From 75d0b15e2fac1448cfc81800a74d59fb7991c196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vil=C3=A9m=20Obr=C3=A1til?= <41943007+vobratil@users.noreply.github.com> Date: Wed, 4 Jun 2025 15:05:31 +0200 Subject: [PATCH] UI: Added Vulnerability Explorer tests Due to some changes in the requirements that were not reflected in the feature file, this turned out to be actually somewhat simpler than anticipated. Creating this MR to keep it easier to track in relation to the respective Jira. --------- Co-authored-by: Queria Sa-Tas (cherry picked from commit 071eef5e5dde06a90b91c5461d2109a51b4daa07) --- .../assets/csaf/cve-2024-26308.json.bz2 | Bin 0 -> 1586 bytes tests/common/constants.ts | 1 + .../vulnerability-explorer.feature | 17 ++++++ .../vulnerability-explorer.step.ts | 50 ++++++++++++++++++ .../features/vulnerability-explorer.feature | 17 +++--- tests/ui/steps/details-page.ts | 4 +- 6 files changed, 79 insertions(+), 10 deletions(-) create mode 100644 tests/common/assets/csaf/cve-2024-26308.json.bz2 diff --git a/tests/common/assets/csaf/cve-2024-26308.json.bz2 b/tests/common/assets/csaf/cve-2024-26308.json.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..f88b49f31df7b74c6186256a6d5afac04ed38ab9 GIT binary patch literal 1586 zcmV-22F>|GT4*^jL0KkKSx}eLivS1ae}F_(L_|~v|Mfp--~PYv|N3ACoPBZ|wsc(9 z-2+WDq*x^onwXgc8VwB}sxbzPk5P~r14GmR5=j%&5Y)uVYI>fUk0=4^8W@^102*ij zag!#DLrn|>(8STEOhCxOXwys}$%Ke0sFQk$qd}km0i$UFpfmsjLB>p)F%2{@6GIb5 znK1(+38PIggC-J42+$P9jV75gn^bz5dYJ=F44J2@GyrI60UGBM^JfZ1AL1bd3(Xg5 zropxlSfINqAs0!Bp|;x!CD|p-5o(ie=`_{3rpDWBrZLRGQ>RLmWB>>?k^u|?;E85p4%XQ1VqA=pZb3)lkohPPwz+RdGVUkfU*v`^v?Faq#Q;K29SjY#2;cz{~=+K zAY20aVBGcF;G~ZGhi6mM$$T<)930$i{LRSYhPpM`eDrIx5;VE^^wo=I(JV5q&n}=) zDrR4nPQ=Ba$fRPUOoVMgu%yg48K(3&VU27+ABHa@g7x7%H<~xtCfi;HZn6zed&R1< zx|Tt!C}mt$6KFT&vhLNpCFpZ-=x%M%H8{nXQCQ0bUQlHc+j9ya$<9!%cz1@yzKCuc z2!#kBWZ{N$k&7hfpEsoYOoM>uFCyl3nZ5M=SyaOw7MQk+my~p~WQiJ_BB09; zDy(A}e(Q}Q@cupn`by7b>Ps?7GCXH|@9vUu?AbUAR5PQu(2fJMxJDm&Gv06>6e5J< zNk?)UezERnm5|7=D=lHKJJ@D6S;A46;)R@wtuZYkUR1<~5i1QPov%MsB@yEiRyoC& zlczx>C!&M3hitjyUN+NAX7eKfifnz>mR)(Ba6tA6TE$aoP8%XZ*nfsq6SdcqVrO}A ziHPd&adRC`+AucQ+VSzF$AX#$A z)XtKs#mx}oLxeEiEj<*k9`Uyj$>XXi9%IPR@ws2`BafqE0QIdvO> zC%!tAye)Tz*VH9qh<7r4t4dI631Bg*++VzFHUg@f)!4rs?u^4fz>zp{W zhb|1*l4(W+S^?Lt%~L24?Bd>=g@NPkaon+Du+TwFt*l`9LM(DCg6Z$ZD+%Z_Mb#T05HpgqMf zQy4S=(e*pHteFtjjlE7wK*GJp5(T74l4&9<%c(4>p1p%sp5+q_q&=%5y|^2?%Bc*7 zOfx2HLS!RwP#hU~6-$DgO3{g|sjmsdQVk1j3Y$z?FHXoLR$^7{T*8ZXl5k*<%p2R~ zvbduX%WxTN=@B*twma68vjjpopoZ;)43){)%E)Mo&a*)W;xJa3_uVFqeZ(jV3Teks z!;C|IuW_=qsoR5$-xf76!CM}&GGS>y<^?(lz{Db(BO4T@v6#PL`jagof!7OiJcG*@ z`QZiFzeCis?JhpEL4o?5l8~{oj_4hUYZ@nM=j|||3ME8dj=-|RfZ(EJ!wi=o?3#H% zim_&IHZ1QdHM;boE$z@{G9ej=f$8s8c{`KT7dr@=FlP)iD~rVSQLKV`?JylEV)ksH zGHRM(AZ2PE>gF2l$n+XF63&Xasuv{ie38^JtRN734haLA^$Yd0he#>UB%~1vh_OKF zH*&(DEEpQ1xR#G1t}|w6E7_VZRHv*KQVXC`mlC*<0JtWkmJu|)D^Xsp(lShMILSiX z6WkfXkycQ+a(0NR%-2E-l&l^VNrM3R$e%&D!q^Zu6bz20YeAc12DKWcHa@w?