feat: display the settings used when conducting a test

Mattlk13 · Dec 1, 2017 · 91e083a · 91e083a
1 parent bb828a9
commit 91e083a
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 7 deletions.
diff --git a/cli/commands/test.js b/cli/commands/test.js
@@ -103,6 +103,8 @@ function test(path, options) {
       throw new Error(json);
     }
 
+    var meta = metaForDisplay(res, options) + '\n\n';
+
     var summary = 'Tested ';
     if (res.hasOwnProperty('dependencyCount')) {
       summary += res.dependencyCount + ' dependencies';
@@ -123,7 +125,7 @@ function test(path, options) {
           'about new related vulnerabilities.\n- Run `snyk test` as part of ' +
           'your CI/test.';
       }
-      return summary;
+      return meta + summary;
     }
 
     var vulnLength = res.vulnerabilities.length;
@@ -239,7 +241,7 @@ function test(path, options) {
         }
       }
       return res;
-    }).filter(Boolean).join(sep) + sep + summary;
+    }).filter(Boolean).join(sep) + sep + meta + summary;
 
     if (res.ok) {
       return body;
@@ -251,3 +253,23 @@ function test(path, options) {
     throw error;
   });
 }
+
+function metaForDisplay(res, options) {
+  const meta = [
+    chalk.bold('Organisation: ') + res.org,
+    chalk.bold('Package manager: ') + res.packageManager,
+    chalk.bold('Target file: ') + options.file,
+    chalk.bold('Open source: ') + (res.isPrivate ? 'no' : 'yes'),
+  ];
+  if (res.filesystemPolicy) {
+    meta.push('Local Snyk policy found');
+    if (res.ignoreSettings && res.ignoreSettings.disregardFilesystemIgnores) {
+      meta.push('Local Snyk policy ignores disregarded');
+    }
+  }
+  if (res.licensesPolicy) {
+    meta.push('Licenses enabled');
+  }
+
+  return meta.join('\n');
+}
diff --git a/lib/snyk-test/npm/index.js b/lib/snyk-test/npm/index.js
@@ -16,6 +16,7 @@ var analytics = require('../../analytics');
 var config = require('../../config');
 
 function test(root, options) {
+  options.file = options.file || 'package.json';
 
   var promise = Promise.all([
     fs.exists(root),
@@ -65,7 +66,6 @@ function test(root, options) {
         if (options.org) {
           payload.qs = {org: options.org};
         }
-        options.loose = true; // allows merge without root policy
         return snyk.policy.load(policyLocations, options)
         .then(function (policy) {
           payload.body.policy = policy.toString();
@@ -103,6 +103,7 @@ function test(root, options) {
 
     var lbl = 'Querying vulnerabilities database...';
     return p.then(spinner(lbl)).then(function (data) {
+      const filesystemPolicy = data.payload.body && !!data.payload.body.policy;
       analytics.add('packageManager', 'npm');
       analytics.add('packageName', data.package.name);
       analytics.add('packageVersion', data.package.version);
@@ -135,6 +136,8 @@ function test(root, options) {
             return reject(err);
           }
 
+          body.filesystemPolicy = filesystemPolicy;
+
           resolve(body);
         });
       });

diff --git a/lib/snyk-test/run-test.js b/lib/snyk-test/run-test.js
@@ -24,6 +24,7 @@ function runTest(packageManager, root, options) {
     return assemblePayload(root, options, policyLocations)
     .then(spinner(lbl))
     .then(function (payload) {
+      const filesystemPolicy = payload.body && !!payload.body.policy;
       return new Promise(function (resolve, reject) {
         request(payload, function (error, res, body) {
           if (error) {
@@ -51,6 +52,8 @@ function runTest(packageManager, root, options) {
             return reject(err);
           }
 
