fix(Trivy): [TELFE-382] issue and tests

telicent-oss · Jul 3, 2024 · 99b929c · 99b929c
1 parent 8f1ef32
commit 99b929c
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 197 deletions.
diff --git a/.gitignore b/.gitignore
@@ -131,4 +131,6 @@ yarn-error.log*
 __image_snapshots__
 
 # VSCode
-.vscode
+.vscode
+
+*.gitignored.*
diff --git a/.husky/pre-push b/.husky/pre-push
@@ -1,4 +1,5 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
-yarn test:diff
+yarn test:diff
+./scripts/test-vuln.sh
diff --git a/package.json b/package.json
@@ -97,7 +97,6 @@
     "jest-canvas-mock": "^2.4.0",
     "jest-image-snapshot": "^4.5.1",
     "msw": "^0.49.3",
-    "puppeteer": "^14.1.1",
     "react-app-rewired": "^2.2.1",
     "tailwindcss": "^3.1.8"
   },
@@ -106,7 +105,9 @@
     "braces": "3.0.3",
     "nth-check": "2.0.1",
     "webpack-dev-middleware": "5.3.4",
-    "webpack": "5.76.0"
+    "webpack": "5.76.0",
+    "// ws ": "Found \"jsdom#ws@7.5.9\" jest-config#jest-environment-jsdom#jsdom - not worried as its just tests",
+    "ws": "8.17.1"
   },
   "config": {
     "commitizen": {

diff --git a/scripts/test-vuln.sh b/scripts/test-vuln.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -e
+
+npx @cyclonedx/cyclonedx-npm \
+  --ignore-npm-errors \
+  --output-file .test-vuln.sbom.gitignored.json \
+  && \
+  trivy sbom  \
+    --format table \
+    --exit-code 0 \
+    --ignore-unfixed \
+    --scanners vuln \
+    --severity HIGH,CRITICAL \
+    .test-vuln.sbom.gitignored.json
diff --git a/src/config/app-config.js b/src/config/app-config.js
@@ -30,6 +30,8 @@ const config = {
 };
 
 if (!OFFLINE_MODE && !env?.MAP_TILER_TOKEN) {
+
+
   const errorMessage = `
   <strong>PROBLEM</strong>: Paralog needs <strong>MAP_TILER_TOKEN</strong> to be set!
 
@@ -84,6 +86,7 @@ if (!OFFLINE_MODE && !env?.MAP_TILER_TOKEN) {
 `;
 
   document.head.appendChild(styleElement);
-  throw new Error(errorMessage);
+  const devInfo = Object.keys(env).filter(val => /^[A-Z]+(_[A-Z]+)*$/.test(val))
+  throw new Error(errorMessage + devInfo);
 }
 export default config;
diff --git a/src/config/app-config.test.js b/src/config/app-config.test.js
@@ -2,7 +2,7 @@ import APP_CONFIG from "./app-config";
 
 describe("App config", () => {
   test("has paralog api defined", () => {
-    expect(APP_CONFIG.api.url).toEqual("http://localhost:5051");
+    expect(APP_CONFIG.api.url).toEqual("http://localhost:4001");
   });
 
   test("has ontology service defined", () => {

diff --git a/src/setupTests.js b/src/setupTests.js
@@ -1,3 +1,5 @@
+// TODO Delete. This isn't used.
+// WHEN have time to verify
 // jest-dom adds custom jest matchers for asserting on DOM nodes.
 // allows you to do things like:
 // expect(element).toHaveTextContent(/react/i)

diff --git a/src/test-env-setup.js b/src/test-env-setup.js
@@ -1,6 +1,5 @@
-window._env_ = {
-  PARALOG_API_URL: "http://localhost:5051",
-  MAP_TILER_TOKEN: "test_key",
-  MAP_URL: "http://map.com",
-  ONTOLOGY_SERVICE_URL: "http://localhost:3030",
-};
+// Mock the window object with the necessary environment variables
+global.window = Object.create(window);
+global.window.MAP_TILER_TOKEN = 'mock-token';
+// global.window.PARALOG_API_URL = "http://localhost:4001";
+global.window.ONTOLOGY_SERVICE_URL = "http://localhost:3030";