1 #![cfg(feature = "git")]
2 
3 use cargo_lock::Lockfile;
4 use once_cell::sync::Lazy;
5 use rustsec::database::scope;
6 use rustsec::database::Query;
7 use rustsec::repository::git::Repository;
8 use rustsec::Database;
9 use std::path::Path;
10 use std::sync::Mutex;
11 
12 static DEFAULT_DATABASE: Lazy<Mutex<Database>> = Lazy::new(|| {
13     Mutex::new(
14         Database::load_from_repo(&Repository::fetch_default_repo().unwrap())
15             .expect("Should be fetchable."),
16     )
17 });
18 
19 /// Queries vulnerabilites in public package scope
20 #[test]
vulnerabilities_default()21 fn vulnerabilities_default() {
22     let lockfile_path = Path::new("./tests/support/cratesio_cargo.lock");
23     let lockfile =
24         Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
25     let db = DEFAULT_DATABASE.lock().unwrap();
26     let vuln = db.vulnerabilities(&lockfile);
27     assert_eq!(vuln.len(), 1);
28 }
29 
30 /// all package scope should be default
31 #[test]
query_vulnerabilities_default()32 fn query_vulnerabilities_default() {
33     let lockfile_path = Path::new("./tests/support/cratesio_cargo.lock");
34     let lockfile =
35         Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
36     let db = DEFAULT_DATABASE.lock().unwrap();
37     let vuln_all =
38         db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Package::default());
39     let vuln = db.vulnerabilities(&lockfile);
40     assert_eq!(vuln_all, vuln);
41 }
42 
43 /// packages without source should not be queried in `package::Scope::LocalCrates` but in `PackageScope::PublicCrates`
44 #[test]
query_vulnerabilities_scope_public()45 fn query_vulnerabilities_scope_public() {
46     let lockfile_path = Path::new("./tests/support/local_cargo.lock");
47     let lockfile =
48         Lockfile::load(lockfile_path).expect("Should find the lock file in support folder.");
49     let db = DEFAULT_DATABASE.lock().unwrap();
50 
51     let vuln_public =
52         db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Registry::Public);
53     assert_eq!(vuln_public.len(), 0);
54 
55     let vuln_all = db.query_vulnerabilities(&lockfile, &Query::crate_scope(), scope::Registry::All);
56     assert_eq!(vuln_all.len(), 1);
57 }
58