Skip to content

Commit

Permalink
Fix broken pagination in /api/v1/cwe endpoint
Browse files Browse the repository at this point in the history
Fixes #3856

Signed-off-by: nscuro <[email protected]>
  • Loading branch information
nscuro committed Dec 12, 2024
1 parent 27de0f3 commit 1cc6acc
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -129,22 +129,21 @@ public PaginatedResult all(final Pagination pagination) {
return new PaginatedResult().objects(cwes).total(CweDictionary.DICTIONARY.size());
}

int pos = 0;
int pos = 0, count = 0;
final var cwes = new ArrayList<Cwe>();
for (final Map.Entry<Integer, String> dictEntry : CweDictionary.DICTIONARY.entrySet()) {
if (pagination.getOffset() > pos) {
continue;
if (pos >= pagination.getOffset() && count < pagination.getLimit()) {
final var cwe = new Cwe();
cwe.setCweId(dictEntry.getKey());
cwe.setName(dictEntry.getValue());
cwes.add(cwe);
count++;
}
if (pagination.getLimit() <= pos) {
break;
}

final var cwe = new Cwe();
cwe.setCweId(dictEntry.getKey());
cwe.setName(dictEntry.getValue());
cwes.add(cwe);

pos++;
if (count >= pagination.getLimit()) {
break;
}
}

return new PaginatedResult().objects(cwes).total(CweDictionary.DICTIONARY.size());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import alpine.server.filters.AuthenticationFilter;
import org.dependencytrack.JerseyTestRule;
import org.dependencytrack.ResourceTest;
import org.dependencytrack.parser.common.resolver.CweDictionary;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.Assert;
import org.junit.ClassRule;
Expand All @@ -30,6 +31,9 @@
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.ws.rs.core.Response;
import java.util.HashSet;

import static org.assertj.core.api.Assertions.assertThat;

public class CweResourceTest extends ResourceTest {

Expand All @@ -53,6 +57,31 @@ public void getCwesTest() {
Assert.assertEquals("DEPRECATED: Location", json.getJsonObject(0).getString("name"));
}

@Test
public void getCwesPaginationTest() {
int pageNumber = 1;
final var cwesSeen = new HashSet<Integer>();
while (cwesSeen.size() < CweDictionary.DICTIONARY.size()) {
final Response response = jersey.target(V1_CWE)
.queryParam("pageSize", "100")
.queryParam("pageNumber", String.valueOf(pageNumber++))
.request()
.header(X_API_KEY, apiKey)
.get();
assertThat(response.getStatus()).isEqualTo(200);
assertThat(response.getHeaderString(TOTAL_COUNT_HEADER)).isEqualTo("1426");

final JsonArray cwesPage = parseJsonArray(response);
assertThat(cwesPage).hasSizeLessThanOrEqualTo(100);

for (final JsonObject value : cwesPage.getValuesAs(JsonObject.class)) {
final int cweId = value.getInt("cweId");
assertThat(cwesSeen).doesNotContain(cweId);
cwesSeen.add(cweId);
}
}
}

@Test
public void getCweTest() {
Response response = jersey.target(V1_CWE + "/79").request()
Expand All @@ -65,4 +94,5 @@ public void getCweTest() {
Assert.assertEquals(79, json.getInt("cweId"));
Assert.assertEquals("Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", json.getString("name"));
}

}

0 comments on commit 1cc6acc

Please sign in to comment.