def test_save_editor_data_as_admin(client, query, data, expected_code, expected_response): as_admin(client) resp = client.post('/api/save_editor_data', json=data, query_string=query) assert resp.status_code == expected_code assert resp.headers['Content-Type'] == 'application/json' assert resp.json == expected_response
def test_save_editor_data_as_admin( app, client, query, data, expected_code, expected_response ): as_admin(client) resp = client.post("/api/save_editor_data", json=data, query_string=query) assert resp.status_code == expected_code assert "application/json" in resp.headers["Content-Type"] assert resp.json == expected_response
def test_create_new_vulnerabilty_failure_as_admin(client, db_engine, data, expected_status, expected_response): # use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy next_id = db_engine.execute( "SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'" ).scalar() as_admin(client) resp = client.post('/create', data=data) assert resp.status_code == expected_status print(resp.data) assert expected_response in resp.data
def test_delete_vulnerability_entry_as_admin(client): vuln = Vulnerability.get_by_cve_id('CVE-1970-1000') assert vuln is not None as_admin(client) resp = client.post('/CVE-1970-1000/create', data={ 'delete_entry': vuln.id, }) assert resp.status_code == 302 vuln = Vulnerability.get_by_cve_id('CVE-1970-1000') assert vuln is None
def test_create_new_vulnerabilty_as_admin(client, db_engine, db_session, data, expected_status): # use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy next_id = db_engine.execute( "SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'" ).scalar() as_admin(client) resp = client.post('/create', data=data) assert resp.status_code == expected_status assert resp.headers.get('Location', '<empty>').endswith(f'/{next_id}') vuln = db_session.query(Vulnerability).get(next_id) assert vuln.comment == data['comment'] assert vuln.cve_id == data['cve_id'] assert len(vuln.commits) == 1 assert vuln.commits[0].commit_link == data['commits-0-commit_link'] assert vuln.commits[0].repo_name == data['commits-0-repo_name'] assert vuln.commits[0].repo_url == data['commits-0-repo_url'] assert vuln.commits[0].commit_hash == data['commits-0-commit_hash']
def test_update_vulnerabilty_as_admin(client, db_session): data = { 'cve_id': 'CVE-1970-1000', 'comment': 'This is the new comment', 'commits-0-commit_link': 'https://github.com/OWNER/REPO/commit/12345678', 'commits-0-repo_name': 'REPO', 'commits-0-repo_url': 'https://github.com/OWNER/REPO', 'commits-0-commit_hash': '12345678', } as_admin(client) resp = client.post('/CVE-1970-1000/create', data=data) assert resp.status_code == 302 assert resp.headers.get('Location', '<empty>').endswith(f'/1') vuln = Vulnerability.get_by_id(1) assert vuln.comment == data['comment'] assert vuln.cve_id == data['cve_id'] assert len(vuln.commits) == 1 assert vuln.commits[0].commit_link == data['commits-0-commit_link'] assert vuln.commits[0].repo_name == data['commits-0-repo_name'] assert vuln.commits[0].repo_url == data['commits-0-repo_url'] assert vuln.commits[0].commit_hash == data['commits-0-commit_hash']
def test_create_vuln_page_if_invalid_as_admin(client): as_admin(client) resp = client.get('/INVALID_ID/create') assert resp.status_code == 200 assert b'Add a new vulnerability' in resp.data
def test_create_vuln_page_if_nonexisting_as_admin(client): as_admin(client) resp = client.get('/CVE-1970-9000/create') assert resp.status_code == 200 assert b'Add a new vulnerability' in resp.data
def test_get_update_vuln_page_as_admin(client): as_admin(client) resp = client.get('/CVE-1970-1000/create') assert resp.status_code == 200 assert b'Add a new vulnerability' in resp.data
def test_editor(client): as_admin(client) resp = client.get('/CVE-1970-1000/editor') assert resp.status_code == 200