AikidoSec-safe-chain/packages/safe-chain/src/config/settings.spec.js

import { describe, it, beforeEach, afterEach, mock } from "node:test";
import assert from "node:assert";

let configFileContent = undefined;
mock.module("fs", {
  namedExports: {
    existsSync: () => configFileContent !== undefined,
    readFileSync: () => configFileContent,
    writeFileSync: (content) => (configFileContent = content),
    mkdirSync: () => {},
  },
});

const {
  getNpmCustomRegistries,
  getPipCustomRegistries,
  getNpmMinimumPackageAgeExclusions,
  getLoggingLevel,
  LOGGING_SILENT,
  LOGGING_NORMAL,
  LOGGING_VERBOSE,
} = await import("./settings.js");
const { initializeCliArguments } = await import("./cliArguments.js");

for (const { packageManager, getCustomRegistries, envVarName } of [
  {
    packageManager: "npm",
    getCustomRegistries: getNpmCustomRegistries,
    envVarName: "SAFE_CHAIN_NPM_CUSTOM_REGISTRIES",
  },
  {
    packageManager: "pip",
    getCustomRegistries: getPipCustomRegistries,
    envVarName: "SAFE_CHAIN_PIP_CUSTOM_REGISTRIES",
  },
]) {
  describe(getCustomRegistries.name, async () => {
    let originalEnv;

    beforeEach(() => {
      originalEnv = process.env[envVarName];
    });

    afterEach(() => {
      if (originalEnv !== undefined) {
        process.env[envVarName] = originalEnv;
      } else {
        delete process.env[envVarName];
      }
      configFileContent = undefined;
    });

    it("should return empty array when no registries configured", () => {
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, []);
    });

    it("should return registries without protocol", () => {
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `${packageManager}.company.com`,
            "registry.internal.net",
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com`,
        "registry.internal.net",
      ]);
    });

    it("should strip https:// protocol from registries", () => {
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `https://${packageManager}.company.com`,
            "https://registry.internal.net",
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com`,
        "registry.internal.net",
      ]);
    });

    it("should strip http:// protocol from registries", () => {
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `http://${packageManager}.company.com`,
            "http://registry.internal.net",
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com`,
        "registry.internal.net",
      ]);
    });

    it("should handle mixed protocols and no protocol", () => {
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `https://${packageManager}.company.com`,
            "registry.internal.net",
            "http://private.registry.io",
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com`,
        "registry.internal.net",
        "private.registry.io",
      ]);
    });

    it("should preserve registry path after stripping protocol", () => {
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `https://${packageManager}.company.com/custom/path`,
            `registry.internal.net/${packageManager}`,
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com/custom/path`,
        `registry.internal.net/${packageManager}`,
      ]);
    });

    it("should parse comma-separated registries from environment variable", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "env1.registry.com,env2.registry.net";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        "env1.registry.com",
        "env2.registry.net",
      ]);
    });

    it("should trim whitespace from environment variable registries", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "  env1.registry.com  ,  env2.registry.net  ";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        "env1.registry.com",
        "env2.registry.net",
      ]);
    });

    it("should merge environment variable and config file registries", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "env1.registry.com";
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: ["config1.registry.net"],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        "env1.registry.com",
        "config1.registry.net",
      ]);
    });

    it("should remove duplicate registries when merging env and config", () => {
      delete process.env[envVarName];
      process.env[
        envVarName
      ] = `${packageManager}.company.com,env.registry.com`;
      configFileContent = JSON.stringify({
        [packageManager]: {
          customRegistries: [
            `${packageManager}.company.com`,
            "config.registry.net",
          ],
        },
      });

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        `${packageManager}.company.com`,
        "env.registry.com",
        "config.registry.net",
      ]);
    });

    it("should normalize protocols from environment variable registries", () => {
      delete process.env[envVarName];
      process.env[envVarName] =
        "https://env1.registry.com,http://env2.registry.net";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        "env1.registry.com",
        "env2.registry.net",
      ]);
    });

    it("should handle empty strings in comma-separated list", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "env1.registry.com,,env2.registry.net,";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, [
        "env1.registry.com",
        "env2.registry.net",
      ]);
    });

    it("should handle single registry in environment variable", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "single.registry.com";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, ["single.registry.com"]);
    });

    it("should return empty array for empty environment variable", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, []);
    });

    it("should return empty array for whitespace-only environment variable", () => {
      delete process.env[envVarName];
      process.env[envVarName] = "   ,  ,  ";
      configFileContent = undefined;

      const registries = getCustomRegistries();

      assert.deepStrictEqual(registries, []);
    });
  });
}

describe("getLoggingLevel", () => {
  let originalEnv;

  beforeEach(() => {
    originalEnv = process.env.SAFE_CHAIN_LOGGING;
    delete process.env.SAFE_CHAIN_LOGGING;
    // Reset CLI arguments state
    initializeCliArguments([]);
  });

  afterEach(() => {
    if (originalEnv !== undefined) {
      process.env.SAFE_CHAIN_LOGGING = originalEnv;
    } else {
      delete process.env.SAFE_CHAIN_LOGGING;
    }
  });

  it("should return normal by default when nothing is configured", () => {
    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_NORMAL);
  });

  it("should return silent from environment variable", () => {
    process.env.SAFE_CHAIN_LOGGING = "silent";

