@oculum/scanner 1.0.12 → 1.0.13

package/src/__tests__/context-engine/import-resolver.test.ts

@@ -0,0 +1,328 @@
+/**
+ * Tests for Import Resolver — extractAllImports, extractExports, resolveImportPath, buildFileIndex
+ */
+
+import {
+  extractAllImports,
+  extractExports,
+  resolveImportPath,
+  buildFileIndex,
+} from '../../model/import-resolver'
+import type { ScanFile } from '../../shared/types'
+
+function makeFile(path: string, content: string = ''): ScanFile {
+  return { path, content, language: 'typescript' }
+}
+
+// ============================================================================
+// extractAllImports
+// ============================================================================
+
+describe('extractAllImports', () => {
+  it('parses ES6 named imports', () => {
+    const content = `import { foo, bar } from './utils'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['foo', 'bar'])
+    expect(imports[0].importPath).toBe('./utils')
+    expect(imports[0].isLocal).toBe(true)
+    expect(imports[0].isReExport).toBe(false)
+    expect(imports[0].isNamespace).toBe(false)
+  })
+
+  it('parses ES6 named imports with aliases', () => {
+    const content = `import { foo as myFoo, bar as myBar } from './utils'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports[0].importedNames).toEqual(['foo', 'bar'])
+  })
+
+  it('parses ES6 default imports', () => {
+    const content = `import express from 'express'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['default'])
+    expect(imports[0].isLocal).toBe(false)
+  })
+
+  it('parses ES6 namespace imports', () => {
+    const content = `import * as path from 'path'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['path'])
+    expect(imports[0].isNamespace).toBe(true)
+    expect(imports[0].isLocal).toBe(false)
+  })
+
+  it('parses CJS destructured require', () => {
+    const content = `const { query, execute } = require('./db')`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['query', 'execute'])
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('parses CJS default require', () => {
+    const content = `const db = require('./db')`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['default'])
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('parses re-exports', () => {
+    const content = `export { query, getUser } from './queries'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['query', 'getUser'])
+    expect(imports[0].isReExport).toBe(true)
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('parses Python from...import', () => {
+    const content = `from flask import request, jsonify`
+    const imports = extractAllImports(content, 'app.py')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['request', 'jsonify'])
+    expect(imports[0].importPath).toBe('flask')
+    expect(imports[0].isLocal).toBe(false)
+  })
+
+  it('parses Python relative imports', () => {
+    const content = `from .models import User`
+    const imports = extractAllImports(content, 'app/views.py')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importedNames).toEqual(['User'])
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('parses Python import statement', () => {
+    const content = `import os`
+    const imports = extractAllImports(content, 'app.py')
+    expect(imports).toHaveLength(1)
+    expect(imports[0].importPath).toBe('os')
+    expect(imports[0].isNamespace).toBe(true)
+  })
+
+  it('handles @/ alias as local', () => {
+    const content = `import { db } from '@/lib/database'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('handles ~/ alias as local', () => {
+    const content = `import { db } from '~/lib/database'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports[0].isLocal).toBe(true)
+  })
+
+  it('includes line numbers', () => {
+    const content = `// comment\nimport { foo } from './foo'\nimport { bar } from './bar'`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports[0].line).toBe(2)
+    expect(imports[1].line).toBe(3)
+  })
+
+  it('skips comments', () => {
+    const content = `// import { foo } from './foo'\n/* import { bar } from './bar' */`
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports).toHaveLength(0)
+  })
+
+  it('handles multiple import types in one file', () => {
+    const content = [
+      `import { foo } from './foo'`,
+      `import bar from './bar'`,
+      `import * as utils from './utils'`,
+      `const { baz } = require('./baz')`,
+      `export { qux } from './qux'`,
+    ].join('\n')
+    const imports = extractAllImports(content, 'src/index.ts')
