chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,628 @@
|
||||
package github
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/github/github-mcp-server/internal/toolsnaps"
|
||||
"github.com/github/github-mcp-server/pkg/translations"
|
||||
"github.com/google/go-github/v89/github"
|
||||
"github.com/google/jsonschema-go/jsonschema"
|
||||
"github.com/modelcontextprotocol/go-sdk/mcp"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func Test_ListGlobalSecurityAdvisories(t *testing.T) {
|
||||
toolDef := ListGlobalSecurityAdvisories(translations.NullTranslationHelper)
|
||||
tool := toolDef.Tool
|
||||
require.NoError(t, toolsnaps.Test(tool.Name, tool))
|
||||
|
||||
assert.Equal(t, "list_global_security_advisories", tool.Name)
|
||||
assert.NotEmpty(t, tool.Description)
|
||||
|
||||
schema, ok := tool.InputSchema.(*jsonschema.Schema)
|
||||
require.True(t, ok, "InputSchema should be of type *jsonschema.Schema")
|
||||
assert.Contains(t, schema.Properties, "ecosystem")
|
||||
assert.Contains(t, schema.Properties, "severity")
|
||||
assert.Contains(t, schema.Properties, "ghsaId")
|
||||
assert.Empty(t, schema.Required)
|
||||
|
||||
// Setup mock advisory for success case
|
||||
mockAdvisory := &github.GlobalSecurityAdvisory{
|
||||
SecurityAdvisory: github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-xxxx-xxxx-xxxx"),
|
||||
Summary: github.Ptr("Test advisory"),
|
||||
Description: github.Ptr("This is a test advisory."),
|
||||
Severity: github.Ptr("high"),
|
||||
},
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mockedClient *http.Client
|
||||
requestArgs map[string]any
|
||||
expectError bool
|
||||
expectedAdvisories []*github.GlobalSecurityAdvisory
|
||||
expectedErrMsg string
|
||||
}{
|
||||
{
|
||||
name: "successful advisory fetch",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisories: mockResponse(t, http.StatusOK, []*github.GlobalSecurityAdvisory{mockAdvisory}),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"type": "reviewed",
|
||||
"ecosystem": "npm",
|
||||
"severity": "high",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisories: []*github.GlobalSecurityAdvisory{mockAdvisory},
|
||||
},
|
||||
{
|
||||
name: "invalid severity value",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisories: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
_, _ = w.Write([]byte(`{"message": "Bad Request"}`))
|
||||
}),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"type": "reviewed",
|
||||
"severity": "extreme",
|
||||
},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to list global security advisories",
|
||||
},
|
||||
{
|
||||
name: "API error handling",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisories: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
_, _ = w.Write([]byte(`{"message": "Internal Server Error"}`))
|
||||
}),
|
||||
}),
|
||||
requestArgs: map[string]any{},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to list global security advisories",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
// Setup client with mock
|
||||
client := mustNewGHClient(t, tc.mockedClient)
|
||||
deps := BaseDeps{Client: client}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
// Create call request
|
||||
request := createMCPRequest(tc.requestArgs)
|
||||
|
||||
// Call handler
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
|
||||
// Verify results
|
||||
if tc.expectError {
|
||||
require.Error(t, err)
|
||||
assert.Contains(t, err.Error(), tc.expectedErrMsg)
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
// Parse the result and get the text content if no error
|
||||
textContent := getTextResult(t, result)
|
||||
|
||||
// Unmarshal and verify the result
|
||||
var returnedAdvisories []*github.GlobalSecurityAdvisory
|
||||
err = json.Unmarshal([]byte(textContent.Text), &returnedAdvisories)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, returnedAdvisories, len(tc.expectedAdvisories))
|
||||
for i, advisory := range returnedAdvisories {
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].GHSAID, *advisory.GHSAID)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Summary, *advisory.Summary)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Description, *advisory.Description)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Severity, *advisory.Severity)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_GetGlobalSecurityAdvisory(t *testing.T) {
