chore: refactor/rename integration test helpers

This replaces the existing `helpers.js` file with a new `api.js`
file, intended to be the starting point for a better integration
testing structure.

To start with, the functions contained therein are renamed to
be clearer at the callsite, and lightly refactored to not
perform any testing on their own, but instead to provide just
a unified mechanism for making requests to the CVE Services API.

In the future, the goal would be to move all API calls into
this module, so that the test files merely *use* this API to
make their CVE Services calls, and then perform the test
assertions necessary to validate the expected behavior.

Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>

Author: alilleybrinker

test/integration-tests/api.js

@@ -0,0 +1,117 @@
+const chai = require('chai')
+const chaiHttp = require('chai-http')
+const constant = require('./constants.js')
+const app = require('../../src/index.js')
+chai.use(chaiHttp)
+
+async function reserveCveIdAsCna (year, shortName, headers = constant.cnaHeaders) {
+  return await chai.request(app)
+    .post(`/api/cve-id?amount=1&cve_year=${year}&short_name=${shortName}&batch_type=non-sequential`)
+    .set(headers)
+}
+
+async function bulkReserveCveIdAsSecretariat (
+  requestLength,
+  year,
+  shortName,
+  batchType,
+  headers = constant.secretariatHeaders
+) {
+  return await chai
+    .request(app)
+    .post(
+      `/api/cve-id?amount=${requestLength}&cve_year=${year}&short_name=${shortName}&batch_type=${batchType}`
+    )
+    .set(headers)
+}
+
+async function createCveAsCna (cveId, body = constant.testCve, headers = constant.cnaHeaders) {
+  return await chai
+    .request(app)
+    .post(`/api/cve/${cveId}/cna`)
+    .set(headers)
+    .send(body)
+}
+
+async function createCveAsSecretariat (cveId, body = constant.testCve, headers = constant.secretariatHeaders) {
+  return await chai
+    .request(app)
+    .post(`/api/cve/${cveId}/cna`)
+    .set(headers)
+    .send(body)
+}
+
+async function createCveAsCnaWithCnaContainer (cveId, body, headers = constant.cnaHeaders) {
+  return await chai
+    .request(app)
+    .post(`/api/cve/${cveId}/cna`)
+    .set(headers)
+    .send(body)
+}
+
+async function updateCveAsCnaWithCnaContainer (cveId, body, headers = constant.cnaHeaders) {
+  return await chai
+    .request(app)
+    .put(`/api/cve/${cveId}/cna`)
+    .set(headers)
+    .send(body)
+}
+
+async function updateCveAsSecretariat (cveId, body, headers = constant.secretariatHeaders) {
+  return await chai
+    .request(app)
+    .put(`/api/cve/${cveId}`)
+    .set(headers)
+    .send(body)
+}
+
+async function updateCveAsSecretariatWithCnaContainer (cveId, body, headers = constant.secretariatHeaders) {
+  return await chai
+    .request(app)
+    .put(`/api/cve/${cveId}/cna`)
+    .set(headers)
+    .send(body)
+}
+
+async function updateCveAsAdpWithAdpContainer (cveId, body, headers = constant.cnaHeaders) {
+  return await chai
+    .request(app)
+    .put(`/api/cve/${cveId}/adp`)
+    .set(headers)
+    .send(body)
+}
+
+async function updateUserOrgAsSecretariat (
+  userName,
+  orgShortName,
+  newOrgShortName,
+  headers = constant.secretariatHeaders
+) {
+  return await chai
+    .request(app)
+    .put(
+      `/api/org/${orgShortName}/user/${userName}?org_short_name=${newOrgShortName}`
+    )
+    .set(headers)
+}
+
+async function updateCveIdOwningOrgAsSecretariat (cveId, newOrgShortName, headers = constant.secretariatHeaders) {
+  return await chai
+    .request(app)
+    .put(`/api/cve-id/${cveId}?org=${newOrgShortName}`)
+    .set(headers)
+}
+
+module.exports = {
+  reserveCveIdAsCna,
+  bulkReserveCveIdAsSecretariat,
+  createCveAsCna,
+  createCveAsSecretariat,
+  createCveAsCnaWithCnaContainer,
+  updateCveAsCnaWithCnaContainer,
+  updateCveAsSecretariat,
+  updateCveAsSecretariatWithCnaContainer,
+  updateCveAsAdpWithAdpContainer,
+  updateUserOrgAsSecretariat,
+  updateCveIdOwningOrgAsSecretariat
+}

