From b7b9d6a3d98fec9af16887f001ecc2b10511a9c0 Mon Sep 17 00:00:00 2001
From: Diego Avila <diegoavila358@gmail.com>
Date: Mon, 21 Aug 2023 12:55:33 -0500
Subject: [PATCH] -finished all tests. -reworked and fixed all tests.

---
 app/controllers/vulnerabilities_controller.rb | 30 +++++------
 app/models/vulnerability.rb                   |  6 +--
 config/routes.rb                              |  6 +--
 .../vulnerabilities_controller_test.rb        | 51 +++++++++++++++----
 test/fixtures/commits.yml                     |  2 +
 test/fixtures/fixes.yml                       |  5 ++
 .../same_directory_events_test.rb             | 20 ++++++++
 test/models/commit_test.rb                    |  7 ++-
 test/models/filepath_test.rb                  |  1 +
 test/models/fix_test.rb                       |  2 +-
 test/models/vulnerability_test.rb             | 23 ++++++++-
 11 files changed, 117 insertions(+), 36 deletions(-)

diff --git a/app/controllers/vulnerabilities_controller.rb b/app/controllers/vulnerabilities_controller.rb
index 1d62ac33d..4e4dab53b 100644
--- a/app/controllers/vulnerabilities_controller.rb
+++ b/app/controllers/vulnerabilities_controller.rb
@@ -54,21 +54,21 @@ def show
     render_json_for_api @vulnerability
   end
 
-  # GET /api/vulnerabilities/1/same-cwe
-  def sameCWE
-    params.permit(:id)
-    cve = params[:id]
-    limit = params.key?(:limit) ? params[:limit].to_i : 10
-    offset = params.key?(:offset) ? params[:offset].to_i : 0
-    results = (Vulnerability.sameCWE(cve, limit, offset))
-    if !results.ntuples.zero?
-      return results
-    else
-      render status: :bad_request, json: <<~EOS
-      Error: No results.
-    EOS
+    # GET /api/vulnerabilities/1/same-
+    def sameCWE
+      params.permit(:id)
+      cve = params[:id]
+      limit = params.key?(:limit) ? params[:limit].to_i : 10
+      offset = params.key?(:offset) ? params[:offset].to_i : 0
+      results = (Vulnerability.sameCWE(cve, limit, offset))
+      if !results.ntuples.zero?
+        render_json_for_api results
+      else
+        render status: :bad_request, json: <<~EOS
+        Error: No results.
+      EOS
+      end
     end
-  end
 
   # GET /api/vulnerabilities/1/same-directory
   def sameDirectory
@@ -94,7 +94,7 @@ def sameLessons
     offset = params.key?(:offset) ? params[:offset].to_i : 0
     results = (Vulnerability.sameLessons(cve, limit, offset))
     if !results.ntuples.zero?
-      return results
+      render_json_for_api results
     else
       render status: :bad_request, json: <<~EOS
       Error: No results.
diff --git a/app/models/vulnerability.rb b/app/models/vulnerability.rb
index 0a40908d7..65161d8e1 100644
--- a/app/models/vulnerability.rb
+++ b/app/models/vulnerability.rb
@@ -61,7 +61,7 @@ def tags_by_name
 
   def self.sameCWE(cve, limit, offset)
     query = <<~EOSQL
-        SELECT v2.cve, v2.description, v2.project_id, v2.upvotes, v2.nickname
+        SELECT DISTINCT v2.cve, v2.description, v2.project_id, v2.upvotes, v2.nickname
           FROM vulnerabilities v1
           INNER JOIN vulnerability_tags vt1 ON v1.id = vt1.vulnerability_id
           INNER JOIN tags t1 ON vt1.tag_id = t1.id
@@ -80,7 +80,7 @@ def self.sameCWE(cve, limit, offset)
 