|
||||
toolDef := GetGlobalSecurityAdvisory(translations.NullTranslationHelper)
|
||||
tool := toolDef.Tool
|
||||
require.NoError(t, toolsnaps.Test(tool.Name, tool))
|
||||
|
||||
assert.Equal(t, "get_global_security_advisory", tool.Name)
|
||||
assert.NotEmpty(t, tool.Description)
|
||||
|
||||
schema, ok := tool.InputSchema.(*jsonschema.Schema)
|
||||
require.True(t, ok, "InputSchema should be of type *jsonschema.Schema")
|
||||
assert.Contains(t, schema.Properties, "ghsaId")
|
||||
assert.ElementsMatch(t, schema.Required, []string{"ghsaId"})
|
||||
|
||||
// Setup mock advisory for success case
|
||||
mockAdvisory := &github.GlobalSecurityAdvisory{
|
||||
SecurityAdvisory: github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-xxxx-xxxx-xxxx"),
|
||||
Summary: github.Ptr("Test advisory"),
|
||||
Description: github.Ptr("This is a test advisory."),
|
||||
Severity: github.Ptr("high"),
|
||||
},
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mockedClient *http.Client
|
||||
requestArgs map[string]any
|
||||
expectError bool
|
||||
expectedAdvisory *github.GlobalSecurityAdvisory
|
||||
expectedErrMsg string
|
||||
}{
|
||||
{
|
||||
name: "successful advisory fetch",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisoriesByGhsaID: mockResponse(t, http.StatusOK, mockAdvisory),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"ghsaId": "GHSA-xxxx-xxxx-xxxx",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisory: mockAdvisory,
|
||||
},
|
||||
{
|
||||
name: "invalid ghsaId format",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisoriesByGhsaID: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
_, _ = w.Write([]byte(`{"message": "Bad Request"}`))
|
||||
}),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"ghsaId": "invalid-ghsa-id",
|
||||
},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to get advisory",
|
||||
},
|
||||
{
|
||||
name: "advisory not found",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetAdvisoriesByGhsaID: http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
_, _ = w.Write([]byte(`{"message": "Not Found"}`))
|
||||
}),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"ghsaId": "GHSA-xxxx-xxxx-xxxx",
|
||||
},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to get advisory",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
// Setup client with mock
|
||||
client := mustNewGHClient(t, tc.mockedClient)
|
||||
deps := BaseDeps{Client: client}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
// Create call request
|
||||
request := createMCPRequest(tc.requestArgs)
|
||||
|
||||
// Call handler
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
|
||||
// Verify results
|
||||
if tc.expectError {
|
||||
require.Error(t, err)
|
||||
assert.Contains(t, err.Error(), tc.expectedErrMsg)
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
// Parse the result and get the text content if no error
|
||||
textContent := getTextResult(t, result)
|
||||
|
||||
// Verify the result
|
||||
assert.Contains(t, textContent.Text, *tc.expectedAdvisory.GHSAID)
|
||||
assert.Contains(t, textContent.Text, *tc.expectedAdvisory.Summary)
|
||||
assert.Contains(t, textContent.Text, *tc.expectedAdvisory.Description)
|
||||
assert.Contains(t, textContent.Text, *tc.expectedAdvisory.Severity)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_ListRepositorySecurityAdvisories(t *testing.T) {
|
||||
// Verify tool definition once
|
||||
toolDef := ListRepositorySecurityAdvisories(translations.NullTranslationHelper)
|
||||
tool := toolDef.Tool
|
||||
require.NoError(t, toolsnaps.Test(tool.Name, tool))
|
||||
|
||||
assert.Equal(t, "list_repository_security_advisories", tool.Name)
|
||||
assert.NotEmpty(t, tool.Description)
|
||||
|
||||
schema, ok := tool.InputSchema.(*jsonschema.Schema)
|
||||
require.True(t, ok, "InputSchema should be of type *jsonschema.Schema")
|
||||
assert.Contains(t, schema.Properties, "owner")
|
||||
assert.Contains(t, schema.Properties, "repo")
|
||||
assert.Contains(t, schema.Properties, "direction")
|
||||
assert.Contains(t, schema.Properties, "sort")
|
||||
assert.Contains(t, schema.Properties, "state")
|
||||
assert.ElementsMatch(t, schema.Required, []string{"owner", "repo"})
|
||||
|
||||
// Setup mock advisories for success cases
|
