def test_logout(data):
def assert_logout(client):
utils.assert_access_token(client)
client.logout()
utils.assert_not_access_token(client)
def assert_logout_fails(client):
with pytest.raises(StatusCodeException) as e:
client.logout()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="POST",
url=utils.get_url("auth/logout"),
data={"msg": "Missing Authorization Header"},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_logout(client)
client = utils.get_client_org(user_data["username"],
user_data["password"], None)
assert_logout(client)
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_logout(client)
client = utils.get_client_sysadmin()
client.logout()
assert_logout_fails(client)
def assert_password_incorrect(username, password, org):
with pytest.raises(StatusCodeException) as e:
utils.get_client_org(username, password, org)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="POST",
url=utils.get_url("auth/login"),
data={"error": "Invalid login"},
)
def test_whoami(data):
def assert_whoami(client, user_data, org):
user = client.users.whoami()
utils.assert_user_data(user, user_data, org)
def assert_whoami_fails(client):
with pytest.raises(StatusCodeException) as e:
client.users.whoami()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url("whoami"),
data={"msg": "Missing Authorization Header"},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_whoami(client, user_data, None)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_whoami(client, user_data, org_data["name"])
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_whoami_fails(client)
def test_list_users_orgadmin(data):
org1 = data["organizations"]["org1"]
admin = [
userdata for name, userdata in org1["users"].items()
if userdata["role"] == Role.ADMIN
][0]
client = utils.get_client_org(admin["username"],
admin["password"],
organization="org1")
users = client.users.list_users()
assert len(users) == 3
assert verify_user_exists(
users,
username="******",
firstname="org1",
lastname="admin",
organization="org1",
)
assert verify_user_exists(users,
username="******",
firstname="org1",
lastname="pc",
organization="org1")
assert verify_user_exists(
users,
username="******",
firstname="org1",
lastname="user",
organization="org1",
)
def test_list_orgs(data):
def assert_list_orgs(client):
orgs = client.organizations.list_organizations()
expected_len = len(data["organizations"])
actual_len = len(orgs)
assert actual_len == expected_len, f"len(orgs) {actual_len} != {expected_len}"
for org_data in data["organizations"].values():
for org in orgs:
if org.name == org_data["name"]:
utils.assert_org_data(org, org_data)
break
else:
assert False, f"Organization \"{org_data['name']}\" not found"
def assert_list_orgs_fails(client):
with pytest.raises(StatusCodeException) as e:
client.organizations.list_organizations()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url("organization/all"),
data={"msg": "Missing Authorization Header"},
)
def assert_list_orgs_forbidden(client):
with pytest.raises(StatusCodeException) as e:
client.organizations.list_organizations()
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="GET",
url=utils.get_url("organization/all"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_list_orgs(client)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_list_orgs_forbidden(client)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_list_orgs_fails(client)
def test_get_org_by_name(data):
def assert_get_org_by_name(client, org_data):
org = client.organizations.get_organization_by_name(org_data["name"])
utils.assert_org_data(org, org_data)
def assert_get_org_by_name_invalid(client, name):
with pytest.raises(ValueError) as e:
client.organizations.get_organization_by_name(name)
assert str(e.value) == f"Invalid organization {name}"
def assert_get_org_by_name_fails(client, name):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_name(name)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url("organization/all"),
data={"msg": "Missing Authorization Header"},
)
def assert_get_org_by_name_forbidden(client, name):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_name(name)
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="GET",
url=utils.get_url("organization/all"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
for org in data["organizations"].values():
assert_get_org_by_name(client, org)
assert_get_org_by_name_invalid(client, "invalid")
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
for org in data["organizations"].values():
assert_get_org_by_name_forbidden(client, org["name"])
assert_get_org_by_name_forbidden(client, "invalid")
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_get_org_by_name_fails(client, "invalid")
def test_get_metadata(data, awslang):
def assert_get_metadata(client):
metalist = client.metadata.get_metadata()
# uncommment this to serialize new test input data
# with open("newlang.json", mode='w') as writer:
# from securicad.enterprise.metadata import RiskTypeJsonEncoder
# import json
# json.dump(fp=writer, obj=metalist, indent=2, cls=RiskTypeJsonEncoder)
expected_len = len(awslang)
actual_len = len(metalist)
assert (actual_len == expected_len
), f"len(metalist) {actual_len} != {expected_len}"
for i in range(actual_len):
expected_asset = awslang[i]
actual_asset = metalist[i]
assert (
actual_asset["name"] == expected_asset["name"]
), f"Unexpected asset name \"{actual_asset['name']}\" != \"{expected_asset['name']}\""
expected_attacksteps_len = len(expected_asset["attacksteps"])
actual_attacksteps_len = len(actual_asset["attacksteps"])
assert (
actual_attacksteps_len == expected_attacksteps_len
), f"len({expected_asset['name']}[\"attacksteps\"]) {actual_attacksteps_len} != {expected_attacksteps_len}"
def assert_get_metadata_fails(client):
with pytest.raises(StatusCodeException) as e:
client.metadata.get_metadata()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url("metadata"),
data={"msg": "Missing Authorization Header"},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_get_metadata(client)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_get_metadata(client)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_get_metadata_fails(client)
