#1176 added integration test for checking for redacted users in cve-ids

CVEProject · Jan 29, 2024 · 299a108 · 299a108
1 parent 538bf4a
commit 299a108
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/test/integration-tests/cve-id/getCveIdTest.js b/test/integration-tests/cve-id/getCveIdTest.js
@@ -7,6 +7,7 @@ const _ = require('lodash')
 const expect = chai.expect
 
 const constants = require('../constants.js')
+const helpers = require('../helpers.js')
 const app = require('../../../src/index.js')
 
 describe('Testing Get CVE-ID endpoint', () => {
@@ -109,6 +110,27 @@ describe('Testing Get CVE-ID endpoint', () => {
           expect(res).to.have.status(200)
         })
     })
+    it('Should redact requested_by.user values not in requested_by.cna org', async () => {
+      const cveId = await helpers.cveIdReserveHelper(1, '2023', constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'non-sequential')
+
+      // change users org for testing
+      await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], constants.nonSecretariatUserHeaders['CVE-API-ORG'], 'mitre')
+
+      await chai.request(app)
+        .get('/api/cve-id?state=RESERVED')
+        .set(constants.headers)
+        .then(async (res, err) => {
+          const cveIdObject = _.find(res.body.cve_ids, obj => {
+            return obj.cve_id === cveId
+          })
+          expect(err).to.be.undefined
+          expect(res).to.have.status(200)
+          expect(cveIdObject.requested_by.user).to.equal('REDACTED')
+
+          // Reset user to original org
+          await helpers.userOrgUpdateAsSecHelper(constants.nonSecretariatUserHeaders['CVE-API-USER'], 'mitre', 'win_5')
+        })
+    })
   })
   context('negative tests', () => {
     it('Feb 29 2100 should not be valid', async () => {

diff --git a/test/integration-tests/helpers.js b/test/integration-tests/helpers.js
@@ -96,6 +96,16 @@ async function cveUpdateAsCnaHelperWithAdpContainer (cveId, adpContainer) {
     })
 }
 
+async function userOrgUpdateAsSecHelper (userName, orgShortName, newOrgShortName) {
+  await chai.request(app)
+    .put(`/api/org/${orgShortName}/user/${userName}?org_short_name=${newOrgShortName}`)
+    .set(constants.headers)
+    .then((res, err) => {
+      // Safety Expect
+      expect(res).to.have.status(200)
+    })
+}
+
 module.exports = {
   cveIdReserveHelper,
   cveIdBulkReserveHelper,
@@ -104,5 +114,6 @@ module.exports = {
   cveRequestAsSecHelper,
   cveUpdatetAsCnaHelperWithCnaContainer,
   cveUpdateAsSecHelper,
-  cveUpdateAsCnaHelperWithAdpContainer
+  cveUpdateAsCnaHelperWithAdpContainer,
+  userOrgUpdateAsSecHelper
 }