Coverage for tests / integration / tools / osv_scanner / test_check.py: 100%

28 statements  

« prev     ^ index     » next       coverage.py v7.13.0, created at 2026-04-03 18:53 +0000

1"""Integration tests for OsvScannerPlugin check command.""" 

2 

3from __future__ import annotations 

4 

5import shutil 

6from collections.abc import Callable 

7from pathlib import Path 

8from typing import TYPE_CHECKING 

9 

10import pytest 

11from assertpy import assert_that 

12 

13if TYPE_CHECKING: 

14 from lintro.plugins.base import BaseToolPlugin 

15 

16# Skip all tests if osv-scanner is not installed 

17pytestmark = pytest.mark.skipif( 

18 shutil.which("osv-scanner") is None, 

19 reason="osv-scanner not installed", 

20) 

21 

22 

23def test_check_file_with_vulnerabilities( 

24 get_plugin: Callable[[str], BaseToolPlugin], 

25 osv_violation_file: str, 

26) -> None: 

27 """Verify osv-scanner detects vulnerabilities in known-vulnerable packages. 

28 

29 Uses the osv_scanner_violations.txt fixture which contains packages 

30 with known CVEs (requests==2.25.0, flask==2.0.0, django==3.2.0). 

31 

32 Args: 

33 get_plugin: Fixture factory to get plugin instances. 

34 osv_violation_file: Path to vulnerable lockfile from test_samples. 

35 """ 

36 plugin = get_plugin("osv_scanner") 

37 result = plugin.check([osv_violation_file], {}) 

38 

39 assert_that(result).is_not_none() 

40 assert_that(result.name).is_equal_to("osv_scanner") 

41 assert_that(result.success).is_false() 

42 assert_that(result.issues_count).is_greater_than(0) 

43 

44 

45def test_check_clean_file( 

46 get_plugin: Callable[[str], BaseToolPlugin], 

47 osv_clean_file: str, 

48) -> None: 

49 """Verify osv-scanner passes on a lockfile with no known vulnerabilities. 

50 

51 Args: 

52 get_plugin: Fixture factory to get plugin instances. 

53 osv_clean_file: Path to clean lockfile from test_samples. 

54 """ 

55 plugin = get_plugin("osv_scanner") 

56 result = plugin.check([osv_clean_file], {}) 

57 

58 assert_that(result).is_not_none() 

59 assert_that(result.name).is_equal_to("osv_scanner") 

60 assert_that(result.success).is_true() 

61 assert_that(result.issues_count).is_equal_to(0) 

62 

63 

64def test_check_empty_directory( 

65 get_plugin: Callable[[str], BaseToolPlugin], 

66 tmp_path: Path, 

67) -> None: 

68 """Verify osv-scanner check handles empty directories gracefully. 

69 

70 osv-scanner --recursive returns non-zero when no lockfiles are found, 

71 so success may be False. The key assertion is no vulnerabilities. 

72 

73 Args: 

74 get_plugin: Fixture factory to get plugin instances. 

75 tmp_path: Pytest fixture providing a temporary directory. 

76 """ 

77 plugin = get_plugin("osv_scanner") 

78 result = plugin.check([str(tmp_path)], {}) 

79 

80 assert_that(result).is_not_none() 

81 assert_that(result.name).is_equal_to("osv_scanner") 

82 assert_that(result.issues_count).is_equal_to(0)