Skip to content

Commit

Permalink
Tests and Trivy Update
Browse files Browse the repository at this point in the history
  • Loading branch information
Christopher-walsh22 committed Jul 25, 2024
1 parent 3d8b129 commit 96913a8
Show file tree
Hide file tree
Showing 21 changed files with 593 additions and 530 deletions.
68 changes: 34 additions & 34 deletions .github/workflows/analysis.yaml
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
# name: Analysis
name: Analysis

# on:
# push:
# branches: [main]
# pull_request:
# types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
# schedule:
# - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
# workflow_dispatch:
on:
push:
branches: [main]
pull_request:
types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
schedule:
- cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
workflow_dispatch:

# concurrency:
# group: ${{ github.workflow }}-${{ github.ref }}
# cancel-in-progress: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

# jobs:
# # https://github.com/marketplace/actions/aqua-security-trivy
# trivy:
# name: Trivy Security Scan
# if: ${{ ! github.event.pull_request.draft }}
# runs-on: ubuntu-22.04
# timeout-minutes: 1
# steps:
# - uses: actions/checkout@v4
# - name: Run Trivy vulnerability scanner in repo mode
# uses: aquasecurity/trivy-action@0.22.0
# with:
# format: "sarif"
# output: "trivy-results.sarif"
# ignore-unfixed: true
# scan-type: "fs"
# scanners: "vuln,secret,config"
# severity: "CRITICAL,HIGH"
jobs:
# https://github.com/marketplace/actions/aqua-security-trivy
trivy:
name: Trivy Security Scan
if: ${{ ! github.event.pull_request.draft }}
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.53.0
with:
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
scan-type: "fs"
scanners: "vuln,secret,config"
severity: "CRITICAL,HIGH"

# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: "trivy-results.sarif"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
1 change: 1 addition & 0 deletions arSam/__tests__/mock_data.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
},
{
"sk": "HIST",
"orcs": "NA",
"subAreas": [
{
"name": "LEGACY SUBAREA",
Expand Down
8 changes: 5 additions & 3 deletions arSam/__tests__/settings.js
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
const REGION = process.env.AWS_REGION || 'local';
const ENDPOINT = 'http://localhost:8000';
const REGION = process.env.AWS_REGION || 'local-env';
const ENDPOINT = 'http://172.17.0.2:8000';
const TABLE_NAME = process.env.TABLE_NAME || 'ParksAr-tests';
const CONFIG_TABLE_NAME = process.env.CONFIG_TABLE_NAME || 'ConfigAr-tests';
const NAME_CACHE_TABLE_NAME = process.env.NAME_CACHE_TABLE_NAME || 'NameCacheAr-tests';


module.exports = {
REGION,
ENDPOINT,
TABLE_NAME,
CONFIG_TABLE_NAME,
NAME_CACHE_TABLE_NAME,
NAME_CACHE_TABLE_NAME
};

78 changes: 60 additions & 18 deletions arSam/__tests__/setup.js
Original file line number Diff line number Diff line change
@@ -1,19 +1,16 @@
const { DynamoDB } = require('@aws-sdk/client-dynamodb');
const { DynamoDBClient, CreateTableCommand, DeleteTableCommand } = require('@aws-sdk/client-dynamodb');
const { REGION, ENDPOINT } = require('./settings');
const crypto = require('crypto');

const { REGION, ENDPOINT, TABLE_NAME, CONFIG_TABLE_NAME, NAME_CACHE_TABLE_NAME } = require('./settings');

module.exports = async () => {
dynamoDb = new DynamoDB({
async function createDB (TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME) {
dynamoDb = new DynamoDBClient({
region: REGION,
endpoint: ENDPOINT
});

// TODO: This should pull in the JSON version of our serverless.yml!

