1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/*
* SonarQube
* Copyright (C) 2009-2022 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the Free Software Foundation,
* Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
import { Standards } from '../../types/security';
import {
renderCWECategory,
renderOwaspTop10Category,
renderSansTop25Category,
renderSonarSourceSecurityCategory
} from '../security-standard';
describe('renderCWECategory', () => {
const standards: Standards = {
cwe: {
'1004': {
title: "Sensitive Cookie Without 'HttpOnly' Flag"
},
unknown: {
title: 'No CWE associated'
}
},
owaspTop10: {},
sansTop25: {},
sonarsourceSecurity: {}
};
it('should render cwe categories correctly', () => {
expect(renderCWECategory(standards, '1004')).toEqual(
"CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag"
);
expect(renderCWECategory(standards, '124')).toEqual('CWE-124');
expect(renderCWECategory(standards, 'unknown')).toEqual('No CWE associated');
});
});
describe('renderOwaspTop10Category', () => {
const standards: Standards = {
cwe: {},
owaspTop10: {
a1: {
title: 'Injection'
}
},
sansTop25: {},
sonarsourceSecurity: {}
};
it('should render owasp categories correctly', () => {
expect(renderOwaspTop10Category(standards, 'a1')).toEqual('A1 - Injection');
expect(renderOwaspTop10Category(standards, 'a1', true)).toEqual('OWASP A1 - Injection');
expect(renderOwaspTop10Category(standards, 'a2')).toEqual('A2');
expect(renderOwaspTop10Category(standards, 'a2', true)).toEqual('OWASP A2');
});
});
describe('renderSansTop25Category', () => {
const standards: Standards = {
cwe: {},
owaspTop10: {},
sansTop25: {
'insecure-interaction': {
title: 'Insecure Interaction Between Components'
}
},
sonarsourceSecurity: {}
};
it('should render sans categories correctly', () => {
expect(renderSansTop25Category(standards, 'insecure-interaction')).toEqual(
'Insecure Interaction Between Components'
);
expect(renderSansTop25Category(standards, 'insecure-interaction', true)).toEqual(
'SANS Insecure Interaction Between Components'
);
expect(renderSansTop25Category(standards, 'unknown')).toEqual('unknown');
expect(renderSansTop25Category(standards, 'unknown', true)).toEqual('SANS unknown');
});
});
describe('renderSonarSourceSecurityCategory', () => {
const standards: Standards = {
cwe: {},
owaspTop10: {},
sansTop25: {},
sonarsourceSecurity: {
xss: {
title: 'Cross-Site Scripting (XSS)'
},
others: {
title: 'Others'
}
}
};
it('should render sonarsource categories correctly', () => {
expect(renderSonarSourceSecurityCategory(standards, 'xss')).toEqual(
'Cross-Site Scripting (XSS)'
);
expect(renderSonarSourceSecurityCategory(standards, 'xss', true)).toEqual(
'SONAR Cross-Site Scripting (XSS)'
);
expect(renderSonarSourceSecurityCategory(standards, 'others')).toEqual('Others');
expect(renderSonarSourceSecurityCategory(standards, 'others', true)).toEqual('Others');
});
});
|