||||
adv1 := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-1111-1111-1111"),
|
||||
Summary: github.Ptr("Repo advisory one"),
|
||||
Description: github.Ptr("First repo advisory."),
|
||||
Severity: github.Ptr("high"),
|
||||
}
|
||||
adv2 := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-2222-2222-2222"),
|
||||
Summary: github.Ptr("Repo advisory two"),
|
||||
Description: github.Ptr("Second repo advisory."),
|
||||
Severity: github.Ptr("medium"),
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mockedClient *http.Client
|
||||
requestArgs map[string]any
|
||||
expectError bool
|
||||
expectedAdvisories []*github.SecurityAdvisory
|
||||
expectedErrMsg string
|
||||
}{
|
||||
{
|
||||
name: "successful advisories listing (no filters)",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetReposSecurityAdvisoriesByOwnerByRepo: expect(t, expectations{
|
||||
path: "/repos/owner/repo/security-advisories",
|
||||
queryParams: map[string]string{},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusOK, []*github.SecurityAdvisory{adv1, adv2}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"owner": "owner",
|
||||
"repo": "repo",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisories: []*github.SecurityAdvisory{adv1, adv2},
|
||||
},
|
||||
{
|
||||
name: "successful advisories listing with filters",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetReposSecurityAdvisoriesByOwnerByRepo: expect(t, expectations{
|
||||
path: "/repos/octo/hello-world/security-advisories",
|
||||
queryParams: map[string]string{
|
||||
"direction": "desc",
|
||||
"sort": "updated",
|
||||
"state": "published",
|
||||
},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusOK, []*github.SecurityAdvisory{adv1}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"owner": "octo",
|
||||
"repo": "hello-world",
|
||||
"direction": "desc",
|
||||
"sort": "updated",
|
||||
"state": "published",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisories: []*github.SecurityAdvisory{adv1},
|
||||
},
|
||||
{
|
||||
name: "advisories listing fails",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetReposSecurityAdvisoriesByOwnerByRepo: expect(t, expectations{
|
||||
path: "/repos/owner/repo/security-advisories",
|
||||
queryParams: map[string]string{},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusInternalServerError, map[string]string{"message": "Internal Server Error"}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"owner": "owner",
|
||||
"repo": "repo",
|
||||
},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to list repository security advisories",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
client := mustNewGHClient(t, tc.mockedClient)
|
||||
deps := BaseDeps{Client: client}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(tc.requestArgs)
|
||||
|
||||
// Call handler
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
|
||||
if tc.expectError {
|
||||
require.Error(t, err)
|
||||
assert.Contains(t, err.Error(), tc.expectedErrMsg)
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
textContent := getTextResult(t, result)
|
||||
|
||||
var returnedAdvisories []*github.SecurityAdvisory
|
||||
err = json.Unmarshal([]byte(textContent.Text), &returnedAdvisories)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, returnedAdvisories, len(tc.expectedAdvisories))
|
||||
for i, advisory := range returnedAdvisories {
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].GHSAID, *advisory.GHSAID)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Summary, *advisory.Summary)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Description, *advisory.Description)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Severity, *advisory.Severity)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// Test_ListRepositorySecurityAdvisories_IFC_FeatureFlag verifies the IFC label
|
||||
// attached to list_repository_security_advisories. The label is only present
|
||||
// when the ifc_labels feature flag is enabled, and — critically — confidentiality
|
||||
// is public only when the repository is public AND every returned advisory is
|
||||
// published. Draft/triage/closed advisories are not world-readable even on a
|
||||
// public repo, so a result containing one must be labeled private. This guards
|
||||
// against the under-classification raised in PR review.
