public async Task ScopedPackage_Succeeds_Async()
{
// arrange
PackageURL angularCore = new PackageURL("pkg:npm/angular/[email protected]");
string[] squattingPackages = new[]
{
"pkg:npm/anngular/core", // ["DoubleHit","Duplicator"]
"pkg:npm/angullar/core", // ["DoubleHit","Duplicator"]
"pkg:npm/angu1ar/core", // ["AsciiHomoglyph"]
"pkg:npm/anbular/core", // ["CloseLetters"]
"pkg:npm/angula/core", // ["RemovedCharacter"]
"pkg:npm/angularjs/core", // ["Suffix"]
"pkg:npm/core", // ["RemovedNamespace"]
};
IHttpClientFactory httpClientFactory =
FindSquatsHelper.SetupHttpCalls(purl: angularCore, validSquats: squattingPackages);
FindPackageSquats findPackageSquats = new(new ProjectManagerFactory(httpClientFactory), angularCore);
// act
IDictionary <string, IList <Mutation> >?squatCandidates = findPackageSquats.GenerateSquatCandidates();
List <FindPackageSquatResult> existingMutations = await findPackageSquats.FindExistingSquatsAsync(squatCandidates, new MutateOptions()
{
UseCache = false
}).ToListAsync();
Assert.IsNotNull(existingMutations);
Assert.IsTrue(existingMutations.Any());
string[] resultingMutationNames = existingMutations.Select(m => m.MutatedPackageUrl.ToString()).ToArray();
CollectionAssert.AreEquivalent(squattingPackages, resultingMutationNames);
}
public async Task FooMutations_Succeeds_Async()
{
// arrange
PackageURL foo = new("pkg:npm/foo");
string[] squattingPackages = new[]
{
"pkg:npm/too", // ["AsciiHomoglyph", "CloseLetters"]
"pkg:npm/goo", // ["CloseLetters"]
"pkg:npm/foojs", // ["Suffix"]
"pkg:npm/fooo", // ["DoubleHit"]
};
IHttpClientFactory httpClientFactory =
FindSquatsHelper.SetupHttpCalls(purl: foo, validSquats: squattingPackages);
FindPackageSquats findPackageSquats = new(new ProjectManagerFactory(httpClientFactory), foo);
// act
IDictionary <string, IList <Mutation> >?squatCandidates = findPackageSquats.GenerateSquatCandidates();
List <FindPackageSquatResult> existingMutations = await findPackageSquats.FindExistingSquatsAsync(squatCandidates, new MutateOptions()
{
UseCache = false
}).ToListAsync();
Assert.IsNotNull(existingMutations);
Assert.IsTrue(existingMutations.Any());
string[] resultingMutationNames = existingMutations.Select(m => m.MutatedPackageUrl.ToString()).ToArray();
CollectionAssert.AreEquivalent(squattingPackages, resultingMutationNames);
}
public async Task LodashMutations_NoCache_Succeeds_Async()
{
// arrange
PackageURL lodash = new("pkg:npm/[email protected]");
string[] squattingPackages = new[]
{
"pkg:npm/iodash", // ["AsciiHomoglyph","CloseLetters"]
"pkg:npm/jodash", // ["AsciiHomoglyph"]
"pkg:npm/1odash", // ["AsciiHomoglyph"]
"pkg:npm/ledash", // ["AsciiHomoglyph","VowelSwap"]
"pkg:npm/ladash", // ["AsciiHomoglyph","VowelSwap"]
"pkg:npm/l0dash", // ["AsciiHomoglyph","CloseLetters"]
};
IHttpClientFactory httpClientFactory =
FindSquatsHelper.SetupHttpCalls(purl: lodash, validSquats: squattingPackages);
FindPackageSquats findPackageSquats = new(new ProjectManagerFactory(httpClientFactory), lodash);
// act
IDictionary <string, IList <Mutation> >?squatCandidates = findPackageSquats.GenerateSquatCandidates();
List <FindPackageSquatResult> existingMutations = await findPackageSquats.FindExistingSquatsAsync(squatCandidates, new MutateOptions()
{
UseCache = false
}).ToListAsync();
Assert.IsNotNull(existingMutations);
Assert.IsTrue(existingMutations.Any());
