Skip to content

Commit

Permalink
Add tests for bulk api endpoints
Browse files Browse the repository at this point in the history 
Signed-off-by: Shivam Sandbhor <[email protected]>
  • Loading branch information
@sbs2001
sbs2001 committed Jan 16, 2021
1 parent 136476b commit 41f5aee
Show file tree
Hide file tree
Showing 3 changed files with 117 additions and 12 deletions.
17 changes: 6 additions & 11 deletions vulnerabilities/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,15 +129,13 @@ class PackageViewSet(viewsets.ReadOnlyModelViewSet):
filter_backends = (filters.DjangoFilterBackend,)
filterset_class = PackageFilterSet

# `fetch` is a placeholder
# TODO: Find a good name for this endpoint
@action(detail=False, methods=["post"])
def fetch(self, request):
def bulk_search(self, request):
filter_list = Q()
response = {}
# TODO: Do some validation here of request body

for purl in request.data["packages"]:
for purl in request.POST.getlist("packages"):
filter_list |= Q(
**{k: v for k, v in PackageURL.from_string(purl).to_dict().items() if v}
)
Expand Down Expand Up @@ -167,20 +165,17 @@ class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet):
filter_backends = (filters.DjangoFilterBackend,)
filterset_class = VulnerabilityFilterSet

# `fetch` is a placeholder
# TODO: Find a good name for this endpoint
@action(detail=False, methods=["post"])
def fetch(self, request):
def bulk_search(self, request):
filter_list = []
response = {}
# TODO: Do some validation here of request body
for cve_id in request.data["vulnerabilities"]:

for cve_id in request.POST.getlist("vulnerabilities"):
filter_list.append(cve_id)
# This handles the case when the said cve doesnt exist in db
response[cve_id] = {}

res = Vulnerability.objects.filter(cve_id__in=[cve_id])
res = Vulnerability.objects.filter(cve_id__in=filter_list)
for vuln in res:
response[vuln.cve_id] = VulnerabilitySerializer(vuln, context={"request": request}).data

return Response(response)
2 changes: 1 addition & 1 deletion vulnerabilities/fixtures/debian.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
},
{
"model": "vulnerabilities.packagerelatedvulnerability",
"pk": 1,
"pk": 10,
"fields": {
"vulnerability": 2,
"package": 2,
Expand Down
110 changes: 110 additions & 0 deletions vulnerabilities/tests/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
# Visit https://github.com/nexB/vulnerablecode/ for support and download.

import os
from collections import OrderedDict
from random import choices
from unittest.mock import MagicMock
from urllib.parse import quote
Expand All @@ -31,6 +32,8 @@

from vulnerabilities.api import PackageSerializer
from vulnerabilities.models import Package
from rest_framework.test import APIRequestFactory
from rest_framework.test import APIClient


BASE_DIR = os.path.dirname(os.path.abspath(__file__))
Expand Down Expand Up @@ -188,3 +191,110 @@ def test_package_serializer(self):
purls = {r["purl"] for r in response}
self.assertIn("pkg:deb/debian/[email protected]?distro=jessie", purls)
self.assertIn("pkg:deb/debian/[email protected]?distro=jessie", purls)


class TestBulkAPIResponse(TestCase):
fixtures = ["debian.json"]

def test_bulk_vulnerabilities_api(self):
request_body = {"vulnerabilities": ["CVE-2009-1382", "CVE-2014-8242", "RANDOM-CVE"]}
expected_response = {
"CVE-2009-1382": {
"url": "http://testserver/api/vulnerabilities/2/",
"references": [],
"resolved_packages": [
OrderedDict(
[
("url", "http://testserver/api/packages/2/"),
("purl", "pkg:deb/debian/[email protected]?distro=jessie"),
]
),
OrderedDict(
[
("url", "http://testserver/api/packages/3/"),
("purl", "pkg:deb/debian/[email protected]?distro=jessie"),
]
),
],
"unresolved_packages": [],
"cve_id": "CVE-2009-1382",
"summary": "",
"cvss": None,
},
"CVE-2014-8242": {
"url": "http://testserver/api/vulnerabilities/1/",
"references": [],
"resolved_packages": [],
"unresolved_packages": [
OrderedDict(
[
("url", "http://testserver/api/packages/1/"),
("purl", "pkg:deb/debian/[email protected]?distro=jessie"),
]
)
],
"cve_id": "CVE-2014-8242",
"summary": "",
"cvss": None,
},
"RANDOM-CVE": {},
}
response = self.client.post("/api/vulnerabilities/bulk_search/", request_body).data
assert response == expected_response

def test_bulk_packages_api(self):
request_body = {
"packages": [
"pkg:deb/debian/[email protected]?distro=jessie",
"pkg:deb/debian/[email protected]?distro=jessie",
]
}
response = self.client.post("/api/packages/bulk_search/", request_body).data
expected_response = {
"pkg:deb/debian/[email protected]?distro=jessie": {
"url": "http://testserver/api/packages/1/",
"type": "deb",
"namespace": "debian",
"name": "librsync",
"version": "0.9.7-10",
"qualifiers": {"distro": "jessie"},
"subpath": "",
"purl": "pkg:deb/debian/[email protected]?distro=jessie",
"resolved_vulnerabilities": [],
"unresolved_vulnerabilities": [
OrderedDict(
[
("url", "http://testserver/api/vulnerabilities/1/"),
("vulnerability_id", "CVE-2014-8242"),
]
)
],
},
"pkg:deb/debian/[email protected]?distro=jessie": {
"url": "http://testserver/api/packages/3/",
"type": "deb",
"namespace": "debian",
"name": "mimetex",
"version": "1.50-1.1",
"qualifiers": {"distro": "jessie"},
"subpath": "",
"purl": "pkg:deb/debian/[email protected]?distro=jessie",
"resolved_vulnerabilities": [
OrderedDict(
[
("url", "http://testserver/api/vulnerabilities/2/"),
("vulnerability_id", "CVE-2009-1382"),
]
),
OrderedDict(
[
("url", "http://testserver/api/vulnerabilities/3/"),
("vulnerability_id", "CVE-2009-2459"),
]
),
],
"unresolved_vulnerabilities": [],
},
}

assert response == expected_response

0 comments on commit 41f5aee

Please sign in to comment.