test/integration-tests/constants.js

@@ -1,6 +1,5 @@
 const secretariatHeaders = {
   'CVE-API-ORG': 'mitre',
-  'content-type': 'application/json',
   'CVE-API-USER': 'test_secretariat_0@mitre.org',
   'CVE-API-KEY': 'TCF25YM-39C4H6D-KA32EGF-V5XSHN3'
 }

test/integration-tests/cve-id/cveIdUpdateTest.js

@@ -6,14 +6,16 @@ const expect = chai.expect
 
 const constants = require('../constants.js')
 const app = require('../../../src/index.js')
-const helpers = require('../helpers.js')
+const api = require('../api.js')
 
 const shortName = 'win_5'
 
 describe('Text PUT CVE-ID/:id', () => {
   let cveId
   before(async () => {
-    cveId = await helpers.cveIdReserveHelper(1, '2023', shortName, 'non-sequential')
+    const reserveRes = await api.reserveCveIdAsCna('2023', shortName)
+    expect(reserveRes).to.have.status(200)
+    cveId = reserveRes.body.cve_ids[0].cve_id
   })
   context('State parameter Tests', () => {
     it('Endpoint should return a 400 when state org is set to published', async () => {

test/integration-tests/cve-id/getCveIdTest.js

@@ -7,12 +7,12 @@ const _ = require('lodash')
 const expect = chai.expect
 
 const constants = require('../constants.js')
-const helpers = require('../helpers.js')
+const api = require('../api.js')
 const app = require('../../../src/index.js')
 
 describe('Testing Get CVE-ID endpoint', () => {
   // TODO: Update this test to dynamically calculate reserved count.
-  const RESESRVED_COUNT = 124
+  const RESESRVED_COUNT = 125
   const YEAR_COUNT = 10
   const PUB_YEAR_COUNT = 4
   const TIME_WINDOW_COUNT = 40
@@ -111,10 +111,12 @@ describe('Testing Get CVE-ID endpoint', () => {
         })
     })
     it('For non Secretariat users, should redact requested_by.user values not in requested_by.cna org', async () => {
-      const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.cnaHeaders['CVE-API-ORG'], 'non-sequential')
+      const reserveRes = await api.reserveCveIdAsCna('2023', constants.cnaHeaders['CVE-API-ORG'])
+      expect(reserveRes).to.have.status(200)
+      const cveId = reserveRes.body.cve_ids[0].cve_id
 
       // change users org for testing
-      await helpers.userOrgUpdateAsSecHelper(constants.cnaHeaders['CVE-API-USER'], constants.cnaHeaders['CVE-API-ORG'], 'mitre')
+      await api.updateUserOrgAsSecretariat(constants.cnaHeaders['CVE-API-USER'], constants.cnaHeaders['CVE-API-ORG'], 'mitre')
 
       await chai.request(app)
         .get('/api/cve-id?state=RESERVED')
@@ -128,14 +130,16 @@ describe('Testing Get CVE-ID endpoint', () => {
           expect(cveIdObject.requested_by.user).to.equal('REDACTED')
 
           // Reset user to original org
-          await helpers.userOrgUpdateAsSecHelper(constants.cnaHeaders['CVE-API-USER'], 'mitre', 'win_5')
+          await api.updateUserOrgAsSecretariat(constants.cnaHeaders['CVE-API-USER'], 'mitre', 'win_5')
         })
     })
     it('For non Secretariat users, should redact requested_by.user values when requested_by.cna is not owning_cna', async () => {
-      const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.cnaHeaders['CVE-API-ORG'], 'non-sequential')
+      const reserveRes = await api.reserveCveIdAsCna('2023', constants.cnaHeaders['CVE-API-ORG'])
+      expect(reserveRes).to.have.status(200)
+      const cveId = reserveRes.body.cve_ids[0].cve_id
 
       // change cve-id's owning_org for testing
-      await helpers.updateOwningOrgAsSecHelper(cveId, constants.cnaHeaders3['CVE-API-ORG'])
+      await api.updateCveIdOwningOrgAsSecretariat(cveId, constants.cnaHeaders3['CVE-API-ORG'])
 
       await chai.request(app)
         .get('/api/cve-id?state=RESERVED')
@@ -150,10 +154,12 @@ describe('Testing Get CVE-ID endpoint', () => {
         })
     })
     it('For Secretariat users, should redact requested_by.user values not in requested_by.cna org', async () => {
-      const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.cnaHeaders['CVE-API-ORG'], 'non-sequential')
+      const reserveRes = await api.reserveCveIdAsCna('2023', constants.cnaHeaders['CVE-API-ORG'])
+      expect(reserveRes).to.have.status(200)
+      const cveId = reserveRes.body.cve_ids[0].cve_id
 