string[] resultingMutationNames = existingMutations.Select(m => m.MutatedPackageUrl.ToString()).ToArray();
CollectionAssert.AreEquivalent(squattingPackages, resultingMutationNames);
}
public async Task NewtonsoftMutations_Succeeds_Async()
{
// arrange
PackageURL newtonsoft = new("pkg:nuget/[email protected]");
string[] squattingPackages = new[]
{
"pkg:nuget/newtons0ft.json", // ["AsciiHomoglyph","CloseLetters"]
"pkg:nuget/newtousoft.json", // ["AsciiHomoglyph"]
"pkg:nuget/newtonsoft.jsan", // ["AsciiHomoglyph","VowelSwap"]
"pkg:nuget/mewtonsoft.json", // ["AsciiHomoglyph","BitFlip","CloseLetters"]
"pkg:nuget/bewtonsoft.json", // ["CloseLetters"]
"pkg:nuget/newtohsoft.json", // ["CloseLetters"]
};
IHttpClientFactory httpClientFactory =
FindSquatsHelper.SetupHttpCalls(purl: newtonsoft, validSquats: squattingPackages);
IManagerPackageActions <NuGetPackageVersionMetadata> packageActions = PackageActionsHelper <NuGetPackageVersionMetadata> .SetupPackageActions(newtonsoft, validSquats : squattingPackages) ?? throw new InvalidOperationException();
Dictionary <string, ProjectManagerFactory.ConstructProjectManager> overrideDict = ProjectManagerFactory.GetDefaultManagers(httpClientFactory);
overrideDict[NuGetProjectManager.Type] = directory =>
new NuGetProjectManager(directory, packageActions, httpClientFactory);
FindPackageSquats findPackageSquats = new(new ProjectManagerFactory(overrideDict), newtonsoft);
// act
IDictionary <string, IList <Mutation> >?squatCandidates = findPackageSquats.GenerateSquatCandidates();
List <FindPackageSquatResult> existingMutations = await findPackageSquats.FindExistingSquatsAsync(squatCandidates, new MutateOptions()
{
UseCache = false
}).ToListAsync();
Assert.IsNotNull(existingMutations);
Assert.IsTrue(existingMutations.Any());
string[] resultingMutationNames = existingMutations.Select(m => m.MutatedPackageUrl.ToString()).ToArray();
CollectionAssert.AreEquivalent(squattingPackages, resultingMutationNames);
}
public async Task DetectSquats(string packageUrl, bool generateSquats, bool expectedToHaveSquats)
{
PackageURL purl = new(packageUrl);
IEnumerable <string>?validSquats = null;
// Only populate validSquats if we want to generate squats.
if (generateSquats)
{
validSquats = ProjectManagerFactory.GetDefaultManagers()[purl.Type].Invoke()?.EnumerateSquatCandidates(purl)?.Keys;
}
// Construct the mocked IHttpClientFactory
IHttpClientFactory httpClientFactory = FindSquatsHelper.SetupHttpCalls(purl: purl, validSquats: validSquats);
// Construct the manager overrides with the mocked IHttpClientFactory.
Dictionary <string, ProjectManagerFactory.ConstructProjectManager> managerOverrides = ProjectManagerFactory.GetDefaultManagers(httpClientFactory);
IManagerPackageActions <NuGetPackageVersionMetadata>?nugetPackageActions = PackageActionsHelper <NuGetPackageVersionMetadata> .SetupPackageActions(
purl);
// Override the NuGet constructor to add the mocked NuGetPackageActions.
managerOverrides[NuGetProjectManager.Type] =
_ => new NuGetProjectManager(".", nugetPackageActions, httpClientFactory);
ProjectManagerFactory projectManagerFactory = new(managerOverrides);
FindSquatsTool fst = new(projectManagerFactory);
FindSquatsTool.Options options = new()
{
Quiet = true,
Targets = new string[] { packageUrl }
};
(string output, int numSquats)result = await fst.RunAsync(options);
Assert.IsTrue(expectedToHaveSquats ? result.numSquats > 0 : result.numSquats == 0);
}
