136 lines
4.1 KiB
JavaScript
136 lines
4.1 KiB
JavaScript
import { describe, it, beforeEach } from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { resolve } from 'node:path';
|
|
import { fileURLToPath } from 'node:url';
|
|
import { resetCounter } from '../../scanners/lib/output.mjs';
|
|
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';
|
|
import { scan } from '../../scanners/mcp-config-validator.mjs';
|
|
|
|
const __dirname = fileURLToPath(new URL('.', import.meta.url));
|
|
const FIXTURES = resolve(__dirname, '../fixtures');
|
|
|
|
describe('MCP scanner — healthy project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'healthy-project'));
|
|
result = await scan(resolve(FIXTURES, 'healthy-project'), discovery);
|
|
});
|
|
|
|
it('returns status ok', () => {
|
|
assert.equal(result.status, 'ok');
|
|
});
|
|
|
|
it('reports scanner prefix MCP', () => {
|
|
assert.equal(result.scanner, 'MCP');
|
|
});
|
|
|
|
it('scans at least 1 file', () => {
|
|
assert.ok(result.files_scanned >= 1);
|
|
});
|
|
|
|
it('has no critical or high findings', () => {
|
|
assert.equal(result.counts.critical, 0);
|
|
assert.equal(result.counts.high, 0);
|
|
});
|
|
|
|
it('finding IDs match CA-MCP-NNN pattern', () => {
|
|
for (const f of result.findings) {
|
|
assert.match(f.id, /^CA-MCP-\d{3}$/);
|
|
}
|
|
});
|
|
|
|
it('has counts object with all severity levels', () => {
|
|
assert.ok('critical' in result.counts);
|
|
assert.ok('high' in result.counts);
|
|
assert.ok('medium' in result.counts);
|
|
assert.ok('low' in result.counts);
|
|
assert.ok('info' in result.counts);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — broken project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'broken-project'));
|
|
result = await scan(resolve(FIXTURES, 'broken-project'), discovery);
|
|
});
|
|
|
|
it('returns status ok', () => {
|
|
assert.equal(result.status, 'ok');
|
|
});
|
|
|
|
it('detects SSE server type', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('SSE')));
|
|
});
|
|
|
|
it('SSE recommendation is info severity', () => {
|
|
const sse = result.findings.find(f => f.title.includes('SSE'));
|
|
assert.equal(sse.severity, 'info');
|
|
});
|
|
|
|
it('detects unknown server type', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server type')));
|
|
});
|
|
|
|
it('unknown server type is high severity', () => {
|
|
const unknown = result.findings.find(f => f.title.includes('Unknown MCP server type'));
|
|
assert.equal(unknown.severity, 'high');
|
|
});
|
|
|
|
it('detects missing trust level', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Missing trust level')));
|
|
});
|
|
|
|
it('missing trust is medium severity', () => {
|
|
const trust = result.findings.find(f => f.title.includes('Missing trust level'));
|
|
assert.equal(trust.severity, 'medium');
|
|
});
|
|
|
|
it('detects unreferenced env vars in args', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unreferenced env var')));
|
|
});
|
|
|
|
it('detects unknown server fields', () => {
|
|
assert.ok(result.findings.some(f => f.title.includes('Unknown MCP server field')));
|
|
});
|
|
|
|
it('has multiple findings', () => {
|
|
assert.ok(result.findings.length >= 5);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — empty project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'empty-project'));
|
|
result = await scan(resolve(FIXTURES, 'empty-project'), discovery);
|
|
});
|
|
|
|
it('returns skipped status', () => {
|
|
assert.equal(result.status, 'skipped');
|
|
});
|
|
|
|
it('has 0 findings', () => {
|
|
assert.equal(result.findings.length, 0);
|
|
});
|
|
});
|
|
|
|
describe('MCP scanner — minimal project', () => {
|
|
let result;
|
|
beforeEach(async () => {
|
|
resetCounter();
|
|
const discovery = await discoverConfigFiles(resolve(FIXTURES, 'minimal-project'));
|
|
result = await scan(resolve(FIXTURES, 'minimal-project'), discovery);
|
|
});
|
|
|
|
it('returns skipped when no .mcp.json', () => {
|
|
assert.equal(result.status, 'skipped');
|
|
});
|
|
|
|
it('has 0 findings', () => {
|
|
assert.equal(result.findings.length, 0);
|
|
});
|
|
});
|