From 8dea1b3412a7bbe2234d95e904487979e047c9a6 Mon Sep 17 00:00:00 2001 From: elyousfi Date: Wed, 25 Sep 2024 12:21:29 +0100 Subject: [PATCH 1/3] Add option to order vulnerabilities by id, title or risk_rating --- src/ostorlab/cli/vulnz/list/list.py | 10 ++ src/ostorlab/runtimes/cloud/runtime.py | 1 + src/ostorlab/runtimes/local/runtime.py | 18 ++- src/ostorlab/serve_app/types.py | 6 +- tests/cli/vulnz/list/test_list_vulnz.py | 181 ++++++++++++++++++++++++ tests/conftest.py | 73 ++++++++++ 6 files changed, 286 insertions(+), 3 deletions(-) diff --git a/src/ostorlab/cli/vulnz/list/list.py b/src/ostorlab/cli/vulnz/list/list.py index c799257d3..7b7367860 100644 --- a/src/ostorlab/cli/vulnz/list/list.py +++ b/src/ostorlab/cli/vulnz/list/list.py @@ -22,12 +22,21 @@ help="Filter vulnerabilities by risk ratings. Accept comma-separated ratings.", ) @click.option("--search", "-sh", help="Search in all content of the vulnerabilities.") +@click.option( + "--order-by", + "-o", + "order_by", + type=click.Choice(["risk_rating", "title", "id"], case_sensitive=False), + default="risk_rating", + help="Order vulnerabilities by specified field. Defaults to risk_rating.", +) @click.pass_context def list_cli( ctx: click.core.Context, scan_id: int, risk_rating: Optional[str], search: Optional[str], + order_by: str, ) -> None: """CLI command to list vulnerabilities for a scan.""" runtime_instance = ctx.obj["runtime"] @@ -36,4 +45,5 @@ def list_cli( scan_id=scan_id, filter_risk_rating=risk_rating.strip().split(",") if risk_rating else None, search=search, + order_by=order_by, ) diff --git a/src/ostorlab/runtimes/cloud/runtime.py b/src/ostorlab/runtimes/cloud/runtime.py index 872c1befd..5de360c18 100644 --- a/src/ostorlab/runtimes/cloud/runtime.py +++ b/src/ostorlab/runtimes/cloud/runtime.py @@ -252,6 +252,7 @@ def list_vulnz( number_elements: int = 10, filter_risk_rating: Optional[List[str]] = None, search: Optional[str] = None, + order_by: Optional[str] = None, ) -> None: """List vulnz from the cloud using and render them in a table. diff --git a/src/ostorlab/runtimes/local/runtime.py b/src/ostorlab/runtimes/local/runtime.py index 5c933941b..a4fd52f2a 100644 --- a/src/ostorlab/runtimes/local/runtime.py +++ b/src/ostorlab/runtimes/local/runtime.py @@ -637,6 +637,7 @@ def list_vulnz( scan_id: int, filter_risk_rating: Optional[List[str]], search: Optional[str], + order_by: str = "risk_rating", ) -> None: try: with models.Database() as session: @@ -658,7 +659,22 @@ def list_vulnz( ) ) - vulnerabilities = query.order_by(models.Vulnerability.title).all() + if order_by == "risk_rating": + case_ordering = case( + [ + (models.Vulnerability.risk_rating == rating, order) + for rating, order in risk_rating.RATINGS_ORDER.items() + ], + else_=len(risk_rating.RATINGS_ORDER), + ) + vulnerabilities = query.order_by( + case_ordering, models.Vulnerability.title + ).all() + elif order_by == "title": + vulnerabilities = query.order_by(models.Vulnerability.title).all() + elif order_by == "id": + vulnerabilities = query.order_by(models.Vulnerability.id).all() + vulnz_list = [] for vulnerability in vulnerabilities: vulnerability_location = vulnerability.location or "" diff --git a/src/ostorlab/serve_app/types.py b/src/ostorlab/serve_app/types.py index f539e2cb3..a8acdb901 100644 --- a/src/ostorlab/serve_app/types.py +++ b/src/ostorlab/serve_app/types.py @@ -712,7 +712,9 @@ def resolve_progress(self: models.Scan, info: graphql_base.ResolveInfo) -> str: return self.progress.name - def resolve_risk_rating(self: models.Scan, info: graphql_base.ResolveInfo) -> str: + def resolve_risk_rating( + self: models.Scan, info: graphql_base.ResolveInfo + ) -> str | None: """Resolve risk rating query. Args: self (models.Scan): The scan object. @@ -720,7 +722,7 @@ def resolve_risk_rating(self: models.Scan, info: graphql_base.ResolveInfo) -> st Returns: str: The risk rating of the scan. """ - return self.risk_rating.name + return self.risk_rating.name if self.risk_rating is not None else None def resolve_assets( self, diff --git a/tests/cli/vulnz/list/test_list_vulnz.py b/tests/cli/vulnz/list/test_list_vulnz.py index 16ffd3b99..ce86aaccf 100644 --- a/tests/cli/vulnz/list/test_list_vulnz.py +++ b/tests/cli/vulnz/list/test_list_vulnz.py @@ -475,3 +475,184 @@ def testOstorlabVulnzListCLI_whenFilterBySearchAndRuntimeIsCloud_showsCorrectRes all(word in result_tech_detail.output for word in result_tech_detail_keywords) is True ) + + +def testOstorlabVulnzListCLI_whenListVulnz_showsVulnzOrderedByRiskRatingByDefault( + scan_multiple_vulnz_different_risk_ratings: models.Scan, +) -> None: + """Test oxo vulnz list command orders vulnerabilities by risk rating.""" + runner = CliRunner() + + result = runner.invoke( + rootcli.rootcli, + ["vulnz", "list", "-s", str(scan_multiple_vulnz_different_risk_ratings.id)], + ) + + assert result.exception is None + assert ( + result.output + == """πŸ”Ή Fetching vulnerabilities for scan 1 + + Scan 1: Found 4 vulnerabilities. +β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ +β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ +β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ +β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ +β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +βœ” Vulnerabilities listed successfully. +""" + ) + + +def testOstorlabVulnzListCLI_whenListVulnzOrderByID_showsVulnzOrderedByID( + scan_multiple_vulnz_different_risk_ratings: models.Scan, +) -> None: + """Test oxo vulnz list command orders vulnerabilities by ID.""" + runner = CliRunner() + + result = runner.invoke( + rootcli.rootcli, + [ + "vulnz", + "list", + "-s", + str(scan_multiple_vulnz_different_risk_ratings.id), + "-o", + "id", + ], + ) + + assert result.exception is None + assert ( + result.output + == """πŸ”Ή Fetching vulnerabilities for scan 1 + + Scan 1: Found 4 vulnerabilities. +β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ +β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ +β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ +β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +βœ” Vulnerabilities listed successfully. +""" + ) + + +def testOstorlabVulnzListCLI_whenListVulnzOrderByTitle_showsVulnzOrderedByTitle( + scan_multiple_vulnz_different_risk_ratings: models.Scan, +) -> None: + """Test oxo vulnz list command orders vulnerabilities by Title.""" + runner = CliRunner() + + result = runner.invoke( + rootcli.rootcli, + [ + "vulnz", + "list", + "-s", + str(scan_multiple_vulnz_different_risk_ratings.id), + "-o", + "title", + ], + ) + + assert result.exception is None + assert ( + result.output + == """πŸ”Ή Fetching vulnerabilities for scan 1 + + Scan 1: Found 4 vulnerabilities. +β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ +β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ +β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ +β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ +β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ +β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ +β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ +β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ +β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +βœ” Vulnerabilities listed successfully. +""" + ) + + +def testOstorlabVulnzListCLI_whenListVulnzOrderByInvalidOption_showsErrorMessage( + scan_multiple_vulnz_different_risk_ratings: models.Scan, +) -> None: + """Test oxo vulnz list command orders vulnerabilities by Title.""" + runner = CliRunner() + + result = runner.invoke( + rootcli.rootcli, + [ + "vulnz", + "list", + "-s", + str(scan_multiple_vulnz_different_risk_ratings.id), + "-o", + "invalid", + ], + ) + + assert result.exception is not None + assert ( + result.output + == """Usage: rootcli vulnz list [OPTIONS] +Try 'rootcli vulnz list --help' for help. + +Error: Invalid value for '--order-by' / '-o': 'invalid' is not one of 'risk_rating', 'title', 'id'. +""" + ) diff --git a/tests/conftest.py b/tests/conftest.py index ebc7b2193..759eafaab 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1509,3 +1509,76 @@ def multiple_assets_scan_bytes() -> bytes: """Returns a dummy zip file.""" zip_path = pathlib.Path(__file__).parent / "files" / "multiple_assets_scan.zip" return zip_path.read_bytes() + + +@pytest.fixture +def scan_multiple_vulnz_different_risk_ratings( + clean_db: None, mocker: plugin.MockerFixture, db_engine_path: