ios-app-review-plugin 1.0.0

package/tests/cli/commands.test.ts

@@ -0,0 +1,67 @@
+import { printHelp } from '../../src/cli/commands/help.js';
+import { printVersion } from '../../src/cli/commands/version.js';
+
+describe('CLI Commands', () => {
+  let consoleLogSpy: jest.SpyInstance;
+
+  beforeEach(() => {
+    consoleLogSpy = jest.spyOn(console, 'log').mockImplementation();
+  });
+
+  afterEach(() => {
+    consoleLogSpy.mockRestore();
+  });
+
+  describe('help', () => {
+    it('should print help text', () => {
+      printHelp();
+      expect(consoleLogSpy).toHaveBeenCalledTimes(1);
+      const output = consoleLogSpy.mock.calls[0]![0] as string;
+      expect(output).toContain('ios-app-review');
+      expect(output).toContain('USAGE');
+      expect(output).toContain('COMMANDS');
+      expect(output).toContain('scan');
+      expect(output).toContain('help');
+      expect(output).toContain('version');
+    });
+
+    it('should list scan options', () => {
+      printHelp();
+      const output = consoleLogSpy.mock.calls[0]![0] as string;
+      expect(output).toContain('--format');
+      expect(output).toContain('--output');
+      expect(output).toContain('--analyzers');
+      expect(output).toContain('--include-asc');
+      expect(output).toContain('--changed-since');
+      expect(output).toContain('--badge');
+      expect(output).toContain('--save-history');
+    });
+
+    it('should list available analyzers', () => {
+      printHelp();
+      const output = consoleLogSpy.mock.calls[0]![0] as string;
+      expect(output).toContain('info-plist');
+      expect(output).toContain('privacy');
+      expect(output).toContain('security');
+    });
+
+    it('should list exit codes', () => {
+      printHelp();
+      const output = consoleLogSpy.mock.calls[0]![0] as string;
+      expect(output).toContain('EXIT CODES');
+      expect(output).toContain('0');
+      expect(output).toContain('1');
+      expect(output).toContain('2');
+    });
+  });
+
+  describe('version', () => {
+    it('should print a version string', () => {
+      printVersion();
+      expect(consoleLogSpy).toHaveBeenCalledTimes(1);
+      const output = consoleLogSpy.mock.calls[0]![0] as string;
+      // Should be semver-like
+      expect(output).toMatch(/^\d+\.\d+\.\d+$/);
+    });
+  });
+});

