|
2 | 2 | import logging |
3 | 3 |
|
4 | 4 | from crum import impersonate |
| 5 | +from django.urls import reverse |
5 | 6 | from rest_framework.authtoken.models import Token |
6 | 7 | from rest_framework.test import APIClient |
7 | 8 | from vcr import VCR |
8 | 9 |
|
| 10 | +import dojo.risk_acceptance.helper as ra_helper |
9 | 11 | from dojo.jira_link import helper as jira_helper |
10 | | -from dojo.models import Finding, Finding_Group, JIRA_Instance, User |
| 12 | +from dojo.models import Finding, Finding_Group, JIRA_Instance, Risk_Acceptance, User |
11 | 13 |
|
12 | 14 | from .dojo_test_case import DojoVCRAPITestCase, get_unit_tests_path, toggle_system_setting_boolean |
13 | 15 |
|
@@ -68,6 +70,7 @@ def setUp(self): |
68 | 70 | self.scans_path = "/scans/" |
69 | 71 | self.zap_sample5_filename = self.scans_path + "zap/5_zap_sample_one.xml" |
70 | 72 | self.npm_groups_sample_filename = self.scans_path + "npm_audit/many_vuln_with_groups.json" |
| 73 | + self.client.force_login(self.get_test_admin()) |
71 | 74 |
|
72 | 75 | def test_import_no_push_to_jira(self): |
73 | 76 | import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) |
@@ -281,6 +284,65 @@ def test_import_twice_push_to_jira(self): |
281 | 284 | self.assert_jira_issue_count_in_test(test_id1, 0) |
282 | 285 | self.assert_jira_group_issue_count_in_test(test_id, 0) |
283 | 286 |
|
| 287 | + def add_risk_acceptance(self, eid, data_risk_accceptance, fid=None): |
| 288 | + args = (eid, fid) if fid else (eid,) |
| 289 | + response = self.client.post(reverse("add_risk_acceptance", args=args), data_risk_accceptance) |
| 290 | + self.assertEqual(302, response.status_code, response.content[:1000]) |
| 291 | + return response |
| 292 | + |
| 293 | + def test_import_grouped_reopen_expired_sla(self): |
| 294 | + # steps |
| 295 | + # import scan, make sure they are in grouped JIRA |
| 296 | + # risk acceptance all the grouped findings, make sure they are closed in JIRA |
| 297 | + # expire risk acceptance on all grouped findings, make sure they are open in JIRA |
| 298 | + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) |
| 299 | + test_id = import0["test"] |
| 300 | + self.assert_jira_issue_count_in_test(test_id, 0) |
| 301 | + self.assert_jira_group_issue_count_in_test(test_id, 3) |
| 302 | + findings = self.get_test_findings_api(test_id) |
| 303 | + finding_id = findings["results"][0]["id"] |
| 304 | + |
| 305 | + ra_data = { |
| 306 | + "name": "Accept: Unit test", |
| 307 | + "accepted_findings": [], |
| 308 | + "recommendation": "A", |
| 309 | + "recommendation_details": "recommendation 1", |
| 310 | + "decision": "A", |
| 311 | + "decision_details": "it has been decided!", |
| 312 | + "accepted_by": "pointy haired boss", |
| 313 | + "owner": 1, |
| 314 | + "expiration_date": "2024-12-31", |
| 315 | + "reactivate_expired": True, |
| 316 | + } |
| 317 | + |
| 318 | + for finding in findings["results"]: |
| 319 | + ra_data["accepted_findings"].append(finding["id"]) |
| 320 | + |
| 321 | + pre_jira_status = self.get_jira_issue_status(finding_id) |
| 322 | + |
| 323 | + response = self.add_risk_acceptance(1, data_risk_accceptance=ra_data) |
| 324 | + self.assertEqual("/engagement/1", response.url) |
| 325 | + |
| 326 | + # We do this to update the JIRA |
| 327 | + for finding in ra_data["accepted_findings"]: |
| 328 | + self.patch_finding_api(finding, {"push_to_jira": True}) |
| 329 | + |
| 330 | + post_jira_status = self.get_jira_issue_status(finding_id) |
| 331 | + self.assertNotEqual(pre_jira_status, post_jira_status) |
| 332 | + |
| 333 | + pre_jira_status = post_jira_status |
| 334 | + ra = Risk_Acceptance.objects.last() |
| 335 | + ra_helper.expire_now(ra) |
| 336 | + # We do this to update the JIRA |
| 337 | + for finding in ra_data["accepted_findings"]: |
| 338 | + self.patch_finding_api(finding, {"push_to_jira": True}) |
| 339 | + |
| 340 | + post_jira_status = self.get_jira_issue_status(finding_id) |
| 341 | + self.assertNotEqual(pre_jira_status, post_jira_status) |
| 342 | + |
| 343 | + # by asserting full cassette is played we know all calls to JIRA have been made as expected |
| 344 | + self.assert_cassette_played() |
| 345 | + |
284 | 346 | def test_import_with_groups_twice_push_to_jira(self): |
285 | 347 | import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) |
286 | 348 | test_id = import0["test"] |
@@ -662,3 +724,4 @@ def create_engagement_epic(self, engagement): |
662 | 724 | def assert_epic_issue_count(self, engagement, count): |
663 | 725 | jira_issues = self.get_epic_issues(engagement) |
664 | 726 | self.assertEqual(count, len(jira_issues)) |
| 727 | + |
0 commit comments