public void WhenQueryingByNameReturnsExpectedResults()
{
var expectedResult = new Cwe {
CweId = "CWE-001", Name = "Name A: listed", Description = "Description A: listed.", Listed = true
};
var notExpectedResult1 = new Cwe {
CweId = "CWE-002", Name = "Name A: unlisted", Description = "Description A: unlisted.", Listed = false
};
var notExpectedResult2 = new Cwe {
CweId = "CWE-003", Name = "Name B", Description = "description B", Listed = true
};
var cweRepositoryMock = new Mock <IEntityRepository <Cwe> >();
cweRepositoryMock
.Setup(x => x.GetAll())
.Returns(new[]
{
expectedResult,
notExpectedResult1,
notExpectedResult2
}.AsQueryable());
var query = new AutocompleteCweIdsQuery(cweRepositoryMock.Object);
var queryResults = query.Execute("Name A");
Assert.NotNull(queryResults);
var singleResult = Assert.Single(queryResults.Results);
// Only the listed element matching by name should be returned.
Assert.Equal(expectedResult.Name, singleResult.Name);
Assert.Equal(expectedResult.CweId, singleResult.CweId);
Assert.Equal(expectedResult.Description, singleResult.Description);
}
public void ReturnsHttp200AndExpectedBodyForValidRequests(string queryString, string expectedCweIdStartString)
{
var cweRepositoryMock = GetMock <IEntityRepository <Cwe> >();
var expectedResult1 = new Cwe {
CweId = "CWE-011", Name = "Name A: listed", Description = "Description A: listed.", Listed = true
};
var notExpectedResult1 = new Cwe {
CweId = "CWE-012", Name = "Name A: unlisted", Description = "Description A: unlisted.", Listed = false
};
var expectedResult2 = new Cwe {
CweId = "CWE-013", Name = "Name B", Description = "description B", Listed = true
};
var expectedResult3 = new Cwe {
CweId = "CWE-014", Name = "Name C", Description = "description C", Listed = true
};
var expectedResult4 = new Cwe {
CweId = "CWE-015", Name = "Name D", Description = "description D", Listed = true
};
var expectedResult5 = new Cwe {
CweId = "CWE-016", Name = "Name E", Description = "description E", Listed = true
};
var notExpectedResult2 = new Cwe {
CweId = "CWE-017", Name = "Name F", Description = "description F", Listed = true
};
cweRepositoryMock
.Setup(x => x.GetAll())
.Returns(new[]
{
expectedResult1,
notExpectedResult1,
expectedResult2,
expectedResult3,
expectedResult4,
expectedResult5,
notExpectedResult2
}.AsQueryable());
var queryResults = InvokeAndAssertStatusCode(queryString, HttpStatusCode.OK);
Assert.True(queryResults.Success);
Assert.Null(queryResults.ErrorMessage);
Assert.Equal(5, queryResults.Results.Count);
Assert.True(queryResults.Success);
Assert.Null(queryResults.ErrorMessage);
Assert.All(
queryResults.Results,
r =>
{
Assert.StartsWith(expectedCweIdStartString, r.CweId, StringComparison.OrdinalIgnoreCase);
// Only the listed elements with CWE-ID starting with the query string should be returned (up to 5 elements).
Assert.NotEqual(notExpectedResult1.CweId, r.CweId, StringComparer.OrdinalIgnoreCase);
// Sorted numerically, this is the 6th element in the resultset and should be filtered out (max 5).
Assert.NotEqual(notExpectedResult2.CweId, r.CweId, StringComparer.OrdinalIgnoreCase);
});
}
public void ReturnsExistingAndCreatedCwes()
{
// Arrange
var matchingCwe1 = new Cwe
{
CweId = "cve-1"
};
var notMatchingCwe1 = new Cwe
{
CweId = "cve-2"
};
var matchingCwe2 = new Cwe
{
CweId = "cve-3"
};
var notMatchingCwe2 = new Cwe
{
CweId = "cve-4"
};
var cwes = new[] { matchingCwe1, notMatchingCwe1, matchingCwe2, notMatchingCwe2 };
var repository = GetMock <IEntityRepository <Cwe> >();
repository
.Setup(x => x.GetAll())
.Returns(cwes.AsQueryable())
.Verifiable();
var service = Get <PackageDeprecationService>();
var queriedCweIds = new[] { matchingCwe1.CweId, matchingCwe2.CweId };
// Act
var result = service.GetCwesById(queriedCweIds);
// Assert
Assert.Equal(2, result.Count);
Assert.Contains(matchingCwe1, result);
Assert.Contains(matchingCwe2, result);
}
public void ThrowsIfNoCweExistsForId()
{
// Arrange
var matchingCwe1 = new Cwe
{
CweId = "cve-1"
};
var notMatchingCwe1 = new Cwe
{
CweId = "cve-2"
};
var matchingCwe2 = new Cwe
{
