From 04c176f6c80b124fc1d2bef388965b0e88d71ab5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 11:11:26 +0100 Subject: [PATCH 1/6] Updated somen endpoints path --- pyvulnerabilitylookup/api.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pyvulnerabilitylookup/api.py b/pyvulnerabilitylookup/api.py index 756cc39..9d76297 100644 --- a/pyvulnerabilitylookup/api.py +++ b/pyvulnerabilitylookup/api.py @@ -62,19 +62,19 @@ def is_up(self) -> bool: def redis_up(self) -> bool: '''Check if redis is up and running''' - r = self.session.get(urljoin(self.root_url, 'redis_up')) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'system','redis_up')))) return r.json() # #### DB status #### def get_info(self) -> dict[str, Any]: '''Get more information about the current databases in use and when it was updated''' - r = self.session.get(urljoin(self.root_url, 'info')) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'system','dbInfo')))) return r.json() def get_config_info(self) -> dict[str, Any]: '''Get more information about the current databases in use and when it was updated''' - r = self.session.get(urljoin(self.root_url, 'configInfo')) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'system', 'configInfo')))) return r.json() # #### Vulnerabilities #### @@ -84,7 +84,7 @@ def get_vulnerability(self, vulnerability_id: str) -> dict[str, Any]: :param vulnerability_id: The ID of the vulnerability to get (can be from any source, as long as it is a valid ID) ''' - r = self.session.get(urljoin(self.root_url, str(PurePosixPath('vulnerability', vulnerability_id)))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', vulnerability_id)))) return r.json() def create_vulnerability(self, vulnerability: dict[str, Any]) -> dict[str, Any]: @@ -92,7 +92,7 @@ def create_vulnerability(self, vulnerability: dict[str, Any]) -> dict[str, Any]: :param vulnerability: The vulnerability ''' - r = self.session.post(urljoin(self.root_url, str(PurePosixPath('vulnerability'))), + r = self.session.post(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability'))), json=vulnerability) return r.json() @@ -101,7 +101,7 @@ def delete_vulnerability(self, vulnerability_id: str) -> int: :param vulnerability_id: The vulnerability ID ''' - r = self.session.delete(urljoin(self.root_url, str(PurePosixPath('vulnerability', vulnerability_id)))) + r = self.session.delete(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', vulnerability_id)))) return r.status_code def get_last(self, number: int | None=None, source: str | None = None) -> list[dict[str, Any]]: @@ -115,12 +115,12 @@ def get_last(self, number: int | None=None, source: str | None = None) -> list[d path /= source if number is not None: path /= str(number) - r = self.session.get(urljoin(self.root_url, str(path))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', 'last')))) return r.json() def get_vendors(self) -> list[str]: '''Get the known vendors''' - r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'browse')))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', 'browse')))) return r.json() def get_vendor_products(self, vendor: str) -> list[str]: @@ -128,7 +128,7 @@ def get_vendor_products(self, vendor: str) -> list[str]: :params vendor: A vendor owning products (must be in the known vendor list) ''' - r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'browse', vendor)))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', 'browse', vendor)))) return r.json() def get_vendor_product_vulnerabilities(self, vendor: str, product: str) -> list[str]: @@ -137,7 +137,7 @@ def get_vendor_product_vulnerabilities(self, vendor: str, product: str) -> list[ :param vendor: A vendor owning products (must be in the known vendor list) :param product: A product owned by that vendor ''' - r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'search', vendor, product)))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', 'browse', vendor, product)))) return r.json() # #### Comments #### From 35d49cac1e2f103f3bf542d5c1df1248c95a2617 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 11:12:21 +0100 Subject: [PATCH 2/6] chg: fix a test --- tests/test_web.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_web.py b/tests/test_web.py index 7d82294..10ae20c 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -293,7 +293,7 @@ def test_create_user_comment(self) -> None: if not instance_config.get('registration'): return None - user = self.client.create_user(name='test Name', login='test Login', + user = self.client.create_user(name='test Name', login='alan', organisation='test Organization', email='test@testorg.lu') self.assertTrue(user) self.assertTrue('login' in user, user) @@ -307,7 +307,7 @@ def test_create_user_comment(self) -> None: created_comment = self.client.create_comment(comment=comment) new_comment_uuid = created_comment['data'][0]['uuid'] comments = self.client.get_comments(uuid=new_comment_uuid) - self.assertTrue(len(comments['data']) == 0, comments) + self.assertTrue(len(comments['data']) == 1, comments) deleted_comment = self.client.delete_comment(new_comment_uuid) self.assertTrue(deleted_comment < 300) From 6ace0ee43b1a2ad1d5f54f59c3df9afcffa9bea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 11:58:06 +0100 Subject: [PATCH 3/6] chg: keep path inget_last --- pyvulnerabilitylookup/api.py | 2 +- tests/test_web.