add unit tests

Signed-off-by: tdruez <tdruez@aboutcode.org>

Author: tdruez

product_portfolio/tests/test_filters.py

@@ -0,0 +1,83 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# DejaCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: AGPL-3.0-only
+# See https://github.com/aboutcode-org/dejacode for support or download.
+# See https://aboutcode.org for more information about AboutCode FOSS projects.
+#
+
+from django.test import TestCase
+
+from component_catalog.tests import make_package
+from dje.models import Dataspace
+from license_library.models import License
+from organization.models import Owner
+from product_portfolio.filters import ProductPackageFilterSet
+from product_portfolio.models import ProductPackage
+from product_portfolio.tests import make_product
+
+
+class ProductPackageFilterSetTestCase(TestCase):
+    def setUp(self):
+        self.dataspace = Dataspace.objects.create(name="Reference")
+        self.owner = Owner.objects.create(name="Owner1", dataspace=self.dataspace)
+        self.license1 = License.objects.create(
+            key="mit",
+            name="MIT",
+            short_name="MIT",
+            owner=self.owner,
+            dataspace=self.dataspace,
+        )
+        self.license2 = License.objects.create(
+            key="apache-2.0",
+            name="Apache 2.0",
+            short_name="Apache 2.0",
+            owner=self.owner,
+            dataspace=self.dataspace,
+        )
+
+        self.product = make_product(self.dataspace)
+        self.package1 = make_package(self.dataspace)
+        self.package2 = make_package(self.dataspace)
+        self.package3 = make_package(self.dataspace)
+
+        self.pp1 = ProductPackage.objects.create(
+            product=self.product,
+            package=self.package1,
+            license_expression=self.license1.key,
+            dataspace=self.dataspace,
+        )
+        self.pp2 = ProductPackage.objects.create(
+            product=self.product,
+            package=self.package2,
+            license_expression=self.license2.key,
+            dataspace=self.dataspace,
+        )
+        self.pp3 = ProductPackage.objects.create(
+            product=self.product,
+            package=self.package3,
+            license_expression="",
+            dataspace=self.dataspace,
+        )
+
+    def test_product_package_filterset_licenses(self):
+        data = {"licenses": [self.license1.key]}
+        filterset = ProductPackageFilterSet(dataspace=self.dataspace, data=data)
+        self.assertQuerySetEqual(filterset.qs, [self.pp1])
+
+        data = {"licenses": [self.license2.key]}
+        filterset = ProductPackageFilterSet(dataspace=self.dataspace, data=data)
+        self.assertQuerySetEqual(filterset.qs, [self.pp2])
+
+        data = {"licenses": [self.license1.key, self.license2.key]}
+        filterset = ProductPackageFilterSet(dataspace=self.dataspace, data=data)
+        self.assertQuerySetEqual(filterset.qs, [self.pp1, self.pp2], ordered=False)
+
+    def test_product_package_filterset_has_licenses(self):
+        data = {"has_licenses": "yes"}
+        filterset = ProductPackageFilterSet(dataspace=self.dataspace, data=data)
+        self.assertQuerySetEqual(filterset.qs, [self.pp1, self.pp2], ordered=False)
+
+        data = {"has_licenses": "no"}
+        filterset = ProductPackageFilterSet(dataspace=self.dataspace, data=data)
+        self.assertQuerySetEqual(filterset.qs, [self.pp3])

