feat: implement AST-based taint analysis for JavaScript #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| PIP_DISABLE_PIP_VERSION_CHECK: 1 | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| python-version: ['3.8', '3.9', '3.10', '3.11', '3.12'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install package | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -e . | |
| - name: Run Unit Tests | |
| run: | | |
| python -m unittest discover tests -v | |
| - name: Test CLI command | |
| run: | | |
| privalyse --help | |
| - name: Test scan on examples (Vulnerable App) | |
| shell: bash | |
| run: | | |
| echo "🧪 Testing Vulnerable App (Expect Failure)..." | |
| # We expect this to fail (exit code 1) because of low compliance score | |
| # We use --format json to ensure we can verify the output later | |
| if privalyse --root examples/bad-practice-app --out test_vulnerable.json --format json; then | |
| echo "❌ Error: Vulnerable app scan unexpectedly passed (Exit Code 0)!" | |
| exit 1 | |
| else | |
| EXIT_CODE=$? | |
| echo "✅ Vulnerable app scan failed as expected (Exit Code $EXIT_CODE)." | |
| fi | |
| - name: Test scan on examples (Secure App) | |
| shell: bash | |
| run: | | |
| echo "🧪 Testing Secure App (Expect Success)..." | |
| privalyse --root examples/best-practice-app --out test_secure.json --format json | |
| - name: Verify scan results | |
| run: | | |
| test -f test_vulnerable.json | |
| test -f test_secure.json | |
| grep -q '"total_findings"' test_vulnerable.json |