Updated tests to use test projects. We need further tests for sufficient coverage.

Author: kenduck

test_data/bower.json

@@ -4,6 +4,6 @@
     "description": "A demo bower.json for audit.js.",
     "license": "MIT",
     "dependencies": {
-        "angular": "~1.4.3"
+        "vor-test-project-bower-please-ignore-1": "2.0.0"
     }
 }

test_data/expected_reports/bower.xml

@@ -1,125 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<testsuite name="auditjs.security.bower" errors="0" tests="1" package="test" id="" skipped="0" failures="1"><testcase name="angular"><failure message="Found 8 vulnerabilities. See stacktrace for details.">Details:
+<testsuite name="auditjs.security.bower" errors="0" tests="1" package="test" id="" skipped="0" failures="1"><testcase name="vor-test-project-bower-please-ignore-1"><failure message="Found 1 vulnerabilities. See stacktrace for details.">Details:
 
                         [
   {
-    "id": 8398878757,
-    "title": "Cross Site Scripting (XSS) in JSONP",
-    "description": "JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.",
+    "id": 8402907551,
+    "title": "Test vulnerability, please ignore",
+    "description": "This is a test vulnerability for a test project",
     "versions": [
-      "&lt;1.6.0-rc.0"
+      "&lt;=2.0.0"
     ],
     "references": [
-      "https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4",
-      "https://github.com/angular/angular.js/issues/11352",
-      "https://snyk.io/vuln/npm:angular:20150315"
+      "https://vorsecurity.com/3"
     ],
-    "published": 0,
-    "updated": 1493261505026
-  },
-  {
-    "id": 8399952532,
-    "title": "Possible security hold with usemap attribute",
-    "description": "The attribute usemap has been blacklisted as it can be used as a security exploit.",
-    "versions": [
-      "&lt;1.5.0-rc.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1"
-    ],
-    "published": 1469727878777,
-    "updated": 1469727878777
-  },
-  {
-    "id": 8399952533,
-    "title": "UI Redress Attack Through Improper Sanitization Of SVG Elements",
-    "description": "angular is susceptible to UI redress attacks. The vulnerability is due to the lack of proper sanitisation of an html input string by stripping all potentially dangerous tokens. So, an attacker can place svg elements outside of the containing element, leading to rendering it over other elements on the page (example: a login link).",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/181fc567d873df065f1e84af7225deb70a8d2eb9",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://srcclr.com/security/ui-redress-attack-through-improper/javascript/s-2252"
-    ],
-    "published": 1469728183493,
-    "updated": 1469728183493
-  },
-  {
-    "id": 8399952534,
-    "title": "Arbitrary Code Execution",
-    "description": "SVG animations tags are not being sanitized properly, resulting in possible arbitrary code execution.",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/78.html",
-      "https://github.com/angular/angular.js/commit/67688d5ca00f6de4c7fe6084e2fa762a00d25610",
-      "https://github.com/angular/angular.js/pull/11290",
-      "https://snyk.io/vuln/npm:angular:20150310",
-      "https://srcclr.com/security/arbitrary-code-execution-through-svg/javascript/s-2253"
-    ],
-    "published": 1469728274567,
-    "updated": 1486325942923
-  },
-  {
-    "id": 8402281303,
-    "title": "Cross Site Scripting (XSS) through use elements referencing external SVG",
-    "description": "> The use element can reference external svg's (same origin) and can include\nxlink javascript urls or foreign object that can execute xss.\n> \n> -- [github.com](https://github.com/angular/angular.js/pull/13453)",
-    "versions": [
-      "&lt;1.5.0"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/79.html",
-      "https://github.com/angular/angular.js/issues/13453"
-    ],
-    "published": 1483077792740,
-    "updated": 1483078107273
-  },
-  {
-    "id": 8402384794,
-    "title": "Cross-site Scripting (XSS)",
-    "description": "> Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes.\n> \n> -- [snyk.io](https://snyk.io/vuln/npm:angular:20150807)",
-    "versions": [
-      "&lt;1.5.0-beta.0 >=1.0.0"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://snyk.io/vuln/npm:angular:20150807"
-    ],
-    "published": 1485900514365,
-    "updated": 1485931408807
-  },
-  {
-    "id": 8402384796,
-    "title": "Cross-site Scripting (XSS)",
-    "description": "> Affected versions of the package are vulnerable to Mutation Cross-site Scripting (mXSS).\n> \n> -- [snyk.io](https://snyk.io/vuln/npm:angular:20150909)",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/bc0d8c4eea9a34bff5e29dd492dcdd668251be40",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://snyk.io/vuln/npm:angular:20150909"
-    ],
-    "published": 1485901294649,
-    "updated": 1485931425201
-  },
-  {
-    "id": 8402385510,
-    "title": "Cross-site Scripting (XSS)",
-    "description": ">  Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks involving assignment on constructor properties.\n> \n> -- [snyk](https://snyk.io/vuln/npm:angular:20151130)",
-    "versions": [
-      "&lt;1.4.10"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/5a674f3bb9d1118d11b333e3b966c01a571c09e6",
-      "https://github.com/angular/angular.js/pull/13417",
-      "https://snyk.io/vuln/npm:angular:20151130"
-    ],
-    "published": 1485949862562,
-    "updated": 1485964583864
+    "published": 1493874212256,
+    "updated": 1493874464883
   }
 ]
 