try {
console.log("Creating main table.");
await dynamoDb
.createTable({
let params = {
TableName: TABLE_NAME,
KeySchema: [
{
Expand Down Expand Up @@ -61,11 +58,12 @@ module.exports = async () => {
}
}
]
});
}


await dynamoDb.send(new CreateTableCommand(params));

console.log("Creating name-cache table.");
await dynamoDb
.createTable({
params = {
TableName: NAME_CACHE_TABLE_NAME,
KeySchema: [
{
Expand All @@ -83,11 +81,11 @@ module.exports = async () => {
ReadCapacityUnits: 1,
WriteCapacityUnits: 1
}
});

console.log("Creating config table.");
await dynamoDb
.createTable({
}
await dynamoDb.send(new CreateTableCommand(params))

params = {
TableName: CONFIG_TABLE_NAME,
KeySchema: [
{
Expand All @@ -105,8 +103,52 @@ module.exports = async () => {
ReadCapacityUnits: 1,
WriteCapacityUnits: 1
}
});
}
await dynamoDb.send(new CreateTableCommand(params));

} catch (err) {
console.log(err);
}
};

function getHashedText(text) {
return crypto.createHash('md5').update(text).digest('hex');
}

async function deleteDB(TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME) {
const dynamoDb = new DynamoDBClient({
region: REGION,
endpoint: ENDPOINT
});

try {
//Delete Main Table
let param = {
TableName: TABLE_NAME
};

await dynamoDb.send(new DeleteTableCommand(param));

//Delete NameChache Table
param = {
TableName: NAME_CACHE_TABLE_NAME
};
await dynamoDb.send(new DeleteTableCommand(param));

//Delete Config Table
param = {
TableName: CONFIG_TABLE_NAME
};
await dynamoDb.send(new DeleteTableCommand(param));


} catch (err) {
console.log(err);
}
}

module.exports = {
createDB,
getHashedText,
deleteDB
}
76 changes: 43 additions & 33 deletions arSam/handlers/activity/__tests__/activity.test.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
const { DynamoDBClient, PutItemCommand, GetItemCommand } = require('@aws-sdk/client-dynamodb');
const { marshall, unmarshall } = require('@aws-sdk/util-dynamodb');
const { REGION, ENDPOINT, TABLE_NAME } = require("../../../__tests__/settings");
const { REGION, ENDPOINT } = require("../../../__tests__/settings");
const {
PARKSLIST,
SUBAREAS,
Expand All @@ -9,6 +9,7 @@ const {
FISCAL_YEAR_LOCKS,
} = require("../../../__tests__/mock_data.json");

const { getHashedText, deleteDB, createDB } = require("../../../__tests__/setup");
const jwt = require("jsonwebtoken");
const token = jwt.sign(
{ resource_access: { "attendance-and-revenue": { roles: ["sysadmin"] } } },
Expand All @@ -18,52 +19,63 @@ const emptyRole = {
resource_access: { "attendance-and-revenue": { roles: [""] } },
};

async function setupDb() {
docClient = new DynamoDBClient({
region: REGION,
endpoint: ENDPOINT,
convertEmptyValues: true,
});
async function setupDb(tableName) {

for (const item of PARKSLIST) {
await genericPutDocument(item);
await genericPutDocument(item, tableName);
}
for (const item of SUBAREAS) {
await genericPutDocument(item);
await genericPutDocument(item, tableName);
}
for (const item of SUBAREA_ENTRIES) {
await genericPutDocument(item);
await genericPutDocument(item, tableName);
}
for (const item of CONFIG_ENTRIES) {
await genericPutDocument(item);
await genericPutDocument(item, tableName);
}
for (const item of FISCAL_YEAR_LOCKS) {
await genericPutDocument(item);
await genericPutDocument(item, tableName);
}
}

async function genericPutDocument(item) {
async function genericPutDocument(item, TABLE_NAME) {

const dynamoClient = new DynamoDBClient({
region: REGION,
endpoint: ENDPOINT
});

