Adding some tests for multiple uv.lock files

owenlamont · Dec 22, 2024 · f6094d9 · f6094d9
1 parent 3640bae
commit f6094d9
Showing 1 changed file with 69 additions and 0 deletions.
diff --git a/tests/uv_secure/test_run.py b/tests/uv_secure/test_run.py
@@ -24,6 +24,22 @@ def temp_uv_lock_file(tmp_path: Path) -> Path:
     return uv_lock_path
 
 
+@pytest.fixture
+def temp_nested_uv_lock_file(tmp_path: Path) -> Path:
+    """Fixture to create a temporary uv.lock file with a single dependency."""
+    nested_uv_lock_path = tmp_path / "nested_project"
+    nested_uv_lock_path.mkdir()
+    uv_lock_path = nested_uv_lock_path / "uv.lock"
+    uv_lock_data = """
+    [[package]]
+    name = "example-package"
+    version = "2.0.0"
+    source = { registry = "https://pypi.org/simple" }
+    """
+    uv_lock_path.write_text(uv_lock_data)
+    return uv_lock_path
+
+
 def test_app_version() -> None:
     result = runner.invoke(app, "--version")
     assert result.exit_code == 0
@@ -77,3 +93,56 @@ def test_check_dependencies_with_vulnerability(
     assert "VULN-123" in result.output
     assert "A critical vulnerability in" in result.output
     assert "example-package." in result.output
+
+
+def test_app_multiple_lock_files_no_vulnerabilities(
+    temp_uv_lock_file: Path, temp_nested_uv_lock_file: Path, httpx_mock: HTTPXMock
+) -> None:
+    """Test check_dependencies with a single dependency and no vulnerabilities."""
+    # Mock PyPI JSON API response with no vulnerabilities
+    httpx_mock.add_response(
+        url="https://pypi.org/pypi/example-package/1.0.0/json",
+        json={"vulnerabilities": []},
+    )
+    httpx_mock.add_response(
+        url="https://pypi.org/pypi/example-package/2.0.0/json",
+        json={"vulnerabilities": []},
+    )
+
+    result = runner.invoke(app, [str(temp_uv_lock_file), str(temp_nested_uv_lock_file)])
+
+    # Assertions
+    assert result.exit_code == 0
+    assert result.output.count("No vulnerabilities detected!") == 2
+    assert result.output.count("Checked: 1 dependency") == 2
+    assert result.output.count("All dependencies appear safe!") == 2
+    assert result.output.count("nested_project") == 1
+
+
+def test_app_multiple_lock_files_one_vulnerabilities(
+    temp_uv_lock_file: Path, temp_nested_uv_lock_file: Path, httpx_mock: HTTPXMock
+) -> None:
+    """Test check_dependencies with a single dependency and no vulnerabilities."""
+    # Mock PyPI JSON API response with no vulnerabilities
+    httpx_mock.add_response(
+        url="https://pypi.org/pypi/example-package/1.0.0/json",
+        json={"vulnerabilities": []},
+    )
+    httpx_mock.add_response(
+        url="https://pypi.org/pypi/example-package/2.0.0/json",
+        json={
+            "vulnerabilities": [
+                {
+                    "id": "VULN-123",
+                    "details": "A critical vulnerability in example-package.",
+                    "fixed_in": ["1.0.1"],
+                    "link": "https://example.com/vuln-123",
+                }
+            ]
+        },
+    )
+
+    result = runner.invoke(app, [str(temp_uv_lock_file), str(temp_nested_uv_lock_file)])
+    assert result.exit_code == 1
+    assert result.output.count("No vulnerabilities detected!") == 1
+    assert result.output.count("Vulnerabilities detected!") == 1