From e10de31b8567fc77c844c1b1090c010ebcf5a1ad Mon Sep 17 00:00:00 2001 From: Daniel D'Avella Date: Wed, 13 Sep 2023 13:38:04 -0400 Subject: [PATCH] Add test for webgoat findings to CI --- .github/workflows/codemod_pygoat.yml | 4 ++++ ci_tests/test_webgoat_findings.py | 32 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 ci_tests/test_webgoat_findings.py diff --git a/.github/workflows/codemod_pygoat.yml b/.github/workflows/codemod_pygoat.yml index 85247861..25bd1bef 100644 --- a/.github/workflows/codemod_pygoat.yml +++ b/.github/workflows/codemod_pygoat.yml @@ -28,6 +28,8 @@ jobs: uses: actions/checkout@v4 - name: Install Codemodder Package run: pip install . + - name: Install Test Dependencies + run: pip install -r requirements/test.txt - name: Check out Pygoat uses: actions/checkout@v4 with: @@ -35,3 +37,5 @@ jobs: path: pygoat - name: Run Codemodder run: codemodder --output output.codetf pygoat + - name: Check PyGoat Findings + run: pytest -v ci_tests/test_webgoat_findings.py diff --git a/ci_tests/test_webgoat_findings.py b/ci_tests/test_webgoat_findings.py new file mode 100644 index 00000000..5b3d893e --- /dev/null +++ b/ci_tests/test_webgoat_findings.py @@ -0,0 +1,32 @@ +import json + +import pytest + + +EXPECTED_FINDINGS = [ + "pixee:python/order-imports", + "pixee:python/secure-random", + "pixee:python/sandbox-process-creation", + "pixee:python/unused-imports", + "pixee:python/django-session-cookie-secure-off", + "pixee:python/harden-pyyaml", + "pixee:python/django-debug-flag-on", + "pixee:python/url-sandbox", +] + + +@pytest.fixture(scope="session") +def webgoat_findings(): + with open("output.codetf") as ff: + results = json.load(ff) + + yield set([x["codemod"] for x in results["results"]]) + + +def test_num_webgoat_findings(webgoat_findings): + assert len(webgoat_findings) == len(EXPECTED_FINDINGS) + + +@pytest.mark.parametrize("finding", EXPECTED_FINDINGS) +def test_webgoat_findings(webgoat_findings, finding): + assert finding in webgoat_findings