From e19f67f124a064d4a77e34687d1c7542f9549f04 Mon Sep 17 00:00:00 2001 From: Vilem Obratil Date: Mon, 28 Apr 2025 18:32:42 +0200 Subject: [PATCH 1/8] Added a test for Vulnerability Explorer overview. --- .../vulnerability-explorer.feature | 16 +++++++ .../vulnerability-explorer.step.ts | 46 +++++++++++++++++++ .../features/vulnerability-explorer.feature | 17 +++---- tests/ui/steps/details-page.ts | 4 +- 4 files changed, 73 insertions(+), 10 deletions(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature index 4c7f447..2061cb2 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature @@ -2,6 +2,21 @@ Feature: Vulnerability Explorer - View Vulnerability details Background: Authentication Given User is authenticated + # Search for vulnerability + + # Vulnerability Explorer + Scenario: Display an overview of a vulnerability + Given User visits Vulnerability details Page of "" + Then The page title is "" + Then The severity is "" and the CVSS score is "" + Then The description begins with "" + Then The Reserved date is "", the Published date is "" and Last modified date is "" + + Examples: + | vulnerabilityID | severityDescription | severityScore | descriptionBeginsWith | dateReserved | datePublished | dateLastModified | + | CVE-2023-1664 | Medium | 6.5 | A flaw was found in Keycloak. | Mar 27, 2023 | May 26, 2023 | Jan 15, 2025 | + + # Related products / SBOMs Scenario Outline: View related SBOMs Given User visits Vulnerability details Page of "" When Tab "Related SBOMs" is visible @@ -15,6 +30,7 @@ Feature: Vulnerability Explorer - View Vulnerability details | vulnerabilityID | sbomName | | CVE-2023-1664 | quarkus-bom | + # Related advisories Scenario Outline: View related Advisories Given User visits Vulnerability details Page of "" Then The page title is "" diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 3f5a0ad..7c39a61 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -1,6 +1,7 @@ import { createBdd } from "playwright-bdd"; import { ToolbarTable } from "../../helpers/ToolbarTable"; import { SearchPage } from "../../helpers/SearchPage"; +import { expect } from "@playwright/test"; export const { Given, When, Then } = createBdd(); @@ -16,6 +17,51 @@ Given( } ); +// Vulnerability Explorer +Then( + "The severity is {string} and the CVSS score is {string}", + async ({ page }, severityDescription, severityScore) => { + const severity = `${severityDescription}(${severityScore})`; + await expect(page.getByText(severity).first()).toBeVisible(); + } +); + +Then( + "The description begins with {string}", + async ({ page }, descriptionBeginsWith) => { + await expect( + page.getByRole("paragraph").filter({ hasText: descriptionBeginsWith }) + ).toBeVisible(); + } +); + +Then( + "The Reserved date is {string}, the Published date is {string} and Last modified date is {string}", + async ({ page }, dateReserved, datePublished, dateLastModified) => { + await expect( + page + .locator(".pf-v5-c-description-list > div:nth-child(1)") + .filter({ hasText: "Reserved" }) + .filter({ hasText: dateReserved }) + .first() + ).toBeVisible(); + await expect( + page + .locator(".pf-v5-c-description-list > div:nth-child(1)") + .filter({ hasText: "Published date" }) + .filter({ hasText: datePublished }) + .first() + ).toBeVisible(); + await expect( + page + .locator(".pf-v5-c-description-list > div:nth-child(1)") + .filter({ hasText: "Last modified" }) + .filter({ hasText: dateLastModified }) + .first() + ).toBeVisible(); + } +); + // SBOMS Then("The SBOMs table is sorted by {string}", async ({ page }, columnName) => { diff --git