   def self.sameLessons(cve, limit, offset)
     query = <<~EOSQL
-        SELECT v2.cve, v2.description, v2.project_id, v2.upvotes, v2.nickname
+        SELECT DISTINCT v2.cve, v2.description, v2.project_id, v2.upvotes, v2.nickname
           FROM vulnerabilities v1
           INNER JOIN vulnerability_tags vt1 ON v1.id = vt1.vulnerability_id
           INNER JOIN tags t1 ON vt1.tag_id = t1.id
@@ -88,7 +88,7 @@ def self.sameLessons(cve, limit, offset)
           INNER JOIN vulnerabilities v2 ON vt2.vulnerability_id = v2.id
             WHERE v1.cve = ?
               AND v2.cve != ?
-              AND starts_with(t1.shortname, 'Lesson')
+              AND starts_with(t1.name, 'Lesson')
         ORDER BY v2.upvotes DESC
         LIMIT ?
         OFFSET ?
diff --git a/config/routes.rb b/config/routes.rb
index 16aebb934..31a0892ed 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -10,9 +10,9 @@
   get '/api/vulnerabilities/:id', controller: :vulnerabilities, action: :show, constraints: { id: /CVE\-\d+\-\d+/ }
   get '/corpus',                  controller: :vulnerabilities, action: :corpus
   get '/api/vulnerabilities/:id/events', controller: :vulnerabilities, action: :events, constraints: { id: /CVE\-\d+\-\d+/ }
-  get '/api/vulnerabilities/:id/same-directory',     controller: :vulnerabilities, action: :sameDirectory, constraints: { id: /CVE\-\d+\-\d+/, similarity: /[-A-Za-z]+/ }
-  get '/api/vulnerabilities/:id/same-cwe',     controller: :vulnerabilities, action: :sameCWE, constraints: { id: /CVE\-\d+\-\d+/, similarity: /[-A-Za-z]+/ }
-  get '/api/vulnerabilities/:id/same-lessons',     controller: :vulnerabilities, action: :sameLessons, constraints: { id: /CVE\-\d+\-\d+/, similarity: /[-A-Za-z]+/ }
+  get '/api/vulnerabilities/:id/same-directory',     controller: :vulnerabilities, action: :sameDirectory, constraints: { id: /CVE\-\d+\-\d+/}
+  get '/api/vulnerabilities/:id/same-cwe',     controller: :vulnerabilities, action: :sameCWE, constraints: { id: /CVE\-\d+\-\d+/}
+  get '/api/vulnerabilities/:id/same-lessons',     controller: :vulnerabilities, action: :sameLessons, constraints: { id: /CVE\-\d+\-\d+/}
   #  get '/api/vulnerabilities/:id/related',     controller: :vulnerabilities, action: :similarVulnerabilities, constraints: { id: /CVE\-\d+\-\d+/, similarity: /[-A-Za-z]+/ } ----- This one requires a rework of the db schema
 
   get '/developers',                 controller: :developers, action: :index
diff --git a/test/controllers/vulnerabilities_controller_test.rb b/test/controllers/vulnerabilities_controller_test.rb
index 7f9b8935f..044cc9ebd 100644
--- a/test/controllers/vulnerabilities_controller_test.rb
+++ b/test/controllers/vulnerabilities_controller_test.rb
@@ -31,29 +31,58 @@ class VulnerabilitiesControllerTest < ActionDispatch::IntegrationTest
     assert_recognizes expected, "/CVE-2011-3092"
   end
 
-  test 'Checks routing for similarVulnerabilities' do
-    assert_routing '/api/vulnerabilities/CVE-2013-2878/same-cwe', controller: "vulnerabilities", action: "similarVulnerabilities", id: "CVE-2013-2878", similarity: "same-cwe"
-    assert_recognizes({controller: 'vulnerabilities', action: 'similarVulnerabilities', id: 'CVE-2013-2878', similarity: 'same-cwe'}, '/api/vulnerabilities/CVE-2013-2878/same-cwe')
+  test 'Checks routing for same-cwe' do
+    assert_routing '/api/vulnerabilities/CVE-2013-2878/same-cwe', controller: "vulnerabilities", action: "sameCWE", id: "CVE-2013-2878"
+    assert_recognizes({controller: 'vulnerabilities', action: 'sameCWE', id: 'CVE-2013-2878'}, '/api/vulnerabilities/CVE-2013-2878/same-cwe')
   end
 
+  test 'Checks routing for same-directory' do
+    assert_routing '/api/vulnerabilities/CVE-2013-2878/same-directory', controller: "vulnerabilities", action: "sameDirectory", id: "CVE-2013-2878"
+    assert_recognizes({controller: 'vulnerabilities', action: 'sameDirectory', id: 'CVE-2013-2878'}, '/api/vulnerabilities/CVE-2013-2878/same-directory')
+  end
+
+  test 'Checks routing for same-lessons' do
+    assert_routing '/api/vulnerabilities/CVE-2013-2878/same-lessons', controller: "vulnerabilities", action: "sameLessons", id: "CVE-2013-2878"
+    assert_recognizes({controller: 'vulnerabilities', action: 'sameLessons', id: 'CVE-2013-2878'}, '/api/vulnerabilities/CVE-2013-2878/same-lessons')
+  end
 
