|
4 | 4 |
|
5 | 5 | package io.securecodebox.persistence.defectdojo.service; |
6 | 6 |
|
7 | | -import com.fasterxml.jackson.core.JsonProcessingException; |
8 | | -import io.securecodebox.persistence.defectdojo.config.Config; |
| 7 | +import io.securecodebox.persistence.defectdojo.model.Finding; |
9 | 8 | import org.junit.jupiter.api.Test; |
10 | | -import org.springframework.http.MediaType; |
11 | | -import org.springframework.test.web.client.MockRestServiceServer; |
12 | 9 |
|
| 10 | +import java.io.IOException; |
13 | 11 | import java.net.URISyntaxException; |
| 12 | +import java.time.OffsetDateTime; |
| 13 | +import java.util.Collections; |
| 14 | +import java.util.List; |
14 | 15 |
|
15 | | -import static org.junit.jupiter.api.Assertions.assertEquals; |
16 | | -import static org.junit.jupiter.api.Assertions.assertIterableEquals; |
17 | | -import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; |
18 | | -import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; |
19 | | - |
20 | | - |
21 | | -// This test is sufficient for all services (except user profile) as all the code is generic |
22 | | -// TODO: Add WireMock integration test. |
23 | | -class FindingServiceTest { |
24 | | - private static final String FINDING_RESPONSE = """ |
25 | | - { |
26 | | - "count": 1, |
27 | | - "next": null, |
28 | | - "previous": null, |
29 | | - "results": |
30 | | - [ |
31 | | - { |
32 | | - "id": 42, |
33 | | - "tags": [], |
34 | | - "request_response": { |
35 | | - "req_resp": [] |
36 | | - }, |
37 | | - "accepted_risks": [], |
38 | | - "push_to_jira": false, |
39 | | - "age": 145, |
40 | | - "sla_days_remaining": null, |
41 | | - "finding_meta": [], |
42 | | - "related_fields": null, |
43 | | - "jira_creation": null, |
44 | | - "jira_change": null, |
45 | | - "display_status": "Active, Verified", |
46 | | - "finding_groups": [], |
47 | | - "title": "Open Port: 9929/TCP", |
48 | | - "date": "2021-03-18", |
49 | | - "sla_start_date": null, |
50 | | - "cwe": 0, |
51 | | - "cve": null, |
52 | | - "cvssv3": null, |
53 | | - "cvssv3_score": null, |
54 | | - "url": null, |
55 | | - "severity": "Info", |
56 | | - "description": "### Host\\n\\n**IP Address:** 198.51.100.0\\n**FQDN:** scanme.nmap.org\\n\\n\\n**Port/Protocol:** 9929/tcp\\n\\n\\n\\n\\n", |
57 | | - "mitigation": "N/A", |
58 | | - "impact": "No impact provided", |
59 | | - "steps_to_reproduce": null, |
60 | | - "severity_justification": null, |
61 | | - "references": null, |
62 | | - "is_template": false, |
63 | | - "active": true, |
64 | | - "verified": true, |
65 | | - "false_p": false, |
66 | | - "duplicate": false, |
67 | | - "out_of_scope": false, |
68 | | - "risk_accepted": false, |
69 | | - "under_review": false, |
70 | | - "last_status_update": "2021-07-21T12:43:36.628994Z", |
71 | | - "under_defect_review": false, |
72 | | - "is_mitigated": false, |
73 | | - "thread_id": 0, |
74 | | - "mitigated": null, |
75 | | - "numerical_severity": "S4", |
76 | | - "last_reviewed": "2021-07-21T12:43:36.545348Z", |
77 | | - "line_number": null, |
78 | | - "sourcefilepath": null, |
79 | | - "sourcefile": null, |
80 | | - "param": null, |
81 | | - "payload": null, |
82 | | - "hash_code": "8dbaad23d4056f0a97bb8f487795fe392b4124f28d4049d16430e43415f1c219", |
83 | | - "line": null, |
84 | | - "file_path": null, |
85 | | - "component_name": null, |
86 | | - "component_version": null, |
87 | | - "static_finding": false, |
88 | | - "dynamic_finding": true, |
89 | | - "created": "2021-07-21T12:43:36.549669Z", |
90 | | - "scanner_confidence": null, |
91 | | - "unique_id_from_tool": null, |
92 | | - "vuln_id_from_tool": null, |
93 | | - "sast_source_object": null, |
94 | | - "sast_sink_object": null, |