|
||||
func Test_ListRepositorySecurityAdvisories_IFC_FeatureFlag(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
toolDef := ListRepositorySecurityAdvisories(translations.NullTranslationHelper)
|
||||
|
||||
publishedAdvisory := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-1111-1111-1111"),
|
||||
Summary: github.Ptr("Published advisory"),
|
||||
State: github.Ptr("published"),
|
||||
}
|
||||
draftAdvisory := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-2222-2222-2222"),
|
||||
Summary: github.Ptr("Draft advisory"),
|
||||
State: github.Ptr("draft"),
|
||||
}
|
||||
|
||||
makeMockClient := func(isPrivate bool, advisories []*github.SecurityAdvisory) *http.Client {
|
||||
return MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetReposSecurityAdvisoriesByOwnerByRepo: mockResponse(t, http.StatusOK, advisories),
|
||||
GetReposByOwnerByRepo: mockResponse(t, http.StatusOK, map[string]any{
|
||||
"name": "repo",
|
||||
"private": isPrivate,
|
||||
}),
|
||||
})
|
||||
}
|
||||
|
||||
reqParams := map[string]any{
|
||||
"owner": "owner",
|
||||
"repo": "repo",
|
||||
}
|
||||
|
||||
readIFC := func(t *testing.T, result *mcp.CallToolResult) (map[string]any, bool) {
|
||||
t.Helper()
|
||||
if result.Meta == nil {
|
||||
return nil, false
|
||||
}
|
||||
label, ok := result.Meta["ifc"]
|
||||
if !ok {
|
||||
return nil, false
|
||||
}
|
||||
labelJSON, err := json.Marshal(label)
|
||||
require.NoError(t, err)
|
||||
var labelMap map[string]any
|
||||
require.NoError(t, json.Unmarshal(labelJSON, &labelMap))
|
||||
return labelMap, true
|
||||
}
|
||||
|
||||
t.Run("feature flag disabled omits ifc label", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
deps := BaseDeps{Client: mustNewGHClient(t, makeMockClient(false, []*github.SecurityAdvisory{publishedAdvisory}))}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(reqParams)
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
require.NoError(t, err)
|
||||
require.False(t, result.IsError)
|
||||
assert.Nil(t, result.Meta, "result meta should be nil when IFC labels are disabled")
|
||||
})
|
||||
|
||||
t.Run("public repo with only published advisories is public", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
deps := BaseDeps{
|
||||
Client: mustNewGHClient(t, makeMockClient(false, []*github.SecurityAdvisory{publishedAdvisory})),
|
||||
featureChecker: featureCheckerFor(FeatureFlagIFCLabels),
|
||||
}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(reqParams)
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
require.NoError(t, err)
|
||||
require.False(t, result.IsError)
|
||||
|
||||
label, ok := readIFC(t, result)
|
||||
require.True(t, ok, "result meta should contain ifc key")
|
||||
assert.Equal(t, "untrusted", label["integrity"])
|
||||
assert.Equal(t, "public", label["confidentiality"])
|
||||
})
|
||||
|
||||
t.Run("public repo with a draft advisory is private", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
// Reviewer scenario: a draft advisory on a public repo is not
|
||||
// world-readable, so the label must not be public.
|
||||
deps := BaseDeps{
|
||||
Client: mustNewGHClient(t, makeMockClient(false, []*github.SecurityAdvisory{publishedAdvisory, draftAdvisory})),
|
||||
featureChecker: featureCheckerFor(FeatureFlagIFCLabels),
|
||||
}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(reqParams)
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
require.NoError(t, err)
|
||||
require.False(t, result.IsError)
|
||||
|
||||
label, ok := readIFC(t, result)
|
||||
require.True(t, ok, "result meta should contain ifc key")
|
||||
assert.Equal(t, "untrusted", label["integrity"])
|
||||
assert.Equal(t, "private", label["confidentiality"], "draft advisory on public repo must be private")
|
||||
})
|
||||
|
||||
t.Run("private repo is private", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
deps := BaseDeps{
|
||||
Client: mustNewGHClient(t, makeMockClient(true, []*github.SecurityAdvisory{publishedAdvisory})),
|
||||
featureChecker: featureCheckerFor(FeatureFlagIFCLabels),
|
||||
}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(reqParams)
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
require.NoError(t, err)
|
||||
require.False(t, result.IsError)
|
||||
|
||||
label, ok := readIFC(t, result)
|
||||
require.True(t, ok, "result meta should contain ifc key")
|
||||
assert.Equal(t, "untrusted", label["integrity"])
|
||||
assert.Equal(t, "private", label["confidentiality"])
|
||||
})
|
||||
}
|
||||
|
||||
func Test_ListOrgRepositorySecurityAdvisories(t *testing.T) {
