Merge remote-tracking branch 'origin/master'

Author: arcuri82

web-report/package.json

@@ -19,7 +19,7 @@
     "@radix-ui/react-scroll-area": "^1.2.3",
     "@radix-ui/react-slot": "^1.1.2",
     "@radix-ui/react-tabs": "^1.1.3",
-    "@radix-ui/react-tooltip": "^1.1.8",
+    "@radix-ui/react-tooltip": "^1.2.7",
     "@tailwindcss/vite": "^4.0.14",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",

web-report/src-e2e/App.test.tsx

@@ -4,14 +4,14 @@ import {resolve} from "path";
 import {readFileSync} from "fs";
 import {vi} from "vitest";
 import App from "../src/App";
-import {fetchFileContent, getFaultCounts} from "../src/utils";
+import {fetchFileContent, getFaultCounts} from "@/lib/utils";
 
 // Read the report.json file
 const reportJsonPath = resolve(__dirname, './static/report.json');
 const reportData = JSON.parse(readFileSync(reportJsonPath, 'utf-8'));
 
 // Mock the fetchFileContent function to return the content of the report.json file
-vi.mock('@/utils.tsx', async (importOriginal) => {
+vi.mock('@/lib/utils.tsx', async (importOriginal) => {
     const originalModule = await importOriginal();
     return{
         ...originalModule as typeof importOriginal,

web-report/src/App.tsx

@@ -3,7 +3,7 @@ import {Dashboard} from "@/components/Dashboard.tsx";
 import {useEffect, useState} from "react";
 import {WebFuzzingReport} from "@/types/GeneratedTypes.tsx";
 import {LoadingScreen} from "@/components/LoadingScreen.tsx";
-import {fetchFileContent} from "@/utils.tsx";
+import {fetchFileContent} from "@/lib/utils";
 import {ITestFiles} from "@/types/General.tsx";
 
 function App() {

web-report/src/assets/info.json

@@ -0,0 +1,140 @@
+{
+  "number_of_endpoints": "Number of endpoints (verb:path) in the API.",
+  "number_of_http_calls": "Total number of HTTP calls in the generated test suites.",
+  "code_number_identifiers": "Code number identifiers for detected fault types",
+  "identifier_name": "Identifier name for the fault type.",
+  "number_of_faults_per_code": "Number of faults detected for each code.",
+  "generated_test_files": "Number of generated test files.",
+  "generated_test_cases": "Number of generated test cases.",
+  "total_faults": "Total number of faults detected in the API.",
+  "distinct_fault_types": "Total number of distinct fault types detected in the API.",
+  "creation_date": "Date when the report was generated.",
+  "tool_name_version": "Name and version of the tool that generated the report.",
+  "schema_version": "Version of the schema used for the report.",
+  "status_2xx": "Coverage of the 2xx status codes",
+  "status_3xx": "Coverage of the 3xx status codes",
+  "status_4xx": "Coverage of the 4xx status codes",
+  "status_5xx": "Coverage of the 5xx status codes",
+  "fault_codes": [
+    {
+      "short_definition": "HTTP_STATUS_500",
+      "code": 100,
+      "description": "HTTP Status 500",
+      "test_case_name": "causes500_internalServerError"
+    },
+    {
+      "short_definition": "HTTP_INVALID_PAYLOAD_SYNTAX",
+      "code": 101,
+      "description": "Invalid Payload Syntax",
+      "test_case_name": "rejectedWithInvalidPayloadSyntax"
+    },
+    {
+      "short_definition": "HTTP_INVALID_LOCATION",
+      "code": 102,
+      "description": "Invalid Location HTTP Header",
+      "test_case_name": "returnsInvalidLocationHeader"
+    },
+    {
+      "short_definition": "HTTP_NONWORKING_DELETE",
+      "code": 103,
+      "description": "DELETE Method Does Not Work",
+      "test_case_name": "deleteDoesNotWork"
+    },
+    {
+      "short_definition": "HTTP_REPEATED_CREATE_PUT",
+      "code": 104,
+      "description": "Repeated PUT Creates Resource With 201",
+      "test_case_name": "repeatedCreatePut"
+    },
+    {
+      "short_definition": "SCHEMA_INVALID_RESPONSE",
+      "code": 200,
+      "description": "Received A Response From API That Is Not Valid According To Its Schema",
+      "test_case_name": "returnsSchemaInvalidResponse"
+    },
+    {
+      "short_definition": "GQL_ERROR_FIELD",
+      "code": 301,
+      "description": "Error Field",
+      "test_case_name": "returnedErrors"
+    },
+    {
+      "short_definition": "RPC_INTERNAL_ERROR",
+      "code": 400,
+      "description": "Internal Error",
+      "test_case_name": "causesInternalError"
+    },
+    {
+      "short_definition": "RPC_SERVICE_ERROR",
+      "code": 401,
+      "description": "Service Error",
+      "test_case_name": "causesServiceError"
+    },
+    {
+      "short_definition": "RPC_DECLARED_EXCEPTION",
+      "code": 402,
+      "description": "Declared Exception",
+      "test_case_name": "throwsExpectedException"
+    },
+    {
+      "short_definition": "RPC_UNEXPECTED_EXCEPTION",
+      "code": 403,
+      "description": "Unexpected Exception",
+      "test_case_name": "throwsUnexpectedException"
+    },
+    {
+      "short_definition": "RPC_HANDLED_ERROR",
+      "code": 404,
+      "description": "Business Logic Error",
+      "test_case_name": "failsToExecuteCall"
+    },
+    {
+      "short_definition": "WEB_BROKEN_LINK",
+      "code": 500,
+      "description": "Broken Link",
+      "test_case_name": "returnsBrokenLink"
+    },
+    {
+      "short_definition": "SECURITY_EXISTENCE_LEAKAGE",
+      "code": 800,
+      "description": "Leakage Information Existence of Protected Resource",
+      "test_case_name": "allowsUnauthorizedAccessToProtectedResource"
+    },
+    {
+      "short_definition": "SECURITY_NOT_RECOGNIZED_AUTHENTICATED",
+      "code": 801,
+      "description": "Wrongly Not Recognized as Authenticated",
+      "test_case_name": "failedToAuthenticateWithValidCredentials"
+    },
+    {
+      "short_definition": "SECURITY_FORBIDDEN_DELETE",
+      "code": 802,
+      "description": "Forbidden Delete But Allowed Modifications",
+      "test_case_name": "forbidsDeleteButAllowsModifications"
+    },
+    {
+      "short_definition": "SECURITY_FORBIDDEN_PUT",
+      "code": 803,
+      "description": "Forbidden Replacement But Allowed Modifications",
+      "test_case_name": "forbidsReplacementButAllowsModifications"
+    },
+    {
+      "short_definition": "SECURITY_FORBIDDEN_PATCH",
+      "code": 804,
+      "description": "Forbidden Updates But Allowed Modifications",
+      "test_case_name": "forbidsUpdatesButAllowsModifications"
+    },
+    {
+      "short_definition": "SECURITY_ALLOW_MODIFICATION_BY_ALL",
+      "code": 805,
+      "description": "Resource Created By An User Can Be Modified By All Other Users",
+      "test_case_name": "createdResourceCanBeModifiedByEveryone"
+    },
+    {
+      "short_definition": "SECURITY_FORGOTTEN_AUTHENTICATION",
+      "code": 806,
+      "description": "A Protected Resource Is Accessible Without Providing Any Authentication",
+      "test_case_name": "forgottenAuthentication"
+    }
+  ]
+}

