socket-patch-cli 2.1.2

CLI binary for socket-patch: apply, rollback, get, scan security patches
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

#![cfg(feature = "nuget")]
//! End-to-end tests for the NuGet/.NET package patching lifecycle.
//!
//! These tests exercise crawling against a temporary directory with fake
//! NuGet package layouts.  They do **not** require network access or a real
//! .NET installation.
//!
//! # Running
//! ```sh
//! cargo test -p socket-patch-cli --features nuget --test e2e_nuget
//! ```

use std::path::PathBuf;
use std::process::{Command, Output};

// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------

fn binary() -> PathBuf {
    env!("CARGO_BIN_EXE_socket-patch").into()
}

fn run(args: &[&str], cwd: &std::path::Path, nuget_packages: &std::path::Path) -> Output {
    Command::new(binary())
        .args(args)
        .current_dir(cwd)
        .env("NUGET_PACKAGES", nuget_packages)
        .output()
        .expect("Failed to run socket-patch binary")
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

/// Verify that `socket-patch scan` discovers packages in a fake global cache layout.
#[test]
fn scan_discovers_global_cache_packages() {
    let dir = tempfile::tempdir().unwrap();

    // Set up a fake global NuGet cache: <name>/<version>/ with .nuspec
    let nuget_cache = dir.path().join("nuget-cache");

    let nj_dir = nuget_cache.join("newtonsoft.json").join("13.0.3");
    std::fs::create_dir_all(nj_dir.join("lib")).unwrap();
    std::fs::write(
        nj_dir.join("newtonsoft.json.nuspec"),
        r#"<package><metadata><id>Newtonsoft.Json</id><version>13.0.3</version></metadata></package>"#,
    )
    .unwrap();

    let stj_dir = nuget_cache.join("system.text.json").join("8.0.0");
    std::fs::create_dir_all(&stj_dir).unwrap();
    std::fs::write(
        stj_dir.join("system.text.json.nuspec"),
        r#"<package><metadata><id>System.Text.Json</id><version>8.0.0</version></metadata></package>"#,
    )
    .unwrap();

    // Create a .csproj so it's recognized as a .NET project
    let project_dir = dir.path().join("project");
    std::fs::create_dir_all(&project_dir).unwrap();
    std::fs::write(project_dir.join("MyApp.csproj"), "<Project/>").unwrap();

    let output = run(
        &["scan", "--cwd", project_dir.to_str().unwrap()],
        &project_dir,
        &nuget_cache,
    );
    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);
    let combined = format!("{stdout}{stderr}");

    assert!(
        combined.contains("Found") || combined.contains("packages"),
        "Expected scan to discover NuGet packages, got:\n{combined}"
    );
}

/// Verify that `socket-patch scan` discovers packages in a fake legacy packages/ layout.
#[test]
fn scan_discovers_legacy_packages() {
    let dir = tempfile::tempdir().unwrap();
    let project_dir = dir.path().join("project");
    std::fs::create_dir_all(&project_dir).unwrap();

    // Create a .csproj
    std::fs::write(project_dir.join("MyApp.csproj"), "<Project/>").unwrap();

    // Set up legacy packages/ directory
    let packages_dir = project_dir.join("packages");

    let nj_dir = packages_dir.join("Newtonsoft.Json.13.0.3");
    std::fs::create_dir_all(nj_dir.join("lib")).unwrap();
    std::fs::write(
        nj_dir.join("Newtonsoft.Json.nuspec"),
        r#"<package><metadata><id>Newtonsoft.Json</id><version>13.0.3</version></metadata></package>"#,
    )
    .unwrap();

    // Use the packages dir itself as NUGET_PACKAGES (though legacy is found via cwd)
    let output = run(
        &["scan", "--cwd", project_dir.to_str().unwrap()],
        &project_dir,
        &packages_dir,
    );
    let stderr = String::from_utf8_lossy(&output.stderr);
    let stdout = String::from_utf8_lossy(&output.stdout);
    let combined = format!("{stdout}{stderr}");

    assert!(
        combined.contains("Found") || combined.contains("packages"),
        "Expected scan to discover legacy NuGet packages, got:\n{combined}"
    );
}