def test_authenticated_users_get_redirected_to_home(client_without_db): client = client_without_db as_user(client) resp = client.get('/auth/login') assert resp.status_code == 302 assert resp.headers.get('Location') == 'http://localhost/'
def test_save_editor_data_as_user(client, query, data, expected_code, expected_response): as_user(client) resp = client.post('/api/save_editor_data', json=data, query_string=query) assert resp.status_code == 401 assert resp.headers['Content-Type'] == 'text/html' assert b'Unauthorized' in resp.data
def test_create_new_vulnerabilty_failure_as_user(client, db_engine, data, expected_status, expected_response): # use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy next_id = db_engine.execute( "SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'" ).scalar() as_user(client) resp = client.post('/create', data=data) assert resp.status_code == 401 assert b'Unauthorized' in resp.data
def test_logout_clears_the_session(client_without_db): client = client_without_db as_user(client) with client.session_transaction() as session: session['something_else'] = True resp = client.get('/auth/logout') assert resp.status_code == 302 assert resp.headers.get('Location') == 'http://localhost/' with client.session_transaction() as session: assert 'user_info' not in session assert 'something_else' not in session
def test_create_new_vulnerabilty_as_user(client, db_engine, db_session, data, expected_status): # use execute+scalar as db_engine is mocked by pytest_flask_sqlalchemy next_id = db_engine.execute( "SELECT Auto_increment FROM information_schema.tables WHERE table_name='vulnerability'" ).scalar() as_user(client) resp = client.post('/create', data=data) assert resp.status_code == 401 vuln = db_session.query(Vulnerability).get(next_id) assert vuln is None
def test_delete_vulnerability_entry_as_user(client): vuln = Vulnerability.get_by_cve_id('CVE-1970-1000') assert vuln is not None as_user(client) resp = client.post('/CVE-1970-1000/create', data={ 'delete_entry': vuln.id, }) assert resp.status_code == 401 vuln = Vulnerability.get_by_cve_id('CVE-1970-1000') assert vuln is not None
def test_authenticated_users_get_redirected_to_home(app, client_without_db): client = client_without_db with set_user(app, as_user(client)): with app.app_context(): resp = client.get("/auth/login") assert resp.status_code == 302 assert resp.headers.get("Location") == "http://localhost/"
def test_save_editor_data_as_user( app, client, query, data, expected_code, expected_response ): with set_user(app, as_user(client)): resp = client.post("/api/save_editor_data", json=data, query_string=query) assert resp.status_code == 403 assert "application/json" in resp.headers["Content-Type"] assert b"Forbidden" in resp.data
def test_update_vulnerabilty_as_user(client, db_session): data = { 'cve_id': 'CVE-1970-1000', 'comment': 'This is the new comment', 'commits-0-commit_link': 'https://github.com/OWNER/REPO/commit/12345678', 'commits-0-repo_name': 'REPO', 'commits-0-repo_url': 'https://github.com/OWNER/REPO', 'commits-0-commit_hash': '12345678', } as_user(client) resp = client.post('/CVE-1970-1000/create', data=data) assert resp.status_code == 401 vuln = Vulnerability.get_by_id(1) assert vuln.comment == 'Vulnerability 1 comment' assert vuln.cve_id == data['cve_id'] assert len(vuln.commits) == 1 assert vuln.commits[ 0].commit_link == 'https://github.com/OWNER/REPO1/commit/1234568' assert vuln.commits[0].repo_name == 'REPO1' assert vuln.commits[0].repo_url == 'https://github.com/OWNER/REPO1' assert vuln.commits[0].commit_hash == '1234568'
def test_logout_clears_the_session(app, client_without_db): client = client_without_db with set_user(app, as_user(client)): with app.app_context(): with client.session_transaction() as session: session["something_else"] = True # request /maintenance as it doesn't use the database resp = client.get("/maintenance") assert resp.status_code == 200 with client.session_transaction() as session: assert "user_info" in session assert "something_else" in session resp = client.get("/auth/logout") assert resp.status_code == 302 assert resp.headers.get("Location") == "http://localhost/" with client.session_transaction() as session: assert "user_info" not in session assert "something_else" not in session
def test_logout_clears_the_session(app, client_without_db): client = client_without_db with set_user(app, as_user(client)): with app.app_context(): with client.session_transaction() as session: session['something_else'] = True # request /maintenance as it doesn't use the database resp = client.get('/maintenance') assert resp.status_code == 200 with client.session_transaction() as session: assert 'user_info' in session assert 'something_else' in session resp = client.get('/auth/logout') assert resp.status_code == 302 assert resp.headers.get('Location') == 'http://localhost/' with client.session_transaction() as session: assert 'user_info' not in session assert 'something_else' not in session
def test_create_vuln_page_if_invalid_as_user(client): as_user(client) resp = client.get('/INVALID_ID/create') assert resp.status_code == 401 assert b'Unauthorized' in resp.data
def test_create_vuln_page_if_nonexisting_as_user(client): as_user(client) resp = client.get('/CVE-1970-9000/create') assert resp.status_code == 401 assert b'Unauthorized' in resp.data
def test_get_update_vuln_page_as_user(client): as_user(client) resp = client.get('/CVE-1970-1000/create') assert resp.status_code == 401 assert b'Unauthorized' in resp.data
def test_get_new_vuln_page_as_user(client): as_user(client) resp = client.get('/create') assert resp.status_code == 401 assert b'Unauthorized' in resp.data