Add nsp to prepublish hook

Nsp is a tool published by the Node Security team, which scans a project for known and easily recognizable vulnerabilities. For a list of advisories, please check https://nodesecurity.io/advisories Change-Id: I554320d0c4aca86184e03aac853a5a4d9f48fcdd
2016-05-26 09:10:47 -07:00 · 2016-05-26 09:10:47 -07:00 · 0cd80006fd
parent d53c4d6aa6
commit 0cd80006fd
5 changed files with 184 additions and 0 deletions
--- a/.nsprc
+++ b/.nsprc
--- a/generators/app/index.js
+++ b/generators/app/index.js
@ -11,6 +11,7 @@
  var license = require('./lib/component/license');
  var eslint = require('./lib/component/eslint');
  var gitignore = require('./lib/component/gitignore');
+  var nsp = require('./lib/component/nsp');

  module.exports = yeoman.Base.extend({

@ -35,6 +36,7 @@
        .then(license.init)         // Licensing
        .then(eslint.init)          // Linting
        .then(gitignore.init)       // Gitignore
+        .then(nsp.init)             // NSP
        .then(function () {
          done();
        });
@ -51,6 +53,7 @@
        .then(license.prompt)         // Licensing
        .then(eslint.prompt)          // Linting
        .then(gitignore.prompt)       // Gitignore
+        .then(nsp.prompt)             // NSP
        .then(function () {
          done();
        });
@ -67,6 +70,7 @@
        .then(license.configure)         // Licensing
        .then(eslint.configure)          // Linting
        .then(gitignore.configure)       // Gitignore
+        .then(nsp.configure)             // NSP
        .then(function () {
          done();
        });
--- a/generators/app/lib/component/nsp.js
+++ b/generators/app/lib/component/nsp.js
@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2016 Hewlett Packard Enterprise Development Company, LP
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * This module adds the Node Security commandline tool (nsp) to the project.
+ * Its job is to identify known vulnerabilities by scanning the projects
+ * source and dependencies.
+ */
+(function () {
+  'use strict';
+
+  var projectBuilder = require('../project_builder');
+  var pkgBuilder = require('../pkg_builder');
+
+  /**
+   * No-op placeholder method, for handlers we don't need.
+   *
+   * @param {generator} generator The currently active generator.
+   * @returns {generator} The passed generator, for promise chaining.
+   */
+  function noop (generator) {
+    return generator;
+  }
+
+  /**
+   * This method configures the package builder with all options necessary
+   * to run nsp.
+   *
+   * @param {generator} generator The currently active generator.
+   * @returns {generator} The passed generator, for promise chaining.
+   */
+  function promptNsp (generator) {
+    // At this time, we don't actually need to prompt the user.
+
+    // Add the dependencies.
+    pkgBuilder.addDependencies(['nsp'], 'devDependencies');
+    pkgBuilder.addCommand('prepublish', 'nsp check');
+
+    return generator;
+  }
+
+  /**
+   * Configure the project by adding required files.
+   *
+   * @param {generator} generator The currently active generator.
+   * @returns {generator} The passed generator, for promise chaining.
+   */
+  function configureNsp (generator) {
+    projectBuilder.addFile('.nsprc');
+    return generator;
+  }
+
+  module.exports = {
+    init: noop,
+    prompt: promptNsp,
+    configure: configureNsp
+  };
+})();
--- a/generators/app/templates/.nsprc
+++ b/generators/app/templates/.nsprc
--- a/spec/app/lib/component/nsp.js
+++ b/spec/app/lib/component/nsp.js
@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2016 Hewlett Packard Enterprise Development Company, LP
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+(function () {
+  'use strict';
+  var libDir = '../../../../generators/app/lib';
+
+  var nsp = require(libDir + '/component/nsp');
+  var projectBuilder = require(libDir + '/project_builder');
+  var pkgBuilder = require(libDir + '/pkg_builder');
+  var mocks = require('../../../helpers/mocks');
+  var mockGenerator;
+
+  describe('generator-openstack:lib/component/nsp', function () {
+
+    beforeEach(function () {
+      mockGenerator = mocks.buildGenerator();
+      projectBuilder.clear();
+    });
+
+    it('should define init, prompt, and configure',
+      function () {
+        expect(typeof nsp.init).toBe('function');
+        expect(typeof nsp.prompt).toBe('function');
+        expect(typeof nsp.configure).toBe('function');
+      });
+
+    describe('init()', function () {
+      it('should return a generator',
+        function () {
+          var outputGenerator = nsp.init(mockGenerator);
+          expect(outputGenerator).toEqual(mockGenerator);
+        });
+
+      it('should do nothing',
+        function () {
+          var spy = spyOn(mockGenerator.config, 'defaults');
+          nsp.init(mockGenerator);
+          expect(spy.calls.any()).toBeFalsy();
+        });
+    });
+
+    describe('prompt()', function () {
+      it('should return a generator',
+        function () {
+          var outputGenerator = nsp.prompt(mockGenerator);
+          expect(outputGenerator).toEqual(mockGenerator);
+        });
+
+      it('should add nsp to dependencies',
+        function () {
+          pkgBuilder.fromJSON('{"devDependencies":{}}');
+
+          var devDeps = pkgBuilder.getValue('devDependencies');
+          expect(devDeps.nsp).not.toBeDefined();
+
+          nsp.prompt(mockGenerator);
+
+          devDeps = pkgBuilder.getValue('devDependencies');
+          expect(devDeps.nsp).toBeDefined();
+        });
+
+      it('should add the prepublish hook to the project',
+        function () {
+          pkgBuilder.fromJSON('{}');
+
+          var scripts = pkgBuilder.getValue('scripts');
+          expect(scripts).not.toBeDefined();
+
+          nsp.prompt(mockGenerator);
+
+          var newScripts = pkgBuilder.getValue('scripts');
+          expect(newScripts.prepublish).toBeDefined();
+          expect(newScripts.prepublish).toEqual('nsp check');
+        });
+    });
+
+    describe('configure()', function () {
+      it('should return a generator',
+        function () {
+          var outputGenerator = nsp.configure(mockGenerator);
+          expect(outputGenerator).toEqual(mockGenerator);
+        });
+
+      it('should add .nsprc to the project files.',
+        function () {
+          nsp.configure(mockGenerator);
+
+          var files = projectBuilder.getIncludedFiles();
+          expect(files.length).toBe(1);
+          expect(files[0].from).toBe('.nsprc');
+          expect(files[0].to).toBe('.nsprc');
+        });
+    });
+  });
+})();