Updating and Adding new tests for NuGet projects (#2187)

testdata/xray/nuget/single5.0/ClassLibrary1/ClassLibrary1.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <Platforms>AnyCPU;x64</Platforms>
+    <Company>Some Compnay</Company>
+    <Product>Some product</Product>
+    <Copyright>Copyright © 2020 by Foobar.</Copyright>
+    <Version>1.0.0</Version>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
+    <PackageReference Include="System.IO.FileSystem.AccessControl" Version="4.7.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.1.0" />
+    <PackageReference Include="Serilog.AspNetCore" Version="2.1.1" />
+    <PackageReference Include="Serilog.Formatting.Compact" Version="1.0.0" />
+    <PackageReference Include="Serilog.Settings.Configuration" Version="3.0.1" />
+    <PackageReference Include="Serilog.Sinks.Console" Version="3.1.1" />
+    <PackageReference Include="Serilog.Sinks.EventLog" Version="3.1.0" />
+    <PackageReference Include="Serilog.Sinks.File" Version="4.0.0" />
+  </ItemGroup>
+</Project>

testdata/xray/nuget/single5.0/TestSolution.sln

@@ -0,0 +1,29 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.32106.194
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ClassLibrary1", "ClassLibrary1\ClassLibrary1.csproj", "{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{757C1D5A-BAA9-453F-B612-A0571390976B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D9C89660-69F8-46E2-B9C4-78E9B505E8B1}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {D8547989-C4F7-4FCC-95BB-F7478F7D2484}
+	EndGlobalSection
+EndGlobal

xray_test.go

@@ -210,24 +210,102 @@ func runXrayAuditYarnWithOutput(t *testing.T, format string) string {
 	return xrayCli.RunCliCmdWithOutput(t, "audit", "--yarn", "--licenses", "--format="+format)
 }
 
-// Tests NuGet audit by providing simple NuGet project and asserts any error.
+// Tests NuGet audit by providing simple NuGet project + multi-project NuGet project and asserts any error.
 func TestXrayAuditNugetJson(t *testing.T) {
-	output := testXrayAuditNuget(t, "single", string(utils.Json))
-	verifyJsonScanResults(t, output, 0, 2, 0)
+	var testdata = []struct {
+		projectName        string
+		format             string
+		restoreTech        string
+		minVulnerabilities int
+		minLicences        int
+	}{
+		{
+			projectName:        "single4.0",
+			format:             string(utils.Json),
+			restoreTech:        "nuget",
+			minVulnerabilities: 2,
+			minLicences:        0,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.Json),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.Json),
+			restoreTech:        "",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "multi",
+			format:             string(utils.Json),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 5,
+			minLicences:        3,
+		},
+		{
+			projectName:        "multi",
+			format:             string(utils.Json),
+			restoreTech:        "",
+			minVulnerabilities: 5,
+			minLicences:        3,
+		},
+	}
+	for _, test := range testdata {
+		runInstallCommand := test.restoreTech != ""
+		t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
+			func(t *testing.T) {
+				output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
+				verifyJsonScanResults(t, output, 0, test.minVulnerabilities, test.minLicences)
+			})
+	}
 }
 
 func TestXrayAuditNugetSimpleJson(t *testing.T) {
-	output := testXrayAuditNuget(t, "single", string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 2, 0)
-}
-
-// Tests NuGet audit by providing a multi-project NuGet project and asserts any error.
-func TestXrayAuditNugetMultiProject(t *testing.T) {
-	output := testXrayAuditNuget(t, "multi", string(utils.Json))
-	verifyJsonScanResults(t, output, 0, 5, 0)
+	var testdata = []struct {
+		projectName        string
+		format             string
+		restoreTech        string
+		minVulnerabilities int
+		minLicences        int
+	}{
+		{
+			projectName:        "single4.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "nuget",
+			minVulnerabilities: 2,
+			minLicences:        0,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "dotnet",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+		{
+			projectName:        "single5.0",
+			format:             string(utils.SimpleJson),
+			restoreTech:        "",
+			minVulnerabilities: 3,
+			minLicences:        2,
+		},
+	}
+	for _, test := range testdata {
+		runInstallCommand := test.restoreTech != ""
+		t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
+			func(t *testing.T) {
+				output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
+				verifySimpleJsonScanResults(t, output, test.minVulnerabilities, test.minLicences)
+			})
+	}
 }
 
-func testXrayAuditNuget(t *testing.T, projectName, format string) string {
+func testXrayAuditNuget(t *testing.T, projectName, format string, restoreTech string) string {
 	initXrayTest(t, scangraph.GraphScanMinXrayVersion)
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
 	defer createTempDirCallback()
@@ -238,9 +316,12 @@ func testXrayAuditNuget(t *testing.T, projectName, format string) string {
 	defer clientTestUtils.ChangeDirAndAssert(t, prevWd)
 	// Add dummy descriptor file to check that we run only specific audit
 	addDummyPackageDescriptor(t, false)
-	// Run NuGet restore before executing jfrog xr audit (NuGet)
-	assert.NoError(t, exec.Command("nuget", "restore").Run())
-	return xrayCli.RunCliCmdWithOutput(t, "audit", "--nuget", "--format="+format)
+	// Run NuGet/Dotnet restore before executing jfrog xr audit (NuGet)
+	if restoreTech != "" {
+		_, err := exec.Command(restoreTech, "restore").CombinedOutput()
+		assert.NoError(t, err)
+	}
+	return xrayCli.RunCliCmdWithOutput(t, "audit", "--nuget", "--format="+format, "--licenses")
 }
 
 func TestXrayAuditGradleJson(t *testing.T) {
@@ -328,7 +409,7 @@ func TestXrayAuditMultiProjects(t *testing.T) {
 	// Copy the multi project from the testdata to a temp dir
 	assert.NoError(t, biutils.CopyDir(multiProject, tempDirPath, true, nil))
 	workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s",
-		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single"),
+		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single4.0"),
 		filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas-test"))
 	// Configure a new server named "default"
 	createJfrogHomeConfig(t, true)