web-report/src/components/Dashboard.tsx

@@ -45,6 +45,14 @@ export const Dashboard: React.FC<IDashboard> = ({data, test_files}) => {
             setActiveTab(updatedTabs[0].value)
         }
     }
+
+    const numberOfTestCaseOfFiles = data.test_file_paths.map((test_file) => {
+        return {
+            "file_name":  test_file,
+            "number_of_test_cases": data.test_cases.filter((test_case) => test_case.file_path === test_file).length
+        }
+    });
+
     return (
         <div className="border border-black p-4 w-[80%] mx-auto bg-white">
             <Header date={data.creation_time}
@@ -101,7 +109,7 @@ export const Dashboard: React.FC<IDashboard> = ({data, test_files}) => {
                 <TabsContent value="overview" className="mt-0">
                     <Overview rest={data.problem_details.rest}
                               test_cases={data.test_cases}
-                              test_file_paths={data.test_file_paths}
+                              test_files={numberOfTestCaseOfFiles}
                               faults={data.faults}/>
                 </TabsContent>
 

web-report/src/components/EndpointAccordion.tsx

@@ -2,7 +2,7 @@ import {AccordionContent, AccordionItem, AccordionTrigger} from "@/components/ui
 import {Badge} from "@/components/ui/badge.tsx";
 import React, {useState} from "react";
 import {TestCases} from "@/components/TestCases.tsx";
-import {getColor} from "@/utils.tsx";
+import {getColor} from "@/lib/utils";
 
 interface IStatusType {
     code: number | string;
@@ -25,61 +25,100 @@ export const EndpointAccordion: React.FC<IEndpointAccordionProps> = ({
                                                                         addTestTab
                                                                     }) => {
 
-    const [selectedCode, setSelectedCode] = useState<number | string>(0);
+
+    const sortedStatusCodes = status_codes.sort((a, b) =>
+        {
+            const codeA = Number(a.code);
+            const codeB = Number(b.code);
+            if (isNaN(codeA) || isNaN(codeB)) {
+                return String(a.code).localeCompare(String(b.code));
+            }
+            return codeA - codeB;
+        }
+    );
+
+    const [selectedCode, setSelectedCode] = useState<number | string>(sortedStatusCodes[0]?.code || 0);
     const [isFault, setIsFault] = useState(false);
 
     const selectedTestCases = status_codes.find((code) => code.code === selectedCode)?.test_cases || [];
     const selectedFaultTestCases = faults.find((code) => code.code === selectedCode)?.test_cases || [];
 
