Tests are added and code is reformatted via make valid

Signed-off-by: RISHI GARG <134256793+Rishi-source@users.noreply.github.com>

Author: Rishi-source

vulnerabilities/pagination.py

@@ -1,7 +1,9 @@
 import logging
 import re
 
-from django.core.paginator import EmptyPage, PageNotAnInteger, Paginator
+from django.core.paginator import EmptyPage
+from django.core.paginator import PageNotAnInteger
+from django.core.paginator import Paginator
 from django.db.models.query import QuerySet
 from rest_framework.pagination import PageNumberPagination
 
@@ -25,11 +27,11 @@ class PaginatedListViewMixin:
         {"value": 50, "label": "50 per page"},
         {"value": 100, "label": "100 per page"},
     ]
-    
-    max_pages_without_truncation = 5 # it is a value for number of pages without truncation like is total number of pages are less than this number the pagination will show all pages.
-    pages_around_current = 2 # number of pages to be shown around current page
-    truncation_threshold_start = 4 # it is a threshold for start of truncation
-    truncation_threshold_end = 3 # it is a threshold for end of truncation
+
+    max_pages_without_truncation = 5  # it is a value for number of pages without truncation like is total number of pages are less than this number the pagination will show all pages.
+    pages_around_current = 2  # number of pages to be shown around current page
+    truncation_threshold_start = 4  # it is a threshold for start of truncation
+    truncation_threshold_end = 3  # it is a threshold for end of truncation
 
     def get_queryset(self):
         """
@@ -40,7 +42,7 @@ def get_queryset(self):
         except Exception as e:
             logger.error(f"Error in get_queryset: {e}")
             return self.model.objects.none()
-        
+
         if not queryset or not isinstance(queryset, QuerySet):
             queryset = self.model.objects.none()
         return queryset
@@ -51,22 +53,24 @@ def sanitize_page_size(self, raw_page_size):
         """
         if not raw_page_size:
             return self.paginate_default
-            
-        clean_page_size = re.sub(r"\D", "", str(raw_page_size)) # it remove all non-digit characters like if 50abcd is their then it takes out 50
+
+        clean_page_size = re.sub(
+            r"\D", "", str(raw_page_size)
+        )  # it remove all non-digit characters like if 50abcd is their then it takes out 50
         if not clean_page_size:
             return self.paginate_default
-            
+
         try:
             page_size = int(clean_page_size)
         except (ValueError, TypeError):
             logger.info("Invalid page_size input attempted")
             return self.paginate_default
-            
+
         valid_sizes = {choice["value"] for choice in self.page_size_choices}
         if page_size not in valid_sizes:
             logger.warning(f"Attempted to use unauthorized page size: {page_size}")
             return self.paginate_default
-            
+
         return page_size
 
     def get_paginate_by(self, queryset=None):
@@ -85,7 +89,7 @@ def get_page_range(self, paginator, page_obj):
         if num_pages <= self.max_pages_without_truncation:
             return list(map(str, range(1, num_pages + 1)))
         pages = [1]
-        
+
         if current_page > self.truncation_threshold_start:
             pages.append("...")
         start = max(2, current_page - self.pages_around_current)
@@ -102,7 +106,7 @@ def paginate_queryset(self, queryset, page_size):
             queryset = self.model.objects.none()
         paginator = Paginator(queryset, page_size)
         try:
-            page_number = int(self.request.GET.get("page", "1")) 
+            page_number = int(self.request.GET.get("page", "1"))
         except (ValueError, TypeError):
             logger.error("Invalid page number input")
             page_number = 1
@@ -118,12 +122,11 @@ def get_context_data(self, **kwargs):
         """
         Return a mapping of pagination-related context data, preserving filters.
         """
-        queryset = kwargs.pop('queryset', None) or self.get_queryset()
+        queryset = kwargs.pop("queryset", None) or self.get_queryset()
         page_size = self.get_paginate_by()
         paginator, page, object_list, is_paginated = self.paginate_queryset(queryset, page_size)
         page_range = self.get_page_range(paginator, page)
 
-
         context = super().get_context_data(
             object_list=object_list,
             page_obj=page,
@@ -134,14 +137,15 @@ def get_context_data(self, **kwargs):
 
         previous_page_url = page.previous_page_number() if page.has_previous() else None
         next_page_url = page.next_page_number() if page.has_next() else None
-        context.update({
-            "current_page_size": page_size,
-            "page_size_choices": self.page_size_choices,
-            "total_count": paginator.count,
-            "page_range": page_range,
-            "search": self.request.GET.get("search", ""),
-            "previous_page_url": previous_page_url,
-            "next_page_url": next_page_url,
-        }
+        context.update(
+            {
+                "current_page_size": page_size,
+                "page_size_choices": self.page_size_choices,
+                "total_count": paginator.count,
+                "page_range": page_range,
+                "search": self.request.GET.get("search", ""),
+                "previous_page_url": previous_page_url,
+                "next_page_url": next_page_url,
+            }
         )
         return context

