Skip to content

Commit 5b62d85

Browse files
cx-hitesh-madgulkarcx-hitesh-madgulkar
committed
added-ut-cases2
1 parent ecc98cc commit 5b62d85

File tree

2 files changed

+96
-44
lines changed

2 files changed

+96
-44
lines changed

internal/commands/predicates.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,9 @@ func runTriageShow(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper) f
159159

160160
if strings.EqualFold(scanType, params.ScaType) {
161161
//SCA
162+
if len(vulnerabilityDetails) == 0 {
163+
return errors.Errorf("%s", "Failed showing the predicate. Vulnerabilities are required for SCA triage")
164+
}
162165
scaResponse, err := resultsPredicatesWrapper.ScaPredicateResult(vulnerabilityDetails, projectID)
163166
if err != nil {
164167
return errors.Wrapf(err, "%s", "Failed showing the predicate")
@@ -268,6 +271,9 @@ func transformState(state string) string {
268271
}
269272

270273
func prepareScaTriagePayload(vulnerabilityDetails []string, comment string, state string, projectId string) (interface{}, error) {
274+
if len(vulnerabilityDetails) == 0 {
275+
return nil, errors.Errorf("Vulnerabilities details are required.")
276+
}
271277
scaTriageInfo := make(map[string]interface{})
272278
for _, vulnerability := range vulnerabilityDetails {
273279
vulnerabilityKeyVal := strings.SplitN(vulnerability, "=", 2)

internal/commands/predicates_test.go

Lines changed: 90 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ package commands
55
import (
66
"fmt"
77
"testing"
8+
"time"
89

910
"github.com/checkmarx/ast-cli/internal/wrappers"
1011
"github.com/checkmarx/ast-cli/internal/wrappers/mock"
@@ -349,19 +350,6 @@ func TestPrepareScaTriagePayload(t *testing.T) {
349350
projectId string
350351
expectedError string
351352
}{
352-
{
353-
name: "Valid SCA triage payload",
354-
vulnerabilityDetails: []string{
355-
"packageName=lodash",
356-
"packageVersion=4.17.20",
357-
"packageManager=npm",
358-
"vulnerabilityId=CVE-2021-23337",
359-
},
360-
comment: "Testing SCA triage",
361-
state: "NOT_EXPLOITABLE",
362-
projectId: "test-project-123",
363-
expectedError: "",
364-
},
365353
{
366354
name: "Missing packageName",
367355
vulnerabilityDetails: []string{
@@ -410,19 +398,6 @@ func TestPrepareScaTriagePayload(t *testing.T) {
410398
projectId: "test-project-123",
411399
expectedError: "Invalid vulnerabilities. It should be in a KEY=VALUE format",
412400
},
413-
{
414-
name: "Case insensitive package name",
415-
vulnerabilityDetails: []string{
416-
"packagename=lodash",
417-
"packageversion=4.17.20",
418-
"packagemanager=npm",
419-
"vulnerabilityId=CVE-2021-23337",
420-
},
421-
comment: "Testing case insensitive",
422-
state: "CONFIRMED",
423-
projectId: "test-project-123",
424-
expectedError: "",
425-
},
426401
}
427402

428403
for _, tt := range tests {
@@ -439,39 +414,110 @@ func TestPrepareScaTriagePayload(t *testing.T) {
439414
}
440415
}
441416

442-
func TestRunUpdateTriageCommandForSCA(t *testing.T) {
443-
execCmdNilAssertion(
417+
func TestPrepareScaTriagePayloadWithMissingVulnerabilities(t *testing.T) {
418+
payload, err := prepareScaTriagePayload(nil, "Testing missing vulnerabilities", "NOT_EXPLOITABLE", "test-project-123")
419+
assert.ErrorContains(t, err, "Vulnerabilities details are required.")
420+
assert.Assert(t, payload == nil, "Expected payload to be nil")
421+
}
422+
423+
func TestRunShowTriageCommandForSCAWithMissingVulnerabilities(t *testing.T) {
424+
err := execCmdNotNilAssertion(
444425
t,
445426
"triage",
446-
"update",
427+
"show",
447428
"--project-id",
448429
"MOCK",
449-
"--state",
450-
"not_exploitable",
451-
"--comment",
452-
"Testing SCA triage commands.",
453430
"--scan-type",
454431
"sca",
455-
"--vulnerabilities",
456-
"packageName=lodash,packageVersion=4.17.20,packageManager=npm,vulnerabilityId=CVE-2021-23337",
457432
)
433+
// SCA triage show requires vulnerabilities flag
434+
assert.Assert(t, err != nil, "Expected error when vulnerabilities flag is missing")
458435
}
459436

