kubernetes-operator/api/v1alpha2/jenkins_webhook_test.go

package v1alpha2

import (
	"errors"
	"testing"

	"github.com/stretchr/testify/assert"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestMakeSemanticVersion(t *testing.T) {
	t.Run("only major version specified", func(t *testing.T) {
		got := makeSemanticVersion("1")
		assert.Equal(t, got, "v1.0.0")
	})

	t.Run("major and minor version specified", func(t *testing.T) {
		got := makeSemanticVersion("1.2")
		assert.Equal(t, got, "v1.2.0")
	})

	t.Run("major,minor and patch version specified", func(t *testing.T) {
		got := makeSemanticVersion("1.2.3")
		assert.Equal(t, got, "v1.2.3")
	})

	t.Run("semantic versions begin with a leading v and no patch version", func(t *testing.T) {
		got := makeSemanticVersion("v2.5")
		assert.Equal(t, got, "v2.5.0")
	})

	t.Run("semantic versions with prerelease versions", func(t *testing.T) {
		got := makeSemanticVersion("2.1.2-alpha.1")
		assert.Equal(t, got, "v2.1.2-alpha.1")
	})

	t.Run("semantic versions with prerelease versions", func(t *testing.T) {
		got := makeSemanticVersion("0.11.2-9.c8b45b8bb173")
		assert.Equal(t, got, "v0.11.2-9.c8b45b8bb173")
	})

	t.Run("semantic versions with build suffix", func(t *testing.T) {
		got := makeSemanticVersion("1.7.9+meta")
		assert.Equal(t, got, "v1.7.9")
	})

	t.Run("invalid semantic version", func(t *testing.T) {
		got := makeSemanticVersion("google-login-1.2")
		assert.Equal(t, got, "")
	})
}

func TestCompareVersions(t *testing.T) {
	t.Run("Plugin Version lies between first and last version", func(t *testing.T) {
		got := compareVersions("1.2", "1.6", "1.4")
		assert.Equal(t, got, true)
	})
	t.Run("Plugin Version is greater than the last version", func(t *testing.T) {
		got := compareVersions("1", "2", "3")
		assert.Equal(t, got, false)
	})
	t.Run("Plugin Version is less than the first version", func(t *testing.T) {
		got := compareVersions("1.4", "2.5", "1.1")
		assert.Equal(t, got, false)
	})

	t.Run("Plugins Versions have prerelease version and it lies between first and last version", func(t *testing.T) {
		got := compareVersions("1.2.1-alpha", "1.2.1", "1.2.1-beta")
		assert.Equal(t, got, true)
	})

	t.Run("Plugins Versions have prerelease version and it is greater than the last version", func(t *testing.T) {
		got := compareVersions("v2.2.1-alpha", "v2.5.1-beta.1", "v2.5.1-beta.2")
		assert.Equal(t, got, false)
	})
}

func TestValidate(t *testing.T) {
	t.Run("Validating when plugins data file is not fetched", func(t *testing.T) {
		userplugins := []Plugin{{Name: "script-security", Version: "1.77"}, {Name: "git-client", Version: "3.9"}, {Name: "git", Version: "4.8.1"}, {Name: "plain-credentials", Version: "1.7"}}
		jenkinscr := *createJenkinsCR(userplugins, true)
		_, got := jenkinscr.ValidateCreate()
		assert.Equal(t, got, errors.New("plugins data has not been fetched"))
	})

	SecValidator.isCached = true
	t.Run("Validating a Jenkins CR with plugins not having security warnings and validation is turned on", func(t *testing.T) {
		SecValidator.PluginDataCache = PluginsInfo{Plugins: []PluginInfo{
			{Name: "security-script"},
			{Name: "git-client"},
			{Name: "git"},
			{Name: "google-login", SecurityWarnings: createSecurityWarnings("", "1.2")},
			{Name: "sample-plugin", SecurityWarnings: createSecurityWarnings("", "0.8")},
			{Name: "mailer"},
			{Name: "plain-credentials"}}}
		userplugins := []Plugin{{Name: "script-security", Version: "1.77"}, {Name: "git-client", Version: "3.9"}, {Name: "git", Version: "4.8.1"}, {Name: "plain-credentials", Version: "1.7"}}
		jenkinscr := *createJenkinsCR(userplugins, true)
		_, got := jenkinscr.ValidateCreate()
		assert.Nil(t, got)
	})