CweId = "cve-3"
};
var notMatchingCwe2 = new Cwe
{
CweId = "cve-4"
};
var cwes = new[] { matchingCwe1, notMatchingCwe1, matchingCwe2, notMatchingCwe2 };
var repository = GetMock <IEntityRepository <Cwe> >();
repository
.Setup(x => x.GetAll())
.Returns(cwes.AsQueryable())
.Verifiable();
var service = Get <PackageDeprecationService>();
var missingCweId = "cwe-5";
var queriedCweIds = new[] { matchingCwe1.CweId, matchingCwe2.CweId, missingCweId };
// Act
Assert.Throws <ArgumentException>(() => service.GetCwesById(queriedCweIds));
}
public void DeprecationFieldsAreSetAsExpected(
PackageDeprecationStatus status,
SeverityString_State severity,
bool hasCves,
bool hasCwes,
bool hasAlternateRegistration,
bool hasAlternatePackage)
{
// Arrange
decimal?cvss;
switch (severity)
{
case SeverityString_State.Critical:
cvss = (decimal)9.5;
break;
case SeverityString_State.High:
cvss = (decimal)7.5;
break;
case SeverityString_State.Medium:
cvss = (decimal)5;
break;
case SeverityString_State.Low:
cvss = (decimal)2;
break;
case SeverityString_State.None:
cvss = null;
break;
default:
throw new ArgumentOutOfRangeException(nameof(severity));
}
var deprecation = new PackageDeprecation
{
CvssRating = cvss,
CustomMessage = "hello"
};
var cveIds = new[] { "CVE-2019-1111", "CVE-2019-2222" };
if (hasCves)
{
foreach (var cveId in cveIds)
{
var cve = new Cve
{
CveId = cveId
};
deprecation.Cves.Add(cve);
}
}
var cweIds = new[] { "CWE-1", "CWE-2" };
if (hasCwes)
{
foreach (var cweId in cweIds)
{
var cwe = new Cwe
{
CweId = cweId
};
deprecation.Cwes.Add(cwe);
}
}
var alternateRegistrationId = "alternateRegistrationId";
if (hasAlternateRegistration)
{
var registration = new PackageRegistration
{
Id = alternateRegistrationId
};
deprecation.AlternatePackageRegistration = registration;
}
var alternatePackageRegistrationId = "alternatePackageRegistration";
var alternatePackageVersion = "1.0.0-alt";
if (hasAlternatePackage)
{
var alternatePackageRegistration = new PackageRegistration
{
Id = alternatePackageRegistrationId
};
var alternatePackage = new Package
{
Version = alternatePackageVersion,
PackageRegistration = alternatePackageRegistration
};
deprecation.AlternatePackage = alternatePackage;
}
var package = CreateTestPackage("1.0.0");
var linkedDeprecation = new PackageDeprecation
{
Status = status
};
package.Deprecations.Add(linkedDeprecation);
// Act
var model = new DisplayPackageViewModel(package, null, deprecation);
// Assert
Assert.Equal(status, model.DeprecationStatus);
Assert.Equal(deprecation.CustomMessage, model.CustomMessage);
string expectedString;
switch (severity)
{
case SeverityString_State.Critical:
expectedString = "Critical";
break;
case SeverityString_State.High:
expectedString = "High";
break;
case SeverityString_State.Medium:
expectedString = "Medium";
break;
case SeverityString_State.Low:
expectedString = "Low";
break;
case SeverityString_State.None:
expectedString = null;
break;
default:
throw new ArgumentOutOfRangeException(nameof(severity));
}
Assert.Equal(expectedString, model.Severity);
if (hasCves)
{
Assert.Equal(cveIds, model.CveIds);
}
else
{
Assert.Empty(model.CveIds);
}
if (hasCwes)
{
Assert.Equal(cweIds, model.CweIds);
}
else
{
Assert.Empty(model.CweIds);
}
if (hasAlternatePackage)
{
Assert.Equal(alternatePackageRegistrationId, model.AlternatePackageId);
Assert.Equal(alternatePackageVersion, model.AlternatePackageVersion);
}
else if (hasAlternateRegistration)
{
Assert.Equal(alternateRegistrationId, model.AlternatePackageId);
Assert.Null(model.AlternatePackageVersion);
}
else
{
Assert.Null(model.AlternatePackageId);
Assert.Null(model.AlternatePackageVersion);
}
var versionModel = model.PackageVersions.Single();
Assert.Equal(status, versionModel.DeprecationStatus);
Assert.Null(versionModel.Severity);
Assert.Null(versionModel.CveIds);
Assert.Null(versionModel.CweIds);
Assert.Null(versionModel.AlternatePackageId);
Assert.Null(versionModel.AlternatePackageVersion);
Assert.Null(versionModel.CustomMessage);
}
public VulnerabilityDetailState(Cwe cwe)
: this(cwe.CweId, cwe.Description)
{
name = cwe.Name;
}