test_data/expected_reports/package.xml

@@ -1,156 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<testsuite name="auditjs.security.package" errors="0" tests="9" package="test" id="" skipped="0" failures="1"><testcase name="requirejs"/><testcase name="requirejs-plugins"/><testcase name="bootswatch-scss"/><testcase name="angular"><failure message="Found 10 vulnerabilities. See stacktrace for details.">[
+<testsuite name="auditjs.security.package" errors="0" tests="1" package="test" id="" skipped="0" failures="1"><testcase name="vor-test-project-npm-please-ignore-1"><failure message="Found 1 vulnerabilities. See stacktrace for details.">[
   {
-    "id": 8398878757,
-    "title": "Cross Site Scripting (XSS) in JSONP",
-    "description": "JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.",
+    "id": 8402907551,
+    "title": "Test vulnerability, please ignore",
+    "description": "This is a test vulnerability for a test project",
     "versions": [
-      "&lt;1.6.0-rc.0"
+      "&lt;=2.0.0"
     ],
     "references": [
-      "https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4",
-      "https://github.com/angular/angular.js/issues/11352",
-      "https://snyk.io/vuln/npm:angular:20150315"
+      "https://vorsecurity.com/3"
     ],
-    "published": 0,
-    "updated": 1493261505026
-  },
-  {
-    "id": 8399952532,
-    "title": "Possible security hold with usemap attribute",
-    "description": "The attribute usemap has been blacklisted as it can be used as a security exploit.",
-    "versions": [
-      "&lt;1.5.0-rc.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1"
-    ],
-    "published": 1469727878777,
-    "updated": 1469727878777
-  },
-  {
-    "id": 8399952533,
-    "title": "UI Redress Attack Through Improper Sanitization Of SVG Elements",
-    "description": "angular is susceptible to UI redress attacks. The vulnerability is due to the lack of proper sanitisation of an html input string by stripping all potentially dangerous tokens. So, an attacker can place svg elements outside of the containing element, leading to rendering it over other elements on the page (example: a login link).",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/181fc567d873df065f1e84af7225deb70a8d2eb9",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://srcclr.com/security/ui-redress-attack-through-improper/javascript/s-2252"
-    ],
-    "published": 1469728183493,
-    "updated": 1469728183493
-  },
-  {
-    "id": 8399952534,
-    "title": "Arbitrary Code Execution",
-    "description": "SVG animations tags are not being sanitized properly, resulting in possible arbitrary code execution.",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/78.html",
-      "https://github.com/angular/angular.js/commit/67688d5ca00f6de4c7fe6084e2fa762a00d25610",
-      "https://github.com/angular/angular.js/pull/11290",
-      "https://snyk.io/vuln/npm:angular:20150310",
-      "https://srcclr.com/security/arbitrary-code-execution-through-svg/javascript/s-2253"
-    ],
-    "published": 1469728274567,
-    "updated": 1486325942923
-  },
-  {
-    "id": 8402281289,
-    "title": "Cross Site Scripting (XSS) when loaded from an extension",
-    "description": "> Extension URIs (`resource://...`) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacke[r] can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.\n> \n> -- [github.com](https://github.com/angular/angular.js/pull/15346)",
-    "versions": [
-      ">=1.5.0 &lt;1.5.9"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/79.html",