a/tests/ui/features/vulnerability-explorer.feature b/tests/ui/features/vulnerability-explorer.feature index bbe75bd..c5447e6 100644 --- a/tests/ui/features/vulnerability-explorer.feature +++ b/tests/ui/features/vulnerability-explorer.feature @@ -8,7 +8,7 @@ Background: And User has successfully uploaded a vulnerability dataset And User has successfully uploaded an advisory dataset -# Vulnerabilities Explorer +# Search Scenario: Navigating to the Vulnerability Explorer page by selecting it from the list of all vulnerabilities Given User is on the Home page When User clicks on the Search button in the menu @@ -32,19 +32,20 @@ Scenario: Navigating to the Vulnerability Explorer page by filtering vulnerabili And User selects an Vulnerability returned by the filter Then The Vulnerability Explorer page should display +# Vulnerabilities Explorer Scenario: Display an overview of a vulnerability Given User is on the Home page When User navigates to the Vulnerabilities Explorer page Then CVE name, CVSS score and CVE description should be visible - And "Show more" button is visible for vulnerabilities with a long descriptions + # And "Show more" button is visible for vulnerabilities with a long descriptions And Vulnerability metadata Reserved, Last Published Date and Last Modified should be visible - And Download button should be visible + # And Download button should be visible -Scenario: Download a vulnerability CVE from the Vulnerability Explorer page - Given User is on the Home page - When User navigates to the Vulnerabilities Explorer page - And User clicks the Download button - Then The vulnerability CVE should download as a JSON file +# Scenario: Download a vulnerability CVE from the Vulnerability Explorer page +# Given User is on the Home page +# When User navigates to the Vulnerabilities Explorer page +# And User clicks the Download button +# Then The vulnerability CVE should download as a JSON file # Vulnerability-related Products Scenario: Display a list of products related to a single vulnerability diff --git a/tests/ui/steps/details-page.ts b/tests/ui/steps/details-page.ts index 61e7149..bb7a3a2 100644 --- a/tests/ui/steps/details-page.ts +++ b/tests/ui/steps/details-page.ts @@ -3,9 +3,9 @@ import { DetailsPage } from "../helpers/DetailsPage"; export const { Given, When, Then } = createBdd(); -Then("The page title is {string}", async ({ page }, sbomName) => { +Then("The page title is {string}", async ({ page }, title) => { const pageWithTabs = new DetailsPage(page); - await pageWithTabs.verifyPageHeader(sbomName); + await pageWithTabs.verifyPageHeader(title); }); Then("Tab {string} is selected", async ({ page }, tabName) => { From ebad3e4172cb3a5a9c440795382204586d8c19ae Mon Sep 17 00:00:00 2001 From: Vilem Obratil Date: Mon, 5 May 2025 16:19:45 +0200 Subject: [PATCH 2/8] Fixed the CSS selectors for dates in the Vulnerability Explorer overview. --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 7c39a61..b0a0068 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -47,14 +47,14 @@ Then( ).toBeVisible(); await expect( page - .locator(".pf-v5-c-description-list > div:nth-child(1)") + .locator(".pf-v5-c-description-list > div:nth-child(2)") .filter({ hasText: "Published date" }) .filter({ hasText: datePublished }) .first() ).toBeVisible(); await expect( page - .locator(".pf-v5-c-description-list > div:nth-child(1)") + .locator(".pf-v5-c-description-list > div:nth-child(3)") .filter({ hasText: "Last modified" }) .filter({ hasText: dateLastModified }) .first() From e3f8013a329e95abd4483a792a10d800cc58d619 Mon Sep 17 00:00:00 2001 From: Vilem Obratil Date: Thu, 22 May 2025 12:43:54 +0200 Subject: [PATCH 3/8] Fixed a data issue with a CSAF. --- tests/common/assets/csaf/cve-2024-26308.json.bz2 | Bin 0 -> 1586 bytes tests/common/constants.ts | 1 + .../vulnerability-explorer.feature | 3 ++- .../vulnerability-explorer.step.ts | 6 +++++- 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 tests/common/assets/csaf/cve-2024-26308.json.bz2 diff --git a/tests/common/assets/csaf/cve-2024-26308.json.bz2 b/tests/common/assets/csaf/cve-2024-26308.json.