Hugging Face's logo

Spaces:
Kaballas
/
auditforge
Runtime error

App Files Community
auditforge / backend /tests /vulnerability.test.js
Kaballas's picture
Kaballas
initialize project structure with essential configurations and components
56b6519
raw
history blame contribute delete
17 kB
/*
At the end
3 Vulnerabilities: [
{
status: 2
details: [
{locale: 'en', title: 'Vulnerability English 1', vulnType: 'Internal'},
{
locale: 'fr',
title: 'Vulnerability French 1',
vulnType: 'Internal',
description: 'French vuln description',
observation: 'French vuln observation',
remediation: 'French vuln remediation'
}
]
},
{
cvssv3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
status: 0
details: [
{locale: 'en', title: 'Vulnerability English 2', vulnType: 'Internal'},
{
locale: 'fr',
title: 'Vulnerability French 2',
vulnType: 'Internal',
description: 'French vuln description',
observation: 'French vuln observation',
remediation: 'French vuln remediation',
references: ['Ref1', 'Ref2']
}
]
},
{
status: 1,
details: [
{locale: 'en', title: 'New vulnerability from finding', vulnType: 'Internal', description: 'New vuln description'}
]
}
]
*/
module.exports = function (request, app) {
describe('Vulnerability Suite Tests', () => {
var userToken = '';
beforeAll(async () => {
var response = await request(app)
.post('/api/users/token')
.send({ username: 'admin', password: 'Admin123' });
userToken = response.body.datas.token;
});
describe('Vulnerability CRUD operations', () => {
it('Get vulnerabilities (no existing vulnerabilities in db)', async () => {
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.body.datas).toHaveLength(0);
});
it('Get vulnerabilities for export (no existing vulnerabilities in db)', async () => {
var response = await request(app)
.get('/api/vulnerabilities/export')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.type).toEqual('application/json');
//expect(response.headers['content-disposition'].indexOf('attachment; filename=')).toBe(0);
expect(response.body.datas).toEqual([]);
});
it('Create 4 vulnerabilities', async () => {
var vuln1 = {
details: [
{
locale: 'en',
title: 'Vulnerability English 1',
vulnType: 'Internal',
},
],
};
var vuln2 = {
details: [
{
locale: 'en',
title: 'Vulnerability English 2',
vulnType: 'Internal',
},
],
};
var vuln3 = {
details: [
{
locale: 'es',
title: 'Vulnerability Espagnol 1',
vulnType: 'Web',
},
{ locale: 'es', vulnType: 'Web' },
{ title: 'Vulnerability Espagnol 2', vulnType: 'Web' },
],
};
var vuln4 = {
cvssv3:
'CVSS3.0:/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X',
status: 1,
details: [
{
locale: 'fr',
title: 'Vulnerability French 1',
vulnType: 'Internal',
description: 'French vuln description',
observation: 'French vuln observation',
remediation: 'French vuln remediation',
references: ['Reference 1', 'Reference 2'],
},
],
};
var response = await request(app)
.post('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`])
.send([vuln1, vuln2, vuln3, vuln4]);
expect(response.status).toBe(201);
});
it('Should not create vulnerability with with existing title', async () => {
var vuln1 = {
details: [
{
locale: 'fr',
title: 'Vulnerability English 1',
vulnType: 'Internal',
},
],
};
var response = await request(app)
.post('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`])
.send([vuln1]);
expect(response.status).toBe(422);
});
it('Should not create vulnerability without title', async () => {
var vuln1 = {
details: [{ locale: 'fr', vulnType: 'Internal' }],
};
var response = await request(app)
.post('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`])
.send([vuln1]);
expect(response.status).toBe(422);
});
it('Should not create vulnerability without locale', async () => {
var vuln1 = {
details: [{ title: 'Vulnerability English', vulnType: 'Internal' }],
};
var response = await request(app)
.post('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`])
.send([vuln1]);
expect(response.status).toBe(422);
});
it('Get vulnerabilities (existing vulnerabilities in db)', async () => {
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.body.datas[0].details[0].locale).toEqual('en');