+    expect(imports.length).toBeGreaterThanOrEqual(5)
+  })
+})
+
+// ============================================================================
+// extractExports
+// ============================================================================
+
+describe('extractExports', () => {
+  it('extracts named function exports', () => {
+    const content = `export function getUser(id: string) { return db.query(id) }`
+    const exports = extractExports(content, 'src/db.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('getUser')
+    expect(exports[0].kind).toBe('function')
+    expect(exports[0].isDefault).toBe(false)
+  })
+
+  it('extracts async function exports', () => {
+    const content = `export async function fetchData() { }`
+    const exports = extractExports(content, 'src/api.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('fetchData')
+    expect(exports[0].kind).toBe('function')
+  })
+
+  it('extracts class exports', () => {
+    const content = `export class UserService { }`
+    const exports = extractExports(content, 'src/service.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('UserService')
+    expect(exports[0].kind).toBe('class')
+  })
+
+  it('extracts const/let/var exports', () => {
+    const content = `export const MAX_RETRIES = 3`
+    const exports = extractExports(content, 'src/config.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('MAX_RETRIES')
+    expect(exports[0].kind).toBe('variable')
+  })
+
+  it('extracts default function export', () => {
+    const content = `export default function handler(req, res) { }`
+    const exports = extractExports(content, 'src/handler.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('handler')
+    expect(exports[0].isDefault).toBe(true)
+  })
+
+  it('extracts default class export', () => {
+    const content = `export default class App { }`
+    const exports = extractExports(content, 'src/app.ts')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].isDefault).toBe(true)
+  })
+
+  it('extracts re-exports with source module', () => {
+    const content = `export { query, getUser } from './queries'`
+    const exports = extractExports(content, 'src/index.ts')
+    expect(exports).toHaveLength(2)
+    expect(exports[0].kind).toBe('reexport')
+    expect(exports[0].sourceModule).toBe('./queries')
+  })
+
+  it('extracts CommonJS module.exports object', () => {
+    const content = `module.exports = { getUser, createUser }`
+    const exports = extractExports(content, 'src/db.js')
+    expect(exports).toHaveLength(2)
+    expect(exports.map(e => e.name)).toEqual(['getUser', 'createUser'])
+  })
+
+  it('extracts CommonJS module.exports.prop', () => {
+    const content = `module.exports.query = function() {}`
+    const exports = extractExports(content, 'src/db.js')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('query')
+  })
+
+  it('extracts CommonJS exports.prop', () => {
+    const content = `exports.getUser = getUser`
+    const exports = extractExports(content, 'src/db.js')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('getUser')
+  })
+
+  it('extracts Python top-level def', () => {
+    const content = `def get_user(id):\n    return db.query(id)`
+    const exports = extractExports(content, 'db.py')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('get_user')
+    expect(exports[0].kind).toBe('function')
+  })
+
+  it('extracts Python top-level class', () => {
+    const content = `class UserService:\n    pass`
+    const exports = extractExports(content, 'service.py')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('UserService')
+    expect(exports[0].kind).toBe('class')
+  })
+
+  it('skips Python indented defs (methods)', () => {
+    const content = `class Foo:\n    def bar(self):\n        pass`
+    const exports = extractExports(content, 'foo.py')
+    expect(exports).toHaveLength(1)
+    expect(exports[0].name).toBe('Foo')
+  })
+
+  it('extracts export { ... } list', () => {
+    const content = `const a = 1\nconst b = 2\nexport { a, b }`
+    const exports = extractExports(content, 'src/utils.ts')
+    expect(exports.some(e => e.name === 'a')).toBe(true)
+    expect(exports.some(e => e.name === 'b')).toBe(true)
+  })
+})
+
+// ============================================================================
+// buildFileIndex & resolveImportPath
+// ============================================================================
+
+describe('resolveImportPath', () => {
+  const files: ScanFile[] = [
+    makeFile('src/lib/db.ts'),
+    makeFile('src/lib/auth/index.ts'),
+    makeFile('src/utils/helpers.tsx'),
+    makeFile('src/routes/api.js'),
