trustify-tests/tests/ui/features/vulnerability-explorer.feature at 75d0b15e2fac1448cfc81800a74d59fb7991c196 · trustification/trustify-tests · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Feature: Vulnerability Explorer
    As a Developer or a Devsecops Engineer
    I want to be able to display all available information about a vulnerability - metadata, related products and advisories

Background:
    Given User is using an instance of the TPA Application
    And User has successfully uploaded an SBOM
    And User has successfully uploaded a vulnerability dataset
    And User has successfully uploaded an advisory dataset

# Search
Scenario: Navigating to the Vulnerability Explorer page by selecting it from the list of all vulnerabilities
    Given User is on the Home page
    When User clicks on the Search button in the menu
    And User selects the Vulnerabilities tab
    And User selects an Vulnerability from the list
    Then The Vulnerability Explorer page should display

Scenario: Navigating to the Vulnerability Explorer page by searching for it in the search bar
    Given User is on the Home page
    When User clicks on the Search textbox
    And User enters an ID of a Vulnerability
    And User searches for the Vulnerability
    And User selects the Vulnerability returned by the search
    Then The Vulnerability Explorer page should display

Scenario: Navigating to the Vulnerability Explorer page by filtering vulnerabilities in the list of all vulnerabilities
    Given User is on the Home page
    When User clicks on the Search button in the menu
    And User selects the Vulnerabilities tab
    And User selects a filter
    And User selects an Vulnerability returned by the filter
    Then The Vulnerability Explorer page should display

# Vulnerabilities Explorer
Scenario: Display an overview of a vulnerability
    Given User is on the Home page
    When User navigates to the Vulnerabilities Explorer page
    Then CVE name, CVSS score and CVE description should be visible
    # And "Show more" button is visible for vulnerabilities with a long descriptions
    And Vulnerability metadata Reserved, Last Published Date and Last Modified should be visible
    # And Download button should be visible

# Scenario: Download a vulnerability CVE from the Vulnerability Explorer page
#     Given User is on the Home page
#     When User navigates to the Vulnerabilities Explorer page
#     And User clicks the Download button
#     Then The vulnerability CVE should download as a JSON file

# Vulnerability-related Products
Scenario: Display a list of products related to a single vulnerability
    Given User is on the Home page
    When User navigates to the Vulnerabilities Explorer page
    And User clicks on the Related Products tab
    Then The Name, Version, Status, Dependencies, Supplier and Created On data is visible for each product
    And The name of each product should be a link to the overview of a corresponding SBOM Overview page
    And The dependencies column should be expandable

Scenario: Display a list of dependencies of a product related to a single vulnerability
    Given User is on the Home page
    When User navigates to the Vulnerabilities Explorer page
    And User clicks on the Related Products tab
    And User clicks on the Dependencies column of a product
    Then The Type, Namespace, Name, Version, Path, Qualifiers and Dependency tree position data should display for each dependency

# Vulnerability-related Advisories
Scenario: Display advisories tied to a single vulnerability
    Given User is on the Home page
    When User navigates to the Vulnerabilities Explorer page
    And User clicks on the Related Advisories tab
    Then The ID, Title, Aggregated severity, Revision and Vulnerabilities data should display for each advisory tied to the vulnerability
    And The ID should be a link to a corresponding Advisory Overview page