Coverage for product_risk_suite / risk_assessment / tests.py: 99%
276 statements
« prev ^ index » next coverage.py v7.14.0, created at 2026-05-13 23:42 +0000
1from django.test import TestCase
2from django.db.utils import IntegrityError
3from django.core.exceptions import ValidationError
5from .models import *
7class AssetTest(TestCase):
8 test_name = "Operating System"
10 def test_simple(self):
11 exp = Asset.objects.create(name=self.test_name)
13 act = Asset.objects.get(name=self.test_name)
14 self.assertEqual(act, exp)
16 def test_unique(self):
17 exp = Asset.objects.create(name=self.test_name)
18 unique_check_ok = False
19 try:
20 item2 = Asset.objects.create(name=self.test_name)
21 except IntegrityError:
22 unique_check_ok = True
24 self.assertTrue(unique_check_ok)
26 def test_str(self):
27 exp = Asset.objects.create(name=self.test_name)
29 self.assertEqual(str(exp), self.test_name)
31class LiveCycleTest(TestCase):
32 test_name = "in use"
34 def test_simple(self):
35 exp = LiveCycle.objects.create(name=self.test_name)
37 act = LiveCycle.objects.get(name=self.test_name)
38 self.assertEqual(act, exp)
40 def test_unique(self):
41 exp = LiveCycle.objects.create(name=self.test_name)
42 unique_check_ok = False
43 try:
44 item2 = LiveCycle.objects.create(name=self.test_name)
45 except IntegrityError:
46 unique_check_ok = True
48 self.assertTrue(unique_check_ok)
50 def test_str(self):
51 exp = LiveCycle.objects.create(name=self.test_name)
53 self.assertEqual(str(exp), self.test_name)
55class OriginTest(TestCase):
56 test_name = "USB"
58 def test_simple(self):
59 exp = Origin.objects.create(name=self.test_name)
61 act = Origin.objects.get(name=self.test_name)
62 self.assertEqual(act, exp)
64 def test_unique(self):
65 exp = Origin.objects.create(name=self.test_name)
66 unique_check_ok = False
67 try:
68 item2 = Origin.objects.create(name=self.test_name)
69 except IntegrityError:
70 unique_check_ok = True
72 self.assertTrue(unique_check_ok)
74 def test_str(self):
75 exp = Origin.objects.create(name=self.test_name)
77 self.assertEqual(str(exp), self.test_name)
79class SecurityRequirementTest(TestCase):
80 def test_simple(self):
81 exp = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.1", description_long="details 1.1")
83 act = SecurityRequirement.objects.get(norm_short="CRA", description_short="Part 1.1")
84 self.assertEqual(act, exp)
86 def test_unique(self):
87 exp = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.1", description_long="details 1.1")
88 unique_check_ok = False
89 try:
90 item2 = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.1", description_long="details 1.1")
91 except IntegrityError:
92 unique_check_ok = True
94 self.assertTrue(unique_check_ok)
96 def test_str(self):
97 exp = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.1", description_long="details 1.1")
99 self.assertEqual(str(exp), f"CRA: Part 1.1")
101class StrideTest(TestCase):
102 def test_simple(self):
103 exp = Stride.objects.create(name="S")
105 act = Stride.objects.get(name="S")
106 self.assertEqual(act, exp)
108 def test_no_create_unallowed(self):
109 allowed_to_add = True
110 try:
111 unallowed = Stride.objects.create(name="F")
112 except ValidationError:
113 allowed_to_add = False
115 self.assertFalse(allowed_to_add)
117 def test_unique(self):
118 exp = Stride.objects.create(name="S")
119 unique_check_ok = False
120 try:
121 item2 = Stride.objects.create(name="S")
122 except ValidationError:
123 unique_check_ok = True
124 except IntegrityError:
125 unique_check_ok = True
127 self.assertTrue(unique_check_ok)
129 def test_str(self):
130 exp = Stride.objects.create(name="S")
131 self.assertEqual(str(exp), f"S")
132 text = Stride.STRIDE_CHOICES["S"]
133 self.assertEqual(text, "Spoofing")
135class RiskTest(TestCase):
136 def setUp(self):
137 ass = Asset.objects.create(name="OS")
138 lc = LiveCycle.objects.create(name="in use")