-    const faultColors = ["bg-red-300", "bg-red-500", "bg-red-700"];
+    const sortedFaults = faults.sort((a, b) => {
+        const codeA = Number(a.code);
+        const codeB = Number(b.code);
+        if (isNaN(codeA) || isNaN(codeB)) {
+            return String(a.code).localeCompare(String(b.code));
+        }
+        return codeA - codeB;
+    });
+    const getSelectedStyle = (code: number | string, fault: boolean) => {
+
+        const isSelected = selectedCode === code && isFault === fault;
+        return isSelected ? "ring-2 ring-offset-2 ring-offset-white ring-blue-400 shadow-md" : "";
 
+    }
+
+    const faultColors = ["bg-red-300", "bg-red-500", "bg-red-700"];
     return (
         <AccordionItem value={value} className="border-2 border-black mb-4 overflow-hidden" data-testid={endpoint}>
             <AccordionTrigger className="bg-blue-100 px-4 py-3 text-lg font-bold hover:no-underline hover:bg-blue-200">
-                {endpoint}
+                <div className="flex-1 font-mono">{endpoint}</div>
+                <div className="flex flex-wrap justify-end gap-2 mr-4">
+                    {sortedStatusCodes.map((code, idx) => (
+                        <Badge key={`_${idx}`} className={`${getColor(code.code, true, false)} font-mono`}>
+                            H{code.code}
+                        </Badge>
+                    ))}
+                    {sortedFaults.map((code, idx) => (
+                        <Badge key={`_${idx}`} className={`${getColor(code.code, true, true)} font-mono`}>
+                            F{code.code}
+                        </Badge>
+                    ))}
+                </div>
             </AccordionTrigger>
             <AccordionContent className="p-4">
                 <div className="mb-6">
-                    <div className="font-bold text-lg mb-2">HTTP</div>
+                    <div className="font-bold text-lg mb-2">HTTP CODES</div>
                     <div className="flex flex-wrap gap-2">
                         {
-                            status_codes.map((code, index) => (
+                            sortedStatusCodes.map((code, index) => (
                                 <Badge key={index} onClick={() => {
                                     setSelectedCode(code.code);
                                     setIsFault(false);
                                 }}
-                                       className={`${getColor(code.code, true, false)} hover:bg-green-600 cursor-pointer text-white px-4 py-2 text-base font-bold border-2 border-black shadow-[2px_2px_0px_0px_rgba(0,0,0,1)]`}>
+                                       className={`${getColor(code.code, true, false)} ${getSelectedStyle(code.code, false)} hover:bg-green-600 cursor-pointer text-white px-4 py-2 text-base font-bold border-2 border-black shadow-[2px_2px_0px_0px_rgba(0,0,0,1)]`}>
                                     {code.code}
                                 </Badge>
                             ))
                         }
                         {
-                            status_codes.length == 0 &&
+                            sortedStatusCodes.length == 0 &&
                             <div className="text-gray-500 italic">No status codes recorded for this endpoint.</div>
                         }
                     </div>
                 </div>
 
                 <div>
-                    <div className="font-bold text-lg mb-2 text-red-500">FAULTS</div>
+                    <div className="font-bold text-lg mb-2 text-red-500">FAULT CODES</div>
                     <div className="flex flex-wrap gap-2">
                         {
-                            faults.map((fault, index) => (
+                            sortedFaults.map((fault, index) => (
                                 <Badge key={index} onClick={() => {
                                     setSelectedCode(fault.code)
                                     setIsFault(true);
                                 }}
-                                       className={`${faultColors[index % faultColors.length]} hover:bg-red-400 cursor-pointer text-white px-4 py-2 text-base font-bold border-2 border-black shadow-[2px_2px_0px_0px_rgba(0,0,0,1)]`}>
+                                       className={`${faultColors[index % faultColors.length]} ${getSelectedStyle(fault.code, true)} hover:bg-red-400 cursor-pointer text-white px-4 py-2 text-base font-bold border-2 border-black shadow-[2px_2px_0px_0px_rgba(0,0,0,1)]`}>
                                     {fault.code}
                                 </Badge>
                             ))
                         }
                         {
-                            faults.length == 0 &&
+                            sortedFaults.length == 0 &&
                             <div className="text-gray-500 italic">No faults recorded for this endpoint.</div>
                         }
                     </div>
                 </div>
+                <div className="text-xs text-gray-500 mt-1">Click to show test cases.</div>
 
                 {
                     (selectedTestCases.length > 0 || selectedFaultTestCases.length > 0) &&