vulnerabilities/tests/test_pagination.py

@@ -0,0 +1,130 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from django.test import TestCase
+from django.urls import reverse
+
+from vulnerabilities.models import Package
+
+
+class PaginationFunctionalityTests(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        for i in range(150):
+            Package.objects.create(
+                type="test",
+                namespace="test",
+                name=f"package{i}",
+                version=str(i),
+                qualifiers={},
+                subpath="",
+            )
+
+    def test_default_pagination(self):
+        response = self.client.get(reverse("package_search"))
+        self.assertEqual(response.status_code, 200)
+        page_obj = response.context["page_obj"]
+        self.assertIsNotNone(page_obj)
+        self.assertEqual(len(page_obj.object_list), 20)
+        self.assertEqual(response.context["total_count"], 150)
+        self.assertEqual(response.context["current_page_size"], 20)
+
+    def test_page_size_variations(self):
+        valid_page_sizes = [20, 50, 100]
+        for size in valid_page_sizes:
+            url = f"{reverse('package_search')}?page_size={size}"
+            response = self.client.get(url)
+            self.assertEqual(response.status_code, 200)
+            self.assertIn(response.context["current_page_size"], [20, size])
+
+    def test_page_navigation(self):
+        response = self.client.get(reverse("package_search"))
+        first_page = response.context["page_obj"]
+        self.assertEqual(first_page.number, 1)
+        self.assertTrue(first_page.has_next())
+        self.assertFalse(first_page.has_previous())
+        self.assertGreater(first_page.paginator.num_pages, 1)
+
+
+class PaginationSecurityTests(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        for i in range(50):
+            Package.objects.create(
+                type="test",
+                namespace="test",
+                name=f"package{i}",
+                version=str(i),
+                qualifiers={},
+                subpath="",
+            )
+
+    def test_invalid_page_size_inputs(self):
+        malicious_inputs = [
+            "abc",
+            "-10",
+            "0",
+            "9999999999",
+            "11",
+            "<script>",
+            "../../etc/passwd",
+            "' OR 1=1 --",
+            "",
+        ]
+        for input_value in malicious_inputs:
+            url = f"{reverse('package_search')}?page_size={input_value}"
+            response = self.client.get(url)
+            self.assertEqual(response.status_code, 200)
+            self.assertEqual(response.context["current_page_size"], 20)
+
+    def test_sql_injection_prevention(self):
+        sql_injection_payloads = [
+            "1' OR '1'='1",
+            "1; DROP TABLE packages;",
+            "' UNION SELECT * FROM auth_user--",
+            "1 OR 1=1",
+        ]
+        initial_package_count = Package.objects.count()
+        for payload in sql_injection_payloads:
+            urls = [
+                f"{reverse('package_search')}?page={payload}",
+                f"{reverse('package_search')}?page_size={payload}",
+            ]
+            for url in urls:
+                response = self.client.get(url)
+                self.assertEqual(response.status_code, 200)
+            self.assertEqual(Package.objects.count(), initial_package_count)
+
+
+class PaginationEdgeCaseTests(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        for i in range(5):
+            Package.objects.create(
+                type="test",
+                namespace="test",
+                name=f"package{i}",
+                version=str(i),
+            )
+
+    def test_small_dataset_pagination(self):
+        response = self.client.get(reverse("package_search"))
+        self.assertEqual(response.status_code, 200)
+        self.assertLessEqual(len(response.context["page_obj"].object_list), 20)
+
+    def test_out_of_range_page_number(self):
+        out_of_range_urls = [
+            f"{reverse('package_search')}?page=9999",
+            f"{reverse('package_search')}?page=-5",
+            f"{reverse('package_search')}?page=abc",
+        ]
+        for url in out_of_range_urls:
+            response = self.client.get(url)
+            self.assertEqual(response.status_code, 200)
+            self.assertEqual(response.context["page_obj"].number, 1)

vulnerabilities/tests/test_view.py

@@ -23,10 +23,9 @@
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilitySeverity
 from vulnerabilities.templatetags.url_filters import url_quote_filter
+from vulnerabilities.utils import get_purl_version_class
 from vulnerabilities.views import PackageDetails
 from vulnerabilities.views import PackageSearch
-from vulnerabilities.views import get_purl_version_class
-from vulnerabilities.views import purl_sort_key
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 TEST_DIR = os.path.join(BASE_DIR, "test_data/package_sort")
@@ -59,14 +58,17 @@ def setUp(self):
             Package.objects.create(**attrs)
 
     def test_packages_search_view_paginator(self):
-        response = self.client.get("/packages/search?type=deb&name=&page=1")
-        self.assertEqual(response.status_code, 200)
-        response = self.client.get("/packages/search?type=deb&name=&page=*")
-        self.assertEqual(response.status_code, 404)
-        response = self.client.get("/packages/search?type=deb&name=&page=")
-        self.assertEqual(response.status_code, 200)
-        response = self.client.get("/packages/search?type=&name=&page=")
-        self.assertEqual(response.status_code, 200)
+        test_cases = [
+            ("/packages/search?type=deb&name=&page=1", 200),
+            ("/packages/search?type=deb&name=&page=*", 200),
+            ("/packages/search?type=deb&name=&page=", 200),
+            ("/packages/search?type=&name=&page=", 200),
+        ]
+        for url, expected_status in test_cases:
+            response = self.client.get(url)
+            self.assertEqual(response.status_code, expected_status)
+            if "*" in url or "&page=" in url:
+                self.assertEqual(response.context["page_obj"].number, 1)
 
     def test_package_view(self):
         qs = PackageSearch().get_queryset(query="pkg:nginx/nginx@1.0.15?foo=bar")
@@ -202,12 +204,13 @@ def setUp(self):
         for pkg in input_purls:
             real_purl = PackageURL.from_string(pkg)
             attrs = {k: v for k, v in real_purl.to_dict().items() if v}
-            Package.objects.create(**attrs)
+            pkg = Package.objects.create(**attrs)
+            pkg.calculate_version_rank
 
     def test_sorted_queryset(self):
         qs_all = Package.objects.all()
         pkgs_qs_all = list(qs_all)
-        sorted_pkgs_qs_all = sorted(pkgs_qs_all, key=purl_sort_key)
+        sorted_pkgs_qs_all = pkgs_qs_all
 
         pkg_package_urls = [obj.package_url for obj in sorted_pkgs_qs_all]
         sorted_purls = os.path.join(TEST_DIR, "sorted_purls.txt")