Add unit tests for the updated VulnerableCode integration #600

Signed-off-by: Thomas Druez <tdruez@nexb.com>
aboutcode-org · Jul 5, 2023 · a84db1f · a84db1f
1 parent 8d53f15
commit a84db1f
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 4 deletions.
diff --git a/scanpipe/templates/scanpipe/includes/project_summary_level.html b/scanpipe/templates/scanpipe/includes/project_summary_level.html
@@ -3,7 +3,7 @@
   <div class="level-item has-text-centered">
     <div>
       <p class="heading">Packages</p>
-      <p class="{{ title_class }} is-flex is-align-items-center">
+      <p class="{{ title_class }} is-flex is-align-items-center is-justify-content-center">
         {% if project.package_count %}
           <a href="{% url 'project_packages' project.slug %}">
             {{ project.package_count|intcomma }}

diff --git a/scanpipe/tests/__init__.py b/scanpipe/tests/__init__.py
@@ -138,6 +138,13 @@ def make_resource_file(project, path, **extra):
     "package_uid": "pkg:deb/debian/adduser@3.118?uuid=610bed29-ce39-40e7-92d6-fd8b",
 }
 
+package_data2 = {
+    "type": "deb",
+    "namespace": "debian",
+    "name": "adduser",
+    "version": "3.119",
+}
+
 for_package_uid = "pkg:deb/debian/adduser@3.118?uuid=610bed29-ce39-40e7-92d6-fd8b"
 
 dependency_data1 = {

diff --git a/scanpipe/tests/test_filters.py b/scanpipe/tests/test_filters.py
@@ -26,11 +26,15 @@
 from django.utils import timezone
 
 from scanpipe.filters import FilterSetUtilsMixin
+from scanpipe.filters import PackageFilterSet
 from scanpipe.filters import ProjectFilterSet
 from scanpipe.filters import ResourceFilterSet
 from scanpipe.models import CodebaseResource
+from scanpipe.models import DiscoveredPackage
 from scanpipe.models import Project
 from scanpipe.models import Run
+from scanpipe.tests import package_data1
+from scanpipe.tests import package_data2
 
 
 class ScanPipeFilterTest(TestCase):
@@ -138,3 +142,19 @@ def test_scanpipe_filters_params_for_search(self):
         }
         filterset = ProjectFilterSet(data)
         self.assertEqual([], list(filterset.qs))
+
+    def test_scanpipe_filters_package_filterset_is_vulnerable(self):
+        p1 = DiscoveredPackage.create_from_data(self.project1, package_data1)
+        p2 = DiscoveredPackage.create_from_data(self.project1, package_data2)
+        p2.update(
+            affected_by_vulnerabilities=[{"vulnerability_id": "VCID-cah8-awtr-aaad"}]
+        )
+
+        filterset = PackageFilterSet(data={"is_vulnerable": ""})
+        self.assertEqual(2, len(filterset.qs))
+
+        filterset = PackageFilterSet(data={"is_vulnerable": "no"})
+        self.assertEqual([p1], list(filterset.qs))
+
+        filterset = PackageFilterSet(data={"is_vulnerable": "yes"})
+        self.assertEqual([p2], list(filterset.qs))
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
@@ -69,6 +69,7 @@
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import mocked_now
 from scanpipe.tests import package_data1
+from scanpipe.tests import package_data2
 from scanpipe.tests.pipelines.do_nothing import DoNothing
 
 scanpipe_app = apps.get_app_config("scanpipe")
@@ -1406,7 +1407,7 @@ def test_scanpipe_codebase_resource_get_path_segments_with_subpath(self):
         ]
         self.assertEqual(expected, resource.get_path_segments_with_subpath())
 
