filling in coverage

Matte22 · Sep 4, 2024 · b1676e4 · b1676e4
1 parent b13014b
commit b1676e4
Show file tree

Hide file tree

Showing 20 changed files with 721 additions and 307 deletions.
diff --git a/test/api/mocha/data/appdata/op.test.js b/test/api/mocha/data/appdata/op.test.js
@@ -6,17 +6,16 @@ const config = require('../../testConfig.json')
 const utils = require('../../utils/testUtils.js')
 const iterations = require('../../iterations.js')
 
-describe('Appdata', () => {
+describe('Op', () => {
+  before(async function () {
+    this.timeout(4000)
+    await utils.loadAppData()
+    await utils.uploadTestStigs()
+    await utils.createDisabledCollectionsandAssets()
+  })
 
   for(const iteration of iterations){
-
     describe(`iteration:${iteration.name}`, () => {
-      before(async function () {
-        this.timeout(4000)
-        await utils.loadAppData()
-        await utils.uploadTestStigs()
-        await utils.createDisabledCollectionsandAssets()
-      })
       describe('GET - getAppData - /op/appdata', () => {
         it('Export application data', async () => {
         const res = await chai.request(config.baseUrl)

diff --git a/test/api/mocha/data/asset/assetGet.test.js b/test/api/mocha/data/asset/assetGet.test.js
@@ -211,6 +211,17 @@ describe(`GET - Asset`, function () {
           expect(res.body).to.be.an(`array`)
           expect(res.body).to.include(reference.testAsset.metadataKey)
         })
+        it(`should throw not found error, metadata keys not found`, async function () {
+          const res = await chai
+            .request(config.baseUrl)
+            .get(`/assets/${reference.testAssetNoMetadata.assetId}/metadata/keys`)
+            .set(`Authorization`, `Bearer ` + iteration.token)
+          if(!distinct.hasAccessToTestAsset){
+            expect(res).to.have.status(403)
+            return
+          }
+          expect(res).to.have.status(200)
+        })
       })
       describe(`getAssetMetadataValue - /assets/{assetId}/metadata/keys/{key}`, function () {
         it(`Return the Metadata VALUE for test asset metadata key: testkey`, async function () {
@@ -226,6 +237,17 @@ describe(`GET - Asset`, function () {
           expect(res).to.have.status(200)
           expect(res.body).to.include(reference.testAsset.metadataValue)
         })
+        it(`should throw not found error, metadata keys not found`, async function () {
+          const res = await chai
+            .request(config.baseUrl)
+            .get(`/assets/${reference.testAssetNoMetadata.assetId}/metadata/keys/test`)
+            .set(`Authorization`, `Bearer ` + iteration.token)
+          if(!distinct.hasAccessToTestAsset){
+            expect(res).to.have.status(403)
+            return
+          }
+          expect(res).to.have.status(404)
+        })
       })
       describe(`getAssets - /assets`, function () {
 
@@ -322,6 +344,35 @@ describe(`GET - Asset`, function () {
           }
         })
 
+        it(`should return assets accessible to the requester, testing metadata query. (issue 1357)`, async function () {
+          const assetWithMetadata = await utils.createTempAsset({
+            name: 'tempAsset' + Math.floor(Math.random() * 10000),
+            collectionId: reference.scrapCollection.collectionId,
+            description: 'temp',
+            ip: '1.1.1.1',
+            noncomputing: true,
+            labelIds: [],
+            metadata: {
+              testKey: 'test:value',
+            },
+            stigs: []
+          })
+
+          const res = await chai
+            .request(config.baseUrl).get(`/assets?collectionId=${reference.scrapCollection.collectionId}&metadata=testKey%3Atest%3Avalue`)
+            .set(`Authorization`, `Bearer ` + iteration.token)
+
+          if(iteration.name === 'lvl1' || iteration.name === 'collectioncreator'){
+            expect(res).to.have.status(403)
+            await utils.deleteAsset(assetWithMetadata.data.assetId)
+            return
+          }
+          expect(res).to.have.status(200)
+          expect(res.body).to.be.an(`array`).of.length(1)
+          expect(res.body[0].assetId).to.eql(assetWithMetadata.data.assetId)
+          await utils.deleteAsset(assetWithMetadata.data.assetId)
+        })
+
         it(`Assets accessible to the requester - No StigGrants projection(for lvl1 iteration success)`, async function () {
           const res = await chai
             .request(config.baseUrl).get(`/assets?collectionId=${reference.testCollection.collectionId}&benchmarkId=${reference.benchmark}`)
@@ -581,6 +632,8 @@ describe(`GET - Asset`, function () {
               .get(`/assets/${assetId}/checklists`)
               .set(`Authorization`, `Bearer ` + iteration.token)
             expect(res2).to.have.status(204)
+
+            await utils.deleteAsset(assetId)
         })
       })
       describe(`getChecklistByAssetStig - /assets/{assetId}/checklists/{benchmarkId}/{revisionStr}`, function () {