+    makeFile('lib/shared.mjs'),
+  ]
+  const fileIndex = buildFileIndex(files)
+
+  it('resolves @/ alias', () => {
+    const result = resolveImportPath('@/lib/db', 'src/routes/api.ts', fileIndex)
+    expect(result).not.toBeNull()
+    expect(result!.path).toBe('src/lib/db.ts')
+  })
+
+  it('resolves ~/ alias', () => {
+    const result = resolveImportPath('~/lib/db', 'src/routes/api.ts', fileIndex)
+    expect(result).not.toBeNull()
+    expect(result!.path).toBe('src/lib/db.ts')
+  })
+
+  it('resolves relative path', () => {
+    const result = resolveImportPath('../lib/db', 'src/routes/api.ts', fileIndex)
+    expect(result).not.toBeNull()
+    expect(result!.path).toBe('src/lib/db.ts')
+  })
+
+  it('resolves index file fallback', () => {
+    const result = resolveImportPath('@/lib/auth', 'src/routes/api.ts', fileIndex)
+    expect(result).not.toBeNull()
+    expect(result!.path).toBe('src/lib/auth/index.ts')
+  })
+
+  it('resolves with extension guessing', () => {
+    const result = resolveImportPath('./helpers', 'src/utils/other.ts', fileIndex)
+    expect(result).not.toBeNull()
+    expect(result!.path).toBe('src/utils/helpers.tsx')
+  })
+
+  it('returns null for node_modules', () => {
+    const result = resolveImportPath('express', 'src/index.ts', fileIndex)
+    expect(result).toBeNull()
+  })
+
+  it('returns null for missing files', () => {
+    const result = resolveImportPath('./nonexistent', 'src/index.ts', fileIndex)
+    expect(result).toBeNull()
+  })
+})
+
+describe('buildFileIndex', () => {
+  it('indexes files by multiple path variants', () => {
+    const files = [makeFile('src/lib/db.ts')]
+    const index = buildFileIndex(files)
+    expect(index.get('src/lib/db.ts')).toBeDefined()
+    expect(index.get('src/lib/db')).toBeDefined()
+    expect(index.get('@/lib/db')).toBeDefined()
+    expect(index.get('~/lib/db')).toBeDefined()
+  })
+
+  it('indexes directory/index patterns', () => {
+    const files = [makeFile('src/lib/auth/index.ts')]
+    const index = buildFileIndex(files)
+    expect(index.get('src/lib/auth')).toBeDefined()
+    expect(index.get('src/lib/auth/index.ts')).toBeDefined()
+  })
+})

package/src/__tests__/context-engine/integration.test.ts

@@ -0,0 +1,320 @@
+/**
+ * Integration tests for the full taint analysis pipeline.
+ * Tests end-to-end from source discovery through sink matching,
+ * and cross-file analysis through buildProjectModel.
+ */
+
+import { discoverSources } from '../../model/source-discovery'
+import { detectSanitisers } from '../../model/sanitiser-detection'
+import { propagateTaint } from '../../model/taint-tracker'
+import { matchSinks } from '../../model/sink-matcher'
+import type { FileTaintAnalysis } from '../../model/taint-types'
+import { buildProjectModel } from '../../model/index'
+import { buildAdjustmentContext } from '../../score/index'
+import type { ScanFile, Vulnerability } from '../../shared/types'
+
+function analyzeFileTaint(content: string, filePath: string): FileTaintAnalysis {
+  const sources = discoverSources(content, filePath)
+  if (sources.length === 0) {
+    return { filePath, sources: [], taintedVariables: [], taintPaths: [], sanitisers: [] }
+  }
+  const sanitisers = detectSanitisers(content, filePath)
+  const taintedVariables = propagateTaint(content, filePath, sources, sanitisers)
+  const taintPaths = matchSinks(content, filePath, taintedVariables, sanitisers)
+  return { filePath, sources, taintedVariables, taintPaths, sanitisers }
+}
+
+describe('Taint Analysis Integration', () => {
+  describe('SQL injection (Juice Shop style)', () => {
+    it('detects unsanitised req.query flowing into sequelize.query', () => {
+      const code = `
+app.get('/api/products', (req, res) => {
+  const searchTerm = req.query.q
+  const query = "SELECT * FROM Products WHERE name LIKE '%" + searchTerm + "%'"
+  sequelize.query(query)
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/products.ts')
+      expect(result.sources.length).toBeGreaterThan(0)
+      expect(result.taintPaths.length).toBeGreaterThan(0)
+      expect(result.taintPaths.some(p =>
+        p.sink.sinkType === 'sql_query' && !p.sanitised
+      )).toBe(true)
+    })
+  })
+
+  describe('XSS via innerHTML', () => {
+    it('detects unsanitised req.body flowing into innerHTML', () => {
+      const code = `
+app.post('/render', (req, res) => {
+  const content = req.body.html
+  const output = "<div>" + content + "</div>"
+  el.innerHTML = output
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/render.ts')
+      expect(result.taintPaths.some(p =>