`(}<7 k_(BE`gg8_Rib|CS;{PYd3kwD^Kfm#JBvXY61qppPu;O0d&j0`b literal 0 HcmV?d00001 diff --git a/tests/common/constants.ts b/tests/common/constants.ts index d31fd70..eeaa9b6 100644 --- a/tests/common/constants.ts +++ b/tests/common/constants.ts @@ -69,4 +69,5 @@ export const ADVISORY_FILES = [ "cve-2023-4853.json.bz2", "cve-2023-20860.json.bz2", "cve-2023-28867.json.bz2", + "cve-2024-26308.json.bz2", ]; diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature index 4c7f447..eee9f56 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.feature @@ -2,6 +2,22 @@ Feature: Vulnerability Explorer - View Vulnerability details Background: Authentication Given User is authenticated + # Search for vulnerability + + # Vulnerability Explorer + Scenario: Display an overview of a vulnerability + Given User visits Vulnerability details Page of "" + Then The page title is "" + Then The severity is "" and the CVSS score is "" + Then The description begins with "" + Then The Reserved date is "", the Published date is "" and Last modified date is "" + + Examples: + | vulnerabilityID | severityDescription | severityScore | descriptionBeginsWith | dateReserved | datePublished | dateLastModified | + # | CVE-2023-1664 | Medium | 6.5 | A flaw was found in Keycloak. | Mar 27, 2023 | May 26, 2023 | Jan 15, 2025 | + | CVE-2024-26308 | Unknown | | Apache Commons Compress | Feb 17, 2024 | Feb 19, 2024 | Aug 02, 2024 | + + # Related products / SBOMs Scenario Outline: View related SBOMs Given User visits Vulnerability details Page of "" When Tab "Related SBOMs" is visible @@ -15,6 +31,7 @@ Feature: Vulnerability Explorer - View Vulnerability details | vulnerabilityID | sbomName | | CVE-2023-1664 | quarkus-bom | + # Related advisories Scenario Outline: View related Advisories Given User visits Vulnerability details Page of "" Then The page title is "" diff --git a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts index 3f5a0ad..4334a26 100644 --- a/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts +++ b/tests/ui/features/@vulnerability-explorer/vulnerability-explorer.step.ts @@ -1,6 +1,7 @@ import { createBdd } from "playwright-bdd"; import { ToolbarTable } from "../../helpers/ToolbarTable"; import { SearchPage } from "../../helpers/SearchPage"; +import { expect } from "@playwright/test"; export const { Given, When, Then } = createBdd(); @@ -16,6 +17,55 @@ Given( } ); +// Vulnerability Explorer +Then( + "The severity is {string} and the CVSS score is {string}", + async ({ page }, severityDescription, severityScore) => { + if (severityDescription == "Unknown") { + var severity = `${severityDescription}`; + } else { + var severity = `${severityDescription}(${severityScore})`; + } + await expect(page.getByText(severity).first()).toBeVisible(); + } +); + +Then( + "The description begins with {string}", + async ({ page }, descriptionBeginsWith) => { + await expect( + page.getByRole("paragraph").filter({ hasText: descriptionBeginsWith }) + ).toBeVisible(); + } +); + +Then( + "The Reserved date is {string}, the Published date is {string} and Last modified date is {string}", + async ({ page }, dateReserved, datePublished, dateLastModified) => { + await expect( + page + .locator(".pf-v6-c-description-list > div:nth-child(1)") + .filter({ hasText: "Reserved" }) + .filter({ hasText: dateReserved }) + .first() + ).toBeVisible(); + await