+          body.filesystemPolicy = filesystemPolicy;
+
           resolve(body);
         });
       });
@@ -96,10 +99,10 @@ function assemblePayload(root, options, policyLocations) {
 }
 
 function assembleLocalPayload(root, options, policyLocations) {
-  var targetFile = options.file || detect.detectPackageFile(root);
+  options.file = options.file || detect.detectPackageFile(root);
   var plugin = plugins.loadPlugin(options.packageManager);
   var moduleInfo = ModuleInfo(plugin, options.policy);
-  return moduleInfo.inspect(root, targetFile, options)
+  return moduleInfo.inspect(root, options.file, options)
   .then(function (info) {
     var pkg = info.package;
     analytics.add('policies', policyLocations.length);
@@ -119,7 +122,6 @@ function assembleLocalPayload(root, options, policyLocations) {
     if (options.org) {
       payload.qs = {org: options.org};
     }
-    options.loose = true; // allows merge without root policy
     return snyk.policy.load(policyLocations, options)
     .then(function (policy) {
       payload.body.policy = policy.toString();

diff --git a/test/acceptance/cli.acceptance.test.js b/test/acceptance/cli.acceptance.test.js
@@ -129,6 +129,42 @@ function (t) {
   });
 });
 
+test('`test returns correct meta', function (t) {
+  chdirWorkspaces();
+  return cli.test('ruby-app')
+  .then(function (res) {
+    var meta = res.slice(res.indexOf('Organisation:')).split('\n');
+    t.equal(meta[0], 'Organisation: test-org', 'organisation displayed');
+    t.equal(meta[1], 'Package manager: rubygems',
+      'package manager displayed');
+    t.equal(meta[2], 'Target file: Gemfile', 'target file displayed');
+    t.equal(meta[3], 'Open source: no', 'open source displayed');
+  });
+});
+
+test('`test returns correct meta for a vulnerable result', function (t) {
+  chdirWorkspaces();
+  return cli.test('ruby-app', { org: 'org-with-vulns' })
+  .catch(function (res) {
+    var meta = res.message.slice(res.message.indexOf('Organisation:'))
+      .split('\n');
+    t.equal(meta[0], 'Organisation: test-org', 'organisation displayed');
+    t.equal(meta[1], 'Package manager: rubygems',
+      'package manager displayed');
+    t.equal(meta[2], 'Target file: Gemfile', 'target file displayed');
+    t.equal(meta[3], 'Open source: no', 'open source displayed');
+  });
+});
+
+test('`test returns correct meta when target file specified', function (t) {
+  chdirWorkspaces();
+  return cli.test('ruby-app', {file: 'Gemfile.lock'})
+  .then(function (res) {
+    var meta = res.slice(res.indexOf('Organisation:')).split('\n');
+    t.equal(meta[2], 'Target file: Gemfile.lock', 'target file displayed');
+  });
+});
+
 test('`test ruby-gem-no-lockfile --file=ruby-gem.gemspec` sends gemspec',
 function (t) {
   chdirWorkspaces();

diff --git a/test/acceptance/fake-server.js b/test/acceptance/fake-server.js
@@ -61,8 +61,38 @@ module.exports = function (root, apikey) {
   });
 
   server.post(root + '/vuln/:registry', function (req, res, next) {
+    const vulnerabilities = [];
+    if (req.query.org && req.query.org === 'org-with-vulns') {
+      vulnerabilities.push({
+        title: 'XML External Entity (XXE) Injection',
+        credit: [],
+        description: '',
+        moduleName: 'nokogiri',
+        language: 'ruby',
+        packageManager: 'rubygems',
+        semver: { unaffected: {}, vulnerable: {} },
+        identifiers: { CWE: [], CVE: [] },
+        CVSSv3: 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L',
+        severity: 'high',
+        creationTime: '2017-01-12T12:37:00.000Z',
+        modificationTime: '2017-01-12T12:37:00.000Z',
+        publicationTime: '2017-01-16T21:00:00.000Z',
+        disclosureTime: '2017-01-11T21:00:00.000Z',
+        id: 'SNYK-RUBY-NOKOGIRI-20299',
+        packageName: 'nokogiri',
+        cvssScore: 7.3,
+        from: [ 'nokogiri@1.8.1' ],
+        upgradePath: [],
+        version: '1.8.1',
+        name: 'nokogiri',
+        isUpgradable: false,
+        isPatchable: false,
+      });
+    }
     res.send({
-      vulnerabilities: [],
+      vulnerabilities: vulnerabilities,
+      org: 'test-org',
+      isPrivate: true,
     });
     return next();
   });