Formatting and data changes

Signed-off-by: mrrajan <[email protected].>

Author: mrrajan

biome.json

@@ -40,7 +40,8 @@
       "!**/dist",
       "!**/node_modules",
       "!client/coverage",
-      "!client/src/app/client"
+      "!client/src/app/client",
+      "!**/examples_sbom.json"
     ]
   }
 }

e2e/tests/common/assets/sbom/examples.json renamed to e2e/tests/common/assets/sbom/examples_sbom.json

@@ -61,9 +61,6 @@ export const SBOM_FILES = [
   "rhel-9.2-eus.spdx.json.bz2",
   "spdx-ancestor-of-example.json.bz2",
   "example_container_index.json.bz2",
-  "quarkus-bom-3.8.3.redhat-00003.json.bz2",
-  "exhort_mvn.json.bz2",
-  "examples.json",
 ];
 
 export const ADVISORY_FILES = [

e2e/tests/common/constants.ts

@@ -22,7 +22,7 @@ Scenario: Generate Vulnerability Report For SBOM without any vulnerabilities
     Then Application navigates to Generate Vulnerability Report screen
     Examples:
         |               fileName            |              filePath           |
-        |  example_product_quarkus.json     |   /tests/common/assets/sbom/    |
+        |  example_product_quarkus.json.bz2 |   /tests/common/assets/sbom/    |
         |  ubi9-minimal-9.3-1361.json.bz2   |   /tests/common/assets/sbom/    |
 
 Scenario: Cancel Generate vulnerability report
@@ -41,7 +41,7 @@ Scenario: Generate Vulnerability Report for supported SBOM file extensions
     Then On the successful report generation the Application should render Vulnerability Report for the SBOM
     Examples:
     |        fileName          |               filePath            |
-    |       examples.json      |    /tests/common/assets/sbom/     |
+    |    examples_sbom.json    |    /tests/common/assets/sbom/     |
     |   exhort_mvn.json.bz2    |    /tests/common/assets/sbom/     |
 
 Scenario: Verify Generate Vulnerability Report Screen
@@ -70,8 +70,8 @@ Scenario: Verify Vulnerabilities on Generate Vulnerability Report for an SBOM
     Then The Vulnerabilities on the Vulnerability ID column should match with "<Vulnerabilities>"
     Examples:
         |                        fileName              |              filePath             |     Vulnerabilities |
-        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |    CVE-2024-40094,CVE-2022-46337,CVE-2024-21742,CVE-2024-30171,CVE-2024-31141,CVE-2024-10039,CVE-2024-4028,CVE-2024-7260,CVE-2024-7318,CVE-2023-3635,CVE-2023-3635,CVE-2024-29025,CVE-2024-47535,CVE-2025-25193,CVE-2024-7254,CVE-2024-2700,CVE-2024-12397,CVE-2025-1634     |
-        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      |    CVE-2020-8908,CVE-2023-2976,CVE-2023-22102,CVE-2024-47554,CVE-2023-1428,CVE-2023-32731,CVE-2023-32732,CVE-2024-21742,CVE-2022-45787,CVE-2023-31582,CVE-2024-30171,CVE-2023-0105,CVE-2023-1664,CVE-2023-6927,CVE-2024-10039,CVE-2024-4028,CVE-2024-7260,CVE-2024-7318,CVE-2024-7254,CVE-2024-29025,CVE-2024-47535,CVE-2025-25193,CVE-2023-34462,CVE-2023-4586,CVE-2023-0481,CVE-2023-6267,CVE-2024-1726,CVE-2023-2974,CVE-2024-2700,CVE-2023-1584,CVE-2023-5675,CVE-2025-1634,CVE-2023-4853,CVE-2023-34453,CVE-2023-34454,CVE-2023-34455,CVE-2023-43642,CVE-2024-1300,CVE-2023-24815 |
+        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |    CVE-2024-2700,CVE-2024-29025,CVE-2025-48924,CVE-2025-49574,CVE-2025-55163     |
+        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      |    CVE-2022-45787,CVE-2023-0481,CVE-2023-1584,CVE-2023-4853,CVE-2024-2700,CVE-2024-29025,CVE-2025-48924,CVE-2025-48988,CVE-2025-48989,CVE-2025-49128,CVE-2025-49574,CVE-2025-52520,CVE-2025-53506,CVE-2025-55163,CVE-2025-55668 |
 