expect(response.body.datas[0].details[0].title).toEqual(
'Vulnerability English 1',
);
expect(response.body.datas[0].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[1].details[0].locale).toEqual('en');
expect(response.body.datas[1].details[0].title).toEqual(
'Vulnerability English 2',
);
expect(response.body.datas[1].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[2].details[0].locale).toEqual('es');
expect(response.body.datas[2].details[0].title).toEqual(
'Vulnerability Espagnol 1',
);
expect(response.body.datas[2].details[0].vulnType).toEqual('Web');
expect(response.body.datas[3].cvssv3).toEqual(
'CVSS3.0:/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X',
);
expect(response.body.datas[3].details[0].locale).toEqual('fr');
expect(response.body.datas[3].details[0].title).toEqual(
'Vulnerability French 1',
);
expect(response.body.datas[3].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[3].details[0].description).toEqual(
'French vuln description',
);
expect(response.body.datas[3].details[0].observation).toEqual(
'French vuln observation',
);
expect(response.body.datas[3].details[0].remediation).toEqual(
'French vuln remediation',
);
expect(response.body.datas[3].details[0].references).toEqual([
'Reference 1',
'Reference 2',
]);
});
it('Get vulnerabilities for export (existing vulnerabilities in db)', async () => {
var response = await request(app)
.get('/api/vulnerabilities/export')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.type).toEqual('application/json');
//expect(response.headers['content-disposition'].indexOf('attachment; filename=')).toBe(0);
expect(response.body.datas[0].details[0].locale).toEqual('en');
expect(response.body.datas[0].details[0].title).toEqual(
'Vulnerability English 1',
);
expect(response.body.datas[0].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[1].details[0].locale).toEqual('en');
expect(response.body.datas[1].details[0].title).toEqual(
'Vulnerability English 2',
);
expect(response.body.datas[1].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[2].details[0].locale).toEqual('es');
expect(response.body.datas[2].details[0].title).toEqual(
'Vulnerability Espagnol 1',
);
expect(response.body.datas[2].details[0].vulnType).toEqual('Web');
expect(response.body.datas[3].cvssv3).toEqual(
'CVSS3.0:/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:X/RL:X/RC:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X',
);
expect(response.body.datas[3].details[0].locale).toEqual('fr');
expect(response.body.datas[3].details[0].title).toEqual(
'Vulnerability French 1',
);
expect(response.body.datas[3].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[3].details[0].description).toEqual(
'French vuln description',
);
expect(response.body.datas[3].details[0].observation).toEqual(
'French vuln observation',
);
expect(response.body.datas[3].details[0].remediation).toEqual(
'French vuln remediation',
);
expect(response.body.datas[3].details[0].references).toEqual([
'Reference 1',
'Reference 2',
]);
});
it('Update vulnerability', async () => {
var update = {
cvssv3: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H',
details: [
{
locale: 'en',
title: 'Vulnerability English 2',
vulnType: 'Internal',
},
{
locale: 'fr',
title: 'Vulnerability French 2',
vulnType: 'Internal',
description: 'French vuln description',
observation: 'French vuln observation',
remediation: 'French vuln remediation',
references: ['Ref1', 'Ref2'],
},
],
};
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
var vulnId = response.body.datas[1]._id;
response = await request(app)
.put(`/api/vulnerabilities/${vulnId}`)
.set('Cookie', [`token=JWT ${userToken}`])
.send(update);
expect(response.status).toBe(200);
response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.body.datas[1].cvssv3).toEqual(
'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H',
);
expect(response.body.datas[1].details[0].locale).toEqual('en');
expect(response.body.datas[1].details[0].title).toEqual(
'Vulnerability English 2',
);
expect(response.body.datas[1].details[0].vulnType).toEqual('Internal');
expect(response.body.datas[1].details[1].locale).toEqual('fr');