-    def test_scanpipe_discovered_package_model_queryset_methods(self):
+    def test_scanpipe_discovered_package_queryset_for_package_url(self):
         DiscoveredPackage.create_from_data(self.project1, package_data1)
         inputs = [
             ("pkg:deb/debian/adduser@3.118?arch=all", 1),
@@ -1420,6 +1421,15 @@ def test_scanpipe_discovered_package_model_queryset_methods(self):
             qs = DiscoveredPackage.objects.for_package_url(purl)
             self.assertEqual(expected_count, qs.count(), msg=purl)
 
+    def test_scanpipe_discovered_package_queryset_vulnerable(self):
+        p1 = DiscoveredPackage.create_from_data(self.project1, package_data1)
+        p2 = DiscoveredPackage.create_from_data(self.project1, package_data2)
+        p2.update(
+            affected_by_vulnerabilities=[{"vulnerability_id": "VCID-cah8-awtr-aaad"}]
+        )
+        self.assertNotIn(p1, DiscoveredPackage.objects.vulnerable())
+        self.assertIn(p2, DiscoveredPackage.objects.vulnerable())
+
     @skipIf(sys.platform != "linux", "Ordering differs on macOS.")
     def test_scanpipe_codebase_resource_model_walk_method(self):
         fixtures = self.data_location / "asgiref-3.3.0_walk_test_fixtures.json"
@@ -1716,6 +1726,14 @@ def test_scanpipe_discovered_dependency_model_update_from_data(self):
         self.assertEqual(["scope"], updated_fields)
         self.assertEqual(new_data["scope"], dependency.scope)
 
+    def test_scanpipe_discovered_dependency_model_is_vulnerable_property(self):
+        package = DiscoveredPackage.create_from_data(self.project1, package_data1)
+        self.assertFalse(package.is_vulnerable)
+        package.update(
+            affected_by_vulnerabilities=[{"vulnerability_id": "VCID-cah8-awtr-aaad"}]
+        )
+        self.assertTrue(package.is_vulnerable)
+
 
 class ScanPipeModelsTransactionTest(TransactionTestCase):
     """

diff --git a/scanpipe/tests/test_pipelines.py b/scanpipe/tests/test_pipelines.py
@@ -681,9 +681,18 @@ def test_scanpipe_find_vulnerabilities_pipeline_integration_test(
                     {
                         "vulnerability_id": "VCID-cah8-awtr-aaad",
                         "summary": "An issue was discovered.",
-                    }
+                    },
                 ],
-            }
+            },
+            {
+                "purl": "pkg:deb/debian/adduser@3.118?qualifiers=1",
+                "affected_by_vulnerabilities": [
+                    {
+                        "vulnerability_id": "VCID-cah8-awtr-aaad",
+                        "summary": "An issue was discovered.",
+                    },
+                ],
+            },
         ]
         mock_get_vulnerabilities.return_value = vulnerability_data
 

diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
@@ -32,10 +32,12 @@
 from django.urls import reverse
 
 from scanpipe.models import CodebaseResource
+from scanpipe.models import DiscoveredPackage
 from scanpipe.models import Project
 from scanpipe.pipes import make_relation
 from scanpipe.pipes.input import copy_inputs
 from scanpipe.tests import make_resource_file
+from scanpipe.tests import package_data1
 from scanpipe.views import ProjectCodebaseView
 from scanpipe.views import ProjectDetailView
 
@@ -659,3 +661,13 @@ def test_scanpipe_views_codebase_relation_diff_view(self):
         }
         response = self.client.get(url, data=data)
         self.assertContains(response, '<table class="diff"')
+
+    def test_scanpipe_views_discovered_package_details_view_tab_vulnerabilities(self):
+        package1 = DiscoveredPackage.create_from_data(self.project1, package_data1)
+        package1.update(
+            affected_by_vulnerabilities=[{"vulnerability_id": "VCID-cah8-awtr-aaad"}]
+        )
+        response = self.client.get(package1.get_absolute_url())
+        self.assertContains(response, "tab-vulnerabilities")
+        self.assertContains(response, '<section id="tab-vulnerabilities"')
+        self.assertContains(response, "VCID-cah8-awtr-aaad")