str +) -> models.Scan: + mocker.patch.object(models, "ENGINE_URL", db_engine_path) + create_scan_db = models.Scan.create("test") + models.Vulnerability.create( + title="Medium risk vulnerability 1", + short_description="Medium risk issue", + description="A vulnerability with a medium risk rating", + recommendation="Consider fixing soon", + technical_detail="example=$input", + risk_rating="MEDIUM", + cvss_v3_vector="5:6:7", + dna="12347", + location={ + "domain_name": {"name": "mediumrisk.com"}, + "metadata": [{"type": "URL", "value": "https://mediumrisk.com"}], + }, + scan_id=create_scan_db.id, + references=[], + ) + models.Vulnerability.create( + title="High risk vulnerability", + short_description="High risk issue", + description="A vulnerability with a high risk rating", + recommendation="Fix immediately", + technical_detail="example=$input", + risk_rating="HIGH", + cvss_v3_vector="5:6:7", + dna="12345", + location={ + "domain_name": {"name": "highrisk.com"}, + "metadata": [{"type": "URL", "value": "https://highrisk.com"}], + }, + scan_id=create_scan_db.id, + references=[], + ) + models.Vulnerability.create( + title="Low risk vulnerability", + short_description="Low risk issue", + description="A vulnerability with a low risk rating", + recommendation="Monitor the situation", + technical_detail="example=$input", + risk_rating="LOW", + cvss_v3_vector="5:6:7", + dna="12346", + location={ + "domain_name": {"name": "lowrisk.com"}, + "metadata": [{"type": "URL", "value": "https://lowrisk.com"}], + }, + scan_id=create_scan_db.id, + references=[], + ) + models.Vulnerability.create( + title="Medium risk vulnerability 2", + short_description="Medium risk issue", + description="A vulnerability with a medium risk rating", + recommendation="Consider fixing soon", + technical_detail="example=$input", + risk_rating="MEDIUM", + cvss_v3_vector="5:6:7", + dna="12347", + location={ + "domain_name": {"name": "mediumrisk.com"}, + "metadata": [{"type": "URL", "value": "https://mediumrisk.com"}], + }, + scan_id=create_scan_db.id, + references=[], + ) + return create_scan_db From fdc9f5b2d9fe1e9264f8728c6fb6e39721cb9418 Mon Sep 17 00:00:00 2001 From: elyousfi Date: Wed, 25 Sep 2024 13:24:26 +0100 Subject: [PATCH 2/3] Fix unit tests --- src/ostorlab/serve_app/types.py | 2 +- tests/cli/vulnz/list/test_list_vulnz.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/ostorlab/serve_app/types.py b/src/ostorlab/serve_app/types.py index a8acdb901..56b5589cd 100644 --- a/src/ostorlab/serve_app/types.py +++ b/src/ostorlab/serve_app/types.py @@ -714,7 +714,7 @@ def resolve_progress(self: models.Scan, info: graphql_base.ResolveInfo) -> str: def resolve_risk_rating( self: models.Scan, info: graphql_base.ResolveInfo - ) -> str | None: + ) -> Optional[str]: """Resolve risk rating query. Args: self (models.Scan): The scan object. diff --git a/tests/cli/vulnz/list/test_list_vulnz.py b/tests/cli/vulnz/list/test_list_vulnz.py index ce86aaccf..3ee5212c2 100644 --- a/tests/cli/vulnz/list/test_list_vulnz.py +++ b/tests/cli/vulnz/list/test_list_vulnz.py @@ -490,7 +490,7 @@ def testOstorlabVulnzListCLI_whenListVulnz_showsVulnzOrderedByRiskRatingByDefaul assert result.exception is None assert ( - result.output + result.output.replace("\r\n", "\n") == """πŸ”Ή Fetching vulnerabilities for scan 1 Scan 1: Found 4 vulnerabilities. @@ -543,7 +543,7 @@ def testOstorlabVulnzListCLI_whenListVulnzOrderByID_showsVulnzOrderedByID( assert result.exception is None assert ( - result.output + result.output.replace("\r\n", "\n") == """πŸ”Ή Fetching vulnerabilities for scan 1 Scan 1: Found 4 vulnerabilities. @@ -596,7 +596,7 @@ def testOstorlabVulnzListCLI_whenListVulnzOrderByTitle_showsVulnzOrderedByTitle( assert result.exception is None assert ( - result.output + result.output.replace("\r\n", "\n") == """πŸ”Ή Fetching vulnerabilities for scan 1 Scan 1: Found 4 vulnerabilities. @@ -649,7 +649,7 @@ def testOstorlabVulnzListCLI_whenListVulnzOrderByInvalidOption_showsErrorMessage assert result.exception is not None assert ( - result.output + result.output.replace("\r\n", "\n") == """Usage: rootcli vulnz list [OPTIONS] Try 'rootcli vulnz list --help' for