+        p.sink.sinkType === 'inner_html' && !p.sanitised
+      )).toBe(true)
+    })
+  })
+
+  describe('Sanitised SQL (parameterised query)', () => {
+    it('marks taint path as sanitised for parameterised queries', () => {
+      const code = `
+app.get('/api/users', (req, res) => {
+  const userId = req.query.id
+  db.query('SELECT * FROM users WHERE id = ?', [userId])
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/users.ts')
+      if (result.taintPaths.length > 0) {
+        expect(result.taintPaths.every(p =>
+          p.sink.sinkType === 'sql_query' ? p.sanitised : true
+        )).toBe(true)
+      }
+    })
+  })
+
+  describe('Sanitised XSS (DOMPurify)', () => {
+    it('marks taint path as sanitised when DOMPurify is used', () => {
+      const code = `
+import DOMPurify from 'dompurify'
+
+app.post('/render', (req, res) => {
+  const content = req.body.html
+  const safe = DOMPurify.sanitize(content)
+  el.innerHTML = safe
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/render.ts')
+      // DOMPurify.sanitize marks the variable as sanitised
+      // The sink matcher should not pick it up since safe is sanitised
+      const unsanitisedPaths = result.taintPaths.filter(p =>
+        p.sink.sinkType === 'inner_html' && !p.sanitised
+      )
+      expect(unsanitisedPaths).toHaveLength(0)
+    })
+  })
+
+  describe('Command injection', () => {
+    it('detects unsanitised user input flowing into exec()', () => {
+      const code = `
+app.post('/exec', (req, res) => {
+  const cmd = req.body.command
+  exec(cmd)
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/exec.ts')
+      expect(result.taintPaths.some(p =>
+        p.sink.sinkType === 'exec' && !p.sanitised
+      )).toBe(true)
+    })
+  })
+
+  describe('SSRF', () => {
+    it('detects unsanitised user input flowing into fetch()', () => {
+      const code = `
+app.post('/proxy', (req, res) => {
+  const url = req.body.url
+  fetch(url)
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/proxy.ts')
+      expect(result.taintPaths.some(p =>
+        p.sink.sinkType === 'http_request' && !p.sanitised
+      )).toBe(true)
+    })
+  })
+
+  describe('Type coercion sanitisation', () => {
+    it('marks Number() coercion as sanitised', () => {
+      const code = `
+app.get('/api/users', (req, res) => {
+  const userId = Number(req.query.id)
+  db.query("SELECT * FROM users WHERE id = " + userId)
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/users.ts')
+      // userId should be sanitised by Number()
+      // so it shouldn't produce an unsanitised taint path
+      const unsanitisedSql = result.taintPaths.filter(p =>
+        p.sink.sinkType === 'sql_query' && !p.sanitised
+      )
+      expect(unsanitisedSql).toHaveLength(0)
+    })
+  })
+
+  describe('Short-circuit for non-input files', () => {
+    it('returns empty analysis for config files', () => {
+      const code = `
+export default {
+  port: 3000,
+  host: 'localhost',
+  database: {
+    url: process.env.DATABASE_URL,
+  },
+}
+`
+      const result = analyzeFileTaint(code, 'src/config.ts')
+      expect(result.sources).toHaveLength(0)
+      expect(result.taintPaths).toHaveLength(0)
+    })
+  })
+
+  describe('Multi-step propagation', () => {
+    it('tracks taint through multiple assignment steps', () => {
+      const code = `
+app.post('/api', (req, res) => {
+  const body = req.body
+  const data = body
+  const query = "SELECT * FROM users WHERE name = '" + data + "'"
+  db.query(query)
+})
+`
+      const result = analyzeFileTaint(code, 'src/routes/api.ts')
+      expect(result.taintPaths.some(p =>
+        p.sink.sinkType === 'sql_query' && !p.sanitised
+      )).toBe(true)
+    })
+  })
+
+  describe('Django pattern', () => {
+    it('detects unsanitised request.GET in Python', () => {
+      const code = `
+def search(request):
+    query = request.GET
+    cursor.execute("SELECT * FROM items WHERE name = '" + query + "'")
+`
+      const result = analyzeFileTaint(code, 'app/views.py')
+      expect(result.sources.length).toBeGreaterThan(0)
+      // Python cursor.execute should match sql_query sink
+      expect(result.taintPaths.some(p => p.sink.sinkType === 'sql_query')).toBe(true)
+    })
+  })
+
+  describe('Framework-aware analysis integration', () => {
+    function makeFile(path: string, content: string): ScanFile {
+      return { path, content, language: 'typescript' }
+    }
+
+    it('populates frameworkAnalyses for React + Sequelize project', () => {
+      const files = [
+        makeFile('src/app/page.tsx', [
+          'import { getUsers } from "../lib/db"',