product_portfolio/tests/test_views.py

@@ -3417,3 +3417,151 @@ def test_product_portfolio_vulnerability_analysis_form_view(self):
         self.assertEqual(product_package, analysis.product_package)
         self.assertEqual(vulnerability1, analysis.vulnerability)
         self.assertEqual("resolved", analysis.state)
+
+    def test_product_portfolio_tab_compliance_view_empty(self):
+        self.client.login(username="nexb_user", password="secret")
+        url = self.product1.get_url("tab_compliance")
+        response = self.client.get(url)
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(0, response.context["total_packages"])
+        self.assertEqual(100, response.context["license_compliance_pct"])
+        self.assertEqual(100, response.context["license_coverage_pct"])
+        self.assertEqual(0, response.context["vulnerability_count"])
+
+    def test_product_portfolio_tab_compliance_view_package_compliance(self):
+        self.client.login(username="nexb_user", password="secret")
+
+        owner1 = Owner.objects.create(name="Owner1", dataspace=self.dataspace)
+        license1 = License.objects.create(
+            key="l1", name="L1", short_name="L1", owner=owner1, dataspace=self.dataspace
+        )
+        package_policy = UsagePolicy.objects.create(
+            label="PackagePolicy",
+            icon="icon",
+            content_type=ContentType.objects.get_for_model(Package),
+            compliance_alert=UsagePolicy.Compliance.ERROR,
+            dataspace=self.dataspace,
+        )
+
+        package2 = make_package(self.dataspace, usage_policy=package_policy)
+        package3 = make_package(self.dataspace)
+
+        # package2 has a policy issue, package3 does not
+        ProductPackage.objects.create(
+            product=self.product1,
+            package=package2,
+            dataspace=self.dataspace,
+            license_expression=license1.key,
+        )
+        ProductPackage.objects.create(
+            product=self.product1,
+            package=package3,
+            dataspace=self.dataspace,
+        )
+
+        url = self.product1.get_url("tab_compliance")
+        response = self.client.get(url)
+        self.assertEqual(2, response.context["total_packages"])
+        self.assertEqual(1, response.context["package_issues_count"])
+        # One package without license expression
+        self.assertEqual(1, response.context["package_without_license_count"])
+        self.assertEqual(50, response.context["license_coverage_pct"])
+
+    def test_product_portfolio_tab_compliance_view_license_compliance(self):
+        self.client.login(username="nexb_user", password="secret")
+
+        owner1 = Owner.objects.create(name="Owner1", dataspace=self.dataspace)
+        license_policy_error = UsagePolicy.objects.create(
+            label="LicensePolicyError",
+            icon="icon",
+            content_type=ContentType.objects.get_for_model(License),
+            compliance_alert=UsagePolicy.Compliance.ERROR,
+            dataspace=self.dataspace,
+        )
+        license_policy_warning = UsagePolicy.objects.create(
+            label="LicensePolicyWarning",
+            icon="icon",
+            content_type=ContentType.objects.get_for_model(License),
+            compliance_alert=UsagePolicy.Compliance.WARNING,
+            dataspace=self.dataspace,
+        )
+        license1 = License.objects.create(
+            key="l1",
+            name="L1",
+            short_name="L1",
+            owner=owner1,
+            usage_policy=license_policy_error,
+            dataspace=self.dataspace,
+        )
+        license2 = License.objects.create(
+            key="l2",
+            name="L2",
+            short_name="L2",
+            owner=owner1,
+            usage_policy=license_policy_warning,
+            dataspace=self.dataspace,
+        )
+
+        package2 = make_package(self.dataspace)
+        package3 = make_package(self.dataspace)
+        ProductPackage.objects.create(
+            product=self.product1,
+            package=package2,
+            dataspace=self.dataspace,
+            license_expression=license1.key,
+        )
+        ProductPackage.objects.create(
+            product=self.product1,
+            package=package3,
+            dataspace=self.dataspace,
+            license_expression=license2.key,
+        )
+
+        url = self.product1.get_url("tab_compliance")
+        response = self.client.get(url)
+        self.assertEqual(2, response.context["license_issues_count"])
+        self.assertEqual(1, response.context["license_error_count"])
+        self.assertEqual(1, response.context["license_warning_count"])
+        # Both packages have license issues, so 0% compliance
+        self.assertEqual(0, response.context["license_compliance_pct"])
+
+    def test_product_portfolio_tab_compliance_view_security_compliance(self):
+        self.client.login(username="nexb_user", password="secret")
+
+        p1 = make_package(self.dataspace)
+        p2 = make_package(self.dataspace)
+        p3 = make_package(self.dataspace)
+        make_vulnerability(self.dataspace, affecting=[p1], risk_score=9.0)
+        make_vulnerability(self.dataspace, affecting=[p2], risk_score=6.5)
+        make_vulnerability(self.dataspace, affecting=[p3], risk_score=2.0)
+
+        product1 = make_product(self.dataspace, inventory=[p1, p2, p3])
+        url = product1.get_url("tab_compliance")
+        response = self.client.get(url)
+
+        self.assertEqual(3, response.context["vulnerability_count"])
+        self.assertEqual(3, response.context["above_threshold_count"])
+        self.assertEqual("critical", response.context["max_vulnerability_severity"])
+        self.assertEqual(1, response.context["critical_count"])
+        self.assertEqual(1, response.context["high_count"])
+        self.assertEqual(0, response.context["medium_count"])
+        self.assertEqual(1, response.context["low_count"])
+
+    def test_product_portfolio_tab_compliance_view_security_with_risk_threshold(self):
+        self.client.login(username="nexb_user", password="secret")
+
+        p1 = make_package(self.dataspace)
+        p2 = make_package(self.dataspace)
+        make_vulnerability(self.dataspace, affecting=[p1], risk_score=9.0)
+        make_vulnerability(self.dataspace, affecting=[p2], risk_score=2.0)
+
+        product1 = make_product(self.dataspace, inventory=[p1, p2])
+        product1.update(vulnerabilities_risk_threshold=6.0)
+
+        url = product1.get_url("tab_compliance")
+        response = self.client.get(url)
+
+        self.assertEqual(2, response.context["vulnerability_count"])
+        self.assertEqual(1, response.context["above_threshold_count"])
+        self.assertEqual("high", response.context["risk_threshold"])
+        self.assertEqual(6.0, response.context["risk_threshold_number"])

