Add unit tests for analysis instances in tab view #98

Signed-off-by: tdruez <[email protected]>
aboutcode-org · Dec 2, 2024 · eb4f5e0 · eb4f5e0
1 parent 6451aaf
commit eb4f5e0
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 9 deletions.
diff --git a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html
@@ -21,9 +21,11 @@
               </span>
             {% endif %}
           </strong>
-          <div class="mt-2">
-            {% include 'component_catalog/includes/vulnerability_aliases.html' with aliases=vulnerability.aliases only %}
-          </div>
+          {% if vulnerability.aliases %}
+            <div class="mt-2">
+              {% include 'component_catalog/includes/vulnerability_aliases.html' with aliases=vulnerability.aliases only %}
+            </div>
+          {% endif %}
         </td>
         <td rowspan="{{ vulnerability.affected_packages_count }}">
           {% include 'vulnerabilities/includes/exploitability.html' with instance=vulnerability only %}
@@ -38,10 +40,10 @@
           {% if not forloop.first %}<tr>{% endif %}
           <td>
             <ul class="list-unstyled mb-0">
-                <li>
-                  <a href="{{ package.get_absolute_url }}#vulnerabilities" target="_blank">{{ package }}</a>
-                  {% include 'vulnerabilities/includes/risk_score_badge.html' with risk_score=package.risk_score label='risk' only %}
-                </li>
+              <li>
+                <a href="{{ package.get_absolute_url }}#vulnerabilities" target="_blank">{{ package }}</a>
+                {% include 'vulnerabilities/includes/risk_score_badge.html' with risk_score=package.risk_score label='risk' only %}
+              </li>
             </ul>
           </td>
           <td>

diff --git a/product_portfolio/tests/test_views.py b/product_portfolio/tests/test_views.py
@@ -59,6 +59,7 @@
 from product_portfolio.tests import make_product
 from product_portfolio.tests import make_product_package
 from product_portfolio.views import ManageComponentGridView
+from vulnerabilities.models import VulnerabilityAnalysis
 from vulnerabilities.tests import make_vulnerability
 from workflow.models import Request
 from workflow.models import RequestTemplate
@@ -274,7 +275,7 @@ def test_product_portfolio_detail_view_tab_dependency_view(self):
             response = self.client.get(url)
         self.assertContains(response, "4 results")
 
-    def test_product_portfolio_detail_view_tab_vulnerability_view(self):
+    def test_product_portfolio_detail_view_tab_vulnerability_queryset(self):
         self.client.login(username="nexb_user", password="secret")
         url = self.product1.get_url("tab_vulnerabilities")
 
@@ -296,7 +297,7 @@ def test_product_portfolio_detail_view_tab_vulnerability_view(self):
             response = self.client.get(url)
         self.assertContains(response, "4 results")
 
-    def test_product_portfolio_detail_view_tab_vulnerability_view_filters(self):
+    def test_product_portfolio_tab_vulnerability_view_filters(self):
         self.client.login(username="nexb_user", password="secret")
         url = self.product1.get_url("tab_vulnerabilities")
         response = self.client.get(url)
@@ -305,6 +306,85 @@ def test_product_portfolio_detail_view_tab_vulnerability_view_filters(self):
         response = self.client.get(url + "?vulnerabilities-sort=risk_score#vulnerabilities")
         self.assertContains(response, "?vulnerabilities-sort=-risk_score#vulnerabilities")
 
+    def test_product_portfolio_tab_vulnerability_view_packages_row_rendering(self):
+        self.client.login(username="nexb_user", password="secret")
+        # Each have a unique vulnerability, and p1 p2 are sharing a common one.
+        p1 = make_package(self.dataspace, is_vulnerable=True)
+        p2 = make_package(self.dataspace, is_vulnerable=True)
+        p3 = make_package(self.dataspace, is_vulnerable=True)
+        vulnerability1 = make_vulnerability(self.dataspace, affecting=[p1, p2])
+        product1 = make_product(self.dataspace, inventory=[p1, p2, p3])
+
+        url = product1.get_url("tab_vulnerabilities")
+        response = self.client.get(url)
+        expected = f'<td rowspan="2"><strong>{vulnerability1.vcid}</strong></td>'
+        self.assertContains(response, expected, html=True)
+
+        expected = f"""
+        <span data-bs-toggle="modal"
+              data-bs-target="#vulnerability-analysis-modal"
+              data-vulnerability-id="{vulnerability1.vcid}"
+              data-package-identifier="{p1}"
+              data-edit-url="/products/nexB/{product1}/vulnerability_analysis_ajax_view/?vulnerability_id={vulnerability1.vcid}&package_uuid={p1.uuid}"
+        >
+        <button type="button" data-bs-toggle="tooltip" title="Edit" class="btn btn-link p-0"
+                aria-label="Edit">
+            <i class="far fa-edit fa-sm"></i>
+          </button>
+        </span>
+        """
+        self.assertContains(response, expected, html=True)
+
+    def test_product_portfolio_tab_vulnerability_view_analysis_rendering(self):
+        self.client.login(username="nexb_user", password="secret")
+        # Each have a unique vulnerability, and p1 p2 are sharing a common one.
+        p1 = make_package(self.dataspace, is_vulnerable=True)
+        p2 = make_package(self.dataspace, is_vulnerable=True)
+        vulnerability1 = make_vulnerability(self.dataspace, affecting=[p1, p2])
+        product1 = make_product(self.dataspace)
+        product_package1 = make_product_package(product1, package=p1)
+        make_product_package(product1, package=p2)
+
+        analysis = VulnerabilityAnalysis.objects.create(
+            product_package=product_package1,
+            vulnerability=vulnerability1,
+            state=VulnerabilityAnalysis.State.RESOLVED,
+            justification=VulnerabilityAnalysis.Justification.CODE_NOT_PRESENT,
+            responses=[
+                VulnerabilityAnalysis.Response.CAN_NOT_FIX,
+                VulnerabilityAnalysis.Response.ROLLBACK,
+            ],
+            detail="detail",
+            dataspace=self.dataspace,
+        )
+
+        url = product1.get_url("tab_vulnerabilities")
+        response = self.client.get(url)
+
+        # Make sure the Analysis was set on the proper package instance.
+        vulnerabilities = response.context["page_obj"].object_list
+        packages = {
+            package.uuid: package
+            for vulnerability in vulnerabilities
+            for package in vulnerability.affected_packages.all()
+        }
+        self.assertTrue(hasattr(packages.get(p1.uuid), "vulnerability_analysis"))
+        self.assertEqual(analysis, packages.get(p1.uuid).vulnerability_analysis)
+        self.assertFalse(hasattr(packages.get(p2.uuid), "vulnerability_analysis"))
+
+        expected = """
+        <td>
+          <strong>Resolved</strong>
+          <span data-bs-toggle="popover" data-bs-placement="right" data-bs-trigger="hover focus"
+                data-bs-html="true" data-bs-content="detail">
+            <i class="fa-solid fa-circle-info"></i>
+          </span>
+        </td>
+        <td>Code Not Present</td>
+        <td>can_not_fix<br>rollback</td>
+        """
+        self.assertContains(response, expected, html=True)
+
     @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.is_configured")
     def test_product_portfolio_detail_view_include_tab_vulnerability_analysis_modal(
         self, mock_is_configured