139 orig = Origin.objects.create(name="USB")
140 spo = Stride.objects.create(name="S")
141 risk = Risk(id=1,
142 custom_id="Test-risk-01",
143 asset=ass, origin=orig, live_cycle=lc,
144 title="Risk title", description="Risk description")
145 risk.stride.set([spo])
146 risk.save()
148 def test_simple(self):
149 act = Risk.objects.get(id=1)
150 self.assertEqual(act.custom_id, "Test-risk-01")
151 self.assertEqual(act.asset.name, "OS")
152 self.assertEqual(act.origin.name, "USB")
153 self.assertEqual(act.live_cycle.name, "in use")
154 self.assertEqual(act.title, "Risk title")
155 self.assertEqual(act.description, "Risk description")
156 self.assertEqual(len(act.stride.all()), 1)
157 for i in act.stride.all():
158 self.assertEqual(i.name, "S")
160 def test_stride_str(self):
161 act = Risk.objects.get(id=1)
162 stride_str = act.stride_str
163 self.assertEqual(stride_str, "S")
165 def test_list_strid(self):
166 act = Risk.objects.get(id=1)
167 list_stride = act.list_stride
168 self.assertEqual(list_stride, ["Spoofing"])
170class SeverityNameTest(TestCase):
171 def test_human_str(self):
172 data = [
173 { "value": SeverityName.Negligible, "str": "Negligible"},
174 { "value": SeverityName.Minor, "str": "Minor"},
175 { "value": SeverityName.Moderate, "str": "Moderate"},
176 { "value": SeverityName.Major, "str": "Major"},
177 { "value": SeverityName.Critical, "str": "Critical"},
178 ]
180 for tc in data:
181 t = SeverityName.to_human_str(tc["value"])
182 self.assertEqual(t, tc["str"])
184class LikelihoodNameTest(TestCase):
185 def test_human_str(self):
186 data = [
187 { "value": LikelihoodName.VeryLow, "str": "Very low"},
188 { "value": LikelihoodName.Low, "str": "Low"},
189 { "value": LikelihoodName.Medium, "str": "Medium"},
190 { "value": LikelihoodName.High, "str": "High"},
191 { "value": LikelihoodName.VeryHigh, "str": "Very high"},
192 ]
194 for tc in data:
195 t = LikelihoodName.to_human_str(tc["value"])
196 self.assertEqual(t, tc["str"])
198class RiskRatingTest(TestCase):
199 def setUp(self):
200 rr = RiskRating.objects.create(likelihood_of_occurrence=2, severity_of_impact=4)
202 def test_risk(self):
203 act = RiskRating.objects.get(id=1)
204 self.assertEqual(act.risk, 8)
206 def test_risk_level(self):
207 td = [
208 {"in": 20, "expected": Risk5x5.HIGH},
210 {"in": 16, "expected": Risk5x5.HIGH},
211 {"in": 15, "expected": Risk5x5.HIGH},
212 {"in": 14, "expected": Risk5x5.MID},
214 {"in": 8, "expected": Risk5x5.MID},
215 {"in": 7, "expected": Risk5x5.MID},
216 {"in": 6, "expected": Risk5x5.LOW},
218 {"in": 1, "expected": Risk5x5.LOW},
219 ]
221 for tr in td:
222 self.assertEqual(RiskRating.risk_level(tr["in"]), tr["expected"])
224 def test_risk_level_to_color(self):
225 # Risk5x5
226 td = [
227 {"in": 3, "expected": "danger"},
228 {"in": Risk5x5.HIGH, "expected": "danger"},
229 {"in": Risk5x5.MID, "expected": "warning"},
230 {"in": Risk5x5.LOW, "expected": "success"},
231 {"in": -1, "expected": "danger"},
232 ]
233 for tr in td:
234 self.assertEqual(RiskRating.risk_level_to_color(tr["in"]), tr["expected"])
236 def test_color_class(self):
237 td = [
238 {"in": 0, "expected": "danger"},
239 {"in": 1, "expected": "success"},
240 {"in": 2, "expected": "success"},
241 {"in": 3, "expected": "warning"},
242 {"in": 4, "expected": "warning"},
243 {"in": 5, "expected": "danger"},
244 {"in": 6, "expected": "danger"},
245 ]
246 rr = RiskRating()
247 for tr in td:
248 self.assertEqual(rr.color_class(tr["in"]), tr["expected"])
250 def test_risk_color_class(self):
251 td = [
252 {"in": 20, "expected": "danger"},
254 {"in": 16, "expected": "danger"},
255 {"in": 15, "expected": "danger"},
256 {"in": 14, "expected": "warning"},
258 {"in": 8, "expected": "warning"},
259 {"in": 7, "expected": "warning"},
260 {"in": 6, "expected": "success"},
262 {"in": 1, "expected": "success"},
263 ]
265 rr = RiskRating()
266 for tr in td:
267 self.assertEqual(rr.risk_color_class(tr["in"]), tr["expected"])