 Scenario: Verify Vulnerability Details on Generate Vulnerability Report for an SBOM
     Given User Navigated to Generate Vulnerability Report screen
@@ -113,32 +113,13 @@ Scenario: Verify Affected package list on Generate Vulnerability Report for an S
         |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |   CVE-2024-29025   |  maven |          io.netty            |       netty-codec-http    | 4.1.107.Final-redhat-00001|      |repository_url=https://maven.repository.redhat.com/ga/,type=jar |
         |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      |   CVE-2023-0481    |  maven | io.quarkus.resteasy.reactive | resteasy-reactive-common  |           2.13.7.Final    |      |                                                                |
 
-Scenario: Verify Filtering on Generate Vulnerability Report for an SBOM
-    Given User Navigated to Generate Vulnerability Report screen
-    When User Clicks on Browse files Button
-    When User Selects SBOM "<fileName>" from "<filePath>" on the file explorer dialog window
-    Then On the successful report generation the Application should render Vulnerability Report for the SBOM
-    When User clicks on Clear filters option
-    When User Applies "<filter>" filter with "<value>" on the Vulnerability Report  
-    Then Applied "<filter>" should be visible with "<value>" on the filter bar
-    Then The Vulnerabilities on the Vulnerability ID column should match with "<Vulnerabilities>"
-    When User Applies "Vulnerability ID" filter with "<Vulnerability>" on the Vulnerability Report
-    When User Enters "<Vulnerability>" in the Vulnerability ID Textbox   
-    Then The "Severity" of the "<Vulnerability>" should match with "<severity:importer>" 
-    Examples:
-        |                      fileName                |             filePath              |     filter         |      value     |                                  Vulnerabilities                                      |  Vulnerability  |                        severity:importer                     |
-        |                   examples.json              |   /tests/common/assets/sbom/      |    Severity        |      Medium    |                        CVE-2024-47535,CVE-2025-25913                                  | CVE-2025-25913  |                     Medium(5.5): Unknown                     |
-        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      |    Severity        |       Low      |                  CVE-2020-8908,CVE-2023-0481,CVE-2024-4028                            |  CVE-2023-0481  |   Medium(5.3): Unknown,Low(3.3): Unknown,Medium(5.3): Unknown|
-        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |    Severity        |       High     |CVE-2024-2700,CVE-2024-7254,CVE-2024-10039,CVE-2024-12397,CVE-2024-40094,CVE-2025-1634 |  CVE-2024-2700  |                High(7): Unknown,High(7): Unknown             |
-
-
 Scenario: Verify Actions on Generate Vulnerability Report for an SBOM
     Given User Navigated to Generate Vulnerability Report screen
     When User Clicks on Browse files Button
     When User Selects SBOM "<fileName>" from "<filePath>" on the file explorer dialog window
     When User Clicks on "Actions" button
-    Then The "Actions" dropdown should have options "Generate new report" and "Download CSV"
-    When User Clicks on "Generate new report" option from the "Actions" dropdown
+    Then The Actions dropdown should have options "Generate new report" and "Download CSV"
+    When User Clicks on "Generate new report" option from the Actions dropdown
     Then Application navigates to Generate Vulnerability Report screen
     Examples:
         |                        fileName              |              filePath             |
@@ -151,8 +132,8 @@ Scenario: Verify Download CSV on Generate Vulnerability Report for an SBOM
     When User Clicks on Browse files Button
     When User Selects SBOM "<fileName>" from "<filePath>" on the file explorer dialog window
     When User Clicks on "Actions" button
-    Then The "Actions" dropdown should have options "Generate new report" and "Download CSV"
-    When User Downloads CSV with default filename "<fileName>" by clicking on "Download CSV" option
+    Then The Actions dropdown should have options "Generate new report" and "Download CSV"
+    Then User Downloads CSV with default filename "<fileName>" by clicking on "Download CSV" option
     Examples:
         |                        fileName              |              filePath             |
         |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |
@@ -169,8 +150,8 @@ Scenario: Verify Download and Leave on Generate Vulnerability Report for an SBOM
     Then Application navigates to Vulnerability Explorer screen of "<Vulnerability>"
     Examples:
         |                        fileName              |              filePath             | Vulnerability  |
-        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-25193 |
-        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-4586 |
+        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-48924 |
+        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-1584 |
 
 Scenario: Verify Leave without Downloading on Generate Vulnerability Report for an SBOM
     Given User Navigated to Generate Vulnerability Report screen
@@ -183,8 +164,8 @@ Scenario: Verify Leave without Downloading on Generate Vulnerability Report for
     Then Application navigates to Vulnerability Explorer screen of "<Vulnerability>"
     Examples:
         |                        fileName              |              filePath             | Vulnerability  |
-        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-25193 |
-        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-4586 |
+        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-48924 |
+        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-1584 |
 
