From 840efd2ac0512014a70ef0c23de1eb1dba157e9d Mon Sep 17 00:00:00 2001 From: as14692 Date: Sun, 5 May 2024 21:43:23 -0700 Subject: [PATCH] fix: Renaming test project manifest files to avoid security scanning Why: To prevent deprecated/vulnerable library dependencies in sample projects from being flagged during security scanning, as these sample projects are not intended for production use but needed to run integration tests. How: Renaming all manifest files (e.g., pom.xml, package.json, requirements.txt, Gemfile) to a placeholder name (_PLACEHOLDER) and renaming them back with the correct name during the integration test setup. --- Test.ps1 | 12 ++++++++++++ .../{sample.csproj => sample_csproj_PLACEHOLDER} | 0 .../compatible/{go.mod => go_mod_PLACEHOLDER} | 0 .../incompatible/{go.mod => go_mod_PLACEHOLDER} | 0 .../java-samples/{pom.xml => pom_xml_PLACEHOLDER} | 0 .../{package.json => package_json_PLACEHOLDER} | 0 ...requirements.txt => requirements_txt_PLACEHOLDER} | 0 ...requirements.txt => requirements_txt_PLACEHOLDER} | 0 .../ruby-samples/{Gemfile => Gemfile_PLACEHOLDER} | 0 test.sh | 12 ++++++++++++ 10 files changed, 24 insertions(+) rename sample-projects/dotnet-samples/{sample.csproj => sample_csproj_PLACEHOLDER} (100%) rename sample-projects/go-samples/compatible/{go.mod => go_mod_PLACEHOLDER} (100%) rename sample-projects/go-samples/incompatible/{go.mod => go_mod_PLACEHOLDER} (100%) rename sample-projects/java-samples/{pom.xml => pom_xml_PLACEHOLDER} (100%) rename sample-projects/node-samples/{package.json => package_json_PLACEHOLDER} (100%) rename sample-projects/python-samples/compatible/{requirements.txt => requirements_txt_PLACEHOLDER} (100%) rename sample-projects/python-samples/incompatible/{requirements.txt => requirements_txt_PLACEHOLDER} (100%) rename sample-projects/ruby-samples/{Gemfile => Gemfile_PLACEHOLDER} (100%) diff --git a/Test.ps1 b/Test.ps1 index e3f286c..0d7ef2f 100644 --- a/Test.ps1 +++ b/Test.ps1 @@ -9,6 +9,18 @@ if($LASTEXITCODE -ne 0) { throw "*ERROR**: failed to initialize Python Virtual Environment" } +# Rename all project manifests to correct format. +# This is done to avoid security scanning them for deprecated/vulnerable library dependencies +# These sample projects are not intended to be used in production, but are used for testing +Rename-Item -Path "./sample-projects/dotnet-samples/sample_csproj_PLACEHOLDER" -NewName "sample.csproj" +Rename-Item -Path "./sample-projects/go-samples/compatible/go_mod_PLACEHOLDER" -NewName "go.mod" +Rename-Item -Path "./sample-projects/go-samples/incompatible/go_mod_PLACEHOLDER" -NewName "go.mod" +Rename-Item -Path "./sample-projects/java-samples/pom_xml_PLACEHOLDER" -NewName "pom.xml" +Rename-Item -Path "./sample-projects/node-samples/package_json_PLACEHOLDER" -NewName "package.json" +Rename-Item -Path "./sample-projects/python-samples/compatible/requirements_txt_PLACEHOLDER" -NewName "requirements.txt" +Rename-Item -Path "./sample-projects/python-samples/incompatible/requirements_txt_PLACEHOLDER" -NewName "requirements.txt" +Rename-Item -Path "./sample-projects/ruby-samples/Gemfile_PLACEHOLDER" -NewName "Gemfile" + Write-Host "🔬 Running unit tests" .