Tests for SBOM Vulnerabilities Summary Panel (#40)

Added test for SBOM Explorer Vulnerabilities tab to verify the
vulnerabilities count
 - Validation for individual severity count
 - Comparison for PieChart total value to individual severity counts


[test-results.zip](https://github.com/user-attachments/files/19446544/test-results.zip)

---------

Signed-off-by: Rajan Ravi <rravi@rravi-thinkpadp1gen4i.bengluru.csb>
Co-authored-by: Rajan Ravi <rravi@rravi-thinkpadp1gen4i.bengluru.csb>

Author: mrrajan

tests/ui/features/@sbom-explorer/sbom-explorer.feature

@@ -3,7 +3,8 @@ Feature: SBOM Explorer - View SBOM details
         Given User is authenticated
 
     Scenario Outline: View SBOM Overview
-        Given User visits SBOM details Page of "<sbomName>"
+        Given An ingested "<sbomType>" SBOM "<sbomName>" is available
+        When User visits SBOM details Page of "<sbomName>"
         Then The page title is "<sbomName>"
         And Tab "Info" is visible
         And Tab "Packages" is visible
@@ -15,7 +16,8 @@ Feature: SBOM Explorer - View SBOM details
             | quarkus-bom |
 
     Scenario Outline: View SBOM Info (Metadata)
-        Given User visits SBOM details Page of "<sbomName>"
+        Given An ingested "<sbomType>" SBOM "<sbomName>" is available
+        When User visits SBOM details Page of "<sbomName>"
         Then Tab "Info" is selected
         Then "SBOM's name" is visible
         And "SBOM's namespace" is visible
@@ -26,18 +28,20 @@ Feature: SBOM Explorer - View SBOM details
         Examples:
             | sbomName    |
             | quarkus-bom |
-
+    
     Scenario Outline: Downloading SBOM file
-        Given User visits SBOM details Page of "<sbomName>"
+        Given An ingested "<sbomType>" SBOM "<sbomName>" is available
+        When User visits SBOM details Page of "<sbomName>"
         Then "Download SBOM" action is invoked and downloaded filename is "<expectedSbomFilename>"
         Then "Download License Report" action is invoked and downloaded filename is "<expectedLicenseFilename>"
 
         Examples:
             | sbomName    | expectedSbomFilename | expectedLicenseFilename     |
             | quarkus-bom | quarkus-bom.json     | quarkus-bom_licenses.tar.gz |
-
+    
     Scenario Outline: View list of SBOM Packages
-        Given User visits SBOM details Page of "<sbomName>"
+        Given An ingested "<sbomType>" SBOM "<sbomName>" is available
+        When User visits SBOM details Page of "<sbomName>"
         When User selects the Tab "Packages"
         # confirms its visible for all tabs
         Then The page title is "<sbomName>"
@@ -55,5 +59,42 @@ Feature: SBOM Explorer - View SBOM details
         Then The Package table total results is greather than 1
 
         Examples:
-            | sbomName    | packageName |
-            | quarkus-bom | jdom        |
+            | sbomType | sbomName    | packageName |
+            | SPDX | quarkus-bom | jdom        |
+
+    Scenario Outline: View <sbomType> SBOM Vulnerabilities
+        Given An ingested "<sbomType>" SBOM "<sbomName>" containing Vulnerabilities
+        When User visits SBOM details Page of "<sbomName>"
+        When User selects the Tab "Vulnerabilities"
+        When User Clicks on Vulnerabilities Tab Action
+        Then Vulnerability Popup menu appears with message
+        Then Vulnerability Risk Profile circle should be visible
+        Then Vulnerability Risk Profile shows summary of vulnerabilities
+        Then SBOM Name "<sbomName>" should be visible inside the tab
+        Then SBOM Version should be visible inside the tab
+        Then SBOM Creation date should be visible inside the tab
+        # Then List of related Vulnerabilities should be sorted by "CVSS" in descending order
+
+        Examples:
+        | sbomType | sbomName |
+        | SPDX | quarkus-bom |
+
+    @slow
+    Scenario Outline: Pagination of <sbomType> SBOM Vulnerabilities
+        Given An ingested "<sbomType>" SBOM "<sbomName>" containing Vulnerabilities
+        When User visits SBOM details Page of "<sbomName>"
+        When User selects the Tab "Vulnerabilities"
+        Then Pagination of Vulnerabilities list works
+        Examples:
+        | sbomType | sbomName |
+        | SPDX | quarkus-bom |
+
+    @slow
+    Scenario Outline: View paginated list of <sbomType> SBOM Packages
+        Given An ingested "<sbomType>" SBOM "<sbomName>" is available
+        When User visits SBOM details Page of "<sbomName>"
+        When User selects the Tab "Packages"
+        Then Pagination of Packages list works
+        Examples:
+        | sbomType | sbomName |
+        | SPDX | quarkus-bom |