-  test 'Checks invalid input to similarVulnerabilities' do
-    get "/api/vulnerabilities/CVE-2013-2878/invalid"
+  test 'Checks invalid input to same-cwe' do
+    get "/api/vulnerabilities/CVE-3223-2324/same-cwe"
+    assert_response :bad_request
+    assert_match /Error: /, @response.body
+  end
+
+  test 'Checks invalid input to same-lessons' do
+    get "/api/vulnerabilities/CVE-2424-5555/same-lessons"
+    assert_response :bad_request
+    assert_match /Error: /, @response.body
+  end
+  
+  test 'Checks invalid input to same-directory' do
+    get "/api/vulnerabilities/CVE-3223-2324/same-directory"
     assert_response :bad_request
-    assert_match /Error: Invalid/, @response.body
+    assert_match /Error: /, @response.body
   end
 
-  test 'Checks valid input to similarVulnerabilities' do
+
+  test 'Checks valid input to same-cwe' do
     get "/api/vulnerabilities/CVE-2013-2878/same-cwe"
     assert_response :success
-    expected = Vulnerability.similarVulnerabilities('CVE-2013-2878', 'cwe', 10, 0).to_json
+    expected = Vulnerability.sameCWE('CVE-2013-2878', 10, 0).to_json
+    assert_equal expected, @response.body
+  end
+
+  test 'Checks valid input to same-directory' do
+    get "/api/vulnerabilities/CVE-2011-3093/same-directory"
+    assert_response :success
+    expected = Vulnerability.sameDirectory('CVE-2011-3093', 10, 0).to_json
     assert_equal expected, @response.body
   end
 
-  test 'Checks valid input to similarVulnerabilities with lessons and checks offset and limit' do
-    get "/api/vulnerabilities/CVE-2013-2878/same-lessons?offset=1&limit=20"
+  test 'Checks valid input to same-lessons with lessons and checks offset and limit' do
+    get "/api/vulnerabilities/CVE-2013-2878/same-lessons"
     assert_response :success
-    expected = Vulnerability.similarVulnerabilities('CVE-2013-2878', 'lessons', 20, 1).to_json
+    expected = Vulnerability.sameLessons('CVE-2013-2878', 10, 0).to_json
     assert_equal expected, @response.body
   end
 
diff --git a/test/fixtures/commits.yml b/test/fixtures/commits.yml
index ca615d4e8..3ac70a3cf 100644
--- a/test/fixtures/commits.yml
+++ b/test/fixtures/commits.yml
@@ -21,6 +21,7 @@ fix1:
     - deps
     - makefile
     - similar_path1
+    - cpp_path
 
 fix2:
   commit_hash: 5fb2548448bd1b76a59d941b729d7a7f90d53bc8
@@ -54,6 +55,7 @@ vcc1:
   filepaths:
     - v8_custom_cpp
     - v8_custom_h
+    - cpp_path
 