       // change users org for testing
-      await helpers.userOrgUpdateAsSecHelper(constants.cnaHeaders['CVE-API-USER'], constants.cnaHeaders['CVE-API-ORG'], 'mitre')
+      await api.updateUserOrgAsSecretariat(constants.cnaHeaders['CVE-API-USER'], constants.cnaHeaders['CVE-API-ORG'], 'mitre')
 
       await chai.request(app)
         .get('/api/cve-id?state=RESERVED')
@@ -167,14 +173,16 @@ describe('Testing Get CVE-ID endpoint', () => {
           expect(cveIdObject.requested_by.user).to.equal(constants.cnaHeaders['CVE-API-USER'])
 
           // Reset user to original org
-          await helpers.userOrgUpdateAsSecHelper(constants.cnaHeaders['CVE-API-USER'], 'mitre', 'win_5')
+          await api.updateUserOrgAsSecretariat(constants.cnaHeaders['CVE-API-USER'], 'mitre', 'win_5')
         })
     })
     it('For Secretariat users, should redact requested_by.user values when requested_by.cna is not owning_cna', async () => {
-      const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.cnaHeaders['CVE-API-ORG'], 'non-sequential')
+      const reserveRes = await api.reserveCveIdAsCna('2023', constants.cnaHeaders['CVE-API-ORG'])
+      expect(reserveRes).to.have.status(200)
+      const cveId = reserveRes.body.cve_ids[0].cve_id
 
       // change cve-id's owning_org for testing
-      await helpers.updateOwningOrgAsSecHelper(cveId, constants.cnaHeaders3['CVE-API-ORG'])
+      await api.updateCveIdOwningOrgAsSecretariat(cveId, constants.cnaHeaders3['CVE-API-ORG'])
 
       await chai.request(app)
         .get('/api/cve-id?state=RESERVED')

test/integration-tests/cve-id/reserveCveIdTest.js

@@ -58,6 +58,4 @@ describe('Testing Reserve CVE-ID Endpoints', () => {
         })
     })
   })
-
-  // afterEach(() => { })
 })

test/integration-tests/cve/cursorPaginationTest.js

@@ -2,7 +2,7 @@
 
 const chai = require('chai')
 chai.use(require('chai-http'))
-const helpers = require('../helpers.js')
+const api = require('../api.js')
 
 const expect = chai.expect
 
@@ -13,9 +13,13 @@ const currentDate = new Date().toISOString()
 describe('Testing Get cve_cursor endpoint', () => {
   let cveIds = []
   before(async () => {
-    cveIds = await helpers.cveIdBulkReserveHelper(5, '2023', constants.secretariatHeaders['CVE-API-ORG'], 'sequential')
+    const reserveRes = await api.bulkReserveCveIdAsSecretariat(5, '2023', constants.secretariatHeaders['CVE-API-ORG'], 'sequential')
+    cveIds = reserveRes.body.cve_ids.map((cveId) => {
+      return cveId.cve_id
+    })
+
     for (const cveId of cveIds) {
-      await helpers.cveRequestAsSecHelper(cveId)
+      await api.createCveAsSecretariat(cveId)
     }
   })
   const TOTAL_COUNT = 119
@@ -87,8 +91,12 @@ describe('Testing Get cve_cursor endpoint', () => {
         })
 
       // Create new CVE record, which would appear at the beginning, but data should not be moved
-      const newcveId = await helpers.cveIdBulkReserveHelper(1, '2023', constants.secretariatHeaders['CVE-API-ORG'], 'sequential')
-      await helpers.cveRequestAsSecHelper(newcveId)
+      const newReserveRes = await api.bulkReserveCveIdAsSecretariat(1, '2023', constants.secretariatHeaders['CVE-API-ORG'], 'sequential')
+      const newcveId = newReserveRes.body.cve_ids.map((cveId) => {
+        return cveId.cve_id
+      })
+
+      await api.createCveAsSecretariat(newcveId)
 
       // Request page 2 again using same next_page string, should see no change in results
       await requester.get('/api/cve_cursor?limit=2&next_page=' + next + '&time_modified.gt=' + currentDate)
@@ -171,7 +179,7 @@ describe('Testing Get cve_cursor endpoint', () => {
         })
 
