update test scripts

Author: harjotgill

.gitignore

@@ -1,6 +1,3 @@
-# Ignore ast-grep snapshots
-tests/__snapshots__/*
-
 # Other package managers
 bun.lockb
 

package.json

@@ -4,8 +4,10 @@
   "description": "ast-grep essential security rules",
   "main": "index.js",
   "scripts": {
-    "test": "ast-grep test --skip-snapshot-tests -c ./sgconfig.yml",
-    "update-tests": "ast-grep test -U -c ./sgconfig.yml"
+    "test-wip": "ast-grep test --skip-snapshot-tests -c ./sgconfig.yml",
+    "test-ci": "ast-grep test -c ./sgconfig.yml",
+    "test": "ast-grep test --interactive -c ./sgconfig.yml",
+    "test-update-all": "ast-grep test --update-all -c ./sgconfig.yml"
   },
   "author": "",
   "license": "ISC",

tests/__snapshots__/bad-tmp-go-snapshot.yml

@@ -0,0 +1,8 @@
+id: bad-tmp-go
+snapshots:
+  ioutil.WriteFile("/tmp/demo2", "tmp"):
+    labels:
+    - source: ioutil.WriteFile("/tmp/demo2", "tmp")
+      style: primary
+      start: 0
+      end: 37

tests/__snapshots__/binary-formatter-snapshot.yml

@@ -0,0 +1,8 @@
+id: binary-formatter
+snapshots:
+  BinaryFormatter binaryFormatter = new BinaryFormatter();:
+    labels:
+    - source: new BinaryFormatter()
+      style: primary
+      start: 34
+      end: 55

tests/__snapshots__/command-injection-formatted-runtime-call-snapshot.yml

@@ -0,0 +1,18 @@
+id: command-injection-formatted-runtime-call
+snapshots:
+  ? |
+    val r: Runtime = Runtime.getRuntime()
+    r.exec("/bin/sh -c tool_command" + input)
+  : labels:
+    - source: r.exec("/bin/sh -c tool_command" + input)
+      style: primary
+      start: 38
+      end: 79
+  ? |-
+    val r: Runtime = Runtime.getRuntime()
+    r.loadLibrary(String.format("%s.dll", input))
+  : labels:
+    - source: r.loadLibrary(String.format("%s.dll", input))
+      style: primary
+      start: 38
+      end: 83

tests/__snapshots__/data-contract-resolver-snapshot.yml

@@ -0,0 +1,17 @@
+id: data-contract-resolver
+snapshots:
+  ? |-
+    namespace DCR
+    {
+        class CustomDCR : DataContractResolver
+        {
+        }
+    }
+  : labels:
+    - source: |-
+        class CustomDCR : DataContractResolver
+            {
+            }
+      style: primary
+      start: 20
+      end: 70

tests/__snapshots__/detect-replaceall-sanitization-snapshot.yml

@@ -0,0 +1,23 @@
+id: detect-replaceall-sanitization
+snapshots:
+  ? |
+    "<strong>Hello World</strong>".replace('<', '&lt;').replace('>', '&gt;')
+  : labels:
+    - source: '"<strong>Hello World</strong>".replace(''<'', ''&lt;'').replace(''>'', ''&gt;'')'
+      style: primary
+      start: 0
+      end: 72
+  ? |
+    "<strong>Hello World</strong>".replaceAll('"', '&quot;').replaceAll("'", '&apos;').replaceAll('&', '&amp;')
+  : labels:
+    - source: '"<strong>Hello World</strong>".replaceAll(''"'', ''&quot;'').replaceAll("''", ''&apos;'').replaceAll(''&'', ''&amp;'')'
+      style: primary
+      start: 0
+      end: 107
+  ? |
+    "<strong>Hello World</strong>".replaceAll('<', '&lt;').replaceAll('>', '&gt;')
+  : labels:
+    - source: '"<strong>Hello World</strong>".replaceAll(''<'', ''&lt;'').replaceAll(''>'', ''&gt;'')'
+      style: primary
+      start: 0
+      end: 78

tests/__snapshots__/empty-aes-key-snapshot.yml

@@ -0,0 +1,8 @@
+id: empty-aes-key
+snapshots:
+  cipher = AES.new("", AES.MODE_CFB, iv):
+    labels:
+    - source: AES.new("", AES.MODE_CFB, iv)
+      style: primary
+      start: 9
+      end: 38

tests/__snapshots__/go-template-insecure-types-snapshot.yml

@@ -0,0 +1,9 @@
+id: go-template-insecure-types
+snapshots:
+  ? |
+    var b template.CSS = "a { text-decoration: underline; } "
+  : labels:
+    - source: 'var b template.CSS = "a { text-decoration: underline; } "'
+      style: primary
+      start: 0
+      end: 57

tests/__snapshots__/grpc-client-insecure-connection-snapshot.yml

@@ -0,0 +1,43 @@
+id: grpc-client-insecure-connection
+snapshots:
+  ? |
+    grpc.Dial("example.com", grpc.WithInsecure())
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure())
+      style: primary
+      start: 0
+      end: 45
+  ? |
+    grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock())
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock())
+      style: primary
+      start: 0
+      end: 63
+  ? |
+    grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second))
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second))
+      style: primary
+      start: 0
+      end: 96
+  ? |
+    grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"))
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"))
+      style: primary
+      start: 0
+      end: 127
+  ? |
+    grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"), grpc.WithAuthority("example.com"))
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"), grpc.WithAuthority("example.com"))
+      style: primary
+      start: 0
+      end: 162
+  ? grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"), grpc.WithAuthority("example.com"), grpc.WithDial)
+  : labels:
+    - source: grpc.Dial("example.com", grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(5*time.Second), grpc.WithUserAgent("example"), grpc.WithAuthority("example.com"), grpc.WithDial)
+      style: primary
+      start: 0
+      end: 177