def test_with_1_public_1_pvt_vuln(_mock_license, _mock_gremlin):
"""Test with 1 public and 1 private vulnerability."""
with open("tests/v2/data/graph_response_2_public_vuln.json", "r") as fin:
resp = json.load(fin)
# make one vulnerability private
resp['result']['data'][0]['vuln'][1]['snyk_pvt_vulnerability'] = [True]
_mock_gremlin.return_value = resp
resp = StackAggregator().execute(_request_body(), persist=False)
_mock_license.assert_called_once()
_mock_gremlin.assert_called()
assert resp['aggregation'] == 'success'
assert resp['result'] is not None
result = resp['result']
assert result['external_request_id'] == 'test_id'
# check analyzed_dependencies
result = StackAggregatorResult(**result)
assert 'registration_link' in result.dict()
assert len(result.analyzed_dependencies) == 2
assert _FLASK in result.analyzed_dependencies
assert _DJANGO in result.analyzed_dependencies
assert _SIX not in result.analyzed_dependencies
# check vuln
django_index = result.analyzed_dependencies.index(_DJANGO)
assert len(
result.analyzed_dependencies[django_index].public_vulnerabilities) == 1
assert len(result.analyzed_dependencies[django_index].
private_vulnerabilities) == 1
assert isinstance(
result.analyzed_dependencies[django_index].public_vulnerabilities[0],
VulnerabilityFields)
flask_index = result.analyzed_dependencies.index(_FLASK)
assert len(
result.analyzed_dependencies[flask_index].public_vulnerabilities) == 0
assert len(
result.analyzed_dependencies[flask_index].private_vulnerabilities) == 0
# check transitive vuln
assert len(
result.analyzed_dependencies[flask_index].vulnerable_dependencies) == 1
assert _DJANGO in result.analyzed_dependencies[
flask_index].vulnerable_dependencies
assert len(result.analyzed_dependencies[flask_index].
vulnerable_dependencies[0].public_vulnerabilities) == 1
def test_with_2_public_vuln_for_registered(_mock_license, _mock_gremlin):
"""Test basic request and response for registered user."""
with open("tests/v2/data/graph_response_2_public_vuln.json", "r") as fin:
_mock_gremlin.return_value = json.load(fin)
payload = _request_body()
payload['registration_status'] = 'REGISTERED'
resp = StackAggregator().execute(payload, persist=False)
_mock_license.assert_called_once()
_mock_gremlin.assert_called()
assert resp['aggregation'] == 'success'
assert resp['result'] is not None
result = resp['result']
assert result['external_request_id'] == 'test_id'
assert result['_audit'] is not None
assert result['_audit']['version'] == 'v2'
# check analyzed_dependencies
result = StackAggregatorResult(**result)
assert "registration_link" in result.dict()
assert len(result.analyzed_dependencies) == 2
assert _FLASK in result.analyzed_dependencies
assert _DJANGO in result.analyzed_dependencies
assert _SIX not in result.analyzed_dependencies
# check vuln
django_index = result.analyzed_dependencies.index(_DJANGO)
assert len(
result.analyzed_dependencies[django_index].public_vulnerabilities) == 2
assert isinstance(
result.analyzed_dependencies[django_index].public_vulnerabilities[0],
VulnerabilityFields)
flask_index = result.analyzed_dependencies.index(_FLASK)
assert len(
result.analyzed_dependencies[flask_index].public_vulnerabilities) == 0
# check transitive vuln
assert len(
result.analyzed_dependencies[flask_index].vulnerable_dependencies) == 1
assert _DJANGO in result.analyzed_dependencies[
flask_index].vulnerable_dependencies
assert len(result.analyzed_dependencies[flask_index].
vulnerable_dependencies[0].public_vulnerabilities) == 2