + expect(normalize_namespace).to be_nil + end + end + end +end diff --git a/spec/lib/sbom/package_url_spec.rb b/spec/lib/sbom/package_url_spec.rb index 72090c5bd29..6760b0a68e5 100644 --- a/spec/lib/sbom/package_url_spec.rb +++ b/spec/lib/sbom/package_url_spec.rb @@ -32,37 +32,46 @@ require_relative '../../support/shared_contexts/lib/sbom/package_url_shared_cont RSpec.describe Sbom::PackageUrl do include NextInstanceOf - let(:args) do - { - type: 'example', - namespace: 'test', - name: 'test', - version: '1.0.0', - qualifiers: { 'arch' => 'x86_64' }, - subpath: 'path/to/package' - } - end - describe '#initialize' do - subject { described_class.new(**args) } + subject do + described_class.new( + type: type, + namespace: namespace, + name: name, + version: version, + qualifiers: qualifiers, + subpath: subpath + ) + end context 'with well-formed arguments' do - it { is_expected.to have_attributes(**args) } + include_context 'with valid purl examples' + + with_them do + it do + is_expected.to have_attributes( + type: type, + namespace: namespace, + name: name, + version: version, + qualifiers: qualifiers, + subpath: subpath + ) + end + end end context 'when no arguments are given' do it { expect { described_class.new }.to raise_error(ArgumentError) } end - context 'when required parameters are missing' do - where(:param) { %i[type name] } - - before do - args[param] = nil - end + context 'when parameters are invalid' do + include_context 'with invalid purl examples' with_them do - it { expect { subject }.to raise_error(ArgumentError) } + it 'raises an ArgumentError' do + expect { subject }.to raise_error(ArgumentError) + end end end @@ -98,7 +107,7 @@ RSpec.describe Sbom::PackageUrl do end describe '#to_h' do - let(:purl) do + let(:package) do described_class.new( type: type, namespace: namespace, @@ -109,9 +118,9 @@ RSpec.describe Sbom::PackageUrl do ) end - subject(:to_h) { purl.to_h } + subject(:to_h) { package.to_h } - include_context 'with purl matrix' + include_context 'with valid purl examples' with_them do it do @@ -131,7 +140,16 @@ RSpec.describe Sbom::PackageUrl do end describe '#to_s' do - let(:package) { described_class.new(**args) } + let(:package) do + described_class.new( + type: 'npm', + namespace: nil, + name: 'lodash', + version: nil, + qualifiers: nil, + subpath: nil + ) + end it 'delegates to_s to the encoder' do expect_next_instance_of(described_class::Encoder, package) do |encoder| |