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..f88b49f31df7b74c6186256a6d5afac04ed38ab9 GIT binary patch literal 1586 zcmV-22F>|GT4*^jL0KkKSx}eLivS1ae}F_(L_|~v|Mfp--~PYv|N3ACoPBZ|wsc(9 z-2+WDq*x^onwXgc8VwB}sxbzPk5P~r14GmR5=j%&5Y)uVYI>fUk0=4^8W@^102*ij zag!#DLrn|>(8STEOhCxOXwys}$%Ke0sFQk$qd}km0i$UFpfmsjLB>p)F%2{@6GIb5 znK1(+38PIggC-J42+$P9jV75gn^bz5dYJ=F44J2@GyrI60UGBM^JfZ1AL1bd3(Xg5 zropxlSfINqAs0!Bp|;x!CD|p-5o(ie=`_{3rpDWBrZLRGQ>RLmWB>>?k^u|?;E85p4%XQ1VqA=pZb3)lkohPPwz+RdGVUkfU*v`^v?Faq#Q;K29SjY#2;cz{~=+K zAY20aVBGcF;G~ZGhi6mM$$T<)930$i{LRSYhPpM`eDrIx5;VE^^wo=I(JV5q&n}=) zDrR4nPQ=Ba$fRPUOoVMgu%yg48K(3&VU27+ABHa@g7x7%H<~xtCfi;HZn6zed&R1< zx|Tt!C}mt$6KFT&vhLNpCFpZ-=x%M%H8{nXQCQ0bUQlHc+j9ya$<9!%cz1@yzKCuc z2!#kBWZ{N$k&7hfpEsoYOoM>uFCyl3nZ5M=SyaOw7MQk+my~p~WQiJ_BB09; zDy(A}e(Q}Q@cupn`by7b>Ps?7GCXH|@9vUu?AbUAR5PQu(2fJMxJDm&Gv06>6e5J< zNk?)UezERnm5|7=D=lHKJJ@D6S;A46;)R@wtuZYkUR1<~5i1QPov%MsB@yEiRyoC& zlczx>C!&M3hitjyUN+NAX7eKfifnz>mR)(Ba6tA6TE$aoP8%XZ*nfsq6SdcqVrO}A ziHPd&adRC`+AucQ+VSzF$AX#$A z)XtKs#mx}oLxeEiEj<*k9`Uyj$>XXi9%IPR@ws2`BafqE0QIdvO> zC%!tAye)Tz*VH9qh<7r4t4dI631Bg*++VzFHUg@f)!4rs?u^4fz>zp{W zhb|1*l4(W+S^?Lt%~L24?Bd>=g@NPkaon+Du+TwFt*l`9LM(DCg6Z$ZD+%Z_Mb#T05HpgqMf zQy4S=(e*pHteFtjjlE7wK*GJp5(T74l4&9<%c(4>p1p%sp5+q_q&=%5y|^2?%Bc*7 zOfx2HLS!RwP#hU~6-$DgO3{g|sjmsdQVk1j3Y$z?FHXoLR$^7{T*8ZXl5k*<%p2R~ zvbduX%WxTN=@B*twma68vjjpopoZ;)43){)%E)Mo&a*)W;xJa3_uVFqeZ(jV3Teks z!;C|IuW_=qsoR5$-xf76!CM}&GGS>y<^?(lz{Db(BO4T@v6#PL`jagof!7OiJcG*@ z`QZiFzeCis?JhpEL4o?5l8~{oj_4hUYZ@nM=j|||3ME8dj=-|RfZ(EJ!wi=o?3#H% zim_&IHZ1QdHM;boE$z@{G9ej=f$8s8c{`KT7dr@=FlP)iD~rVSQLKV`?JylEV)ksH zGHRM(AZ2PE>gF2l$n+XF63&Xasuv{ie38^JtRN734haLA^$Yd0he#>UB%~1vh_OKF zH*&(DEEpQ1xR#G1t}|w6E7_VZRHv*KQVXC`mlC*<0JtWkmJu|)D^Xsp(lShMILSiX z6WkfXkycQ+a(0NR%-2E-l&l^VNrM3R$e%&D!q^Zu6bz20YeAc12DKWcHa@w?`(}<7 k_(BE`gg8_Rib|CS;{PYd3kwD^Kfm#JBvXY61qppPu;O0d&j0`b literal 0 HcmV?d00001 diff --git a/tests/common/constants.ts b/tests/common/constants.ts index e15aa49..2460000 100644 --- a/tests/common/constants.ts +++ b/tests/common/constants.ts @@ -67,4 +67,5 @@ export const ADVISORY_FILES = [ "cve-2023-4853.json.bz2", "cve-2023-20860.json.bz2", "cve-2023-28867.json.bz2", + "cve-2024-26308.json.bz2", ]; diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature index 2061cb2..eee9f56 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature @@ -14,7 +14,8 @@ Feature: Vulnerability Explorer - View Vulnerability details Examples: | vulnerabilityID | severityDescription | severityScore | descriptionBeginsWith | dateReserved | datePublished | dateLastModified | - | CVE-2023-1664 | Medium | 6.5 | A flaw was found in Keycloak. | Mar 27, 2023 | May 26, 2023 | Jan 15, 2025 | + # | CVE-2023-1664 | Medium | 6.5 | A flaw was found in Keycloak. | Mar 27, 2023 | May 26, 2023 | Jan 15, 2025 | + | CVE-2024-26308 | Unknown | | Apache Commons Compress | Feb 17, 2024 | Feb 19, 2024 | Aug 02, 2024 | # Related products / SBOMs Scenario Outline: View related SBOMs diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index b0a0068..25f4e6e 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -21,7 +21,11 @@ Given( Then( "The severity is {string} and the CVSS score is {string}", async ({ page }, severityDescription, severityScore) => { - const severity = `${severityDescription}(${severityScore})`; + if (severityDescription == "Unknown") { + var severity = `${severityDescription}`; + } else { + var severity = `${severityDescription}(${severityScore})`; + } await expect(page.getByText(severity).first()).toBeVisible(); } ); From bf94ee173d75daa160be31d41b9a61f90a568862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Tue, 3 Jun 2025 11:23:29 +0200 Subject: [PATCH 4/8] Update tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts Co-authored-by: Queria Sa-Tas --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 25f4e6e..c356d54 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -44,7 +44,7 @@ Then( async ({ page }, dateReserved, datePublished, dateLastModified) => { await expect( page - .locator(".pf-v5-c-description-list > div:nth-child(1)") + .locator(".pf-v6-c-description-list > div:nth-child(1)") .filter({ hasText: "Reserved" }) .filter({ hasText: dateReserved }) .first() From a678a1ff5177fada8107170f0cc1b632088fe926 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Tue, 3 Jun 2025 11:23:36 +0200 Subject: [PATCH 5/8] Update tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts Co-authored-by: Queria Sa-Tas --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index c356d54..71de3b4 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -51,7 +51,7 @@ Then( ).toBeVisible(); await expect( page - .locator(".pf-v5-c-description-list > div:nth-child(2)") + .locator(".pf-v6-c-description-list > div:nth-child(2)") .filter({ hasText: "Published date" }) .filter({ hasText: datePublished }) .first() From 7c642154a0e70db11592dad207437f5bbdeb9d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Tue, 3 Jun 2025 11:23:43 +0200 Subject: [PATCH 6/8] Update tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts Co-authored-by: Queria Sa-Tas --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 71de3b4..adbbc12 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -58,7 +58,7 @@ Then( ).toBeVisible(); await expect( page - .locator(".pf-v5-c-description-list > div:nth-child(3)") + .locator(".pf-v6-c-description-list > div:nth-child(3)") .filter({ hasText: "Last modified" }) .filter({ hasText: dateLastModified }) .first() From d5e9541427bdb1cbcaefadd79cf73a87ad71ecc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:01:29 +0200 Subject: [PATCH 7/8] Update tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts Co-authored-by: Queria Sa-Tas --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index adbbc12..5c00ca0 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -52,7 +52,7 @@ Then( await expect( page .locator(".pf-v6-c-description-list > div:nth-child(2)") - .filter({ hasText: "Published date" }) + .filter({ hasText: "Published" }) .filter({ hasText: datePublished }) .first() ).toBeVisible(); From e856462d00279ec4c7f8f69eb81951cfec3b8654 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:01:36 +0200 Subject: [PATCH 8/8] Update tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts Co-authored-by: Queria Sa-Tas --- .../@vulnerability-explorer/vulnerability-explorer.step.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 5c00ca0..4334a26 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -59,7 +59,7 @@ Then( await expect( page .locator(".pf-v6-c-description-list > div:nth-child(3)") - .filter({ hasText: "Last modified" }) + .filter({ hasText: "Modified" }) .filter({ hasText: dateLastModified }) .first() ).toBeVisible();