help. From a28a2777395e5df27675b7bed295c837aead60f1 Mon Sep 17 00:00:00 2001 From: elyousfi Date: Wed, 25 Sep 2024 15:57:35 +0100 Subject: [PATCH 3/3] Fix unit tests --- src/ostorlab/runtimes/local/runtime.py | 4 +- tests/cli/vulnz/list/test_list_vulnz.py | 120 +++++------------------- tests/conftest.py | 44 ++++----- 3 files changed, 42 insertions(+), 126 deletions(-) diff --git a/src/ostorlab/runtimes/local/runtime.py b/src/ostorlab/runtimes/local/runtime.py index a4fd52f2a..0c567854a 100644 --- a/src/ostorlab/runtimes/local/runtime.py +++ b/src/ostorlab/runtimes/local/runtime.py @@ -635,8 +635,8 @@ def install(self, docker_client: Optional[docker.DockerClient] = None) -> None: def list_vulnz( self, scan_id: int, - filter_risk_rating: Optional[List[str]], - search: Optional[str], + filter_risk_rating: Optional[List[str]] = None, + search: Optional[str] = None, order_by: str = "risk_rating", ) -> None: try: diff --git a/tests/cli/vulnz/list/test_list_vulnz.py b/tests/cli/vulnz/list/test_list_vulnz.py index 3ee5212c2..def8c0b92 100644 --- a/tests/cli/vulnz/list/test_list_vulnz.py +++ b/tests/cli/vulnz/list/test_list_vulnz.py @@ -479,9 +479,11 @@ def testOstorlabVulnzListCLI_whenFilterBySearchAndRuntimeIsCloud_showsCorrectRes def testOstorlabVulnzListCLI_whenListVulnz_showsVulnzOrderedByRiskRatingByDefault( scan_multiple_vulnz_different_risk_ratings: models.Scan, + mocker: plugin.MockerFixture, ) -> None: """Test oxo vulnz list command orders vulnerabilities by risk rating.""" runner = CliRunner() + table_mock = mocker.patch("ostorlab.cli.console.Console.table") result = runner.invoke( rootcli.rootcli, @@ -489,45 +491,24 @@ def testOstorlabVulnzListCLI_whenListVulnz_showsVulnzOrderedByRiskRatingByDefaul ) assert result.exception is None - assert ( - result.output.replace("\r\n", "\n") - == """πŸ”Ή Fetching vulnerabilities for scan 1 - - Scan 1: Found 4 vulnerabilities. -β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ -β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ -β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ -β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ -β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -βœ” Vulnerabilities listed successfully. -""" - ) + risk_ratings = [ + vuln.get("risk_rating") for vuln in table_mock.call_args_list[0][1].get("data") + ] + assert risk_ratings == [ + "[bold bright_white on #F55246]High[/]", + "[bold bright_white on #FF9800]Medium[/]", + "[bold bright_white on #FF9800]Medium[/]", + "[bold bright_white on #FDDB45]Low[/]", + ] def testOstorlabVulnzListCLI_whenListVulnzOrderByID_showsVulnzOrderedByID( scan_multiple_vulnz_different_risk_ratings: models.Scan, + mocker: plugin.MockerFixture, ) -> None: """Test oxo vulnz list command orders vulnerabilities by ID.""" runner = CliRunner() + table_mock = mocker.patch("ostorlab.cli.console.Console.table") result = runner.invoke( rootcli.rootcli, @@ -542,45 +523,17 @@ def testOstorlabVulnzListCLI_whenListVulnzOrderByID_showsVulnzOrderedByID( ) assert result.exception is None - assert ( - result.output.replace("\r\n", "\n") - == """πŸ”Ή Fetching vulnerabilities for scan 1 - - Scan 1: Found 4 vulnerabilities. -β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ -β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ -β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ -β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -βœ” Vulnerabilities listed successfully. -""" - ) + ids = [vuln.get("id") for vuln in table_mock.call_args_list[0][1].get("data")] + assert ids == ["1", "2", "3", "4"] def testOstorlabVulnzListCLI_whenListVulnzOrderByTitle_showsVulnzOrderedByTitle( scan_multiple_vulnz_different_risk_ratings: models.Scan, + mocker: plugin.MockerFixture, ) -> None: """Test oxo vulnz list command orders vulnerabilities by Title.""" runner = CliRunner() + table_mock = mocker.patch("ostorlab.cli.console.Console.table") result = runner.invoke( rootcli.rootcli, @@ -595,38 +548,13 @@ def testOstorlabVulnzListCLI_whenListVulnzOrderByTitle_showsVulnzOrderedByTitle( ) assert result.exception is None - assert ( - result.output.replace("\r\n", "\n") - == """πŸ”Ή Fetching vulnerabilities for scan 1 - - Scan 