brakeman.rb

require 'tempfile'

class BrakemanTests < Test::Unit::TestCase
  def test_exception_on_no_application
    assert_raise Brakeman::NoApplication do
      Brakeman.run "/tmp#{rand}" #better not exist
    end
  end
end

class UtilTests < Test::Unit::TestCase
  def setup
    @ruby_parser = RubyParser
  end

  def util
    Class.new.extend Brakeman::Util
  end

  def test_cookies?
    assert util.cookies?(@ruby_parser.new.parse 'cookies[:x][:y][:z]')
  end

  def test_params?
    assert util.params?(@ruby_parser.new.parse 'params[:x][:y][:z]')
  end
end

class BaseCheckTests < Test::Unit::TestCase
  FakeTracker = Struct.new(:config)
  FakeAppTree = Struct.new(:root)

  def setup
    @tracker = FakeTracker.new
    app_tree = FakeAppTree.new
    @check = Brakeman::BaseCheck.new app_tree, @tracker
  end

  def version_between? version, high, low
    @tracker.config = { :rails_version => version }
    @check.send(:version_between?, high, low)
  end

  def test_version_between
    assert version_between?("2.3.8", "2.3.0", "2.3.8")
    assert version_between?("2.3.8", "2.3.0", "2.3.14")
    assert version_between?("2.3.8", "1.0.0", "5.0.0")
  end

  def test_version_not_between
    assert_equal false, version_between?("3.2.1", "2.0.0", "3.0.0")
    assert_equal false, version_between?("3.2.1", "3.0.0", "3.2.0")
    assert_equal false, version_between?("0.0.0", "3.0.0", "3.2.0")
  end

  def test_version_between_longer
    assert_equal false, version_between?("1.0.1.2", "1.0.0", "1.0.1")
  end

  def test_version_between_pre_release
    assert version_between?("3.2.9.rc2", "3.2.5", "4.0.0")
  end

end

class ConfigTests < Test::Unit::TestCase
  
  def setup
    Brakeman.instance_variable_set(:@quiet, false)
  end
  
  # method from test-unit: http://test-unit.rubyforge.org/test-unit/en/Test/Unit/Util/Output.html#capture_output-instance_method
  def capture_output
    require 'stringio'

    output = StringIO.new
    error = StringIO.new
    stdout_save, stderr_save = $stdout, $stderr
    $stdout, $stderr = output, error
    begin
      yield
      [output.string, error.string]
    ensure
      $stdout, $stderr = stdout_save, stderr_save
    end
  end
  
  def test_quiet_option_from_file
    config = Tempfile.new("config")

    config.write <<-YAML.strip
    ---
    :quiet: true
    YAML

    config.close

    options = {
      :config_file => config.path,
      :app_path => "/tmp" #doesn't need to be real
    }

    assert_equal "", capture_output {
      final_options = Brakeman.set_options(options)

      config.unlink

      assert final_options[:quiet], "Expected quiet option to be true, but was #{final_options[:quiet]}"
    }[1]
  end
  
  def test_quiet_option_from_commandline
    config = Tempfile.new("config")

    config.write <<-YAML.strip
    ---
    app_path: "/tmp"
    YAML

    config.close

    options = {
      :config_file => config.path,
      :quiet => true,
      :app_path => "/tmp" #doesn't need to be real
    }
    
    assert_equal "", capture_output {
      final_options = Brakeman.set_options(options)
    }[1]
  end

  def test_quiet_option_default
    options = {
      :app_path => "/tmp" #doesn't need to be real
    }

    final_options = Brakeman.set_options(options)

    assert final_options[:quiet], "Expected quiet option to be true, but was #{final_options[:quiet]}"
  end

  def test_quiet_command_line_default
    options = {
      :quiet => :command_line,
      :app_path => "/tmp" #doesn't need to be real
    }

    final_options = Brakeman.set_options(options)

    assert_nil final_options[:quiet]
  end

  def test_quiet_inconfig_with_command_line
    config = Tempfile.new("config")

    config.write <<-YAML.strip
    ---
    :quiet: true
    YAML

    config.close

    options = {
      :quiet => :command_line,
      :config_file => config.path,
      :app_path => "#{TEST_PATH}/apps/rails4",
      :run_checks => []
    }

    assert_equal "", capture_output {
      Brakeman.run options
      config.unlink
    }[1]
  end
  
  def output_format_tester options, expected_options
    output_formats = Brakeman.get_output_formats(options)
    
    assert_equal expected_options, output_formats
  end
  
  def test_output_format
    output_format_tester({}, [:to_s])
    output_format_tester({:output_format => :html}, [:to_html])
    output_format_tester({:output_format => :to_html}, [:to_html])
    output_format_tester({:output_format => :csv}, [:to_csv])
    output_format_tester({:output_format => :to_csv}, [:to_csv])
    output_format_tester({:output_format => :pdf}, [:to_pdf])
    output_format_tester({:output_format => :to_pdf}, [:to_pdf])
    output_format_tester({:output_format => :json}, [:to_json])
    output_format_tester({:output_format => :to_json}, [:to_json])
    output_format_tester({:output_format => :tabs}, [:to_tabs])
    output_format_tester({:output_format => :to_tabs}, [:to_tabs])
    output_format_tester({:output_format => :others}, [:to_s])
    
    output_format_tester({:output_files => ['xx.html', 'xx.pdf']}, [:to_html, :to_pdf])
    output_format_tester({:output_files => ['xx.pdf', 'xx.json']}, [:to_pdf, :to_json])
    output_format_tester({:output_files => ['xx.json', 'xx.tabs']}, [:to_json, :to_tabs])
    output_format_tester({:output_files => ['xx.tabs', 'xx.csv']}, [:to_tabs, :to_csv])
    output_format_tester({:output_files => ['xx.csv', 'xx.xxx']}, [:to_csv, :to_s])
    output_format_tester({:output_files => ['xx.xx', 'xx.xx']}, [:to_s, :to_s])
    output_format_tester({:output_files => ['xx.html', 'xx.pdf', 'xx.csv', 'xx.tabs', 'xx.json']}, [:to_html, :to_pdf, :to_csv, :to_tabs, :to_json])
  end
end

class GemProcessorTests < Test::Unit::TestCase
  FakeTracker = Struct.new(:config)

  def setup 
    @tracker = FakeTracker.new({}) 
    @gem_processor = Brakeman::GemProcessor.new @tracker 
    @eol_representations = ["\r\n", "\n"] 
    @gem_locks = @eol_representations.inject({}) {|h, eol| 
      h[eol] = "    paperclip (3.2.1)#    erubis (4.3.1)#     rails (3.2.1.rc2)#    simplecov (1.1)#".gsub('#', eol); h 
    }
  end 

  def test_get_version 
    @gem_locks.each do |eol, gem_lock|      
      assert_equal "4.3.1", @gem_processor.get_version("erubis", gem_lock), "Couldn't match gemlock with eol: #{eol}}"
      assert_equal "3.2.1", @gem_processor.get_version("paperclip", gem_lock), "Couldn't match gemlock with eol: #{eol}"
      assert_equal "3.2.1.rc2", @gem_processor.get_version("rails", gem_lock), "Couldn't match gemlock with eol: #{eol}"  
      assert_equal "1.1", @gem_processor.get_version("simplecov", gem_lock), "Couldn't match gemlock with eol: #{eol}"
    end 
  end 

end