add unit tests for tags on products

valentijnscholten · valentijnscholten · commit 28ac0cc57dfd · 2025-06-15T15:39:46.000+02:00
diff --git a/unittests/dojo_test_case.py b/unittests/dojo_test_case.py
@@ -784,6 +784,29 @@ def log_finding_summary_json_api(self, findings_content_json=None):
         for eps in Endpoint_Status.objects.all():
             logger.debug(str(eps.id) + ": " + str(eps.endpoint) + ": " + str(eps.endpoint.id) + ": " + str(eps.mitigated))
 
+    def get_product_api(self, product_id):
+        response = self.client.get(reverse("product-list") + f"{product_id}/", format="json")
+        self.assertEqual(200, response.status_code, response.content[:1000])
+        return response.data
+
+    def post_new_product_api(self, product_details: dict, expected_status_code: int = 201):
+        payload = copy.deepcopy(product_details)
+        response = self.client.post(reverse("product-list"), payload, format="json")
+        self.assertEqual(expected_status_code, response.status_code, response.content[:1000])
+        return response.data
+
+    def put_product_api(self, product_id, product_details: dict, expected_status_code: int = 201):
+        payload = copy.deepcopy(product_details)
+        response = self.client.put(reverse("product-list") + f"{product_id}/", payload, format="json")
+        self.assertEqual(expected_status_code, response.status_code, response.content[:1000])
+        return response.data
+
+    def patch_product_api(self, product_id, product_details: dict, expected_status_code: int = 201):
+        payload = copy.deepcopy(product_details)
+        response = self.client.patch(reverse("product-list") + f"{product_id}/", payload, format="json")
+        self.assertEqual(expected_status_code, response.status_code, response.content[:1000])
+        return response.data
+
 
 class DojoVCRTestCase(DojoTestCase, VCRTestCase):
     def __init__(self, *args, **kwargs):
diff --git a/unittests/test_tags.py b/unittests/test_tags.py
@@ -1,7 +1,7 @@
 import logging
 import random
 
-from dojo.models import Finding, Test
+from dojo.models import Finding, Product, Test
 from dojo.product.helpers import propagate_tags_on_product_sync
 
 from .dojo_test_case import DojoAPITestCase, get_unit_tests_scans_path
@@ -18,6 +18,53 @@ def setUp(self, *args, **kwargs):
         self.scans_path = get_unit_tests_scans_path("zap")
         self.zap_sample5_filename = self.scans_path / "5_zap_sample_one.xml"
 
+    def test_create_product_with_tags(self, expected_status_code: int = 201):
+        product_id = Product.objects.all().first().id
+        product_details = self.get_product_api(product_id)
+
+        del product_details["id"]
+
+        product_details["name"] = "tags test " + str(random.randint(1, 9999))  # noqa: S311
+        product_details["tags"] = ["tag1", "tag2"]
+        response = self.post_new_product_api(product_details, expected_status_code=expected_status_code)
+
+        self.assertEqual(response["tags"], product_details["tags"])
+
+    def test_put_product_with_tags(self):
+        product_id = Product.objects.all().first().id
+        product_details = self.get_product_api(product_id)
+
+        del product_details["id"]
+
+        product_details["name"] = "tags test " + str(random.randint(1, 9999))  # noqa: S311
+        product_details["tags"] = ["tag4", "tag5"]
+        response = self.put_product_api(product_id, product_details, expected_status_code=200)
+
+        self.assertEqual(response["tags"], product_details["tags"])
+
+    def test_patch_product_with_tags(self):
+        product_id = Product.objects.all().first().id
+        product_details = self.get_product_api(product_id)
+
+        del product_details["id"]
+
+        product_details["tags"] = ["tag9", "tag10"]
+        response = self.patch_product_api(product_id, product_details, expected_status_code=200)
+
+        self.assertEqual(response["tags"], product_details["tags"])
+
+    def test_patch_product_with_invalid_tags(self):
+        product_id = Product.objects.all().first().id
+
+        product_details = {"tags": ["'tag9"]}
+        self.patch_product_api(product_id, product_details, expected_status_code=400)
+        product_details["tags"] = ["tag 10"]
+        self.patch_product_api(product_id, product_details, expected_status_code=400)
+        product_details["tags"] = ["tagA,tagB"]
+        # since https://github.com/DefectDojo/django-DefectDojo/pull/12434 tags are split again by commas
+        response = self.patch_product_api(product_id, product_details, expected_status_code=200)
+        self.assertEqual(response["tags"], ["tagA", "tagB"])
+
     def create_finding_with_tags(self, tags: list[str], expected_status_code: int = 201):
         finding_id = Finding.objects.all().first().id
         finding_details = self.get_finding_api(finding_id)
@@ -79,31 +126,6 @@ def test_finding_post_tags(self):
             # logger.debug('looking for tag %s in tag list %s', tag, response['tags'])
             self.assertIn(tag, response["tags"])
 
-    def test_finding_post_tags_extra(self):
-        # create finding
-        tags = ["tag1", "tag2"]
-        finding_id = self.create_finding_with_tags(tags)
-
-        response = self.get_finding_api(finding_id)
-
-        self.assertEqual(["tag1", "tag2"], response.get("tags", None))
-
-        tags_new = ["tag3", "tag4"]
-        response = self.patch_finding_api(finding_id, {"tags": tags_new})
-        self.assertEqual(["tag3", "tag4"], response.get("tags", None))
-
-        response = self.post_finding_tags_api(finding_id, tags)
-        self.assertEqual(["tag3", "tag4", "tag1", "tag2"], response.get("tags", None))
-
-        # # post tags. POST will ADD tags to existing tags (which is possibly not REST compliant?)
-        # tags_new = ["tag3", "tag4"]
-        # response = self.post_finding_tags_api(finding_id, tags_new)
-        # tags_merged = list(set(tags) | set(tags_new))
-        # self.assertEqual(len(tags_merged), len(response.get("tags")))
-        # for tag in tags_merged:
-        #     # logger.debug('looking for tag %s in tag list %s', tag, response['tags'])
-        #     self.assertIn(tag, response["tags"])
-
     def test_finding_post_tags_overlap(self):
         # create finding
         tags = ["tag1", "tag2"]
@@ -193,6 +215,7 @@ def test_finding_create_tags_with_commas(self):
         finding_id = self.create_finding_with_tags(tags)
         response = self.get_finding_tags_api(finding_id)
 
+        # since https://github.com/DefectDojo/django-DefectDojo/pull/12434 tags are split again by commas
         self.assertEqual(["one", "two"], response.get("tags"))
         self.assertEqual(2, len(response.get("tags")))
         self.assertIn("one", str(response["tags"]))