package/tests/cli/scan.test.ts

@@ -0,0 +1,152 @@
+import * as fs from 'fs/promises';
+import * as os from 'os';
+import * as path from 'path';
+import { runScan } from '../../src/cli/commands/scan.js';
+import type { ScanOptions } from '../../src/cli/types.js';
+
+// Mock the analyzer to avoid needing a real Xcode project
+jest.mock('../../src/analyzer.js', () => ({
+  runAnalysis: jest.fn().mockResolvedValue({
+    projectPath: '/mock/project.xcodeproj',
+    timestamp: '2024-01-01T00:00:00Z',
+    results: [
+      {
+        analyzer: 'Code Scanner',
+        passed: true,
+        issues: [],
+        duration: 100,
+      },
+    ],
+    summary: {
+      totalIssues: 0,
+      errors: 0,
+      warnings: 0,
+      info: 0,
+      passed: true,
+      duration: 100,
+    },
+    score: 95,
+    enrichedIssues: [],
+    guidelinesCited: [],
+  }),
+}));
+
+describe('runScan', () => {
+  let consoleLogSpy: jest.SpyInstance;
+  let consoleErrorSpy: jest.SpyInstance;
+  let tempDir: string;
+
+  beforeAll(async () => {
+    tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'scan-test-'));
+  });
+
+  afterAll(async () => {
+    await fs.rm(tempDir, { recursive: true, force: true });
+  });
+
+  beforeEach(() => {
+    consoleLogSpy = jest.spyOn(console, 'log').mockImplementation();
+    consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation();
+  });
+
+  afterEach(() => {
+    consoleLogSpy.mockRestore();
+    consoleErrorSpy.mockRestore();
+  });
+
+  const baseOptions: ScanOptions = {
+    projectPath: '/mock/project.xcodeproj',
+    format: 'markdown',
+    output: undefined,
+    analyzers: undefined,
+    includeAsc: false,
+    changedSince: undefined,
+    config: undefined,
+    badge: false,
+    saveHistory: false,
+  };
+
+  it('should return 0 when no errors found', async () => {
+    const exitCode = await runScan(baseOptions);
+    expect(exitCode).toBe(0);
+  });
+
+  it('should output to stdout by default', async () => {
+    await runScan(baseOptions);
+    expect(consoleLogSpy).toHaveBeenCalled();
+  });
+
+  it('should write to file when output is specified', async () => {
+    const outputPath = path.join(tempDir, 'report.md');
+    await runScan({ ...baseOptions, output: outputPath });
+
+    const content = await fs.readFile(outputPath, 'utf-8');
+    expect(content.length).toBeGreaterThan(0);
+    expect(consoleErrorSpy).toHaveBeenCalledWith(expect.stringContaining('Report written to'));
+  });
+
+  it('should generate badge when badge option is true', async () => {
+    const outputPath = path.join(tempDir, 'report2.md');
+    await runScan({ ...baseOptions, output: outputPath, badge: true });
+
+    const badgePath = path.join(tempDir, 'badge.svg');
+    const svg = await fs.readFile(badgePath, 'utf-8');
+    expect(svg).toContain('<svg');
+    expect(consoleErrorSpy).toHaveBeenCalledWith(expect.stringContaining('Badge written to'));
+  });
+
+  it('should return 1 when errors found', async () => {
+    const { runAnalysis } = require('../../src/analyzer.js');
+    (runAnalysis as jest.Mock).mockResolvedValueOnce({
+      projectPath: '/mock/project.xcodeproj',
+      timestamp: '2024-01-01T00:00:00Z',
+      results: [
+        {
+          analyzer: 'Code Scanner',
+          passed: false,
+          issues: [
+            {
+              id: 'test-error',
+              title: 'Test Error',
+              description: 'Test error',
+              severity: 'error',
+              category: 'code',
+            },
+          ],
+          duration: 100,
+        },
+      ],
+      summary: {
+        totalIssues: 1,
+        errors: 1,
+        warnings: 0,
+        info: 0,
+        passed: false,
+        duration: 100,
+      },
+      score: 50,
+      enrichedIssues: [],
+      guidelinesCited: [],
+    });
+
+    const exitCode = await runScan(baseOptions);
+    expect(exitCode).toBe(1);
+  });
+
+  it('should support json format', async () => {
+    const outputPath = path.join(tempDir, 'report.json');
+    await runScan({ ...baseOptions, format: 'json', output: outputPath });
+
+    const content = await fs.readFile(outputPath, 'utf-8');
+    // JSON format should be parseable
+    expect(() => JSON.parse(content)).not.toThrow();
+  });
+
+  it('should support html format', async () => {
+    const outputPath = path.join(tempDir, 'report.html');
+    await runScan({ ...baseOptions, format: 'html', output: outputPath });
+
+    const content = await fs.readFile(outputPath, 'utf-8');
+    expect(content).toContain('<');
+  });
+});

