From 97a2f3b4672b732f472ddf691ae2802800a33a0b Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Fri, 27 Jun 2025 13:06:48 +0100 Subject: [PATCH 1/2] fix(policy): Update violation remediation logic and enhance tests for dependabot --- ghascompliance/policy.py | 2 +- tests/test_policy_remediate.py | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/ghascompliance/policy.py b/ghascompliance/policy.py index cbaf1c9..8d202bf 100644 --- a/ghascompliance/policy.py +++ b/ghascompliance/policy.py @@ -328,7 +328,7 @@ def checkViolation( severity, remediate_policy, creation_time ) if self.policy.get(technology, {}).get("level"): - return violation_remediation and self.checkViolationAgainstPolicy( + return violation_remediation or self.checkViolationAgainstPolicy( severity, technology, names=names, ids=ids ) else: diff --git a/tests/test_policy_remediate.py b/tests/test_policy_remediate.py index b294bae..731dc52 100644 --- a/tests/test_policy_remediate.py +++ b/tests/test_policy_remediate.py @@ -19,6 +19,7 @@ def setUp(self): self.example = { "general": {"remediate": {"error": 1}}, "codescanning": {"level": "error"}, + "dependabot": {"level": "critical"}, } return super().setUp() @@ -46,6 +47,12 @@ def testOverwritingPolicies(self): self.policy.policy.get("dependabot", {}).get("remediate"), my_policy.get("dependabot", {}).get("remediate"), ) + self.assertEqual( + self.policy.policy.get("codescanning", {}) + .get("remediate", {}) + .get("error"), + 1, + ) self.assertEqual( self.policy.policy.get("dependabot", {}).get("remediate", {}).get("high"), 7 @@ -116,3 +123,46 @@ def testUnspecifiedSeverity(self): sevendaysago, ) self.assertTrue(result) + + def testDepdendabotRemediationUsingGeneral(self): + self.policy.loadPolicy(self.example) + + self.assertEqual( + self.policy.policy.get("dependabot", {}).get("remediate"), + self.policy.policy.get("general", {}).get("remediate"), + ) + self.assertEqual( + self.policy.policy.get("dependabot", {}).get("remediate", {}).get("error"), 1 + ) + + five_days_ago = datetime.datetime.now() - datetime.timedelta(days=5) + + result = self.policy.checkViolationRemediation( + "error", + self.policy.policy.get("dependabot", {}).get("remediate"), + five_days_ago, + ) + self.assertTrue(result) + + def testCheckViolationWithRemediationUsingDependabotAlert(self): + self.policy.loadPolicy(self.example) + + five_days_ago = datetime.datetime.now() - datetime.timedelta(days=5) + + result = self.policy.checkViolation( + "error", + "dependabot", + names=["test"], + creation_time=five_days_ago + ) + self.assertTrue(result) + + today = datetime.datetime.now() + + result = self.policy.checkViolation( + "error", + "dependabot", + names=["test"], + creation_time=today + ) + self.assertFalse(result) From 6eebc228c36667c8088b02c7763cf6d7354eb6e5 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Fri, 27 Jun 2025 13:08:33 +0100 Subject: [PATCH 2/2] style: Update formatting --- tests/test_policy_remediate.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/tests/test_policy_remediate.py b/tests/test_policy_remediate.py index 731dc52..1409767 100644 --- a/tests/test_policy_remediate.py +++ b/tests/test_policy_remediate.py @@ -132,7 +132,8 @@ def testDepdendabotRemediationUsingGeneral(self): self.policy.policy.get("general", {}).get("remediate"), ) self.assertEqual( - self.policy.policy.get("dependabot", {}).get("remediate", {}).get("error"), 1 + self.policy.policy.get("dependabot", {}).get("remediate", {}).get("error"), + 1, ) five_days_ago = datetime.datetime.now() - datetime.timedelta(days=5) @@ -150,19 +151,13 @@ def testCheckViolationWithRemediationUsingDependabotAlert(self): five_days_ago = datetime.datetime.now() - datetime.timedelta(days=5) result = self.policy.checkViolation( - "error", - "dependabot", - names=["test"], - creation_time=five_days_ago + "error", "dependabot", names=["test"], creation_time=five_days_ago ) self.assertTrue(result) today = datetime.datetime.now() result = self.policy.checkViolation( - "error", - "dependabot", - names=["test"], - creation_time=today + "error", "dependabot", names=["test"], creation_time=today ) self.assertFalse(result)