460-
func TestRunUpdateTriageCommandForSCAWithMissingPackageDetails(t *testing.T) {
437+
func TestRunShowTriageCommandForSCAWithMultipleProjects(t *testing.T) {
461438
err := execCmdNotNilAssertion(
462439
t,
463440
"triage",
464-
"update",
441+
"show",
465442
"--project-id",
466-
"MOCK",
467-
"--state",
468-
"not_exploitable",
469-
"--comment",
470-
"Testing SCA triage with missing details.",
443+
"MOCK1,MOCK2",
471444
"--scan-type",
472445
"sca",
473446
"--vulnerabilities",
474-
"packageVersion=4.17.20",
447+
"packageName=lodash,packageVersion=4.17.20,packageManager=npm",
475448
)
476-
assert.ErrorContains(t, err, "Package name is required")
449+
assert.ErrorContains(t, err, "Multiple project-ids are not allowed")
450+
}
451+
452+
func TestToScaPredicateResultView(t *testing.T) {
453+
// Arrange: Create sample SCA predicate result
454+
createdAt1, _ := time.Parse(time.RFC3339, "2024-01-15T10:00:00Z")
455+
createdAt2, _ := time.Parse(time.RFC3339, "2024-01-16T12:00:00Z")
456+
457+
scaPredicateResult := wrappers.ScaPredicateResult{
458+
Context: wrappers.Context{
459+
VulnerabilityId: "CVE-2021-23337",
460+
PackageName: "lodash",
461+
PackageVersion: "4.17.20",
462+
PackageManager: "npm",
463+
},
464+
Actions: []wrappers.Action{
465+
{
466+
ActionType: "ChangeState",
467+
ActionValue: "NOT_EXPLOITABLE",
468+
Message: "This is not exploitable in our context",
469+
UserName: "test-user",
470+
CreatedAt: createdAt1,
471+
Enabled: true,
472+
},
473+
{
474+
ActionType: "ChangeState",
475+
ActionValue: "CONFIRMED",
476+
Message: "Actually, this needs to be fixed",
477+
UserName: "test-user-2",
478+
CreatedAt: createdAt2,
479+
Enabled: true,
480+
},
481+
},
482+
}
483+
484+
// Act: Call the toScaPredicateResultView function
485+
result := toScaPredicateResultView(scaPredicateResult)
486+
487+
// Assert: Verify the conversion
488+
assert.Equal(t, len(result), 2, "Expected 2 predicate result views")
489+
490+
// Check first action
491+
assert.Equal(t, result[1].VulnerabilityID, "CVE-2021-23337")
492+
assert.Equal(t, result[1].PackageName, "lodash")
493+
assert.Equal(t, result[1].PackageVersion, "4.17.20")
494+
assert.Equal(t, result[1].PackageManager, "npm")
495+
assert.Equal(t, result[1].State, "NOT_EXPLOITABLE")
496+
assert.Equal(t, result[1].Comment, "This is not exploitable in our context")
497+
assert.Equal(t, result[1].CreatedBy, "test-user")
498+
assert.Equal(t, result[1].CreatedAt, createdAt1)
499+
500+
// Check second action
501+
assert.Equal(t, result[0].State, "CONFIRMED")
502+
assert.Equal(t, result[0].Comment, "Actually, this needs to be fixed")
503+
assert.Equal(t, result[0].CreatedBy, "test-user-2")
504+
}
505+
506+
func TestToScaPredicateResultView_EmptyActions(t *testing.T) {
507+
// Arrange: Create SCA predicate result with no actions
508+
scaPredicateResult := wrappers.ScaPredicateResult{
509+
Context: wrappers.Context{
510+
VulnerabilityId: "CVE-2021-23337",
511+
PackageName: "lodash",
512+
PackageVersion: "4.17.20",
513+
PackageManager: "npm",
514+
},
515+
Actions: []wrappers.Action{},
516+
}
517+
518+
// Act: Call the toScaPredicateResultView function
519+
result := toScaPredicateResultView(scaPredicateResult)
520+
521+
// Assert: Verify empty result
522+
assert.Equal(t, len(result), 0, "Expected empty predicate result views")
477523
}

0 commit comments

Comments
 (0)