\Unit-Test.ps1 if($LASTEXITCODE -ne 0) { diff --git a/sample-projects/dotnet-samples/sample.csproj b/sample-projects/dotnet-samples/sample_csproj_PLACEHOLDER similarity index 100% rename from sample-projects/dotnet-samples/sample.csproj rename to sample-projects/dotnet-samples/sample_csproj_PLACEHOLDER diff --git a/sample-projects/go-samples/compatible/go.mod b/sample-projects/go-samples/compatible/go_mod_PLACEHOLDER similarity index 100% rename from sample-projects/go-samples/compatible/go.mod rename to sample-projects/go-samples/compatible/go_mod_PLACEHOLDER diff --git a/sample-projects/go-samples/incompatible/go.mod b/sample-projects/go-samples/incompatible/go_mod_PLACEHOLDER similarity index 100% rename from sample-projects/go-samples/incompatible/go.mod rename to sample-projects/go-samples/incompatible/go_mod_PLACEHOLDER diff --git a/sample-projects/java-samples/pom.xml b/sample-projects/java-samples/pom_xml_PLACEHOLDER similarity index 100% rename from sample-projects/java-samples/pom.xml rename to sample-projects/java-samples/pom_xml_PLACEHOLDER diff --git a/sample-projects/node-samples/package.json b/sample-projects/node-samples/package_json_PLACEHOLDER similarity index 100% rename from sample-projects/node-samples/package.json rename to sample-projects/node-samples/package_json_PLACEHOLDER diff --git a/sample-projects/python-samples/compatible/requirements.txt b/sample-projects/python-samples/compatible/requirements_txt_PLACEHOLDER similarity index 100% rename from sample-projects/python-samples/compatible/requirements.txt rename to sample-projects/python-samples/compatible/requirements_txt_PLACEHOLDER diff --git a/sample-projects/python-samples/incompatible/requirements.txt b/sample-projects/python-samples/incompatible/requirements_txt_PLACEHOLDER similarity index 100% rename from sample-projects/python-samples/incompatible/requirements.txt rename to sample-projects/python-samples/incompatible/requirements_txt_PLACEHOLDER diff --git a/sample-projects/ruby-samples/Gemfile b/sample-projects/ruby-samples/Gemfile_PLACEHOLDER similarity index 100% rename from sample-projects/ruby-samples/Gemfile rename to sample-projects/ruby-samples/Gemfile_PLACEHOLDER diff --git a/test.sh b/test.sh index e9abbaf..b084875 100755 --- a/test.sh +++ b/test.sh @@ -9,6 +9,18 @@ if [ $? -ne 0 ]; then echo "**ERROR**: failed to initialize Python Virtual Environment" && exit 1 fi +# Rename all project manifests to correct format. +# This is done to avoid security scanning them for deprecated/vulnerable library dependancies +# These sample projects are not intended to be used in production, but are used for testing +mv ./sample-projects/dotnet-samples/sample_csproj_PLACEHOLDER ./sample-projects/dotnet-samples/sample.csproj +mv ./sample-projects/go-samples/compatible/go_mod_PLACEHOLDER ./sample-projects/go-samples/compatible/go.mod +mv ./sample-projects/go-samples/incompatible/go_mod_PLACEHOLDER ./sample-projects/go-samples/incompatible/go.mod +mv ./sample-projects/java-samples/pom_xml_PLACEHOLDER ./sample-projects/java-samples/pom.xml +mv ./sample-projects/node-samples/package_json_PLACEHOLDER ./sample-projects/node-samples/package.json +mv ./sample-projects/python-samples/compatible/requirements_txt_PLACEHOLDER ./sample-projects/python-samples/compatible/requirements.txt +mv ./sample-projects/python-samples/incompatible/requirements_txt_PLACEHOLDER ./sample-projects/python-samples/incompatible/requirements.txt +mv ./sample-projects/ruby-samples/Gemfile_PLACEHOLDER ./sample-projects/ruby-samples/Gemfile + # run unit tests echo "🔬 Running unit tests" ./unit-test.sh