UNPKG

nsp-audit-shrinkwrap

Version:

audits a shrinkwrap file or a stream of shrinkwraps agains the Node Security Project module vulnerability database

github.com/nodesecurity/nsp-audit-shrinkwrap

119 lines (92 loc) 2.99 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
var Lab = require('lab'); var Code = require('code'); var lab = exports.lab = Lab.script(); var experiment = lab.experiment; var test = lab.test; var before = lab.before; var after = lab.after; var expect = Code.expect; var nspShrinkwrap = require('./../src/index.js'); var path = require('path'); var fs = require('fs'); var pVulPath = path.resolve(process.cwd() + '/tests/projectVulnerable') + '/npm-shrinkwrap.json'; var pVul = fs.readFileSync(pVulPath); var pNotVulPath = path.resolve(process.cwd() + '/tests/projectNotVulnerable') + '/npm-shrinkwrap.json'; var pNotVul = fs.readFileSync(pNotVulPath); experiment('shrinkwrap with no vulnerabilities', function() { before(function(done) { done(); }); after(function(done) { done(); }); test('no vulnerabilities test', function(done) { nspShrinkwrap.audit(pNotVul, function(err, results) { expect(err).to.be.null(); expect(results).to.deep.equal([]); done(); }); }); test('no vulnerabilities by path test', function(done) { nspShrinkwrap.auditByPath(pNotVulPath, function(err, results) { expect(err).to.be.null(); expect(results).to.deep.equal([]); done(); }); }); test('no vulnerabilities bad path test', function(done) { nspShrinkwrap.auditByPath('awesome/path.json', function(err, results) { expect(err).to.exist(); done(); }); }); }); experiment('shrinkwrap with vulnerabilities', function() { before(function(done) { done(); }); after(function(done) { done(); }); test('vulnerabilities test', function(done) { nspShrinkwrap.audit(pVul, function(err, results) { expect(err).to.be.null(); expect(results.length).to.equal(5); done(); }); }); test('vulnerabilities by path test', function(done) { nspShrinkwrap.auditByPath(pVulPath, function(err, results) { expect(err).to.be.null(); expect(results.length).to.equal(5); done(); }); }); }); experiment('shrinkwrap stream', function() { before(function(done) { done(); }); after(function(done) { done(); }); test('stream test', function(done) { var auditStream = nspShrinkwrap.auditStream(); var results = []; auditStream.shrinkwrap.write(pNotVul); auditStream.shrinkwrap.write(pVul); setTimeout(function() { auditStream.shrinkwrap.end(); }, 5000); // value depends on how responsive is the API auditStream.results.on('_data', function(data) { results.push(data); }); auditStream.results.on('_end', function() { expect(results.length).to.equal(2); expect(results[0].length + results[1].length).to.equal(5); done(); }); }); });