 vcc2:
   commit_hash: 6fe4e841191055b69f5df33002e78d75bfdcf725
diff --git a/test/fixtures/fixes.yml b/test/fixtures/fixes.yml
index c3b11f7a8..b0d0e6ad6 100644
--- a/test/fixtures/fixes.yml
+++ b/test/fixtures/fixes.yml
@@ -12,3 +12,8 @@ cve_2011_3093:
   commit: fix1
   vulnerability: cve_2011_3093
   notes: {}
+
+cve_2011_3093_fix:
+  commit: fix2
+  vulnerability: cve_2011_3093
+  notes: {}
diff --git a/test/lib/event_generators/same_directory_events_test.rb b/test/lib/event_generators/same_directory_events_test.rb
index f48c3e980..3113c4c3d 100644
--- a/test/lib/event_generators/same_directory_events_test.rb
+++ b/test/lib/event_generators/same_directory_events_test.rb
@@ -12,6 +12,26 @@ class SameDirectoryEventsTest < ActiveSupport::TestCase
     expected = [
         "Nearby vulnerability in /",
         "Nearby vulnerability in /",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in cc/",
+        "Nearby vulnerability in this/is/a/test/",
+        "Nearby vulnerability in this/is/a/test/",
         "Nearby vulnerability in this/is/a/test/",
         "Nearby vulnerability in this/is/a/test/",
         "Nearby vulnerability in this/is/a/test/",
diff --git a/test/models/commit_test.rb b/test/models/commit_test.rb
index 91565e24f..75ac86332 100644
--- a/test/models/commit_test.rb
+++ b/test/models/commit_test.rb
@@ -25,7 +25,8 @@ class CommitTest < ActiveSupport::TestCase
     expected = [
       'DEPS',
       'webkit/port/DerivedSources.make',
-      "this/is/a/test/1.c"
+      "this/is/a/test/1.c",
+      "cc/file.cpp"
     ]
     actual = c.commit_filepaths.map { |cf| cf.filepath.filepath }
     assert_equal expected, actual
@@ -36,7 +37,8 @@ class CommitTest < ActiveSupport::TestCase
     expected = [
       'DEPS',
       'webkit/port/DerivedSources.make',
-      "this/is/a/test/1.c"
+      "this/is/a/test/1.c",
+      "cc/file.cpp"
     ]
     actual = c.filepaths.map { |f| f.filepath }
     assert_equal expected, actual
@@ -66,6 +68,7 @@ class CommitTest < ActiveSupport::TestCase
     expected = [
       'webkit/port/bindings/v8/v8_custom.cpp',
       'webkit/port/bindings/v8/v8_custom.h',
+      'cc/file.cpp'
     ]
     actual = c.filepaths.map { |f| f.filepath }
     assert_equal expected, actual
diff --git a/test/models/filepath_test.rb b/test/models/filepath_test.rb
index 73909251a..a3a1c82db 100644
--- a/test/models/filepath_test.rb
+++ b/test/models/filepath_test.rb
@@ -20,6 +20,7 @@ class FilepathTest < ActiveSupport::TestCase
   test 'Filepath.vulnerable(v) joins on fixes' do
     expected = [
       filepaths(:deps),
+      filepaths(:cpp_path),
       filepaths(:similar_path1),
       filepaths(:makefile)
     ]
diff --git a/test/models/fix_test.rb b/test/models/fix_test.rb
index ed5f5b9e2..f451b7d92 100644
--- a/test/models/fix_test.rb
+++ b/test/models/fix_test.rb
@@ -3,7 +3,7 @@
 class FixTest < ActiveSupport::TestCase
 
   test 'fix fixtures are loaded' do
-    assert_equal 3, Fix.count
+    assert_equal 4, Fix.count
   end
 
   test 'fix is connected to a commit with a developer' do
diff --git a/test/models/vulnerability_test.rb b/test/models/vulnerability_test.rb
index b1aca2412..2bf908494 100644
--- a/test/models/vulnerability_test.rb
+++ b/test/models/vulnerability_test.rb
@@ -59,7 +59,7 @@ class VulnerabilityTest < ActiveSupport::TestCase
   end
 
   test 'similar vulnerabilities, same-cwe' do
-    vuln = Vulnerability.similarVulnerabilities('CVE-2013-2878', 'cwe', 10, 0)
+    vuln = Vulnerability.sameCWE('CVE-2013-2878', 10, 0)
     vulnResults = vuln.map { |v| v['cve']}
     expected_results = %w(
       CVE-2016-1676
@@ -67,5 +67,26 @@ class VulnerabilityTest < ActiveSupport::TestCase
     assert_equal expected_results, vulnResults, 'SQL statement is not correct'
   end
 
+  test 'similar vulnerabilities, same-directory' do
+    vuln = Vulnerability.sameDirectory('CVE-2011-3093', 10, 0)
+    vulnResults = vuln.map { |v| v['cve']}
+    expected_results = %w(
+      CVE-2016-1676
+      CVE-2011-3092
+    )
+    assert_equal expected_results, vulnResults, 'SQL statement is not correct'
+  end
+
+  test 'similar vulnerabilities, same-lessons' do
+    vuln = Vulnerability.sameLessons('CVE-2013-2878', 10, 0)
+    vulnResults = vuln.map { |v| v['cve']}
+    expected_results = %w(
+      CVE-2016-1676
+      CVE-2011-3093
+      CVE-2011-5904
+    )
+    assert_equal expected_results, vulnResults, 'SQL statement is not correct'
+  end
+
 
 end