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_SILENT);
  });

  it("should return verbose from environment variable", () => {
    process.env.SAFE_CHAIN_LOGGING = "verbose";

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_VERBOSE);
  });

  it("should handle uppercase environment variable values", () => {
    process.env.SAFE_CHAIN_LOGGING = "VERBOSE";

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_VERBOSE);
  });

  it("should handle mixed case environment variable values", () => {
    process.env.SAFE_CHAIN_LOGGING = "Silent";

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_SILENT);
  });

  it("should return normal for invalid environment variable values", () => {
    process.env.SAFE_CHAIN_LOGGING = "invalid";

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_NORMAL);
  });

  it("should prioritize CLI argument over environment variable", () => {
    process.env.SAFE_CHAIN_LOGGING = "verbose";
    initializeCliArguments(["--safe-chain-logging=silent"]);

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_SILENT);
  });

  it("should use environment variable when CLI argument is not set", () => {
    process.env.SAFE_CHAIN_LOGGING = "silent";
    initializeCliArguments(["install", "express"]);

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_SILENT);
  });

  it("should return normal when CLI argument is invalid (even if env var is valid)", () => {
    process.env.SAFE_CHAIN_LOGGING = "verbose";
    initializeCliArguments(["--safe-chain-logging=invalid"]);

    const level = getLoggingLevel();

    assert.strictEqual(level, LOGGING_NORMAL);
  });
});

describe("getNpmMinimumPackageAgeExclusions", () => {
  let originalEnv;
  const envVarName = "SAFE_CHAIN_NPM_MINIMUM_PACKAGE_AGE_EXCLUSIONS";

  beforeEach(() => {
    originalEnv = process.env[envVarName];
    delete process.env[envVarName];
  });

  afterEach(() => {
    if (originalEnv !== undefined) {
      process.env[envVarName] = originalEnv;
    } else {
      delete process.env[envVarName];
    }
    configFileContent = undefined;
  });

  it("should return empty array when no exclusions configured", () => {
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, []);
  });

  it("should return exclusions from config file", () => {
    configFileContent = JSON.stringify({
      npm: {
        minimumPackageAgeExclusions: ["react", "@aikidosec/safe-chain"],
      },
    });

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["react", "@aikidosec/safe-chain"]);
  });

  it("should parse comma-separated exclusions from environment variable", () => {
    process.env[envVarName] = "lodash,express,@types/node";
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["lodash", "express", "@types/node"]);
  });

  it("should merge environment variable and config file exclusions", () => {
    process.env[envVarName] = "lodash";
    configFileContent = JSON.stringify({
      npm: {
        minimumPackageAgeExclusions: ["react"],
      },
    });

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["lodash", "react"]);
  });

  it("should remove duplicate exclusions when merging", () => {
    process.env[envVarName] = "lodash,react";
    configFileContent = JSON.stringify({
      npm: {
        minimumPackageAgeExclusions: ["react", "express"],
      },
    });

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["lodash", "react", "express"]);
  });

  it("should trim whitespace from environment variable exclusions", () => {
    process.env[envVarName] = "  lodash  ,  react  ";
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["lodash", "react"]);
  });

  it("should handle scoped packages", () => {
    configFileContent = JSON.stringify({
      npm: {
        minimumPackageAgeExclusions: ["@babel/core", "@types/react"],
      },
    });

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["@babel/core", "@types/react"]);
  });

  it("should handle empty strings in comma-separated list", () => {
    process.env[envVarName] = "lodash,,react,";
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["lodash", "react"]);
  });

  it("should return empty array for empty environment variable", () => {
    process.env[envVarName] = "";
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, []);
  });

  it("should return empty array for whitespace-only environment variable", () => {
    process.env[envVarName] = "   ,  ,  ";
    configFileContent = undefined;

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, []);
  });

  it("should filter non-string values from config file", () => {
    configFileContent = JSON.stringify({
      npm: {
        minimumPackageAgeExclusions: ["react", 123, null, "lodash", undefined],
      },
    });

    const exclusions = getNpmMinimumPackageAgeExclusions();

    assert.deepStrictEqual(exclusions, ["react", "lodash"]);
  });
});