diff --git a/.github/workflows/codemod_pygoat.yml b/.github/workflows/codemod_pygoat.yml index 852478610..25bd1bef0 100644 --- a/.github/workflows/codemod_pygoat.yml +++ b/.github/workflows/codemod_pygoat.yml @@ -28,6 +28,8 @@ jobs: uses: actions/checkout@v4 - name: Install Codemodder Package run: pip install . + - name: Install Test Dependencies + run: pip install -r requirements/test.txt - name: Check out Pygoat uses: actions/checkout@v4 with: @@ -35,3 +37,5 @@ jobs: path: pygoat - name: Run Codemodder run: codemodder --output output.codetf pygoat + - name: Check PyGoat Findings + run: pytest -v ci_tests/test_webgoat_findings.py diff --git a/ci_tests/test_webgoat_findings.py b/ci_tests/test_webgoat_findings.py new file mode 100644 index 000000000..42e6ff75d --- /dev/null +++ b/ci_tests/test_webgoat_findings.py @@ -0,0 +1,32 @@ +import json + +import pytest + + +EXPECTED_FINDINGS = [ + "pixee:python/order-imports", + "pixee:python/secure-random", + "pixee:python/sandbox-process-creation", + "pixee:python/unused-imports", + "pixee:python/django-session-cookie-secure-off", + "pixee:python/harden-pyyaml", + "pixee:python/django-debug-flag-on", + "pixee:python/url-sandbox", +] + + +@pytest.fixture(scope="session") +def webgoat_findings(): + with open("output.codetf2") as ff: + results = json.load(ff) + + yield set([x["codemod"] for x in results["results"]]) + + +def test_num_webgoat_findings(webgoat_findings): + assert len(webgoat_findings) == len(EXPECTED_FINDINGS) + + +@pytest.mark.parametrize("finding", EXPECTED_FINDINGS) +def test_webgoat_findings(webgoat_findings, finding): + assert finding in webgoat_findings