tests/ui/features/@sbom-explorer/sbom-explorer.step.ts

@@ -2,21 +2,24 @@ import { createBdd } from "playwright-bdd";
 import { expect } from "playwright/test";
 import { DetailsPage } from "../../helpers/DetailsPage";
 import { ToolbarTable } from "../../helpers/ToolbarTable";
+import { SearchPage } from "../../helpers/SearchPage";
 
 export const { Given, When, Then } = createBdd();
 
 const PACKAGE_TABLE_NAME = "Package table";
+const VULN_TABLE_NAME = "Vulnerability table";
 
 Given(
+  "An ingested {string} SBOM {string} is available",
+  async ({ page }, _sbomType, sbomName) => {
+    const searchPage = new SearchPage(page);
+    await searchPage.dedicatedSearch("SBOMs", sbomName);
+  }
+);
+
+When(
   "User visits SBOM details Page of {string}",
   async ({ page }, sbomName) => {
-    await page.goto("/");
-    await page.getByRole("link", { name: "SBOMs" }).click();
-
-    await page.getByPlaceholder("Search").click();
-    await page.getByPlaceholder("Search").fill(sbomName);
-    await page.getByPlaceholder("Search").press("Enter");
-
     await page.getByRole("link", { name: sbomName, exact: true }).click();
   }
 );
@@ -31,7 +34,7 @@ Then(
     const downloadPromise = page.waitForEvent("download");
 
     const detailsPage = new DetailsPage(page);
-    detailsPage.clickOnPageAction(actionName);
+    await detailsPage.clickOnPageAction(actionName);
 
     const download = await downloadPromise;
 
@@ -44,7 +47,7 @@ Then(
   "The Package table is sorted by {string}",
   async ({ page }, columnName) => {
     const toolbarTable = new ToolbarTable(page, PACKAGE_TABLE_NAME);
-    toolbarTable.verifyTableIsSortedBy(columnName);
+    await toolbarTable.verifyTableIsSortedBy(columnName);
   }
 );
 
@@ -78,3 +81,89 @@ Then(
     await toolbarTable.verifyColumnContainsText(columnName, expectedValue);
   }
 );
+
+Given(
+  "An ingested {string} SBOM {string} containing Vulnerabilities",
+  async ({ page }, _sbomType, sbomName) => {
+    const searchPage = new SearchPage(page);
+    await searchPage.dedicatedSearch("SBOMs", sbomName);
+    const element = await page.locator(
+      `xpath=(//tr[contains(.,'${sbomName}')]/td[@data-label='Vulnerabilities']/div)[1]`
+    );
+    await expect(element, "SBOM have no vulnerabilities").toHaveText(
+      /^(?!0$).+/
+    );
+  }
+);
+
+When("User Clicks on Vulnerabilities Tab Action", async ({ page }) => {
+  await page.getByLabel("Tab action").click();
+});
+
+Then("Vulnerability Popup menu appears with message", async ({ page }) => {
+  await page.getByText("Any found vulnerabilities").isVisible();
+  await page.getByLabel("Close").click();
+});
+
+Then(
+  "Vulnerability Risk Profile circle should be visible",
+  async ({ page }) => {
+    await page.locator(`xpath=//div[contains(@class, 'chart')]`).isVisible();
+  }
+);
+
+Then(
+  "Vulnerability Risk Profile shows summary of vulnerabilities",
+  async ({ page }) => {
+    const detailsPage = new DetailsPage(page);
+    await detailsPage.verifyVulnerabilityPanelcount();
+  }
+);
+
+Then(
+  "SBOM Name {string} should be visible inside the tab",
+  async ({ page }, sbomName) => {
+    const panelSbomName = await page.locator(
+      `xpath=//section[@id='refVulnerabilitiesSection']//dt[contains(.,'Name')]/following-sibling::dd`
+    );
+    await panelSbomName.isVisible();
+    await expect(await panelSbomName.textContent()).toEqual(sbomName);
+  }
+);
+
+Then("SBOM Version should be visible inside the tab", async ({ page }) => {
+  const panelSBOMVersion = await page.locator(
+    `xpath=//section[@id='refVulnerabilitiesSection']//dt[contains(.,'Version')]/following-sibling::dd`
+  );
+  await panelSBOMVersion.isVisible();
+});
+
+Then(
+  "SBOM Creation date should be visible inside the tab",
+  async ({ page }) => {
+    const panelSBOMVersion = await page.locator(
+      `xpath=//section[@id='refVulnerabilitiesSection']//dt[contains(.,'Creation date')]/following-sibling::dd`
+    );
+    await panelSBOMVersion.isVisible();
+  }
+);
+
+Then(
+  "List of related Vulnerabilities should be sorted by {string} in descending order",
+  async ({ page }, columnName) => {
+    const toolbarTable = new ToolbarTable(page, VULN_TABLE_NAME);
+    await toolbarTable.verifyTableIsSortedBy(columnName, false);
+  }
+);
+
+Then("Pagination of Vulnerabilities list works", async ({ page }) => {
+  const toolbarTable = new ToolbarTable(page, VULN_TABLE_NAME);
+  const vulnTableTopPagination = `xpath=//div[@id="vulnerability-table-pagination-top"]`;
+  await toolbarTable.verifyPagination(vulnTableTopPagination);
+});
+
+Then("Pagination of Packages list works", async ({ page }) => {
+  const toolbarTable = new ToolbarTable(page, PACKAGE_TABLE_NAME);
+  const vulnTableTopPagination = `xpath=//div[@id="package-table-pagination-top"]`;
+  await toolbarTable.verifyPagination(vulnTableTopPagination);
+});

tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts

@@ -1,5 +1,6 @@
 import { createBdd } from "playwright-bdd";
 import { ToolbarTable } from "../../helpers/ToolbarTable";
+import { SearchPage } from "../../helpers/SearchPage";
 
 export const { Given, When, Then } = createBdd();
 
@@ -9,13 +10,8 @@ const ADVISORY_TABLE_NAME = "Advisory table";
 Given(
   "User visits Vulnerability details Page of {string}",
   async ({ page }, vulnerabilityID) => {
-    await page.goto("/");
-    await page.getByRole("link", { name: "Vulnerabilities" }).click();
-
-    await page.getByPlaceholder("Search").click();
-    await page.getByPlaceholder("Search").fill(vulnerabilityID);
-    await page.getByPlaceholder("Search").press("Enter");
-
+    const searchPage = new SearchPage(page);
+    await searchPage.dedicatedSearch("Vulnerabilities", vulnerabilityID);
     await page.getByRole("link", { name: vulnerabilityID }).click();
   }
 );
@@ -24,7 +20,7 @@ Given(
 
 Then("The SBOMs table is sorted by {string}", async ({ page }, columnName) => {
   const toolbarTable = new ToolbarTable(page, SBOM_TABLE_NAME);
-  toolbarTable.verifyTableIsSortedBy(columnName);
+  await toolbarTable.verifyTableIsSortedBy(columnName);
 });
 
 Then(
@@ -63,7 +59,7 @@ Then(
   "The Advisory table is sorted by {string}",
   async ({ page }, columnName) => {
     const toolbarTable = new ToolbarTable(page, ADVISORY_TABLE_NAME);
-    toolbarTable.verifyTableIsSortedBy(columnName);
+    await toolbarTable.verifyTableIsSortedBy(columnName);
   }
 );
 

tests/ui/features/sbom-explorer.feature

@@ -174,15 +174,15 @@ Feature: SBOM Explorer - View SBOM details
       | SPDX |
 
   Scenario Outline: View <sbomType> SBOM Vulnerabilities
-    Given there is ingested <sbomType> SBOM which is affected by Vulnerabilities
-    When user visits SBOM details page
-    And user selects Vulnerabilities tab
+    Given An ingested <sbomType> SBOM containing Vulnerabilities
+    When User visits SBOM details page
+    And Selects Vulnerabilities tab
     Then Vulnerability Risk Profile circle should be visible
     And Vulnerability Risk Profile shows summary of vulnerabilities
     And SBOM Name should be visible inside the tab
     And SBOM Version should be visible inside the tab
     And SBOM Creation date should be visible inside the tab
-    And list of related Vulnerabilities should be sorted by CVSS in descending order
+    And List of related Vulnerabilities should be sorted by CVSS in descending order
 
     Examples:
       | sbomType |