Fixed the scope table issue pwndoc#451

AmadeusITGroup · Mar 28, 2023 · ed86a7f · ed86a7f
1 parent 19f48a7
commit ed86a7f
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 1 deletion.
diff --git a/backend/src/models/audit.js b/backend/src/models/audit.js
@@ -278,7 +278,7 @@ AuditSchema.statics.getGeneral = (isAdmin, auditId, userId) => {
         query.populate('reviewers', 'username firstname lastname')
         query.populate('company')
         query.select('name auditType date date_start date_end client collaborators language scope.name template customFields')
-        query.exec()
+        query.lean().exec()
         .then((row) => {
             if (!row)
                 throw({fn: 'NotFound', message: 'Audit not found or Insufficient Privileges'});

diff --git a/backend/tests/audit.test.js b/backend/tests/audit.test.js
@@ -0,0 +1,127 @@
+/*
+  At the end
+  1 Audit: {name: "Audit 1", language: "en", auditType: "Web"}
+*/
+
+module.exports = function(request, app) {
+  describe('Audit Suite Tests', () => {
+    var userToken = '';
+
+    var audit1Id = ""
+    var audit2Id = ""
+
+    beforeAll(async () => {
+      var response = await request(app).post('/api/users/token').send({username: 'admin', password: 'Admin123'})
+      userToken = response.body.datas.token
+    })
+
+    describe('Audit CRUD operations', () => {
+      it('Get Audits (no existing audit in db)', async () => {
+        var response = await request(app).get('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+
+        expect(response.status).toBe(200)
+        expect(response.body.datas).toHaveLength(0)
+      })
+
+      it('Create audit with partial information', async () => {
+        var audit = {name: "Audit 1"}
+        var response = await request(app).post('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+          .send(audit)
+
+        expect(response.status).toBe(422)
+      })
+
+      it('Create audit with invalid audit type', async () => {
+        var audit = {name: "Audit 1", language: "en", auditType: "Internal Test"}
+        var response = await request(app).post('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+          .send(audit)
+
+        expect(response.status).toBe(404)
+      })
+
+      it('Create audit', async () => {
+        var audit = {name: "Audit 1", language: "en", auditType: "Web"}
+        var response = await request(app).post('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+          .send(audit)
+
+        expect(response.status).toBe(201)
+        audit1Id = response.body.datas.audit._id
+      })
+
+      it('Create second audit', async () => {
+        var audit = {name: "Audit 2", language: "fr", auditType: "Web"}
+        var response = await request(app).post('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+          .send(audit)
+
+        expect(response.status).toBe(201)
+        audit2Id = response.body.datas.audit._id
+      })
+
+      it('Delete audit', async () => {
+        var response = await request(app).delete(`/api/audits/${audit2Id}`)
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+        expect(response.status).toBe(200)
+
+        response = await request(app).get('/api/audits')
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+        expect(response.body.datas).toHaveLength(1)
+      })
+
+      it('Update audit general info', async () => {
+        var auditGeneralInfo = {
+                "_id": audit1Id,
+                "scope":[
+                  "Scope Item 1",
+                  "Scope Item 2",
+                ]
+        };
+
+        var response = await request(app).put(`/api/audits/${audit1Id}/general`)
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+          .send(auditGeneralInfo)
+
+        expect(response.status).toBe(200)
+      })
+
+      it('Get audit general info', async () => {
+        var response = await request(app).get(`/api/audits/${audit1Id}/general`)
+          .set('Cookie', [
+            `token=JWT ${userToken}`
+          ])
+
+        expect(response.status).toBe(200)
+
+        expect(response.body.datas.name).toBe('Audit 1');
+        expect(response.body.datas.auditType).toBe('Web');
+        expect(response.body.datas.language).toBe('en');
+        expect(response.body.datas.collaborators).toHaveLength(0);
+        expect(response.body.datas.reviewers).toHaveLength(0);
+        expect(response.body.datas.customFields).toHaveLength(0);
+        expect(response.body.datas.scope).toHaveLength(2);
+        expect(response.body.datas.scope[0]).toBe('Scope Item 1');
+        expect(response.body.datas.scope[1]).toBe('Scope Item 2');
+      })
+    })
+  })
+}
diff --git a/backend/tests/index.test.js b/backend/tests/index.test.js
@@ -19,5 +19,6 @@ require('./data.test')(request, app)
 require('./company.test')(request, app)
 require('./client.test')(request, app)
 require('./vulnerability.test')(request, app)
+require('./audit.test')(request, app)
 require('./settings.test')(request, app)
 require('./lib.test')()