vulnerabilities/tests/test_models.py

@@ -24,6 +24,7 @@
 from product_portfolio.tests import make_product_package
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityAnalysis
+from vulnerabilities.models import get_risk_level
 from vulnerabilities.tests import make_vulnerability
 from vulnerabilities.tests import make_vulnerability_analysis
 
@@ -369,3 +370,66 @@ def test_vulnerability_model_vulnerability_propagate(self):
         analysis1.update(state=VulnerabilityAnalysis.State.EXPLOITABLE)
         new_analysis = analysis1.propagate(product2.uuid, self.super_user)
         self.assertEqual(VulnerabilityAnalysis.State.EXPLOITABLE, new_analysis.state)
+
+    def test_vulnerability_model_get_risk_level(self):
+        self.assertEqual("", get_risk_level(None))
+        self.assertEqual("", get_risk_level(0.0))
+        self.assertEqual("low", get_risk_level(0.1))
+        self.assertEqual("low", get_risk_level(2.9))
+        self.assertEqual("medium", get_risk_level(3.0))
+        self.assertEqual("medium", get_risk_level(5.9))
+        self.assertEqual("high", get_risk_level(6.0))
+        self.assertEqual("high", get_risk_level(7.9))
+        self.assertEqual("critical", get_risk_level(8.0))
+        self.assertEqual("critical", get_risk_level(10.0))
+        self.assertEqual("", get_risk_level(10.1))
+        self.assertEqual("high", get_risk_level("7.5"))
+
+    def test_vulnerability_model_risk_level_generated_field(self):
+        vulnerability1 = make_vulnerability(dataspace=self.dataspace, risk_score=None)
+        self.assertEqual("", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 0.0
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 0.1
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("low", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 2.9
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("low", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 3.0
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("medium", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 5.9
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("medium", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 6.0
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("high", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 7.9
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("high", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 8.0
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("critical", vulnerability1.risk_level)
+
+        vulnerability1.risk_score = 10.0
+        vulnerability1.save()
+        vulnerability1.refresh_from_db()
+        self.assertEqual("critical", vulnerability1.risk_level)