package/tests/git/diff.test.ts

@@ -0,0 +1,69 @@
+import { execSync } from 'child_process';
+import { getChangedFiles } from '../../src/git/diff.js';
+
+jest.mock('child_process', () => ({
+  execSync: jest.fn(),
+}));
+
+const mockExecSync = execSync as jest.MockedFunction<typeof execSync>;
+
+describe('getChangedFiles', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should return changed files from git diff', () => {
+    mockExecSync.mockReturnValue('src/foo.ts\nsrc/bar.ts\n');
+
+    const files = getChangedFiles('/project', 'main');
+
+    expect(mockExecSync).toHaveBeenCalledWith('git diff --name-only main', {
+      cwd: '/project',
+      encoding: 'utf-8',
+      timeout: 10000,
+    });
+    expect(files).toHaveLength(2);
+    expect(files[0]).toMatch(/src\/foo\.ts$/);
+    expect(files[1]).toMatch(/src\/bar\.ts$/);
+  });
+
+  it('should resolve paths relative to basePath', () => {
+    mockExecSync.mockReturnValue('src/file.swift\n');
+
+    const files = getChangedFiles('/my/project', 'HEAD~1');
+
+    expect(files[0]).toContain('/my/project/');
+  });
+
+  it('should filter empty lines', () => {
+    mockExecSync.mockReturnValue('file.ts\n\n\n');
+
+    const files = getChangedFiles('/project', 'main');
+    expect(files).toHaveLength(1);
+  });
+
+  it('should return empty array on git error', () => {
+    mockExecSync.mockImplementation(() => {
+      throw new Error('not a git repository');
+    });
+
+    const files = getChangedFiles('/not-a-repo', 'main');
+    expect(files).toEqual([]);
+  });
+
+  it('should return empty array on invalid ref', () => {
+    mockExecSync.mockImplementation(() => {
+      throw new Error('unknown revision');
+    });
+
+    const files = getChangedFiles('/project', 'nonexistent-branch');
+    expect(files).toEqual([]);
+  });
+
+  it('should handle empty diff output', () => {
+    mockExecSync.mockReturnValue('');
+
+    const files = getChangedFiles('/project', 'main');
+    expect(files).toEqual([]);
+  });
+});

