193 lines
6.5 KiB
Python
193 lines
6.5 KiB
Python
import sys
|
|
from pathlib import Path
|
|
|
|
sys.path.insert(0, str(Path(__file__).parent.parent / 'src'))
|
|
|
|
from gdiffer.issue_detector import detect_issues, suggest_improvements
|
|
|
|
|
|
class TestIssueDetector:
|
|
def test_detect_sql_injection(self, issue_detector):
|
|
code = 'query = "SELECT * FROM users WHERE name = \'" + username + "\'"'
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
sql_issues = [i for i in issues if i.type == "sql_injection"]
|
|
assert len(sql_issues) > 0
|
|
|
|
issue = sql_issues[0]
|
|
assert issue.severity == "critical"
|
|
assert "SQL" in issue.title
|
|
|
|
def test_detect_xss(self, issue_detector):
|
|
code = "element.innerHTML = userInput"
|
|
issues = issue_detector.detect_issues(code, "javascript")
|
|
|
|
xss_issues = [i for i in issues if i.type == "xss"]
|
|
assert len(xss_issues) > 0
|
|
|
|
def test_detect_command_injection(self, issue_detector):
|
|
code = "os.system('rm -rf /tmp/' + user_input)"
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
cmd_issues = [i for i in issues if i.type == "command_injection"]
|
|
assert len(cmd_issues) > 0
|
|
|
|
def test_detect_eval_usage(self, issue_detector):
|
|
code = "result = eval(user_code)"
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
eval_issues = [i for i in issues if i.type == "code_injection"]
|
|
assert len(eval_issues) > 0
|
|
|
|
def test_detect_hardcoded_secret(self, issue_detector):
|
|
code = 'api_key = "sk-1234567890abcdef"'
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
secret_issues = [i for i in issues if i.type == "hardcoded_secret"]
|
|
assert len(secret_issues) > 0
|
|
|
|
def test_detect_insecure_http(self, issue_detector):
|
|
code = 'response = requests.get("http://api.example.com")'
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
http_issues = [i for i in issues if i.type == "insecure_transport"]
|
|
assert len(http_issues) > 0
|
|
|
|
def test_detect_weak_random(self, issue_detector):
|
|
code = "token = random.randint(0, 9999)"
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
crypto_issues = [i for i in issues if i.type == "weak_crypto"]
|
|
assert len(crypto_issues) > 0
|
|
|
|
def test_detect_bare_except(self, issue_detector):
|
|
code = """try:
|
|
dangerous_operation()
|
|
except:
|
|
pass"""
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
bare_except = [i for i in issues if i.type == "bare_except"]
|
|
assert len(bare_except) > 0
|
|
|
|
def test_detect_debug_statements(self, issue_detector):
|
|
code = "print('Debug: value =', value)"
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
debug_issues = [i for i in issues if i.type == "debug_statement"]
|
|
assert len(debug_issues) > 0
|
|
|
|
def test_detect_todo_comments(self, issue_detector):
|
|
code = "# TODO: Fix this later"
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
todo_issues = [i for i in issues if i.type == "code_tag"]
|
|
assert len(todo_issues) > 0
|
|
|
|
def test_detect_no_issues_in_clean_code(self, issue_detector):
|
|
code = """def calculate_sum(a, b):
|
|
result = a + b
|
|
return result
|
|
"""
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
assert len(issues) == 0
|
|
|
|
def test_issue_line_number(self, issue_detector):
|
|
code = """line1 = 1
|
|
line2 = 2
|
|
password = "secret"
|
|
"""
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
secret_issues = [i for i in issues if i.type == "hardcoded_secret"]
|
|
assert len(secret_issues) > 0
|
|
assert secret_issues[0].line == 3
|
|
|
|
def test_detect_diff_issues(self, issue_detector, sql_injection_diff):
|
|
old_code = "x = 1"
|
|
new_code = "x = 1\nquery = 'SELECT * FROM users WHERE id = ' + user_id"
|
|
|
|
issues = issue_detector.detect_diff_issues(old_code, new_code, "python")
|
|
|
|
assert isinstance(issues, list)
|
|
|
|
def test_suggest_improvements(self, issue_detector):
|
|
code = 'query = "SELECT * FROM users WHERE id = " + user_id'
|
|
suggestions = issue_detector.suggest_improvements(code, "python")
|
|
|
|
assert isinstance(suggestions, list)
|
|
assert len(suggestions) > 0
|
|
|
|
def test_check_security_patterns_only(self, issue_detector):
|
|
code = """password = "secret"
|
|
query = "SELECT * FROM users"
|
|
"""
|
|
issues = issue_detector.check_security_patterns(code)
|
|
|
|
assert all(i.severity in ['critical', 'high', 'medium'] for i in issues)
|
|
|
|
def test_check_code_quality_only(self, issue_detector):
|
|
code = """# TODO: fix later
|
|
print("debug")
|
|
"""
|
|
issues = issue_detector.check_code_quality(code)
|
|
|
|
assert all(i.severity == 'low' for i in issues)
|
|
|
|
def test_issue_has_suggestion(self, issue_detector):
|
|
code = 'password = "secret"'
|
|
issues = issue_detector.detect_issues(code, "python")
|
|
|
|
if issues:
|
|
assert issues[0].suggestion
|
|
|
|
|
|
class TestDetectIssuesFunction:
|
|
def test_detect_issues_function(self):
|
|
issues = detect_issues('password = "secret"', "python")
|
|
assert isinstance(issues, list)
|
|
|
|
def test_detect_issues_empty(self):
|
|
issues = detect_issues("def test():\n return 1", "python")
|
|
assert issues == []
|
|
|
|
def test_detect_issues_with_pass(self):
|
|
issues = detect_issues("def test(): pass", "python")
|
|
pass_issues = [i for i in issues if i.type == "empty_block"]
|
|
assert len(pass_issues) > 0
|
|
|
|
|
|
class TestSuggestImprovementsFunction:
|
|
def test_suggest_improvements_function(self):
|
|
suggestions = suggest_improvements('password = "secret"', "python")
|
|
assert isinstance(suggestions, list)
|
|
|
|
def test_suggest_improvements_clean_code(self):
|
|
suggestions = suggest_improvements("def test():\n return 1", "python")
|
|
assert suggestions == []
|
|
|
|
def test_suggest_improvements_with_pass(self):
|
|
suggestions = suggest_improvements("def test(): pass", "python")
|
|
assert len(suggestions) > 0
|
|
|
|
|
|
class TestIssueModel:
|
|
def test_issue_creation(self):
|
|
from gdiffer.issue_detector import Issue
|
|
|
|
issue = Issue(
|
|
type="test",
|
|
severity="high",
|
|
title="Test Issue",
|
|
description="Test description",
|
|
line=10,
|
|
suggestion="Fix this"
|
|
)
|
|
|
|
assert issue.type == "test"
|
|
assert issue.severity == "high"
|
|
assert issue.title == "Test Issue"
|
|
assert issue.line == 10
|
|
assert issue.suggestion == "Fix this"
|