Skip to content

Commit

Permalink
Merge branch 'testing-new-iterations' of https://github.com/Matte22/s…
Browse files Browse the repository at this point in the history 
…tig-manager into testing-new-iterations
  • Loading branch information
@cd-rite
cd-rite committed Sep 4, 2024
2 parents d31e4c2 + b8fc2b0 commit 1302058
Show file tree
Hide file tree
Showing 7 changed files with 425 additions and 149 deletions.
33 changes: 33 additions & 0 deletions test/api/mocha/cross-boundary/lvl1.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,39 @@ describe("lvl1 cross-boundary tests", () => {
expect(res).to.have.status(403)
})
})
describe('GET - getReviewMetadataValue - /collections/{collectionId}/reviews/{assetId}/{ruleId}/metadata/keys/{key}', () => {

it('Should throw SmError.PriviledgeError no access to review rule', async () => {
const res = await chai.request(config.baseUrl)
.get(`/collections/${reference.testCollection.collectionId}/reviews/${reference.testAsset.assetId}/${reference.scrapRuleIdWindows10}/metadata/keys/notakey`)
.set('Authorization', `Bearer ${user.token}`)
expect(res).to.have.status(403)
expect(res.body.error).to.be.equal("User has insufficient privilege to complete this request.")
})
})
describe('PUT - putReviewMetadataValue - /collections/{collectionId}/reviews/{assetId}/{ruleId}/metadata/keys/{key}', () => {

it('should throw SmError.PriviledgeError User has insufficient privilege to put the review of this rule. no acess to review rule', async () => {
const res = await chai.request(config.baseUrl)
.put(`/collections/${reference.testCollection.collectionId}/reviews/${reference.testAsset.assetId}/${reference.scrapRuleIdWindows10}/metadata/keys/${reference.reviewMetadataKey}`)
.set('Authorization', `Bearer ${user.token}`)
.set('Content-Type', 'application/json')
.send(`${JSON.stringify(reference.reviewMetadataValue)}`)
expect(res).to.have.status(403)
expect(res.body.error).to.be.equal("User has insufficient privilege to complete this request.")
})
})
describe('DELETE - deleteReviewMetadataKey - /collections/{collectionId}/reviews/{assetId}/{ruleId}/metadata/keys/{key}', () => {

it('should throw SmError.PriviledgeError User has insufficient privilege to delete the review of this rule. no acess to review rule', async () => {
const res = await chai.request(config.baseUrl)
.delete(`/collections/${reference.testCollection.collectionId}/reviews/${reference.testAsset.assetId}/${reference.scrapRuleIdWindows10}/metadata/keys/${reference.reviewMetadataKey}`)
.set('Authorization', `Bearer ${user.token}`)
.send(`${JSON.stringify(reference.reviewMetadataValue)}`)
expect(res).to.have.status(403)
expect(res.body.error).to.be.equal("User has insufficient privilege to complete this request.")
})
})

})

Expand Down
8 changes: 8 additions & 0 deletions test/api/mocha/data/review/reviewGet.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -502,7 +502,15 @@ describe('GET - Review', () => {
expect(res.body).to.be.an('string')
expect(res.body).to.equal(reference.reviewMetadataValue)
})
it('Should throw SmError.NotFoundError no metadatakey found', async () => {
const res = await chai.request(config.baseUrl)
.get(`/collections/${reference.testCollection.collectionId}/reviews/${reference.testAsset.assetId}/${reference.testCollection.ruleId}/metadata/keys/notakey`)
.set('Authorization', `Bearer ${iteration.token}`)
expect(res).to.have.status(404)
expect(res.body.error).to.be.equal("Resource not found.")
})
})

})
}
})
Expand Down
385 changes: 244 additions & 141 deletions test/api/mocha/data/review/reviewPost.test.js
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions test/api/mocha/data/review/reviewPut.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -367,19 +367,19 @@ describe('PUT - Review', () => {
describe('PUT - putReviewMetadataValue - /collections/{collectionId}/reviews/{assetId}/{ruleId}/metadata/keys/{key}', () => {

before(async function () {
this.timeout(4000)
// await utils.uploadTestStigs()
await utils.loadAppData()
this.timeout(4000)
// await utils.uploadTestStigs()
await utils.loadAppData()
})
it('Set one metadata key/value of a Review', async () => {
it('Set one metadata key/value of a Review', async () => {
const res = await chai.request(config.baseUrl)
.put(`/collections/${reference.testCollection.collectionId}/reviews/${reference.testAsset.assetId}/${reference.testCollection.ruleId}/metadata/keys/${reference.reviewMetadataKey}`)
.set('Authorization', `Bearer ${iteration.token}`)
.set('Content-Type', 'application/json')
.send(`${JSON.stringify(reference.reviewMetadataValue)}`)

expect(res).to.have.status(204)
})
})
})
})
}
Expand Down
10 changes: 10 additions & 0 deletions test/api/mocha/data/stig/stigDelete.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,16 @@ describe('DELETE - Stig', () => {
expect(response.response.status).to.equal(404)

})
it('should throw SmError.NotFoundError No matching benchmarkId found.', async () => {
const res = await chai.request(config.baseUrl)
.delete(`/stigs/${'trashdata'}?elevate=true&force=true`)
.set('Authorization', `Bearer ${iteration.token}`)
if(iteration.name !== "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(404)
})
})
describe('DELETE - deleteRevisionByString - /stigs/{benchmarkId}/revisions/{revisionStr}', () => {