+          '',
+          'export default function Page() {',
+          '  return <div>{users.map(u => u.name)}</div>',
+          '}',
+        ].join('\n')),
+        makeFile('src/lib/db.ts', [
+          'import { Sequelize } from "sequelize"',
+          'import { User } from "../models"',
+          '',
+          'export function getUsers() {',
+          '  return User.findAll({ where: { active: true } })',
+          '}',
+        ].join('\n')),
+        // Include a package.json to trigger framework detection
+        makeFile('package.json', JSON.stringify({
+          dependencies: { react: '18.0.0', next: '14.0.0', sequelize: '6.0.0' },
+        })),
+      ]
+
+      const model = buildProjectModel(files)
+
+      // Verify frameworkAnalyses is populated
+      expect(model.contextEngine.frameworkAnalyses).toBeDefined()
+      expect(model.contextEngine.frameworkAnalyses!.size).toBeGreaterThan(0)
+
+      // Verify JSX auto-escape detected in page.tsx
+      const pageAnalysis = model.contextEngine.frameworkAnalyses!.get('src/app/page.tsx')
+      expect(pageAnalysis).toBeDefined()
+      expect(pageAnalysis!.safeLines.size).toBeGreaterThan(0)
+
+      // Verify Sequelize ORM detected in db.ts
+      const dbAnalysis = model.contextEngine.frameworkAnalyses!.get('src/lib/db.ts')
+      expect(dbAnalysis).toBeDefined()
+      expect(dbAnalysis!.safeLines.size).toBeGreaterThan(0)
+
+      // Verify scoring picks up framework context for a mock finding
+      const mockFinding: Vulnerability = {
+        id: 'test-fw-1',
+        filePath: 'src/lib/db.ts',
+        lineNumber: 5,
+        lineContent: '  return User.findAll({ where: { active: true } })',
+        category: 'sql_injection',
+        severity: 'medium',
+        message: 'Possible SQL injection',
+        layer: 2,
+        source: 'dangerous_functions',
+      }
+
+      const adjContext = buildAdjustmentContext(mockFinding, model.contextEngine)
+      expect(dbAnalysis!.safeLines.has(5)).toBe(true)
+      expect(adjContext.framework).toBeDefined()
+      expect(adjContext.framework!.safePatternMatch).not.toBeNull()
+      expect(adjContext.framework!.safePatternMatch!.id).toContain('orm_')
+    })
+  })
+
+  describe('Cross-file pipeline integration', () => {
+    function makeFile(path: string, content: string): ScanFile {
+      return { path, content, language: 'typescript' }
+    }
+
+    it('detects cross-file taint through buildProjectModel and scoring', () => {
+      const files = [
+        makeFile('src/routes/users.ts', [
+          `import { getUser } from '../lib/db'`,
+          ``,
+          `export async function GET(req) {`,
+          `  const id = req.params.id`,
+          `  const user = await getUser(id)`,
+          `  return Response.json(user)`,
+          `}`,
+        ].join('\n')),
+        makeFile('src/lib/db.ts', [
+          `export function getUser(id: string) {`,
+          `  return db.query('SELECT * FROM users WHERE id = ' + id)`,
+          `}`,
+        ].join('\n')),
+      ]
+
+      const model = buildProjectModel(files)
+
+      // Verify cross-file taint paths are populated
+      expect(model.contextEngine.crossFileTaintPaths).toBeDefined()
+      expect(model.contextEngine.crossFileTaintPaths!.length).toBeGreaterThan(0)
+
+      const cfPath = model.contextEngine.crossFileTaintPaths![0]
+      expect(cfPath.sink.sinkType).toBe('sql_query')
+      expect(cfPath.sourceFile).toBe('src/routes/users.ts')
+      expect(cfPath.sinkFile).toBe('src/lib/db.ts')
+
+      // Verify scoring annotation picks up cross-file taint at the call site.
+      // A Layer 2 detector might flag the call line in users.ts. The scoring system
+      // should match the cross-file path via sourceFile + callLine.
+      const mockFinding: Vulnerability = {
+        id: 'test-1',
+        filePath: cfPath.sourceFile,
+        lineNumber: cfPath.importLink.callLine,
+        lineContent: 'const user = await getUser(id)',
+        category: 'sql_injection',
+        severity: 'high',
+        message: 'SQL injection via cross-file taint',
+        layer: 2,
+        source: 'dangerous_functions',
+      }
+
+      const adjContext = buildAdjustmentContext(mockFinding, model.contextEngine)
+      expect(adjContext.taint).toBeDefined()
+      expect(adjContext.taint!.confirmed).toBe(true)
+      expect(adjContext.taint!.sinkType).toBe('sql_query')
+
+      // Verify function profiles are populated
+      expect(model.contextEngine.functionProfiles).toBeDefined()
+      expect(model.contextEngine.functionProfiles!.size).toBeGreaterThan(0)
+    })
+  })
+})