1 //! Linter tests
2
3 #![warn(rust_2018_idioms, unused_qualifications)]
4
5 /// Example RustSec Advisory
6 const EXAMPLE_ADVISORY_PATH: &str = "./tests/support/example_advisory_v3.md";
7
8 /// Ensure example advisory passes lint
9 #[test]
valid_advisory()10 fn valid_advisory() {
11 let lint = rustsec::advisory::Linter::lint_file(EXAMPLE_ADVISORY_PATH).unwrap();
12 assert_eq!(lint.errors(), &[]);
13 }
14
15 /// Example advisory used in the subsequent `#[test]`
16 const INVALID_ADVISORY_MD: &str = r#"```toml
17 [advisory]
18 id = "LULZSEC-2001-2101"
19 package = "base"
20 collection = "crates"
21 date = "2001-02-03"
22 url = "ftp://www.youtube.com/watch?v=jQE66WA2s-A"
23 categories = ["invalid-category"]
24 keywords = ["how", "are", "you", "gentlemen"]
25 aliases = ["CVE-2001-2101"]
26 cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
27 invalid-advisory-key = "invalid"
28
29 [versions]
30 patched = [">= 1.2.3"]
31
32 [affected]
33 arch = ["x86"]
34 os = ["windows"]
35 functions = { "notyourbase::belongs::All" = ["< 1.2.3"] }
36
37 [invalid-section]
38 ```
39
40 # All your base are belong to us
41
42 You have no chance to survive. Make your time.
43
44 "#;
45
46 /// Advisory which fails lint for multiple msgs
47 #[test]
invalid_example()48 fn invalid_example() {
49 let lint = rustsec::advisory::Linter::lint_string(INVALID_ADVISORY_MD).unwrap();
50
51 // Do we get the expected number of errors?
52 assert_eq!(lint.errors().len(), 7);
53
54 // `invalid-category`
55 let invalid_category = lint.errors()[0].to_string();
56 assert_eq!(
57 invalid_category,
58 "invalid value `invalid-category` for key `category` in [advisory]: unknown category"
59 );
60
61 // explicit `collection` is disallowed
62 let explicit_collection = lint.errors()[1].to_string();
63 assert_eq!(
64 explicit_collection,
65 "malformed content in [advisory]: collection shouldn\'t be explicit; inferred by location"
66 );
67
68 // invalid advisory ID (LULZSEC)
69 let invalid_advisory_id = lint.errors()[2].to_string();
70 assert_eq!(
71 invalid_advisory_id,
72 "invalid value `\"LULZSEC-2001-2101\"` for key `id` in [advisory]: unknown advisory ID type"
73 );
74
75 // `invalid-advisory-key`
76 let invalid_advisory_key = lint.errors()[3].to_string();
77 assert_eq!(
78 invalid_advisory_key,
79 "invalid key `invalid-advisory-key` in [advisory]"
80 );
81
82 // invalid advisory URL (must start with https://)
83 let invalid_advisory_url = lint.errors()[4].to_string();
84 assert_eq!(
85 invalid_advisory_url,
86 "invalid value `\"ftp://www.youtube.com/watch?v=jQE66WA2s-A\"` \
87 for key `url` in [advisory]: URL must start with https://"
88 );
89
90 // function path that doesn't match crate name
91 let invalid_function_path = lint.errors()[5].to_string();
92 assert_eq!(
93 invalid_function_path,
94 "invalid value `notyourbase::belongs::All` for key `functions` \
95 in [affected]: function path must start with crate name"
96 );
97
98 // `invalid-section`
99 let invalid_section = lint.errors()[6].to_string();
100 assert_eq!(invalid_section, "invalid key `invalid-section` in toplevel");
101 }
102