use syncable_cli::analyzer::dependency_parser::{DependencyParser, Language, DependencyInfo, DependencyType};
use syncable_cli::analyzer::vulnerability_checker::{VulnerabilityChecker, VulnerabilitySeverity};
use std::collections::HashMap;
use std::path::Path;
#[tokio::test]
async fn test_vulnerability_checking_all_languages() {
let _ = env_logger::try_init();
let mut dependencies = HashMap::new();
dependencies.insert(Language::Rust, vec![
DependencyInfo {
name: "tokio".to_string(),
version: "1.0.0".to_string(),
dep_type: DependencyType::Production,
license: "MIT".to_string(),
source: Some("crates.io".to_string()),
language: Language::Rust,
},
DependencyInfo {
name: "serde".to_string(),
version: "1.0.0".to_string(),
dep_type: DependencyType::Production,
license: "MIT/Apache-2.0".to_string(),
source: Some("crates.io".to_string()),
language: Language::Rust,
},
]);
dependencies.insert(Language::JavaScript, vec![
DependencyInfo {
name: "express".to_string(),
version: "4.17.1".to_string(),
dep_type: DependencyType::Production,
license: "MIT".to_string(),
source: Some("npm".to_string()),
language: Language::JavaScript,
},
DependencyInfo {
name: "lodash".to_string(),
version: "4.17.20".to_string(),
dep_type: DependencyType::Production,
license: "MIT".to_string(),
source: Some("npm".to_string()),
language: Language::JavaScript,
},
]);
dependencies.insert(Language::Python, vec![
DependencyInfo {
name: "django".to_string(),
version: "3.0.0".to_string(),
dep_type: DependencyType::Production,
license: "BSD".to_string(),
source: Some("pypi".to_string()),
language: Language::Python,
},
DependencyInfo {
name: "requests".to_string(),
version: "2.25.0".to_string(),
dep_type: DependencyType::Production,
license: "Apache-2.0".to_string(),
source: Some("pypi".to_string()),
language: Language::Python,
},
]);
dependencies.insert(Language::Go, vec![
DependencyInfo {
name: "github.com/gin-gonic/gin".to_string(),
version: "v1.7.0".to_string(),
dep_type: DependencyType::Production,
license: "MIT".to_string(),
source: Some("go modules".to_string()),
language: Language::Go,
},
]);
dependencies.insert(Language::Java, vec![
DependencyInfo {
name: "org.springframework.boot:spring-boot-starter-web".to_string(),
version: "2.5.0".to_string(),
dep_type: DependencyType::Production,
license: "Apache-2.0".to_string(),
source: Some("maven".to_string()),
language: Language::Java,
},
DependencyInfo {
name: "com.fasterxml.jackson.core:jackson-databind".to_string(),
version: "2.12.0".to_string(),
dep_type: DependencyType::Production,
license: "Apache-2.0".to_string(),
source: Some("maven".to_string()),
language: Language::Java,
},
]);
let checker = VulnerabilityChecker::new();
let project_path = Path::new(".");
match checker.check_all_dependencies(&dependencies, project_path).await {
Ok(report) => {
println!("\n📊 Vulnerability Check Test Results");
println!("=====================================");
println!("Checked at: {}", report.checked_at.format("%Y-%m-%d %H:%M:%S UTC"));
println!("Total vulnerabilities found: {}", report.total_vulnerabilities);
if report.total_vulnerabilities > 0 {
println!("\nSeverity breakdown:");
if report.critical_count > 0 {
println!(" CRITICAL: {}", report.critical_count);
}
if report.high_count > 0 {
println!(" HIGH: {}", report.high_count);
}
if report.medium_count > 0 {
println!(" MEDIUM: {}", report.medium_count);
}
if report.low_count > 0 {
println!(" LOW: {}", report.low_count);
}
println!("\nVulnerable dependencies by language:");
let mut by_language: HashMap<Language, Vec<&syncable_cli::analyzer::vulnerability_checker::VulnerableDependency>> = HashMap::new();
for vuln_dep in &report.vulnerable_dependencies {
by_language.entry(vuln_dep.language.clone()).or_insert_with(Vec::new).push(vuln_dep);
}
for (lang, deps) in by_language {
println!("\n{:?}:", lang);
for dep in deps {
println!(" - {} v{} ({} vulnerabilities)", dep.name, dep.version, dep.vulnerabilities.len());
for vuln in &dep.vulnerabilities {
println!(" • {} [{:?}] - {}", vuln.id, vuln.severity, vuln.title);
}
}
}
} else {
println!("\n✅ No vulnerabilities found in test dependencies!");
}
assert!(true, "Vulnerability checking completed successfully for all languages");
}
Err(e) => {
eprintln!("Error during vulnerability check: {}", e);
println!("\n⚠️ Some vulnerability checking tools may not be installed");
println!("For full vulnerability checking, install:");
println!(" - cargo-audit (Rust): cargo install cargo-audit");
println!(" - npm (JavaScript): comes with Node.js");
println!(" - pip-audit (Python): pip install pip-audit");
println!(" - govulncheck (Go): go install golang.org/x/vuln/cmd/govulncheck@latest");
println!(" - dependency-check (Java): https://owasp.org/www-project-dependency-check/");
}
}
}
#[test]
fn test_severity_comparison() {
assert!(VulnerabilitySeverity::Critical > VulnerabilitySeverity::High);
assert!(VulnerabilitySeverity::High > VulnerabilitySeverity::Medium);
assert!(VulnerabilitySeverity::Medium > VulnerabilitySeverity::Low);
assert!(VulnerabilitySeverity::Low > VulnerabilitySeverity::Info);
}
#[test]
fn test_language_support() {
let supported_languages = vec![
Language::Rust,
Language::JavaScript,
Language::TypeScript,
Language::Python,
Language::Go,
Language::Java,
Language::Kotlin,
];
for lang in supported_languages {
println!("✓ {} vulnerability checking is supported", lang.as_str());
}
}