 Scenario: Verify Cancel on Leave Vulnerability Report modal window
     Given User Navigated to Generate Vulnerability Report screen
@@ -197,8 +178,26 @@ Scenario: Verify Cancel on Leave Vulnerability Report modal window
     Then Application should remain on the Generate Vulnerability Report screen
     Examples:
         |                        fileName              |              filePath             | Vulnerability  |
-        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-25193 |
-        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-4586  |
+        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      | CVE-2025-48924 |
+        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      | CVE-2023-1584  |
+
+Scenario: Verify Filtering on Generate Vulnerability Report for an SBOM
+    Given User Navigated to Generate Vulnerability Report screen
+    When User Clicks on Browse files Button
+    When User Selects SBOM "<fileName>" from "<filePath>" on the file explorer dialog window
+    Then On the successful report generation the Application should render Vulnerability Report for the SBOM
+    When User clicks on Clear filters option
+    When User Applies "<filter>" filter with "<value>" on the Vulnerability Report
+    Then Applied "<filter>" should be visible with "<value>" on the filter bar
+    Then The Vulnerabilities on the Vulnerability ID column should match with "<Vulnerabilities>"
+    When User Applies "Vulnerability ID" filter with "<Vulnerability>" on the Vulnerability Report
+    When User Enters "<Vulnerability>" in the Vulnerability ID Textbox
+    Then The "Severity" of the "<Vulnerability>" should match with "<severity:importer>"
+    Examples:
+        |                      fileName                |             filePath              |     filter         |      value     |                                                   Vulnerabilities                                       |  Vulnerability  |                        severity:importer                     |
+        |                examples_sbom.json            |   /tests/common/assets/sbom/      |    Severity        |      Medium    |                                          CVE-2025-48795,CVE-2025-48924                                  | CVE-2025-48924  |                     Medium(6.5): Unknown                     |
+        |               exhort_mvn.json.bz2            |   /tests/common/assets/sbom/      |    Severity        |      Medium    |CVE-2022-45787,CVE-2023-0481,CVE-2024-29025,CVE-2025-48924,CVE-2025-49128,CVE-2025-49574,CVE-2025-55668  |  CVE-2023-0481  |   Medium(5.3): Unknown,Low(3.3): Unknown,Medium(5.3): Unknown|
+        |     quarkus-bom-3.8.3.redhat-00003.json.bz2  |   /tests/common/assets/sbom/      |    Severity        |       High     |                                          CVE-2024-2700,CVE-2025-55163                                   |  CVE-2024-2700  |                         High(7): Unknown                     |
 
 Scenario: Verify Pagination on Generate Vulnerability Report for an SBOM
     Given User Navigated to Generate Vulnerability Report screen

e2e/tests/ui/features/@sbom-scan/scan-sbom.feature

@@ -177,7 +177,6 @@ Then(
 Then(
   "The Vulnerabilities on the Vulnerability ID column should match with {string}",
   async ({ page }, vulnerabilitiesCsv: string) => {
-    const scanPage = await SbomScanPage.build(page);
     const parentElem = `xpath=//div[@id="vulnerability-table-pagination-top"]`;
     const toolbarTable = new ToolbarTable(page, "Vulnerability table");
     await toolbarTable.selectPerPage(parentElem, "100 per page");
@@ -213,10 +212,6 @@ Then(
       await collectPage();
     }
 
-    // Use the reusable method to verify expected IDs against collected IDs
-    // Create a temporary page locator to hold the collected IDs for verification
-    const allCollectedIdsAsCsv = collectedIds.join(",");
-
     // Verify each expected ID is present at least once
     for (const id of expectedIds) {
       await expect
@@ -287,12 +282,11 @@ Then(
     const cell = row.locator('td[data-label="Severity"]');
 
     // Use the reusable helper for comma-delimited severity values
-    const result = await verifyCommaDelimitedValues(
+    await verifyCommaDelimitedValues(
       cell,
       expected,
       'xpath=//ul[@aria-label="Label group category"]//li',
     );
-    console.log("debug cellText:", result);
   },
 );
 
@@ -336,94 +330,74 @@ Then(
   "The {string} column of the {string} affected package should match with {string}",
   async ({ page }, column: string, vulnerability: string, expected: string) => {
     const scanPage = await SbomScanPage.build(page);
+    const vulnerabilityRow = scanPage.getVulnerabilityRow(vulnerability);
+    const packageTable = vulnerabilityRow.locator(
+      `xpath=/following-sibling::tr[contains(@class,'expandable')]/td[@data-label='Affected packages']//table`,
+    );
+    await expect(packageTable).toBeVisible();
 