95 | | - "sast_source_line": null, |
96 | | - "sast_source_file_path": null, |
97 | | - "nb_occurences": null, |
98 | | - "publish_date": null, |
99 | | - "test": 222, |
100 | | - "duplicate_finding": null, |
101 | | - "review_requested_by": null, |
102 | | - "defect_review_requested_by": null, |
103 | | - "mitigated_by": null, |
104 | | - "reporter": 5, |
105 | | - "last_reviewed_by": 5, |
106 | | - "sonarqube_issue": null, |
107 | | - "endpoints": [ |
108 | | - 875 |
109 | | - ], |
110 | | - "endpoint_status": [ |
111 | | - 8640 |
112 | | - ], |
113 | | - "reviewers": [], |
114 | | - "notes": [], |
115 | | - "files": [], |
116 | | - "found_by": [ |
117 | | - 132 |
118 | | - ] |
119 | | - } |
120 | | - ], |
121 | | - "prefetch": {} |
122 | | - } |
123 | | - """; |
124 | | - |
125 | | - private final Config config = new Config("https://defectdojo.example.com", "abc", 42); |
126 | | - private final FindingService sut = new FindingService(config); |
127 | | - private final MockRestServiceServer server = MockRestServiceServer.createServer(sut.getRestTemplate()); |
| 16 | +import static com.github.tomakehurst.wiremock.client.WireMock.*; |
| 17 | +import static org.hamcrest.MatcherAssert.assertThat; |
| 18 | +import static org.hamcrest.Matchers.*; |
| 19 | +import static org.junit.jupiter.api.Assertions.assertAll; |
128 | 20 |
|
| 21 | +/** |
| 22 | + * Tests for {@link FindingService} |
| 23 | + */ |
| 24 | +final class FindingServiceTest extends WireMockBaseTestCase { |
| 25 | + private final FindingService sut = new FindingService(conf()); |
129 | 26 |
|
130 | 27 | @Test |
131 | | - void deserializeList_shouldResultExactlyOneResult() throws JsonProcessingException { |
132 | | - var result = sut.deserializeList(FINDING_RESPONSE); |
| 28 | + void deserializeList_shouldResultExactlyOneResult() throws IOException { |
| 29 | + var result = sut.deserializeList(readFixtureFile("FindingService_response_fixture.json")); |
133 | 30 |
|
134 | | - assertEquals(1, result.getCount()); |
| 31 | + assertThat(result.getCount(), is(1)); |
135 | 32 | } |
136 | 33 |
|
137 | 34 | @Test |
138 | | - void search() throws JsonProcessingException, URISyntaxException { |
139 | | - final var url = String.format("%s/api/v2/%s/?offset=0&limit=100", config.getUrl(), sut.getUrlPath()); |
140 | | - server.expect(requestTo(url)) |
141 | | - .andRespond(withSuccess(FINDING_RESPONSE, MediaType.APPLICATION_JSON)); |
| 35 | + void search() throws URISyntaxException, IOException { |
| 36 | + stubFor( |
| 37 | + get("/api/v2/findings/?offset=0&limit=100") |
| 38 | + .willReturn( |
| 39 | + ok() |
| 40 | + .withBody(readFixtureFile("FindingService_response_fixture.json")) |
| 41 | + ) |
| 42 | + ); |
| 43 | + |
| 44 | + final var result = sut.search(); |
142 | 45 |
|
143 | | - assertIterableEquals(sut.deserializeList(FINDING_RESPONSE).getResults(), sut.search()); |
144 | | - server.verify(); |
| 46 | + assertAll( |
| 47 | + () -> assertThat(result, hasSize(1)), |
| 48 | + () -> assertThat(result, containsInAnyOrder( |
| 49 | + Finding.builder() |
| 50 | + .id(42) |
| 51 | + .title("Open Port: 9929/TCP") |
| 52 | + .description("IP Address: 198.51.100.0 FQDN: scanme.nmap.org Port/Protocol: 9929/tcp") |
| 53 | + .foundBy(List.of(132L)) |
| 54 | + .severity(Finding.Severity.INFORMATIONAL) |
| 55 | + .test(222) |
| 56 | + .mitigation("N/A") |
| 57 | + .impact("No impact provided") |
| 58 | + .verified(true) |
| 59 | + .active(true) |
| 60 | + .endpoints(List.of(875L)) |
| 61 | + .createdAt(OffsetDateTime.parse("2021-07-21T12:43:36.549669Z")) |
| 62 | + .acceptedRisks(Collections.emptyList()) |
| 63 | + .build() |
| 64 | + )) |
| 65 | + ); |
145 | 66 | } |
146 | 67 | } |
0 commit comments