def test_save_editor_data_as_admin(client, query, data, expected_code,
expected_response):
as_admin(client)
resp = client.post('/api/save_editor_data', json=data, query_string=query)
assert resp.status_code == expected_code
assert resp.headers['Content-Type'] == 'application/json'
assert resp.json == expected_response
def test_save_editor_data_as_admin(
app, client, query, data, expected_code, expected_response
):
as_admin(client)
resp = client.post("/api/save_editor_data", json=data, query_string=query)
assert resp.status_code == expected_code
assert "application/json" in resp.headers["Content-Type"]
assert resp.json == expected_response
def test_create_new_vulnerabilty_failure_as_admin(client, db_engine, data,
expected_status,
expected_response):
# use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy
next_id = db_engine.execute(
"SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'"
).scalar()
as_admin(client)
resp = client.post('/create', data=data)
assert resp.status_code == expected_status
print(resp.data)
assert expected_response in resp.data
def test_delete_vulnerability_entry_as_admin(client):
vuln = Vulnerability.get_by_cve_id('CVE-1970-1000')
assert vuln is not None
as_admin(client)
resp = client.post('/CVE-1970-1000/create',
data={
'delete_entry': vuln.id,
})
assert resp.status_code == 302
vuln = Vulnerability.get_by_cve_id('CVE-1970-1000')
assert vuln is None
def test_create_new_vulnerabilty_as_admin(client, db_engine, db_session, data,
expected_status):
# use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy
next_id = db_engine.execute(
"SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'"
).scalar()
as_admin(client)
resp = client.post('/create', data=data)
assert resp.status_code == expected_status
assert resp.headers.get('Location', '<empty>').endswith(f'/{next_id}')
vuln = db_session.query(Vulnerability).get(next_id)
assert vuln.comment == data['comment']
assert vuln.cve_id == data['cve_id']
assert len(vuln.commits) == 1
assert vuln.commits[0].commit_link == data['commits-0-commit_link']
assert vuln.commits[0].repo_name == data['commits-0-repo_name']
assert vuln.commits[0].repo_url == data['commits-0-repo_url']
assert vuln.commits[0].commit_hash == data['commits-0-commit_hash']
def test_update_vulnerabilty_as_admin(client, db_session):
data = {
'cve_id': 'CVE-1970-1000',
'comment': 'This is the new comment',
'commits-0-commit_link':
'https://github.com/OWNER/REPO/commit/12345678',
'commits-0-repo_name': 'REPO',
'commits-0-repo_url': 'https://github.com/OWNER/REPO',
'commits-0-commit_hash': '12345678',
}
as_admin(client)
resp = client.post('/CVE-1970-1000/create', data=data)
assert resp.status_code == 302
assert resp.headers.get('Location', '<empty>').endswith(f'/1')
vuln = Vulnerability.get_by_id(1)
assert vuln.comment == data['comment']
assert vuln.cve_id == data['cve_id']
assert len(vuln.commits) == 1
assert vuln.commits[0].commit_link == data['commits-0-commit_link']
assert vuln.commits[0].repo_name == data['commits-0-repo_name']
assert vuln.commits[0].repo_url == data['commits-0-repo_url']
assert vuln.commits[0].commit_hash == data['commits-0-commit_hash']
def test_create_vuln_page_if_invalid_as_admin(client):
as_admin(client)
resp = client.get('/INVALID_ID/create')
assert resp.status_code == 200
assert b'Add a new vulnerability' in resp.data
def test_create_vuln_page_if_nonexisting_as_admin(client):
as_admin(client)
resp = client.get('/CVE-1970-9000/create')
assert resp.status_code == 200
assert b'Add a new vulnerability' in resp.data
def test_get_update_vuln_page_as_admin(client):
as_admin(client)
resp = client.get('/CVE-1970-1000/create')
assert resp.status_code == 200
assert b'Add a new vulnerability' in resp.data
def test_editor(client):
as_admin(client)
resp = client.get('/CVE-1970-1000/editor')
assert resp.status_code == 200