package/tests/guidelines/matcher.test.ts

@@ -0,0 +1,209 @@
+import { GuidelineMatcher } from '../../src/guidelines/matcher.js';
+import type { AnalysisReport, Issue } from '../../src/types/index.js';
+
+describe('GuidelineMatcher', () => {
+  let matcher: GuidelineMatcher;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    matcher = new GuidelineMatcher();
+  });
+
+  const mockReport: AnalysisReport = {
+    projectPath: '/test/project',
+    timestamp: '2024-01-01T00:00:00.000Z',
+    results: [
+      {
+        analyzer: 'security',
+        passed: false,
+        issues: [
+          {
+            id: 'security-md5',
+            title: 'MD5 usage detected',
+            description: 'MD5 is insecure',
+            severity: 'warning',
+            category: 'security',
+            guideline: 'Guideline 2.5.4 - Security',
+          },
+        ],
+        duration: 100,
+      },
+    ],
+    summary: {
+      totalIssues: 1,
+      errors: 0,
+      warnings: 1,
+      info: 0,
+      passed: true,
+      duration: 100,
+    },
+  };
+
+  describe('matchIssue', () => {
+    it('should match by ISSUE_GUIDELINE_MAP (e.g., security-md5 -> guideline 2.5.4)', () => {
+      const issue: Issue = {
+        id: 'security-md5',
+        title: 'MD5 usage detected',
+        description: 'MD5 is insecure',
+        severity: 'warning',
+        category: 'security',
+      };
+
+      const matches = matcher.matchIssue(issue);
+
+      expect(matches).toHaveLength(1);
+      expect(matches[0].section).toBe('2.5.4');
+      expect(matches[0].title).toBe('Security');
+    });
+
+    it('should parse section from guideline string as fallback', () => {
+      const issue: Issue = {
+        id: 'some-unmapped-issue',
+        title: 'Some issue',
+        description: 'Description',
+        severity: 'warning',
+        category: 'security',
+        guideline: 'Guideline 3.1.1 - In-App Purchase',
+      };
+
+      const matches = matcher.matchIssue(issue);
+
+      expect(matches).toHaveLength(1);
+      expect(matches[0].section).toBe('3.1.1');
+      expect(matches[0].title).toBe('In-App Purchase');
+    });
+
+    it('should return empty array for unmapped issues', () => {
+      const issue: Issue = {
+        id: 'totally-unknown-issue',
+        title: 'Unknown issue',
+        description: 'Description',
+        severity: 'info',
+        category: 'code',
+      };
+
+      const matches = matcher.matchIssue(issue);
+
+      expect(matches).toHaveLength(0);
+    });
+  });
+
+  describe('calculateScore', () => {
+    it('should return 100 for report with no issues', () => {
+      const emptyReport: AnalysisReport = {
+        projectPath: '/test/project',
+        timestamp: '2024-01-01T00:00:00.000Z',
+        results: [
+          {
+            analyzer: 'security',
+            passed: true,
+            issues: [],
+            duration: 50,
+          },
+        ],
+        summary: {
+          totalIssues: 0,
+          errors: 0,
+          warnings: 0,
+          info: 0,
+          passed: true,
+          duration: 50,
+        },
+      };
+
+      const score = matcher.calculateScore(emptyReport);
+
+      expect(score).toBe(100);
+    });
+
+    it('should deduct based on severity weights', () => {
+      const score = matcher.calculateScore(mockReport);
+
+      // security-md5 maps to guideline 2.5.4 with severityWeight 8
+      // severity 'warning' has multiplier 0.5
+      // deduction = 8 * 0.5 = 4
+      // score = 100 - 4 = 96
+      expect(score).toBe(96);
+    });
+
+    it('should deduct more for error severity', () => {
+      const errorReport: AnalysisReport = {
+        projectPath: '/test/project',
+        timestamp: '2024-01-01T00:00:00.000Z',
+        results: [
+          {
+            analyzer: 'security',
+            passed: false,
+            issues: [
+              {
+                id: 'security-md5',
+                title: 'MD5 usage detected',
+                description: 'MD5 is insecure',
+                severity: 'error',
+                category: 'security',
+              },
+            ],
+            duration: 100,
+          },
+        ],
+        summary: {
+          totalIssues: 1,
+          errors: 1,
+          warnings: 0,
+          info: 0,
+          passed: false,
+          duration: 100,
+        },
+      };
+
+      const score = matcher.calculateScore(errorReport);
+
+      // security-md5 maps to guideline 2.5.4 with severityWeight 8
+      // severity 'error' has multiplier 1.0
+      // deduction = 8 * 1.0 = 8
+      // score = 100 - 8 = 92
+      expect(score).toBe(92);
+    });
+  });
+
+  describe('enrichReport', () => {
+    it('should add guidelineUrl and guidelineExcerpt to enriched issues', () => {
+      const enriched = matcher.enrichReport(mockReport);
+
+      expect(enriched.enrichedIssues).toHaveLength(1);
+      const issue = enriched.enrichedIssues[0];
+      expect(issue.guidelineUrl).toBe(
+        'https://developer.apple.com/app-store/review/guidelines/#software-requirements',
+      );
+      expect(issue.guidelineExcerpt).toContain('appropriate security measures');
+    });
+
+    it('should include score in enriched report', () => {
+      const enriched = matcher.enrichReport(mockReport);
+
+      expect(enriched.score).toBeDefined();
+      expect(typeof enriched.score).toBe('number');
+      expect(enriched.score).toBeLessThanOrEqual(100);
+      expect(enriched.score).toBeGreaterThanOrEqual(0);
+    });
+
+    it('should include severityScore on enriched issues', () => {
+      const enriched = matcher.enrichReport(mockReport);
+
+      const issue = enriched.enrichedIssues[0];
+      // severityWeight 8 * SEVERITY_MULTIPLIER warning 0.5 = 4
+      expect(issue.severityScore).toBe(4);
+    });
+
+    it('should preserve original issue properties', () => {
+      const enriched = matcher.enrichReport(mockReport);
+
+      const issue = enriched.enrichedIssues[0];
+      expect(issue.id).toBe('security-md5');
+      expect(issue.title).toBe('MD5 usage detected');
+      expect(issue.description).toBe('MD5 is insecure');
+      expect(issue.severity).toBe('warning');
+      expect(issue.category).toBe('security');
+    });
+  });
+});