-      "https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5",
-      "https://github.com/angular/angular.js/issues/15346",
-      "https://github.com/angular/angular.js/pull/15346",
-      "https://snyk.io/vuln/npm:angular:20161101"
-    ],
-    "published": 1483077559265,
-    "updated": 1485951529425
-  },
-  {
-    "id": 8402281303,
-    "title": "Cross Site Scripting (XSS) through use elements referencing external SVG",
-    "description": "> The use element can reference external svg's (same origin) and can include\nxlink javascript urls or foreign object that can execute xss.\n> \n> -- [github.com](https://github.com/angular/angular.js/pull/13453)",
-    "versions": [
-      "&lt;1.5.0"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/79.html",
-      "https://github.com/angular/angular.js/issues/13453"
-    ],
-    "published": 1483077792740,
-    "updated": 1483078107273
-  },
-  {
-    "id": 8402384794,
-    "title": "Cross-site Scripting (XSS)",
-    "description": "> Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes.\n> \n> -- [snyk.io](https://snyk.io/vuln/npm:angular:20150807)",
-    "versions": [
-      "&lt;1.5.0-beta.0 >=1.0.0"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://snyk.io/vuln/npm:angular:20150807"
-    ],
-    "published": 1485900514365,
-    "updated": 1485931408807
-  },
-  {
-    "id": 8402384796,
-    "title": "Cross-site Scripting (XSS)",
-    "description": "> Affected versions of the package are vulnerable to Mutation Cross-site Scripting (mXSS).\n> \n> -- [snyk.io](https://snyk.io/vuln/npm:angular:20150909)",
-    "versions": [
-      "&lt;1.5.0-beta.2"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/bc0d8c4eea9a34bff5e29dd492dcdd668251be40",
-      "https://github.com/angular/angular.js/pull/12524",
-      "https://snyk.io/vuln/npm:angular:20150909"
-    ],
-    "published": 1485901294649,
-    "updated": 1485931425201
-  },
-  {
-    "id": 8402385510,
-    "title": "Cross-site Scripting (XSS)",
-    "description": ">  Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks involving assignment on constructor properties.\n> \n> -- [snyk](https://snyk.io/vuln/npm:angular:20151130)",
-    "versions": [
-      "&lt;1.4.10"
-    ],
-    "references": [
-      "https://github.com/angular/angular.js/commit/5a674f3bb9d1118d11b333e3b966c01a571c09e6",
-      "https://github.com/angular/angular.js/pull/13417",
-      "https://snyk.io/vuln/npm:angular:20151130"
-    ],
-    "published": 1485949862562,
-    "updated": 1485964583864
-  },
-  {
-    "id": 8402905897,
-    "title": "Cross Site Scripting (XSS)",
-    "description": "> Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to the usemap attribute not being blacklisted.\n> \n> -- [snyk.io](https://snyk.io/vuln/npm:angular:20160122)",
-    "versions": [
-      ">=1.3.0 &lt;1.5.0-rc.2"
-    ],
-    "references": [
-      "https://cwe.mitre.org/data/definitions/79.html",
-      "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#150-rc2-controller-requisition-2016-01-28",
-      "https://github.com/angular/angular.js/commit/234053fc9ad90e0d05be7e8359c6af66be94c094",
-      "https://github.com/angular/angular.js/pull/13826",
-      "https://snyk.io/vuln/npm:angular:20160122"
-    ],
-    "published": 1493786539513,
-    "updated": 1493790769282
+    "published": 1493874212256,
+    "updated": 1493874464883
   }
-]</failure></testcase><testcase name="angular-mocks"/><testcase name="angular-sanitize"/><testcase name="angular-route"/><testcase name="jquery"/><testcase name="moment"/></testsuite>
+]</failure></testcase></testsuite>