269 def test_str(self):
270 act = RiskRating.objects.get(id=1)
271 self.assertEqual(act.likelihood_of_occurrence, 2)
272 self.assertEqual(act.severity_of_impact, 4)
273 self.assertEqual(str(act), "Low (2) * Major (4) = 8")
275 def test_color_props(self):
276 act = RiskRating.objects.get(id=1)
277 self.assertEqual(act.likelihood_of_occurrence, 2)
278 self.assertEqual(act.severity_of_impact, 4)
280 self.assertEqual(act.color_likelihood_of_occurrence, "success")
281 self.assertEqual(act.color_severity_of_impact, "warning")
282 self.assertEqual(act.color_risk, "warning")
284class StatusTest(TestCase):
285 def setUp(self):
286 Status.objects.create(id=0, status="Open")
287 Status.objects.create(id=1, status="On going")
288 Status.objects.create(id=2, status="Finished")
289 Status.objects.create(id=3, status="Rejected")
291 def test_str(self):
292 td = [
293 {"id": 0, "expected": "Open"},
294 {"id": 1, "expected": "On going"},
295 {"id": 2, "expected": "Finished"},
296 {"id": 3, "expected": "Rejected"},
297 ]
299 for tr in td:
300 stat = Status.objects.get(id=tr["id"])
301 self.assertEqual(str(stat), tr["expected"])
303 def test_is_todo(self):
304 td = [
305 {"id": 0, "expected": True},
306 {"id": 1, "expected": True},
307 {"id": 2, "expected": False},
308 {"id": 3, "expected": False},
309 ]
311 for tr in td:
312 stat = Status.objects.get(id=tr["id"])
313 self.assertEqual(stat.is_todo, tr["expected"])
315 def test_web_idx_name(self):
316 td = [
317 {"in": "Open", "expected": "open"},
318 {"in": "On going", "expected": "on_going"},
319 {"in": "Finished", "expected": "finished"},
320 {"in": "Rejected", "expected": "rejected"},
321 {"in": "foobar", "expected": "unknown"},
322 {"in": "", "expected": "unknown"},
323 ]
325 for tr in td:
326 self.assertEqual(Status.web_idx_name(tr["in"]), tr["expected"])
328 def test_invalid(self):
329 td = [
330 "", "Foobar"
331 ]
332 for tr in td:
333 failed_create = False
334 try:
335 Status.objects.create(status=tr)
336 except ValidationError:
337 failed_create = True
338 self.assertTrue(failed_create)
340class EvidenceTest(TestCase):
341 def setUp(self):
342 self.u = User.objects.create(username="testuser")
343 self.s0 = Status.objects.create(id=0, status="Open")
344 self.s1 = Status.objects.create(id=1, status="On going")
345 self.s2 = Status.objects.create(id=2, status="Finished")
346 self.s3 = Status.objects.create(id=3, status="Rejected")
347 Evidence.objects.create(id=0, due_date="2026-04-23", responsible=self.u, status=self.s0)
348 Evidence.objects.create(id=1, due_date="2026-04-23", responsible=self.u, status=self.s1, evidence="[REQ-001] the evidence req", evidence_link="https://example.com/requirement-001")
349 Evidence.objects.create(id=2, due_date="2026-04-23", responsible=self.u, status=self.s2, evidence="[REQ-001] the evidence req", evidence_link="https://example.com/requirement-001")
350 Evidence.objects.create(id=3, due_date="2026-04-23", responsible=self.u, status=self.s3, evidence="[REQ-001] the evidence req", evidence_link="https://example.com/requirement-001")
351 Evidence.objects.create(id=4, due_date="2026-04-23", responsible=self.u, status=self.s3)
353 def test_str(self):
354 td = [
355 {"evidence": Evidence.objects.get(id=0), "expected": "Open responsible: testuser due: 2026-04-23"},
356 {"evidence": Evidence.objects.get(id=1), "expected": "On going responsible: testuser due: 2026-04-23 evidence: [REQ-001] the evidence req"},
357 {"evidence": Evidence.objects.get(id=2), "expected": "Finished evidence: [REQ-001] the evidence req"},
358 {"evidence": Evidence.objects.get(id=3), "expected": "Rejected evidence: [REQ-001] the evidence req"},
359 {"evidence": Evidence.objects.get(id=4), "expected": "Rejected evidence: None"},
360 ]
361 for tr in td:
362 self.assertEqual(str(tr["evidence"]), tr["expected"])
364 def test_color_due_date(self):
