2326406 Improve Newman tests

components/resc-backend/test_data/database_dummy_data.sql

@@ -1,49 +1,52 @@
-INSERT INTO vcs_instance (name, provider_type, scheme, hostname, port, organization, vcs_scope, exceptions) VALUES
-    ('bitbucket server', 'BITBUCKET', 'https', 'fake-host.com', 443, NULL, NULL, NULL),
-    ('ado scope 1', 'AZURE_DEVOPS', 'https', 'fake-host.com', 443, 'space-org', 'proj1,proj2', '');
+INSERT INTO rule_allow_list (description, regexes, paths, commits, stop_words) VALUES
+    ('global allow lists', NULL, 'gitleaks.toml', NULL, 'getenv,env_');
 
-INSERT INTO repository ( project_key, repository_id, repository_name, repository_url, vcs_instance) VALUES
-    ( 'ado-proj1', 'r1', 'repo1', 'https://fake-ado.com/p1/r1', 1),
-    ( 'ado-proj1', 'r2', 'repo1', 'https://fake-ado.com/p1/r2', 1),
-    ( 'ado-proj2', 'r1', 'repo1', 'https://fake-ado.com/p2/r1', 1),
-    ( 'btbk-proj1', 'r1', 'repo1', 'https://fake-bitbucket.com/p1/r1', 2);
+INSERT INTO rule_pack (version, global_allow_list, active) VALUES
+    ('1.0.0', 1, 1);
 
+INSERT INTO rules (rule_pack, allow_list, rule_name, description, entropy, secret_group, regex, [path], keywords) VALUES
+    ('1.0.0', NULL, 'Google-OAuth-Access-Token', 'Google OAuth Access Token', NULL, NULL, 'ya29\\.[0-9A-Za-z\\-_]++', NULL, NULL),
+    ('1.0.0', NULL, 'Github-Tokens', 'Github-Tokens', NULL, NULL, '(ghu|ghs|gho|ghp|ghr)_[0-9a-zA-Z]{36}', NULL, 'ghu_,ghs_,gho_,ghp_,ghr_');
 
-INSERT INTO rule_allow_list (description) VALUES
-    ('rule allow list number 1');
+INSERT INTO tag (name) VALUES
+    ('Cli'),
+    ('Warn');
 
-INSERT INTO rule_pack (version, global_allow_list, active) VALUES
-    ('0.0.0', 1, 1);
-
-INSERT INTO rules (rule_pack, rule_name, description, regex) VALUES
-    ('0.0.0', 'rule#1', 'rule number 1', '*.*'),
-    ('0.0.0', 'rule#2', 'rule number 2', '*.*');
-
-INSERT INTO scan (repository_id, [timestamp], scan_type, last_scanned_commit, increment_number, rule_pack) VALUES
-    (1, '2021-01-01 00:00:00.000', 'BASE', 'qwerty1', 0, '0.0.0'),
-    (2, '2020-01-01 00:00:00.000', 'BASE', 'qwerty1', 0, '0.0.0'),
-    (3, '2022-02-24 17:00:00.000', 'BASE', 'qwerty1', 0, '0.0.0'),
-    (3, '2022-03-24 17:00:00.000', 'BASE', 'qwerty1', 0, '0.0.0');
-
-INSERT INTO finding (repository_id, file_path, line_number, commit_id, commit_message, commit_timestamp, author, email, rule_name, column_start, column_end) VALUES
-    (1, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#1', 1, 100),
-    (1, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#2', 0, 0),
-    (2, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#1', 1, 50),
-    (2, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#2', 42, 43),
-    (3, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#1', 12, 34),
-    (3, '/path/to/file', 123, 'qwerty1', 'this is commit 1', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#2', 21, 34),
-    (3, '/path/to/file', 123, 'qwerty2', 'this is commit 2', '2021-01-01 00:00:00.000', 'developer', 'developer@abn.com', 'rule#1', 12, 34);
+INSERT INTO rule_tag (rule_id, tag_id) VALUES
+    (1, 1),
+    (2, 1);
+
+INSERT INTO vcs_instance (name, provider_type, scheme, hostname, port, organization, vcs_scope, exceptions) VALUES
+    ('AZURE_DEVOPS_ACCEPTANCE', 'AZURE_DEVOPS', 'https', 'fake-dev.azure.com', 443, 'ado-org', 'ado-project1,ado-project2', NULL),
+    ('BITBUCKET_DEV', 'BITBUCKET', 'https', 'fake-bitbucket.com', 443, NULL, NULL, NULL);
+
+INSERT INTO repository (vcs_instance, project_key, repository_id, repository_name, repository_url) VALUES
+   (1, 'ado-project1', 'r1', 'resc-dummy1', 'https://fake-dev.azure.com/ado-org/ado-project1/_git/resc-dummy1'),
+   (1, 'ado-project2', 'r2', 'resc-dummy2', 'https://fake-dev.azure.com/ado-org/ado-project2/_git/resc-dummy2'),
+   (2, 'btbk-project1', 'r3', 'resc-dummy3', 'https://fake-bitbucket.com/scm/r3/resc-dummy3.git');
+
+INSERT INTO scan (rule_pack, scan_type, last_scanned_commit, [timestamp], increment_number, repository_id) VALUES
+   ('1.0.0', 'BASE', 'qwerty1', '2023-07-14 00:00:00.000', 0, 1),
+   ('1.0.0', 'INCREMENTAL', 'qwerty2', '2023-07-15 00:00:00.000', 1, 1),
+   ('1.0.0', 'BASE', 'qwerty1', '2023-07-14 00:00:00.000', 0, 2),
+   ('1.0.0', 'INCREMENTAL', 'qwerty2', '2023-07-15 00:00:00.000', 1, 2);
+
+INSERT INTO finding (repository_id, rule_name, file_path, line_number, commit_id, commit_message, commit_timestamp, author, email, event_sent_on, column_start, column_end) VALUES
+   (1, 'Google-OAuth-Access-Token', 'application.txt', 1, 'qwerty1', 'this is commit 1', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 100),
+   (1, 'Github-Tokens', 'application.txt', 2, 'qwerty1', 'this is commit 2', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 80),
+   (2, 'Google-OAuth-Access-Token', 'application.txt', 1, 'qwerty1', 'this is commit 1', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 100),
+   (2, 'Github-Tokens', 'application.txt', 2, 'qwerty1', 'this is commit 2', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 80),
+   (3, 'Google-OAuth-Access-Token', 'application.txt', 1, 'qwerty1', 'this is commit 1', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 100),
+   (3, 'Github-Tokens', 'application.txt', 2, 'qwerty1', 'this is commit 2', '2023-01-01 00:00:00.000', 'developer', 'developer@abc.com', NULL, 1, 80);
 