expect( + page + .locator(".pf-v6-c-description-list > div:nth-child(2)") + .filter({ hasText: "Published" }) + .filter({ hasText: datePublished }) + .first() + ).toBeVisible(); + await expect( + page + .locator(".pf-v6-c-description-list > div:nth-child(3)") + .filter({ hasText: "Modified" }) + .filter({ hasText: dateLastModified }) + .first() + ).toBeVisible(); + } +); + // SBOMS Then("The SBOMs table is sorted by {string}", async ({ page }, columnName) => { diff --git a/tests/ui/features/vulnerability-explorer.feature b/tests/ui/features/vulnerability-explorer.feature index bbe75bd..c5447e6 100644 --- a/tests/ui/features/vulnerability-explorer.feature +++ b/tests/ui/features/vulnerability-explorer.feature @@ -8,7 +8,7 @@ Background: And User has successfully uploaded a vulnerability dataset And User has successfully uploaded an advisory dataset -# Vulnerabilities Explorer +# Search Scenario: Navigating to the Vulnerability Explorer page by selecting it from the list of all vulnerabilities Given User is on the Home page When User clicks on the Search button in the menu @@ -32,19 +32,20 @@ Scenario: Navigating to the Vulnerability Explorer page by filtering vulnerabili And User selects an Vulnerability returned by the filter Then The Vulnerability Explorer page should display +# Vulnerabilities Explorer Scenario: Display an overview of a vulnerability Given User is on the Home page When User navigates to the Vulnerabilities Explorer page Then CVE name, CVSS score and CVE description should be visible - And "Show more" button is visible for vulnerabilities with a long descriptions + # And "Show more" button is visible for vulnerabilities with a long descriptions And Vulnerability metadata Reserved, Last Published Date and Last Modified should be visible - And Download button should be visible + # And Download button should be visible -Scenario: Download a vulnerability CVE from the Vulnerability Explorer page - Given User is on the Home page - When User navigates to the Vulnerabilities Explorer page - And User clicks the Download button - Then The vulnerability CVE should download as a JSON file +# Scenario: Download a vulnerability CVE from the Vulnerability Explorer page +# Given User is on the Home page +# When User navigates to the Vulnerabilities Explorer page +# And User clicks the Download button +# Then The vulnerability CVE should download as a JSON file # Vulnerability-related Products Scenario: Display a list of products related to a single vulnerability diff --git a/tests/ui/steps/details-page.ts b/tests/ui/steps/details-page.ts index 61e7149..bb7a3a2 100644 --- a/tests/ui/steps/details-page.ts +++ b/tests/ui/steps/details-page.ts @@ -3,9 +3,9 @@ import { DetailsPage } from "../helpers/DetailsPage"; export const { Given, When, Then } = createBdd(); -Then("The page title is {string}", async ({ page }, sbomName) => { +Then("The page title is {string}", async ({ page }, title) => { const pageWithTabs = new DetailsPage(page); - await pageWithTabs.verifyPageHeader(sbomName); + await pageWithTabs.verifyPageHeader(title); }); Then("Tab {string} is selected", async ({ page }, tabName) => {