365 yesterday = Evidence(due_date=(datetime.today() - timedelta(days=1)).date(), responsible=self.u, status=self.s0)
366 finished = Evidence(due_date=(datetime.today() - timedelta(days=1)).date(), responsible=self.u, status=self.s3)
367 in_a_week = Evidence(due_date=(datetime.today() + timedelta(weeks=1)).date(), responsible=self.u, status=self.s0)
368 in_5_weeks = Evidence(due_date=(datetime.today() + timedelta(weeks=5)).date(), responsible=self.u, status=self.s0)
370 self.assertEqual(yesterday.color_due_date, "danger")
371 self.assertEqual(finished.color_due_date, "success")
372 self.assertEqual(in_a_week.color_due_date, "danger")
373 self.assertEqual(in_5_weeks.color_due_date, "warning")
375class RiskMitigationTest(TestCase):
376 def setUp(self):
377 self.secReq1 = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.1", description_long="details 1.1", slug="cra-1.1")
378 self.secReq2 = SecurityRequirement.objects.create(norm_short="CRA", norm_long="CRA long", description_short="Part 1.2", description_long="details 1.2", slug="cra-1.2")
379 rm = RiskMitigation(id=0, mitigation="We fixed it")
380 rm.save()
381 rm.security_requirements.set([self.secReq1])
382 self.rm_no_rat = rm.save()
384 rm = RiskMitigation(id=1, mitigation="Extremely long mitigation that bores us and clutters the ui", rational="We fixed it in a very good manor")
385 rm.save()
386 rm.security_requirements.set([self.secReq1, self.secReq2])
387 self.rm_rat = rm.save()
389 rm = RiskMitigation(id=2, mitigation="Extremely long mitigation that bores us and clutters the ui", title="short catchy")
390 self.rm_tit = rm.save()
392 def test_str(self):
393 self.assertEqual(str(RiskMitigation.objects.get(id=0)), "We fixed it")
394 self.assertEqual(str(RiskMitigation.objects.get(id=1)), "Extremely long mitigation that bores us and clutters the ui")
395 self.assertEqual(str(RiskMitigation.objects.get(id=2)), "short catchy")
397 def test_list_sec_req(self):
398 rm0 = RiskMitigation.objects.get(id=0)
399 rm1 = RiskMitigation.objects.get(id=1)
401 secReqs = rm0.list_security_requirements
402 self.assertEqual(len(secReqs), 1)
403 self.assertEqual(secReqs, [
404 {"str": "CRA: Part 1.1", "slug": "cra-1.1"}
405 ])
407 secReqs = rm1.list_security_requirements
408 self.assertEqual(len(secReqs), 2)
409 self.assertEqual(secReqs, [
410 {"str": "CRA: Part 1.1", "slug": "cra-1.1"},
411 {"str": "CRA: Part 1.2", "slug": "cra-1.2"},
412 ])
414class SeverityExampleTest(TestCase):
415 def test_simple(self):
416 SeverityExample.objects.create(severity_of_impact=1, examples="Hello severity world")
418 act = SeverityExample.objects.get(severity_of_impact=1)
419 self.assertEqual(act.severity_of_impact, 1)
420 self.assertEqual(act.examples, "Hello severity world")
422class LikelihoodExampleTest(TestCase):
423 def test_simple(self):
424 LikelihoodExample.objects.create(likelihood_of_occurrence=1, examples="Hello like world")
426 act = LikelihoodExample.objects.get(likelihood_of_occurrence=1)
427 self.assertEqual(act.likelihood_of_occurrence, 1)
428 self.assertEqual(act.examples, "Hello like world")
430class SuggestedMitigationValidationTest(TestCase):
431 def test_simple(self):
432 td = [
433 {"id": 1, "mit": "Verification of signature before installation", "vali": "<ol><li>Modify update file and verify detection</li><li>Ensure only signed files are installed</li></ol>"},
434 {"id": 2, "mit": None, "vali": "<ol><li>Modify update file and verify detection</li><li>Ensure only signed files are installed</li></ol>"},
435 {"id": 3, "mit": "Verification of signature before installation", "vali": None},
436 ]
438 for t in td:
439 SuggestedMitigationValidation.objects.create(id=t["id"], suggested_mitigation=t["mit"], suggested_validation=t["vali"])
441 act = SuggestedMitigationValidation.objects.get(id=t["id"])
442 self.assertEqual(act.id, t["id"])
443 self.assertEqual(act.suggested_mitigation, t["mit"])
444 self.assertEqual(act.suggested_validation, t["vali"])