Add a unit test for /api/v1/sbom/{id}/advisory

Signed-off-by: Jim Crossley <[email protected]>
trustification · Nov 22, 2024 · 205ed5f · 205ed5f
1 parent 875da28
commit 205ed5f
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 12 deletions.
diff --git a/cvss/src/cvss3/score.rs b/cvss/src/cvss3/score.rs
@@ -37,16 +37,12 @@ impl Score {
 
     /// Convert the numeric score into a `Severity`
     pub fn severity(self) -> Severity {
-        if self.0 < 0.1 {
-            Severity::None
-        } else if self.0 < 4.0 {
-            Severity::Low
-        } else if self.0 < 7.0 {
-            Severity::Medium
-        } else if self.0 < 9.0 {
-            Severity::High
-        } else {
-            Severity::Critical
+        match self.0 {
+            x if x < 0.1 => Severity::None,
+            x if x < 4.0 => Severity::Low,
+            x if x < 7.0 => Severity::Medium,
+            x if x < 9.0 => Severity::High,
+            _ => Severity::Critical,
         }
     }
 }
@@ -73,12 +69,10 @@ impl FromIterator<Cvss3Base> for Score {
     fn from_iter<I: IntoIterator<Item = Cvss3Base>>(iter: I) -> Self {
         let mut count: usize = 0;
         let mut sum = 0.0;
-
         for v in iter {
             sum += v.score().value();
             count += 1;
         }
-
         if count > 0 {
             Self::new(sum / (count as f64))
         } else {

diff --git a/modules/fundamental/src/sbom/endpoints/test.rs b/modules/fundamental/src/sbom/endpoints/test.rs
@@ -202,3 +202,33 @@ async fn download_sbom(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
 
     Ok(())
 }
+
+#[test_context(TrustifyContext)]
+#[test(actix_web::test)]
+async fn get_advisories(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
+    let id = ctx
+        .ingest_documents([
+            "quarkus-bom-2.13.8.Final-redhat-00004.json",
+            "csaf/cve-2023-0044.json",
+        ])
+        .await?[0]
+        .id
+        .to_string();
+
+    let app = caller(ctx).await?;
+    let v: Value = app
+        .call_and_read_body_json(
+            TestRequest::get()
+                .uri(&format!("/api/v1/sbom/{id}/advisory"))
+                .to_request(),
+        )
+        .await;
+
+    log::debug!("{v:#?}");
+
+    // assert expected fields
+    assert_eq!(v[0]["identifier"], "https://www.redhat.com/#CVE-2023-0044");
+    assert_eq!(v[0]["status"][0]["average_severity"], "high");
+
+    Ok(())
+}