expect(response.body.datas[1].details[1].title).toEqual(
'Vulnerability French 2',
);
expect(response.body.datas[1].details[1].vulnType).toEqual('Internal');
expect(response.body.datas[1].details[1].description).toEqual(
'French vuln description',
);
expect(response.body.datas[1].details[1].observation).toEqual(
'French vuln observation',
);
expect(response.body.datas[1].details[1].remediation).toEqual(
'French vuln remediation',
);
expect(response.body.datas[1].details[1].references).toEqual([
'Ref1',
'Ref2',
]);
});
it('Should not update vulnerability with nonexistent ID', async () => {
var vulnerability = {
details: [{ locale: 'en', title: 'Vulnerability English' }],
};
var response = await request(app)
.put(`/api/vulnerabilities/deadbeefdeadbeefdeadbeef`)
.set('Cookie', [`token=JWT ${userToken}`])
.send(vulnerability);
expect(response.status).toBe(404);
});
it('Get vulnerabilities by language', async () => {
var response = await request(app)
.get(`/api/vulnerabilities/en`)
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.body.datas).toHaveLength(2);
});
it('Merge 2 vulnerabilities', async () => {
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
var vulnId = response.body.datas[0]._id;
var vulnIdMerge = response.body.datas[3]._id;
response = await request(app)
.put(`/api/vulnerabilities/merge/${vulnId}`)
.set('Cookie', [`token=JWT ${userToken}`])
.send({ vulnId: vulnIdMerge, locale: 'fr' });
expect(response.status).toBe(200);
response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.body.datas).toHaveLength(3);
});
it('Delete vulnerability', async () => {
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
var vulnId = response.body.datas[2]._id;
response = await request(app)
.delete(`/api/vulnerabilities/${vulnId}`)
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.body.datas).toHaveLength(2);
});
it('Delete vulnerability with nonexistent ID', async () => {
var response = await request(app)
.delete(`/api/vulnerabilities/deadbeefdeadbeefdeadbeef`)
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(404);
});
it('Create vulnerability from finding', async () => {
var finding = {
title: 'New vulnerability from finding',
vulnType: 'Internal',
description: 'New vuln description',
};
var response = await request(app)
.post('/api/vulnerabilities/finding/en')
.set('Cookie', [`token=JWT ${userToken}`])
.send(finding);
expect(response.status).toBe(201);
response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.body.datas).toHaveLength(3);
expect(response.body.datas[2].status).toBe(1);
});
it('Update vulnerability from finding', async () => {
var finding = {
title: 'Vulnerability English 1',
description: 'Description English 1',
observation: 'Observation English 1',
};
var response = await request(app)
.post('/api/vulnerabilities/finding/en')
.set('Cookie', [`token=JWT ${userToken}`])
.send(finding);
expect(response.status).toBe(200);
response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.body.datas).toHaveLength(3);
expect(response.body.datas[0].status).toBe(2);
});
it('Should not create/update vulnerability from finding without title', async () => {
var finding = {
observation: 'Observation new vuln from finding',
};
var response = await request(app)
.post('/api/vulnerabilities/finding/en')
.set('Cookie', [`token=JWT ${userToken}`])
.send(finding);
expect(response.status).toBe(422);
});
it('Should not update vulnerability from finding that is not yet approved', async () => {
var finding = {
title: 'New vulnerability from finding',
observation: 'Observation new vuln from finding',
};
var response = await request(app)
.post('/api/vulnerabilities/finding/en')
.set('Cookie', [`token=JWT ${userToken}`])
.send(finding);
expect(response.status).toBe(403);
});
it('Get vulnerability updates', async () => {
var response = await request(app)
.get('/api/vulnerabilities')
.set('Cookie', [`token=JWT ${userToken}`]);
var vulnId = response.body.datas[0]._id;
response = await request(app)
.get(`/api/vulnerabilities/updates/${vulnId}`)
.set('Cookie', [`token=JWT ${userToken}`]);
expect(response.status).toBe(200);
expect(response.body.datas).toHaveLength(1);
});
});
});
};