1 #![cfg(feature = "git")]
2
3 use cargo_lock::Lockfile;
4 use once_cell::sync::Lazy;
5 use rustsec::database::scope;
6 use rustsec::database::Query;
7 use rustsec::repository::git::Repository;
8 use rustsec::Database;
9 use std::path::Path;
10 use std::sync::Mutex;
11
12 static DEFAULT_DATABASE: Lazy<Mutex<Database>> = Lazy::new(|| {
13 Mutex::new(
14 Database::load_from_repo(&Repository::fetch_default_repo().unwrap())
15 .expect("Should be fetchable."),
16 )
17 });
18
19 /// Queries vulnerabilites in public package scope
20 #[test]
vulnerabilities_default()21 fn vulnerabilities_default() {
22 let lockfile_path = Path::new("./tests/support/cratesio_cargo.lock");
23 let lockfile =
24 Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
25 let db = DEFAULT_DATABASE.lock().unwrap();
26 let vuln = db.vulnerabilities(&lockfile);
27 assert_eq!(vuln.len(), 1);
28 }
29
30 /// all package scope should be default
31 #[test]
query_vulnerabilities_default()32 fn query_vulnerabilities_default() {
33 let lockfile_path = Path::new("./tests/support/cratesio_cargo.lock");
34 let lockfile =
35 Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
36 let db = DEFAULT_DATABASE.lock().unwrap();
37 let vuln_all =
38 db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Package::default());
39 let vuln = db.vulnerabilities(&lockfile);
40 assert_eq!(vuln_all, vuln);
41 }
42
43 /// packages without source should not be queried in `package::Scope::LocalCrates` but in `PackageScope::PublicCrates`
44 #[test]
query_vulnerabilities_scope_public()45 fn query_vulnerabilities_scope_public() {
46 let lockfile_path = Path::new("./tests/support/local_cargo.lock");
47 let lockfile =
48 Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
49 let db = DEFAULT_DATABASE.lock().unwrap();
50
51 let vuln_public =
52 db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Registry::Public);
53 assert_eq!(vuln_public.len(), 0);
54
55 let vuln_all = db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Registry::All);
56 assert_eq!(vuln_all.len(), 1);
57 }
58