	t.Run("Validating a Jenkins CR with some of the plugins having security warnings and validation is turned on", func(t *testing.T) {
		SecValidator.PluginDataCache = PluginsInfo{Plugins: []PluginInfo{
			{Name: "security-script", SecurityWarnings: createSecurityWarnings("1.2", "2.2")},
			{Name: "workflow-cps", SecurityWarnings: createSecurityWarnings("2.59", "")},
			{Name: "git-client"},
			{Name: "git"},
			{Name: "sample-plugin", SecurityWarnings: createSecurityWarnings("0.8", "")},
			{Name: "command-launcher", SecurityWarnings: createSecurityWarnings("1.2", "1.4")},
			{Name: "plain-credentials"},
			{Name: "google-login", SecurityWarnings: createSecurityWarnings("1.1", "1.3")},
			{Name: "mailer", SecurityWarnings: createSecurityWarnings("1.0.3", "1.1.4")},
		}}
		userplugins := []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
		jenkinscr := *createJenkinsCR(userplugins, true)
		_, got := jenkinscr.ValidateCreate()
		assert.Equal(t, got, errors.New("security vulnerabilities detected in the following user-defined plugins: \nworkflow-cps:2.59\ngoogle-login:1.2\nmailer:1.1"))
	})

	t.Run("Updating a Jenkins CR with some of the plugins having security warnings and validation is turned on", func(t *testing.T) {
		SecValidator.PluginDataCache = PluginsInfo{Plugins: []PluginInfo{
			{Name: "handy-uri-templates-2-api", SecurityWarnings: createSecurityWarnings("2.1.8-1.0", "2.2.8-1.0")},
			{Name: "workflow-cps", SecurityWarnings: createSecurityWarnings("2.59", "")},
			{Name: "resource-disposer", SecurityWarnings: createSecurityWarnings("0.7", "1.2")},
			{Name: "git"},
			{Name: "jjwt-api"},
			{Name: "blueocean-github-pipeline", SecurityWarnings: createSecurityWarnings("1.2.0-alpha-2", "1.2.0-beta-5")},
			{Name: "command-launcher", SecurityWarnings: createSecurityWarnings("1.2", "1.4")},
			{Name: "plain-credentials"},
			{Name: "ghprb", SecurityWarnings: createSecurityWarnings("1.1", "1.43")},
			{Name: "mailer", SecurityWarnings: createSecurityWarnings("1.0.3", "1.1.4")},
		}}

		userplugins := []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
		oldjenkinscr := *createJenkinsCR(userplugins, true)

		userplugins = []Plugin{{Name: "handy-uri-templates-2-api", Version: "2.1.8-1.0"}, {Name: "resource-disposer", Version: "0.8"}, {Name: "jjwt-api", Version: "0.11.2-9.c8b45b8bb173"}, {Name: "blueocean-github-pipeline", Version: "1.2.0-beta-3"}, {Name: "ghprb", Version: "1.39"}}
		newjenkinscr := *createJenkinsCR(userplugins, true)
		_, got := newjenkinscr.ValidateUpdate(&oldjenkinscr)
		assert.Equal(t, got, errors.New("security vulnerabilities detected in the following user-defined plugins: \nhandy-uri-templates-2-api:2.1.8-1.0\nresource-disposer:0.8\nblueocean-github-pipeline:1.2.0-beta-3\nghprb:1.39"))
	})

	t.Run("Validation is turned off", func(t *testing.T) {
		userplugins := []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
		jenkinscr := *createJenkinsCR(userplugins, false)
		_, got := jenkinscr.ValidateCreate()
		assert.Nil(t, got)

		userplugins = []Plugin{{Name: "google-login", Version: "1.2"}, {Name: "mailer", Version: "1.1"}, {Name: "git", Version: "4.8.1"}, {Name: "command-launcher", Version: "1.6"}, {Name: "workflow-cps", Version: "2.59"}}
		newjenkinscr := *createJenkinsCR(userplugins, false)
		_, got = newjenkinscr.ValidateUpdate(&jenkinscr)
		assert.Nil(t, got)
	})
}

func createJenkinsCR(userPlugins []Plugin, validateSecurityWarnings bool) *Jenkins {
	jenkins := &Jenkins{
		TypeMeta: JenkinsTypeMeta(),
		ObjectMeta: metav1.ObjectMeta{
			Name:      "jenkins",
			Namespace: "test",
		},
		Spec: JenkinsSpec{
			Master: JenkinsMaster{
				Plugins:               userPlugins,
				DisableCSRFProtection: false,
			},
			ValidateSecurityWarnings: validateSecurityWarnings,
		},
	}

	return jenkins
}

func createSecurityWarnings(firstVersion string, lastVersion string) []Warning {
	return []Warning{{Versions: []Version{{FirstVersion: firstVersion, LastVersion: lastVersion}}, ID: "null", Message: "unit testing", URL: "null", Active: false}}
}