|
||||
// Verify tool definition once
|
||||
toolDef := ListOrgRepositorySecurityAdvisories(translations.NullTranslationHelper)
|
||||
tool := toolDef.Tool
|
||||
require.NoError(t, toolsnaps.Test(tool.Name, tool))
|
||||
|
||||
assert.Equal(t, "list_org_repository_security_advisories", tool.Name)
|
||||
assert.NotEmpty(t, tool.Description)
|
||||
|
||||
schema, ok := tool.InputSchema.(*jsonschema.Schema)
|
||||
require.True(t, ok, "InputSchema should be of type *jsonschema.Schema")
|
||||
assert.Contains(t, schema.Properties, "org")
|
||||
assert.Contains(t, schema.Properties, "direction")
|
||||
assert.Contains(t, schema.Properties, "sort")
|
||||
assert.Contains(t, schema.Properties, "state")
|
||||
assert.ElementsMatch(t, schema.Required, []string{"org"})
|
||||
|
||||
adv1 := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-aaaa-bbbb-cccc"),
|
||||
Summary: github.Ptr("Org repo advisory 1"),
|
||||
Description: github.Ptr("First advisory"),
|
||||
Severity: github.Ptr("low"),
|
||||
}
|
||||
adv2 := &github.SecurityAdvisory{
|
||||
GHSAID: github.Ptr("GHSA-dddd-eeee-ffff"),
|
||||
Summary: github.Ptr("Org repo advisory 2"),
|
||||
Description: github.Ptr("Second advisory"),
|
||||
Severity: github.Ptr("critical"),
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mockedClient *http.Client
|
||||
requestArgs map[string]any
|
||||
expectError bool
|
||||
expectedAdvisories []*github.SecurityAdvisory
|
||||
expectedErrMsg string
|
||||
}{
|
||||
{
|
||||
name: "successful listing (no filters)",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetOrgsSecurityAdvisoriesByOrg: expect(t, expectations{
|
||||
path: "/orgs/octo/security-advisories",
|
||||
queryParams: map[string]string{},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusOK, []*github.SecurityAdvisory{adv1, adv2}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"org": "octo",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisories: []*github.SecurityAdvisory{adv1, adv2},
|
||||
},
|
||||
{
|
||||
name: "successful listing with filters",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetOrgsSecurityAdvisoriesByOrg: expect(t, expectations{
|
||||
path: "/orgs/octo/security-advisories",
|
||||
queryParams: map[string]string{
|
||||
"direction": "asc",
|
||||
"sort": "created",
|
||||
"state": "triage",
|
||||
},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusOK, []*github.SecurityAdvisory{adv1}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"org": "octo",
|
||||
"direction": "asc",
|
||||
"sort": "created",
|
||||
"state": "triage",
|
||||
},
|
||||
expectError: false,
|
||||
expectedAdvisories: []*github.SecurityAdvisory{adv1},
|
||||
},
|
||||
{
|
||||
name: "listing fails",
|
||||
mockedClient: MockHTTPClientWithHandlers(map[string]http.HandlerFunc{
|
||||
GetOrgsSecurityAdvisoriesByOrg: expect(t, expectations{
|
||||
path: "/orgs/octo/security-advisories",
|
||||
queryParams: map[string]string{},
|
||||
}).andThen(
|
||||
mockResponse(t, http.StatusForbidden, map[string]string{"message": "Forbidden"}),
|
||||
),
|
||||
}),
|
||||
requestArgs: map[string]any{
|
||||
"org": "octo",
|
||||
},
|
||||
expectError: true,
|
||||
expectedErrMsg: "failed to list organization repository security advisories",
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
client := mustNewGHClient(t, tc.mockedClient)
|
||||
deps := BaseDeps{Client: client}
|
||||
handler := toolDef.Handler(deps)
|
||||
|
||||
request := createMCPRequest(tc.requestArgs)
|
||||
|
||||
// Call handler
|
||||
result, err := handler(ContextWithDeps(context.Background(), deps), &request)
|
||||
|
||||
if tc.expectError {
|
||||
require.Error(t, err)
|
||||
assert.Contains(t, err.Error(), tc.expectedErrMsg)
|
||||
return
|
||||
}
|
||||
|
||||
require.NoError(t, err)
|
||||
|
||||
textContent := getTextResult(t, result)
|
||||
|
||||
var returnedAdvisories []*github.SecurityAdvisory
|
||||
err = json.Unmarshal([]byte(textContent.Text), &returnedAdvisories)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, returnedAdvisories, len(tc.expectedAdvisories))
|
||||
for i, advisory := range returnedAdvisories {
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].GHSAID, *advisory.GHSAID)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Summary, *advisory.Summary)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Description, *advisory.Description)
|
||||
assert.Equal(t, *tc.expectedAdvisories[i].Severity, *advisory.Severity)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user