-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#1063 added example adpContainer and first insertAdpTest
- Loading branch information
1 parent
d1ad208
commit f761dda
Showing
2 changed files
with
198 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| { | ||
| "adpContainer": { | ||
| "affected": [ | ||
| { | ||
| "vendor": "n/a", | ||
| "product": "n/a", | ||
| "versions": [ | ||
| { | ||
| "version": "n/a", | ||
| "status": "unknown" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address." | ||
| } | ||
| ], | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "description": "n/a", | ||
| "lang": "eng", | ||
| "type": "text" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "9cbfeea8-dea2-4923-b772-1ab41730e742" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver", | ||
| "refsource": "MLIST", | ||
| "url": "http://www.openwall.com/lists/oss-security/2017/02/02/3" | ||
| }, | ||
| { | ||
| "name": "https://www.revive-adserver.com/security/revive-sa-2017-001/", | ||
| "refsource": "CONFIRM", | ||
| "url": "https://www.revive-adserver.com/security/revive-sa-2017-001/" | ||
| }, | ||
| { | ||
| "name": "95875", | ||
| "refsource": "BID", | ||
| "url": "http://www.securityfocus.com/bid/95875" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,145 @@ | ||
| /* eslint-disable no-unused-expressions */ | ||
| // https://github.com/standard/standard/issues/690#issuecomment-278533482 | ||
| const chai = require('chai') | ||
| const sinon = require('sinon') | ||
| const { faker } = require('@faker-js/faker') | ||
| const expect = chai.expect | ||
|
|
||
| const { cve } = require('../../../src/model/cve') | ||
| const cveMiddleware = require('../../../src/controller/cve.controller/cve.middleware') | ||
| const rejectedBody = require('../../../test-http/src/test/cve_tests/cve_record_fixtures/rejectBody.json') | ||
| const middleware = require('../../../src/middleware/middleware') | ||
| const cveIdPublished5 = 'CVE-2017-4024' | ||
| const cveRecordPublished = require('../../schemas/5.0/CVE-2017-4024_published.json') | ||
| const adpContainer = require('../../schemas/5.0/adpContainerExample.json').adpContainer | ||
| const { CVE_INSERT_ADP } = require('../../../src/controller/cve.controller/cve.controller.js') | ||
| const errors = require('../../../src/middleware/error.js') | ||
| const error = new errors.MiddlewareError() | ||
|
|
||
| const OrgRepository = require('../../../src/repositories/orgRepository.js') | ||
| const CveIdRepository = require('../../../src/repositories/cveIdRepository.js') | ||
| const CveRepository = require('../../../src/repositories/cveRepository.js') | ||
| const UserRepository = require('../../../src/repositories/userRepository.js') | ||
| const { cvePublished5 } = require('./mockObjects.cve') | ||
|
|
||
| const adpUUID = faker.datatype.uuid() | ||
| const cnaUUID = faker.datatype.uuid() | ||
|
|
||
| const stubAdpOrg = { | ||
| short_name: 'adpOrg', | ||
| name: 'test_adp', | ||
| UUID: adpUUID, | ||
| authority: { | ||
| active_roles: [ | ||
| 'ADP' | ||
| ] | ||
| } | ||
| } | ||
|
|
||
| const stubAdpUser = { | ||
| username: 'testAdpUser', | ||
| org_UUID: adpUUID, | ||
| UUID: faker.datatype.uuid() | ||
| } | ||
|
|
||
| const stubCnaOrg = { | ||
| short_name: 'cnaOrg', | ||
| name: 'test_cna', | ||
| UUID: faker.datatype.uuid(), | ||
| authority: { | ||
| active_roles: [ | ||
| 'CNA' | ||
| ] | ||
| } | ||
| } | ||
|
|
||
| const stubCnaUser = { | ||
| username: 'testCnaUser', | ||
| org_UUID: cnaUUID, | ||
| UUID: faker.datatype.uuid() | ||
| } | ||
|
|
||
| const stubCveId = { | ||
| requested_by: { | ||
| cna: 'mitre', | ||
| user: '[email protected]' | ||
| }, | ||
| cve_id: 'CVE-2017-4024', | ||
| cve_year: '2017', | ||
| state: 'PUBLISHED', | ||
| owning_cna: 'mitre', | ||
| reserved: '2023-05-17T16:57:35.698Z' | ||
| } | ||
|
|
||
| describe('Testing insertAdp function', () => { | ||
| let status, json, res, next, getOrgRepository, | ||
| orgRepo, getCveRepository, cveRepo, getCveIdRepository, | ||
| cveIdRepo, getUserRepository, userRepo | ||
|
|
||
| // Stub out functions called in insertAdp and reset them for each test | ||
| beforeEach(() => { | ||
| status = sinon.stub() | ||
| json = sinon.spy() | ||
| res = { json, status } | ||
| next = sinon.spy() | ||
| status.returns(res) | ||
| orgRepo = new OrgRepository() | ||
| getOrgRepository = sinon.stub() | ||
| getOrgRepository.returns(orgRepo) | ||
|
|
||
| userRepo = new UserRepository() | ||
| getUserRepository = sinon.stub() | ||
| getUserRepository.returns(userRepo) | ||
|
|
||
| cveRepo = new CveRepository() | ||
| getCveRepository = sinon.stub() | ||
| getCveRepository.returns(cveRepo) | ||
|
|
||
| cveIdRepo = new CveIdRepository() | ||
| getCveIdRepository = sinon.stub() | ||
| getCveIdRepository.returns(cveIdRepo) | ||
| }) | ||
| // context('Negative Tests', () => { | ||
| // it('Submit a reject request with multiple English descriptions', () => { | ||
| // const result = cveMiddleware.hasSingleEnglishEntry(multipleEngDescriptions.cnaContainer.rejectedReasons) | ||
| // expect(result).to.be.false | ||
| // }) | ||
| // }) | ||
|
|
||
| context('Positive Tests', () => { | ||
| it('Should add an ADP container to an existing CVE record', async () => { | ||
| const req = { | ||
| ctx: { | ||
| org: stubAdpOrg.short_name, | ||
| uuid: stubAdpOrg.UUID, | ||
| params: { | ||
| id: cveIdPublished5 | ||
| }, | ||
| repositories: { | ||
| getOrgRepository, | ||
| getUserRepository, | ||
| getCveRepository, | ||
| getCveIdRepository | ||
| }, | ||
| body: { | ||
| adpContainer | ||
| } | ||
| } | ||
| } | ||
| sinon.stub(cveIdRepo, 'findOneByCveId').returns(stubCveId) | ||
| sinon.stub(orgRepo, 'getOrgUUID').returns(stubAdpOrg.UUID) | ||
| sinon.stub(userRepo, 'getUserUUID').returns(stubAdpUser.UUID) | ||
| sinon.stub(cveRepo, 'findOneByCveId').returns({ cve: cveRecordPublished }) | ||
| sinon.stub(cveRepo, 'updateByCveId').returns(true) | ||
| const resMessage = cveIdPublished5 + ' record had new ADP container 2 successfully inserted' | ||
| await CVE_INSERT_ADP(req, res, next) | ||
|
|
||
| expect(status.args[0][0]).to.equal(200) | ||
| expect(res.json.args[0][0].message).to.include(resMessage) | ||
| expect(res.json.args[0][0].updated.containers.adp[1]).to.equal(adpContainer) | ||
| }) | ||
| it('Should update an existing ADP container on an existing CVE record', async () => { | ||
|
|
||
| }) | ||
| }) | ||
| }) |