 INSERT INTO scan_finding(scan_id, finding_id) VALUES
-    (1, 1),
-    (1, 2),
-    (2, 3),
-    (2, 4),
-    (3, 5),
-    (3, 6),
-    (4, 6),
-    (4, 7);
-
-INSERT INTO audit(finding_id, status, auditor, comment, [timestamp]) VALUES
-    (1, 'NOT_ANALYZED', 'Anonymous', NULL, '2023-01-01 00:00:00.000'),
-    (1, 'TRUE_POSITIVE', 'Anonymous', 'It is a true positive issue', '2023-01-02 00:00:00.000')
+   (1, 1),
+   (1, 2),
+   (1, 3),
+   (1, 4),
+   (1, 5),
+   (1, 6);
+
+INSERT INTO audit(finding_id, [status], auditor, comment, [timestamp]) VALUES
+   (1, 'NOT_ANALYZED', 'Anonymous', NULL, '2023-07-20 00:00:00.000'),
+   (1, 'TRUE_POSITIVE', 'Anonymous', 'It is a true positive issue', '2023-07-21 00:00:00.000');

components/resc-backend/test_data/insert_test_data.py

@@ -0,0 +1,61 @@
+# pylint: disable=C0413
+# Standard Library
+import logging
+import os
+import sys
+
+# Third Party
+import pyodbc
+
+logging.basicConfig(level=logging.INFO)
+
+REQUIRED_ENV_VARIABLES = ["MSSQL_DB_HOST", "MSSQL_DB_PORT", "MSSQL_SCHEMA", "MSSQL_USERNAME", "MSSQL_PASSWORD",
+                          "MSSQL_ODBC_DRIVER"]
+try:
+    env_variables = {}
+    missing_env_variables = []
+    for var_name in REQUIRED_ENV_VARIABLES:
+        value = os.getenv(var_name)
+        if value is None:
+            missing_env_variables.append(var_name)
+        env_variables[var_name] = value
+    if missing_env_variables:
+        raise ValueError(f"The following env variables need to be set: {', '.join(missing_env_variables)}")
+
+    MSSQL_DB_HOST = env_variables["MSSQL_DB_HOST"]
+    MSSQL_DB_PORT = env_variables["MSSQL_DB_PORT"]
+    MSSQL_SCHEMA = env_variables["MSSQL_SCHEMA"]
+    MSSQL_USERNAME = env_variables["MSSQL_USERNAME"]
+    MSSQL_PASSWORD = env_variables["MSSQL_PASSWORD"]
+    MSSQL_ODBC_DRIVER = env_variables["MSSQL_ODBC_DRIVER"]
+    MSSQL_DB_SERVER = f"{MSSQL_DB_HOST},{MSSQL_DB_PORT}"
+
+    DB_CONNECTION_STRING = f"DRIVER={{{MSSQL_ODBC_DRIVER}}};SERVER={MSSQL_DB_SERVER};DATABASE={MSSQL_SCHEMA};" \
+                           f"UID={MSSQL_USERNAME};PWD={MSSQL_PASSWORD};Encrypt=yes;TrustServerCertificate=yes"
+
+    # Establish database connection
+    conn = pyodbc.connect(DB_CONNECTION_STRING)
+    cursor = conn.cursor()
+
+    try:
+        sql_file_path = 'test_data/database_dummy_data.sql'
+        with open(sql_file_path, 'r') as sql_file:
+            sql_script = sql_file.read()
+        cursor.execute(sql_script)
+        conn.commit()
+        logging.info("Test data successfully inserted into database")
+    except pyodbc.Error as ex:
+        logging.error(f"Query execution failed while inserting test data: {ex}")
+        sys.exit(1)
+    finally:
+        cursor.close()
+        conn.close()
+except ValueError as ex:
+    logging.error(f"Missing environment variables: {ex}")
+    sys.exit(1)
+except pyodbc.Error as ex:
+    logging.error(f"Database connection error: {ex}")
+    sys.exit(1)
+except Exception as ex:
+    logging.error(f"An error occurred while inserting test data: {ex}")
+    sys.exit(1)