const input = {
Item: marshall(item, { convertEmptyValues: true }),
Item: marshall(item),
TableName: TABLE_NAME,
};
const command = new PutItemCommand(input);
return await docClient.send(command);
return await dynamoClient.send(command);
}

describe("Activity Test", () => {
const OLD_ENV = process.env;
let hash
let TABLE_NAME
let NAME_CACHE_TABLE_NAME
let CONFIG_TABLE_NAME

beforeEach(async () => {
jest.resetModules();
process.env = { ...OLD_ENV }; // Make a copy of environment
hash = getHashedText(expect.getState().currentTestName);
process.env.TABLE_NAME = hash
TABLE_NAME = process.env.TABLE_NAME;
NAME_CACHE_TABLE_NAME = TABLE_NAME.concat("-nameCache");
CONFIG_TABLE_NAME = TABLE_NAME.concat("-config");
await createDB(TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME);
await setupDb(TABLE_NAME);
});

afterEach(() => {
deleteDB(TABLE_NAME, NAME_CACHE_TABLE_NAME, CONFIG_TABLE_NAME);
process.env = OLD_ENV; // Restore old environment
});

beforeAll(async () => {
return await setupDb();

});

test("Handler - 200 GET specific activity entry", async () => {
Expand Down Expand Up @@ -172,6 +184,10 @@ describe("Activity Test", () => {
});

test("HandlePost - 200 POST handle Activity/Variances", async () => {
const dynamoClient = new DynamoDBClient({
region: REGION,
endpoint: ENDPOINT
});
const activityPOST = require("../POST/index");
// Setup the first record
const response = await activityPOST.handlePost(
Expand Down Expand Up @@ -216,7 +232,7 @@ describe("Activity Test", () => {
TableName: TABLE_NAME,
};
const command = new GetItemCommand(input);
const doc = await docClient.send(command);
const doc = await dynamoClient.send(command);
expect(doc?.Item).toBe(undefined);


Expand Down Expand Up @@ -264,7 +280,7 @@ describe("Activity Test", () => {
TableName: TABLE_NAME,
};
const command2 = new GetItemCommand(input2);
const doc2 = await docClient.send(command2);
const doc2 = await dynamoClient.send(command2);
expect(unmarshall(doc2?.Item)).toEqual({
parkName: 'Cultus Lake Park',
orcs: '0041',
Expand Down Expand Up @@ -433,11 +449,10 @@ describe("Activity Test", () => {
},
null
);

expect(response.statusCode).toBe(400);
});

test("HandleLock - 200 POST lock record", async () => {
test("HandleLock/PostToLocked/Unlock - 200-409-200", async () => {
const activityPOST = require("../POST/index");
const response = await activityPOST.handleLock(
{
Expand All @@ -461,11 +476,8 @@ describe("Activity Test", () => {
null
);
expect(response.statusCode).toBe(200);
});

test("HandlePost - 409 POST to locked record", async () => {
const activityPOST = require("../POST/index");
const response = await activityPOST.handlePost(
const response2 = await activityPOST.handlePost(
{
headers: {
Authorization: "Bearer " + token,
Expand All @@ -486,12 +498,10 @@ describe("Activity Test", () => {
},
null
);
expect(response.statusCode).toBe(409);
});
expect(response2.statusCode).toBe(409);

test("HandleUnlock - 200 POST unlock record", async () => {
const activityPOST = require("../POST/index");
const response = await activityPOST.handleUnlock(

const response3 = await activityPOST.handleUnlock(
{
headers: {
Authorization: "Bearer " + token,
Expand All @@ -512,7 +522,7 @@ describe("Activity Test", () => {
},
null
);
expect(response.statusCode).toBe(200);
expect(response3.statusCode).toBe(200);
});

test("Handler - 403 POST to locked fiscal year", async () => {
Expand Down
Loading

0 comments on commit 96913a8

Please sign in to comment.