Expand Down
30 changes: 30 additions & 0 deletions test/api/mocha/data/stig/stigPost.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,36 @@ describe('POST - Stig', () => {
expect(res).to.have.status(200)
expect(res.body).to.deep.eql(expectedRevData)
})
it('should throw SmError.PrivilegeError() no elevate', async () => {

const directoryPath = path.join(__dirname, '../../../form-data-files/')
const testStigfile = reference.testStigfile
const filePath = path.join(directoryPath, testStigfile)

const res = await chai.request(config.baseUrl)
.post('/stigs?clobber=false')
.set('Authorization', `Bearer ${iteration.token}`)
.set('Content-Type', `multipart/form-data`)
.attach('importFile', fs.readFileSync(filePath), testStigfile) // Attach the file here
expect(res).to.have.status(403)
})
it('should throw SmError.ClientError not xml file', async () => {

const directoryPath = path.join(__dirname, '../../../form-data-files/')
const testStigfile = 'appdata.json'
const filePath = path.join(directoryPath, testStigfile)

const res = await chai.request(config.baseUrl)
.post('/stigs?elevate=true&clobber=false')
.set('Authorization', `Bearer ${iteration.token}`)
.set('Content-Type', `multipart/form-data`)
.attach('importFile', fs.readFileSync(filePath), testStigfile) // Attach the file here
if(iteration.name !== "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(400)
})
it('Import a new STIG - preserve', async () => {

const directoryPath = path.join(__dirname, '../../../form-data-files/')
Expand Down
96 changes: 94 additions & 2 deletions test/api/mocha/data/user/user.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,14 @@ describe('GET - user', () => {
expect(user.userId, "expect userId to be one of the users the system").to.be.oneOf(reference.allUserIds)
}
})
it("should throw SmError.PrivilegeError no elevate with projections.", async () => {

const res = await chai
.request(config.baseUrl)
.get(`/users?projection=collectionGrants`)
.set('Authorization', 'Bearer ' + iteration.token)
expect(res).to.have.status(403)
})
})

describe(`GET - getUserByUserId - /users{userId}`, async () => {
Expand Down Expand Up @@ -138,13 +146,14 @@ describe('POST - user', () => {
for(const iteration of iterations) {
describe(`iteration:${iteration.name}`, () => {
describe(`POST - createUser - /users`, () => {
const randomValue= Math.floor(Math.random() * 1000)
it('Create a user', async () => {
const res = await chai
.request(config.baseUrl)
.post(`/users?elevate=true&projection=collectionGrants&projection=statistics`)
.set('Authorization', 'Bearer ' + iteration.token)
.send({
"username": "TEST_USER" + Math.floor(Math.random() * 1000),
"username": "TEST_USER" + randomValue,
"collectionGrants": [
{
"collectionId": `${reference.scrapCollection.collectionId}`,
Expand Down Expand Up @@ -172,6 +181,49 @@ describe('POST - user', () => {
expect(createdUser.collectionGrants).to.be.an('array')
expect(createdUser.collectionGrants, "expect created user to have a single grant to scrap collection").to.have.lengthOf(1)
})
if(iteration.name == "stigmanadmin"){

it('should throw SmError.UnprocessableError collectionIds are invalid.', async () => {
const res = await chai
.request(config.baseUrl)
.post(`/users?elevate=true`)
.set('Authorization', 'Bearer ' + iteration.token)
.send({
"username": "TEST_USER" + randomValue,
"collectionGrants": [
{
"collectionId": `${randomValue}`,
"accessLevel": 1
}
]
})
if(iteration.name != "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(422)
})
it('should throw SmError.UnprocessableError Duplicate name exists.', async () => {
const res = await chai
.request(config.baseUrl)
.post(`/users?elevate=true`)
.set('Authorization', 'Bearer ' + iteration.token)
.send({
"username": "TEST_USER"+ randomValue,
"collectionGrants": [
{
"collectionId": `${reference.scrapCollection.collectionId}`,
"accessLevel": 1
}
]
})
if(iteration.name != "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(422)
})
}
})
})
}
Expand Down Expand Up @@ -224,6 +276,26 @@ describe('PATCH - user', () => {
expect(userEffected.userId,"expectthe effected user to be the one returned by the api").to.equal(res.body.userId)
expect(userEffected.collectionGrants).to.be.an('array')
})
it("should throw SmError.UnprocessableError collectionIds are invalid.", async () => {
const res = await chai
.request(config.baseUrl)
.patch(`/users/${reference.scrapLvl1User.userId}?elevate=true`)
.set('Authorization', 'Bearer ' + iteration.token)
.send({
"username": "PatchTest",
"collectionGrants": [
{
"collectionId": `${Math.floor(Math.random() * 100022)}`,
"accessLevel": 1
}
]
})
if(iteration.name != "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(422)
})
})
})
}
Expand All @@ -240,7 +312,6 @@ describe('PUT - user', () => {
describe(`iteration:${iteration.name}`, () => {
describe(`PUT - replaceUser - /users{userId}`, async () => {


it(`Set all properties of a user - Change Username`, async () => {
const res = await chai
.request(config.baseUrl)
Expand Down Expand Up @@ -280,6 +351,27 @@ describe('PUT - user', () => {
expect(userEffected.collectionGrants).to.be.an('array')

})

it("should throw SmError.UnprocessableError collectionIds are invalid.", async () => {
const res = await chai
.request(config.baseUrl)
.put(`/users/${reference.scrapLvl1User.userId}?elevate=true`)
.set('Authorization', 'Bearer ' + iteration.token)
.send({
"username": "putTesting",
"collectionGrants": [
{
"collectionId": `${Math.floor(Math.random() * 100022)}`,
"accessLevel": 1
}
]
})
if(iteration.name != "stigmanadmin"){
expect(res).to.have.status(403)
return
}
expect(res).to.have.status(422)
})
})
})
}
Expand Down

0 comments on commit 1302058

Please sign in to comment.