-    // Find the nested grid by looking for a grid that has "Type" as a columnheader
-    // (only the nested affected packages grid has this, not the main vulnerability table)
-    const nestedGrid = page
-      .locator("role=grid")
-      .filter({ has: page.locator('role=columnheader[name="Type"]') });
-
-    // Dynamically find the column index from the headers
-    const headerRow = nestedGrid
-      .locator("role=rowgroup")
-      .first()
-      .locator("role=row");
-    const headers = headerRow.locator("role=columnheader");
-    const headerCount = await headers.count();
-
+    const headerElements = packageTable.locator(`xpath=//th`);
+    const headerElemCount = await headerElements.count();
     let columnIndex = -1;
-    for (let i = 0; i < headerCount; i++) {
-      const headerText = await headers.nth(i).textContent();
+    for (let i = 0; i < headerElemCount; i++) {
+      const headerText = await headerElements.nth(i).textContent();
       if (headerText?.trim() === column) {
         columnIndex = i;
         break;
       }
     }
-
     if (columnIndex === -1) {
       throw new Error(
         `Column "${column}" not found in affected packages table`,
       );
     }
 
-    // Get the first data row from the nested grid's body
-    const dataRow = nestedGrid
-      .locator("role=rowgroup")
-      .last()
-      .locator("role=row")
-      .first();
-
-    // Get the cell at the column index
-    const cell = dataRow.locator("role=gridcell").nth(columnIndex);
-
-    // Special handling for Qualifiers column - qualifiers are rendered as separate elements
-    if (column === "Qualifiers") {
-      // Use the reusable helper for comma-delimited values
-      await verifyCommaDelimitedValues(cell, expected, "xpath=//td/span");
-    } else {
-      // For other columns, check if expected is empty string (for empty columns)
-      if (expected === "") {
-        const cellText = await cell.textContent();
-        await expect(cellText?.trim() || "").toBe("");
+    const rows = packageTable.locator(`xpath=//tbody/tr`);
+    const rowCount = await rows.count();
+    for (let i = 1; i <= rowCount; i++) {
+      const cell = packageTable.locator(
+        `xpath=//tbody/tr[${i}]//td[${columnIndex + 1}]`,
+      );
+      if (column === "Qualifiers") {
+        await verifyCommaDelimitedValues(cell, expected, "xpath=//span");
       } else {
-        await expect(cell).toContainText(expected);
+        if (expected === "") {
+          const cellText = await cell.textContent();
+          await expect(cellText?.trim() || "").toBe("");
+        } else {
+          await expect(cell).toContainText(expected);
+        }
       }
     }
   },
 );
 
 Then(
-  "The {string} dropdown should have options {string} and {string}",
-  async ({ page }, dropdownName: string, option1: string, option2: string) => {
+  "The Actions dropdown should have options {string} and {string}",
+  async ({ page }, option1: string, option2: string) => {
     // The dropdown should already be open from the previous step
     await expect(page.getByRole("menuitem", { name: option1 })).toBeVisible();
     await expect(page.getByRole("menuitem", { name: option2 })).toBeVisible();
   },
 );
 
 When(
-  "User Clicks on {string} option from the {string} dropdown",
-  async ({ page }, optionName: string, dropdownName: string) => {
+  "User Clicks on {string} option from the Actions dropdown",
+  async ({ page }, optionName: string) => {
     // Just click for non-download actions
     await page.getByRole("menuitem", { name: optionName }).click();
   },
 );
 
-When(
+Then(
   "User Downloads CSV with default filename {string} by clicking on {string} option",
-  async (
-    { page },
-    fileName: string,
-    optionName: string,
-    dropdownName: string,
-  ) => {
+  async ({ page }, fileName: string, optionName: string) => {
     // Use the reusable helper for click + download verification
-    await clickAndVerifyDownload(
-      page,
-      () => page.getByRole("menuitem", { name: optionName }).click(),
-      ".csv",
-      fileName,
+    const downloadedFileName = await clickAndVerifyDownload(page, () =>
+      page.getByRole("menuitem", { name: optionName }).click(),
     );
+    await expect(downloadedFileName).toContain(fileName);
+    await expect(downloadedFileName.endsWith(".csv")).toBeTruthy();
   },
 );
 
@@ -453,12 +427,11 @@ When(
   async ({ page }, fileName: string, buttonName: string) => {
     const modal = page.locator('[role="dialog"]');
     // Use the reusable helper for click + download verification
-    await clickAndVerifyDownload(
-      page,
-      () => modal.getByRole("button", { name: buttonName }).click(),
-      ".csv",
-      fileName,
+    const downloadedFileName = await clickAndVerifyDownload(page, () =>
+      modal.getByRole("button", { name: buttonName }).click(),
     );
+    await expect(downloadedFileName).toContain(fileName);
+    await expect(downloadedFileName.endsWith(".csv")).toBeTruthy();
   },
 );