diff --git a/test/api/mocha/data/asset/assetPut.test.js b/test/api/mocha/data/asset/assetPut.test.js
@@ -7,6 +7,7 @@ const utils = require('../../utils/testUtils')
 const iterations = require('../../iterations.js')
 const expectations = require('./expectations.js')
 const reference = require('../../referenceData.js')
+const { v4: uuidv4 } = require('uuid')
 
 describe('PUT - Asset', function () {
 
@@ -309,14 +310,53 @@ describe('PUT - Asset', function () {
           expect(effectedAsset).to.have.lengthOf(1)
           expect(effectedAsset[0].assetId).to.equal(reference.testAsset.assetId)
         })
-
         it('Replace a Labels Asset Mappings in a Collection assign to an asset that does not exist', async function () {
           const res = await chai.request(config.baseUrl)
             .put(`/collections/${reference.testCollection.collectionId}/labels/${reference.testCollection.fullLabel}/assets`)
             .set('Authorization', 'Bearer ' + iteration.token)
             .send(["9999"])
           expect(res).to.have.status(403)
         })
+        it("should throw SmError.NotFoundError when updating a label that doesn't exist.",async function () {
+          const labelId = uuidv4()
+          const res = await chai.request(config.baseUrl)
+              .put(`/collections/${reference.testCollection.collectionId}/labels/${labelId}/assets`)
+              .set('Authorization', `Bearer ${iteration.token}`)
+              .send([reference.testAsset.assetId])
+            if(distinct.canModifyCollection === false){
+                expect(res).to.have.status(403)
+                return
+            }
+            expect(res).to.have.status(403)
+            expect(res.body.error).to.equal("User has insufficient privilege to complete this request.")
+            expect(res.body.detail).to.equal("The labelId is not associated with this Collection.")
+        })
+      })
+      describe(`attachAssetsToStig - /collections/{collectionId}/stigs/{benchmarkId}/assets`, function () {
+        it('Set the Assets mapped to a STIG', async function () {
+          const res = await chai.request(config.baseUrl)
+          .put(`/collections/${reference.scrapCollection.collectionId}/stigs/${reference.scrapAsset.scrapBenchmark}/assets?projection=restrictedUserAccess`)
+          .set('Authorization', 'Bearer ' + iteration.token)
+          .send([reference.scrapAsset.assetId])
+
+          if(!distinct.canModifyCollection){
+            expect(res).to.have.status(403)
+            return
+          }
+          expect(res).to.have.status(200)
+          expect(res.body).to.be.an('array')
+          expect(res.body).to.be.an('array').of.length(1)
+          expect(res.body[0].assetId).to.equal(reference.scrapAsset.assetId)
+          expect(res.body[0].collectionId).to.equal(reference.scrapCollection.collectionId)
+          expect(res.body[0]).to.have.property('restrictedUserAccess')
+        })
+        it('should throw SM privilege error due to assetId not being apart of collection.', async function () {
+          const res = await chai.request(config.baseUrl)
+          .put(`/collections/${reference.scrapCollection.collectionId}/stigs/${reference.scrapAsset.scrapBenchmark}/assets?projection=restrictedUserAccess`)
+          .set('Authorization', 'Bearer ' + iteration.token)
+          .send([`${Math.floor(Math.random() * 123456)}`])
+          expect(res).to.have.status(403)
+        })
       })
     })
   }

diff --git a/test/api/mocha/data/collection/collectionDelete.test.js b/test/api/mocha/data/collection/collectionDelete.test.js
@@ -1,5 +1,6 @@
 const chai = require('chai')
 const chaiHttp = require('chai-http')
+const { v4: uuidv4 } = require('uuid');
 chai.use(chaiHttp)
 const expect = chai.expect
 const deepEqualInAnyOrder = require('deep-equal-in-any-order')
@@ -102,6 +103,18 @@ describe('DELETE - Collection ', function () {
             const collection = await utils.getCollection(reference.scrapCollection.collectionId)
             expect(collection.labels).to.not.include(reference.scrapCollection.scrapLabel)
         })
+        it("should throw SmError.NotFoundError when deleting a non-existent label.",async function () {
+          const labelId = uuidv4()
+          const res = await chai.request(config.baseUrl)
+              .delete(`/collections/${reference.scrapCollection.collectionId}/labels/${labelId}`)
+              .set('Authorization', `Bearer ${iteration.token}`)
+          if(distinct.canModifyCollection === false){
+              expect(res).to.have.status(403)
+              return
+          }
+          expect(res).to.have.status(404)
+          expect(res.body.error).to.equal("Resource not found.")
+        })
       })
 
       describe('deleteCollectionMetadataKey - /collections/{collectionId}/metadata/keys/{key}', function () {