       // Modify page 1 CVE record, which would remove it, but data should not be moved
-      await helpers.cveUpdateAsSecHelper(pageOneRec1.cveMetadata.cveId, constants.testCve)
+      await api.updateCveAsSecretariatWithCnaContainer(pageOneRec1.cveMetadata.cveId, constants.testCve)
 
       // Request page 2 again using same next_page string, should see no change in results
       await requester.get('/api/cve_cursor?limit=2&next_page=' + next + '&time_modified.lt=' + currentDate)

test/integration-tests/cve/erlCheckPOSTTest.js

@@ -1,32 +1,27 @@
 /* eslint-disable no-unused-expressions */
 
 const chai = require('chai')
-chai.use(require('chai-http'))
-
-const expect = chai.expect
-
 const constants = require('../constants.js')
 const app = require('../../../src/index.js')
-const helpers = require('../helpers.js')
-
-const requestLength = 1
-const shortName = 'win_5'
-const cveYear = '2023'
-const batchType = 'non-sequential'
+const api = require('../api.js')
+const expect = chai.expect
+chai.use(require('chai-http'))
 
 describe('Testing POST ERLCheck field', () => {
   let cveId
+
   beforeEach(async () => {
-    cveId = await helpers.cveIdReserveHelper(requestLength, cveYear, shortName, batchType)
+    const reserveRes = await api.reserveCveIdAsCna('2023', constants.cnaHeaders['CVE-API-ORG'])
+    cveId = reserveRes.body.cve_ids[0].cve_id
   })
+
   context('ERL POST Check Tests', () => {
     it('POST CVE that is ERL Checked with correct details', async () => {
       await chai.request(app)
         .post(`/api/cve/${cveId}/cna?erlcheck=true`)
         .set(constants.cnaHeaders)
         .send(constants.enrichedCve)
         .then((res, err) => {
-        // Safety Expect
           expect(err).to.be.undefined
           expect(res).to.have.status(200)
         })
@@ -38,7 +33,6 @@ describe('Testing POST ERLCheck field', () => {
         .set(constants.cnaHeaders)
         .send(constants.testCve)
         .then((res, err) => {
-        // Safety Expect
           expect(res).to.have.status(403)
         })
     })
@@ -49,7 +43,6 @@ describe('Testing POST ERLCheck field', () => {
         .set(constants.cnaHeaders)
         .send(constants.enrichedCve)
         .then((res, err) => {
-        // Safety Expect
           expect(err).to.be.undefined
           expect(res).to.have.status(200)
         })
@@ -61,7 +54,6 @@ describe('Testing POST ERLCheck field', () => {
         .set(constants.cnaHeaders)
         .send(constants.testCve)
         .then((res, err) => {
-        // Safety Expect
           expect(res).to.have.status(200)
         })
     })
@@ -72,7 +64,6 @@ describe('Testing POST ERLCheck field', () => {
         .set(constants.cnaHeaders)
         .send(constants.testCve)
         .then((res, err) => {
-        // Safety Expect
           expect(res).to.have.status(400)
         })
     })

test/integration-tests/cve/erlCheckPUTTest.js

@@ -7,19 +7,20 @@ const expect = chai.expect
 
 const constants = require('../constants.js')
 const app = require('../../../src/index.js')
-const helpers = require('../helpers.js')
+const api = require('../api.js')
 
-const requestLength = 1
 const shortName = 'win_5'
 const cveYear = '2023'
-const batchType = 'non-sequential'
 
 describe('Testing PUT ERLCheck field', () => {
   let cveId
   before(async () => {
-    cveId = await helpers.cveIdReserveHelper(requestLength, cveYear, shortName, batchType)
-    await helpers.cveRequestAsCnaHelper(cveId)
-    console.log('HEre')
+    const reserveRes = await api.reserveCveIdAsCna(cveYear, shortName)
+    chai.expect(reserveRes).to.have.status(200)
+    cveId = reserveRes.body.cve_ids[0].cve_id
+
+    const createRes = await api.createCveAsCna(cveId)
+    chai.expect(createRes).to.have.status(200)
   })
   context('ERL PUT Check Tests', () => {
     it('PUT CVE that is ERL Checked with correct details', async () => {
@@ -28,7 +29,6 @@ describe('Testing PUT ERLCheck field', () => {
         .set(constants.cnaHeaders)
         .send(constants.enrichedCve)
         .then((res, err) => {
-        // Safety Expect
           expect(err).to.be.undefined
           expect(res).to.have.status(200)
         })