1: Found 4 vulnerabilities. -β”Œβ”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” -β”‚ β”‚ β”‚ Vulnerable β”‚ β”‚ CVSS V3 β”‚ Short β”‚ -β”‚ Id β”‚ Title β”‚ target β”‚ Risk rating β”‚ Vector β”‚ Description β”‚ -β•žβ•β•β•β•β•ͺ══════════════β•ͺ══════════════β•ͺ═════════════β•ͺ══════════════β•ͺ══════════════║ -β”‚ 2 β”‚ High risk β”‚ Domain: β”‚ High β”‚ 5:6:7 β”‚ High risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ highrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://hig… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 3 β”‚ Low risk β”‚ Domain: β”‚ Low β”‚ 5:6:7 β”‚ Low risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ lowrisk.com β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://low… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 1 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 1 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β”œβ”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€ -β”‚ 4 β”‚ Medium risk β”‚ Domain: β”‚ Medium β”‚ 5:6:7 β”‚ Medium risk β”‚ -β”‚ β”‚ vulnerabili… β”‚ mediumrisk.… β”‚ β”‚ β”‚ issue β”‚ -β”‚ β”‚ 2 β”‚ URL: β”‚ β”‚ β”‚ β”‚ -β”‚ β”‚ β”‚ https://med… β”‚ β”‚ β”‚ β”‚ -β””β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ -βœ” Vulnerabilities listed successfully. -""" - ) + titles = [vuln.get("title") for vuln in table_mock.call_args_list[0][1].get("data")] + assert titles == [ + "vulnerability 1", + "vulnerability 2", + "vulnerability 3", + "vulnerability 4", + ] def testOstorlabVulnzListCLI_whenListVulnzOrderByInvalidOption_showsErrorMessage( diff --git a/tests/conftest.py b/tests/conftest.py index 759eafaab..b55515a29 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1518,66 +1518,54 @@ def scan_multiple_vulnz_different_risk_ratings( mocker.patch.object(models, "ENGINE_URL", db_engine_path) create_scan_db = models.Scan.create("test") models.Vulnerability.create( - title="Medium risk vulnerability 1", - short_description="Medium risk issue", - description="A vulnerability with a medium risk rating", + title="vulnerability 1", + short_description="vulnerability 1", + description="vulnerability 1", recommendation="Consider fixing soon", technical_detail="example=$input", risk_rating="MEDIUM", cvss_v3_vector="5:6:7", dna="12347", - location={ - "domain_name": {"name": "mediumrisk.com"}, - "metadata": [{"type": "URL", "value": "https://mediumrisk.com"}], - }, + location={}, scan_id=create_scan_db.id, references=[], ) models.Vulnerability.create( - title="High risk vulnerability", - short_description="High risk issue", - description="A vulnerability with a high risk rating", + title="vulnerability 2", + short_description="vulnerability 2", + description="vulnerability 2", recommendation="Fix immediately", technical_detail="example=$input", risk_rating="HIGH", cvss_v3_vector="5:6:7", dna="12345", - location={ - "domain_name": {"name": "highrisk.com"}, - "metadata": [{"type": "URL", "value": "https://highrisk.com"}], - }, + location={}, scan_id=create_scan_db.id, references=[], ) models.Vulnerability.create( - title="Low risk vulnerability", - short_description="Low risk issue", - description="A vulnerability with a low risk rating", + title="vulnerability 3", + short_description="vulnerability 3", + description="vulnerability 3", recommendation="Monitor the situation", technical_detail="example=$input", risk_rating="LOW", cvss_v3_vector="5:6:7", dna="12346", - location={ - "domain_name": {"name": "lowrisk.com"}, - "metadata": [{"type": "URL", "value": "https://lowrisk.com"}], - }, + location={}, scan_id=create_scan_db.id, references=[], ) models.Vulnerability.create( - title="Medium risk vulnerability 2", - short_description="Medium risk issue", - description="A vulnerability with a medium risk rating", + title="vulnerability 4", + short_description="vulnerability 4", + description="vulnerability 4", recommendation="Consider fixing soon", technical_detail="example=$input", risk_rating="MEDIUM", cvss_v3_vector="5:6:7", dna="12347", - location={ - "domain_name": {"name": "mediumrisk.com"}, - "metadata": [{"type": "URL", "value": "https://mediumrisk.com"}], - }, + location={}, scan_id=create_scan_db.id, references=[], )