diff --git a/tests/unit/test_checks.py b/tests/unit/test_checks.py new file mode 100644 index 0000000..fcff78c --- /dev/null +++ b/tests/unit/test_checks.py @@ -0,0 +1,121 @@ +import pytest +from unittest.mock import Mock, patch +from depaudit.utils.version import ( + parse_version, + compare_versions, + is_version_outdated, + extract_version_from_specifier, +) + + +class TestVersionParsing: + def test_parse_version_valid(self): + v = parse_version("1.2.3") + assert v is not None + assert str(v) == "1.2.3" + + def test_parse_version_with_prerelease(self): + v = parse_version("1.2.3-beta.1") + assert v is not None + + def test_parse_version_invalid(self): + v = parse_version("not-a-version") + assert v is None + + +class TestVersionComparison: + def test_compare_versions_equal(self): + assert compare_versions("1.2.3", "1.2.3") == 0 + + def test_compare_versions_greater(self): + assert compare_versions("2.0.0", "1.2.3") == 1 + + def test_compare_versions_less(self): + assert compare_versions("1.2.3", "2.0.0") == -1 + + +class TestIsVersionOutdated: + def test_outdated_version(self): + assert is_version_outdated("1.0.0", "1.1.0") is True + + def test_current_version(self): + assert is_version_outdated("1.1.0", "1.1.0") is False + + +class TestLicenseChecking: + def test_normalize_mit_license(self): + from depaudit.checks.licenses import normalize_license + assert normalize_license("MIT") == "mit" + + def test_normalize_apache_license(self): + from depaudit.checks.licenses import normalize_license + assert normalize_license("Apache-2.0") == "apache-2.0" + + def test_normalize_gpl_license(self): + from depaudit.checks.licenses import normalize_license + assert normalize_license("GPL-3.0") == "gpl-3.0" + + def test_check_license_allowlist(self): + from depaudit.checks.licenses import check_license + license_info = check_license("test-package", "MIT") + assert license_info.license_type == "mit" + assert license_info.is_spdx_compliant is True + + +class TestValidateLicenseCompliance: + def test_validate_allowed_license(self): + from depaudit.checks.licenses import check_license, validate_license_compliance + license_info = check_license("test-package", "MIT") + is_compliant, message = validate_license_compliance( + license_info, ["MIT"], ["GPL-3.0"] + ) + assert is_compliant is True + + def test_validate_blocked_license(self): + from depaudit.checks.licenses import check_license, validate_license_compliance + license_info = check_license("test-package", "GPL-3.0") + is_compliant, message = validate_license_compliance( + license_info, ["MIT"], ["GPL-3.0"] + ) + assert is_compliant is False + + +class TestOutdatedChecking: + @patch("depaudit.checks.outdated.NPMClient.get_latest_version") + def test_check_outdated_package(self, mock_get_latest): + mock_get_latest.return_value = "4.18.0" + + from depaudit.checks.outdated import check_outdated + result = check_outdated("express", "4.17.1", "javascript") + + assert result is not None + assert result.package_name == "express" + assert result.latest_version == "4.18.0" + assert result.minor_available is True + + +class TestVulnerabilityChecker: + def test_vulnerability_to_dict(self): + from depaudit.checks.vulnerabilities import Vulnerability + + vuln = Vulnerability( + id="CVE-2023-0001", + package_name="test-package", + current_version="1.0.0", + severity="high", + title="Test Vulnerability", + description="A test vulnerability", + affected_versions=["<1.1.0"], + fixed_version="1.1.0", + published="2023-01-01", + modified="2023-01-02", + cvss_score=7.5, + cwe=["CWE-79"], + references=["https://example.com"], + source="OSV", + ) + + result = vuln.to_dict() + + assert result["id"] == "CVE-2023-0001" + assert result["severity"] == "high"