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyvulnerabilitylookup/api.py b/pyvulnerabilitylookup/api.py index 3f418f3..ef23a76 100644 --- a/pyvulnerabilitylookup/api.py +++ b/pyvulnerabilitylookup/api.py @@ -121,7 +121,7 @@ def get_last(self, number: int | None=None, source: str | None = None) -> list[d path /= source if number is not None: path /= str(number) - r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', 'last')))) + r = self.session.get(urljoin(self.root_url, str(PurePosixPath('api', 'vulnerability', path)))) return r.json() def get_vendors(self) -> list[str]: diff --git a/tests/test_web.py b/tests/test_web.py index 90d43da..16e5318 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -298,7 +298,7 @@ def test_create_user_comment(self) -> None: if not instance_config.get('registration'): return None - user = self.client.create_user(name='test Name', login='alan', + user = self.client.create_user(name='test Name', login='alan11111', organisation='test Organization', email='test@testorg.lu') self.assertTrue(user) self.assertTrue('id' in user, user) From 6ceb31de7d6096de2847d3e5bfada611d8760fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 14:53:35 +0100 Subject: [PATCH 4/6] chg: changed test login name --- tests/test_web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_web.py b/tests/test_web.py index 16e5318..90d43da 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -298,7 +298,7 @@ def test_create_user_comment(self) -> None: if not instance_config.get('registration'): return None - user = self.client.create_user(name='test Name', login='alan11111', + user = self.client.create_user(name='test Name', login='alan', organisation='test Organization', email='test@testorg.lu') self.assertTrue(user) self.assertTrue('id' in user, user) From 920f76cf179eabccbf2a3dbf3139117d34cfde77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 17:37:09 +0100 Subject: [PATCH 5/6] chg: Used .local TLD and added the test test_create_user_not_allowed_login. --- tests/test_web.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/test_web.py b/tests/test_web.py index 90d43da..3dbfb1b 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -260,6 +260,18 @@ def test_bundles_local(self) -> None: self.assertTrue(len(comments["data"]) == 0) # Test User + def test_create_user_not_allowed_login(self) -> None: + if self.public_test: + # Do not run that test against the public instance, it would create users. + return None + instance_config = self.client.get_config_info() + if not instance_config.get('registration'): + return None + for login in ["login", "user", "username", "help", "test", "about", "administration", "account"]: + user = self.client.create_user(name='test Name', login=login, + organisation='test Organization', email='test@testorg.local') + self.assertEqual(user['message'], 'Username not allowed.') + def test_users_info(self) -> None: if not self.admin_token: # this test is only working if the admin token is set @@ -299,7 +311,7 @@ def test_create_user_comment(self) -> None: return None user = self.client.create_user(name='test Name', login='alan', - organisation='test Organization', email='test@testorg.lu') + organisation='test Organization', email='test@testorg.local') self.assertTrue(user) self.assertTrue('id' in user, user) uid = user['id'] From e4a89948a4366e94a9782bd362b50c23565d2492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= Date: Mon, 25 Nov 2024 17:37:54 +0100 Subject: [PATCH 6/6] chg: Removed double quotes. --- tests/test_web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_web.py b/tests/test_web.py index 3dbfb1b..d33470c 100644 --- a/tests/test_web.py +++ b/tests/test_web.py @@ -267,7 +267,7 @@ def test_create_user_not_allowed_login(self) -> None: instance_config = self.client.get_config_info() if not instance_config.get('registration'): return None - for login in ["login", "user", "username", "help", "test", "about", "administration", "account"]: + for login in ['login', 'user', 'username', 'help', 'test', 'about', 'administration', 'account']: user = self.client.create_user(name='test Name', login=login, organisation='test Organization', email='test@testorg.local') self.assertEqual(user['message'], 'Username not allowed.')