def test_get_org_by_tag(data):
def assert_get_org_by_tag(client, org_data):
org = client.organizations.get_organization_by_tag(org_data["tag"])
utils.assert_org_data(org, org_data)
def assert_get_org_by_tag_invalid(client, tag):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_tag(tag)
utils.assert_status_code_exception(
exception=e.value,
status_code=503,
method="GET",
url=utils.get_url(f"organization/{tag}"),
data={"error": "Failed to retrieve organization info"},
)
def assert_get_org_by_tag_fails(client, tag):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_tag(tag)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url(f"organization/{tag}"),
data={"msg": "Missing Authorization Header"},
)
def assert_get_org_by_tag_forbidden(client, tag):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_tag(tag)
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="GET",
url=utils.get_url(f"organization/{tag}"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
for org in data["organizations"].values():
assert_get_org_by_tag(client, org)
assert_get_org_by_tag_invalid(client, "invalid")
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
for org in data["organizations"].values():
assert_get_org_by_tag_forbidden(client, org["tag"])
assert_get_org_by_tag_forbidden(client, "invalid")
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_get_org_by_tag_fails(client, "invalid")
def test_org_list_projects(data):
def assert_org_list_projects(org):
projects = org.list_projects()
expected_len = len(data["organizations"][org.name]["projects"])
actual_len = len(projects)
assert (actual_len == expected_len
), f"len(projects) {actual_len} != {expected_len}"
for project_data in data["organizations"][
org.name]["projects"].values():
for project in projects:
if project.name == project_data["name"]:
utils.assert_project_data(project, project_data,
AccessLevel.ADMIN)
break
else:
assert (
False
), f"Project \"{project_data['name']}\" not found in organization \"{org.name}\""
def assert_org_list_projects_invalid(org):
with pytest.raises(StatusCodeException) as e:
org.list_projects()
utils.assert_status_code_exception(
exception=e.value,
status_code=503,
method="GET",
url=utils.get_url(f"organization/{org.tag}"),
data={"error": "Failed to retrieve organization info"},
)
def assert_org_list_projects_fails(org):
with pytest.raises(StatusCodeException) as e:
org.list_projects()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url(f"organization/{org.tag}"),
data={"msg": "Missing Authorization Header"},
)
def assert_org_list_projects_forbidden(org):
with pytest.raises(StatusCodeException) as e:
org.list_projects()
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="GET",
url=utils.get_url(f"organization/{org.tag}"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_list_projects(org_)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_list_projects_forbidden(org_)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_list_projects_fails(org_)
client = utils.get_client_sysadmin()
org_ = client.organizations.create_organization("org3")
org_.delete()
assert_org_list_projects_invalid(org_)
client.logout()
def test_org_delete(data):
def assert_org(client, tag, name):
org = client.organizations.get_organization_by_tag(tag)
utils.assert_org_data(org, {"tag": tag, "name": name})
def assert_not_org(client, tag):
with pytest.raises(StatusCodeException) as e:
client.organizations.get_organization_by_tag(tag)
utils.assert_status_code_exception(
exception=e.value,
status_code=503,
method="GET",
url=utils.get_url(f"organization/{tag}"),
data={"error": "Failed to retrieve organization info"},
)
def assert_org_delete(client, name):
org = client.organizations.create_organization(name)
assert_org(client, org.tag, org.name)
org.delete()
assert_not_org(client, org.tag)
def assert_org_delete_invalid(org):
with pytest.raises(StatusCodeException) as e:
org.delete()
utils.assert_status_code_exception(
exception=e.value,
status_code=503,
method="DELETE",
url=utils.get_url("organization"),
data={"error": "Organization not found"},
)
def assert_org_delete_fails(org):
with pytest.raises(StatusCodeException) as e:
org.delete()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="DELETE",
url=utils.get_url("organization"),
data={"msg": "Missing Authorization Header"},
)
def assert_org_delete_forbidden(org):
with pytest.raises(StatusCodeException) as e:
org.delete()
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="DELETE",
url=utils.get_url("organization"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_org_delete(client, "org3")
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_delete_forbidden(org_)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_delete_fails(org_)
client = utils.get_client_sysadmin()
org_ = client.organizations.create_organization("org3")
org_.delete()
assert_org_delete_invalid(org_)
client.logout()
def test_org_update(data):
def assert_org_update(client, tag, old_name, new_name):
org = client.organizations.get_organization_by_tag(tag)
utils.assert_org_data(org, {"tag": tag, "name": old_name})
org.update(name=new_name)
utils.assert_org_data(org, {"tag": tag, "name": new_name})
org = client.organizations.get_organization_by_tag(tag)
utils.assert_org_data(org, {"tag": tag, "name": new_name})
def assert_org_update_fails_exists(org, new_name):
with pytest.raises(StatusCodeException) as e:
org.update(name=new_name)
utils.assert_status_code_exception(
exception=e.value,
status_code=400,
method="POST",
url=utils.get_url("organization"),
data={"error": f"Organization {new_name} already exists"},
)
def assert_org_update_fails_missing_auth(org, new_name):
with pytest.raises(StatusCodeException) as e:
org.update(name=new_name)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="POST",
url=utils.get_url("organization"),
data={"msg": "Missing Authorization Header"},
)
def assert_org_update_fails_invalid_org(org, new_name):
with pytest.raises(StatusCodeException) as e:
org.update(name=new_name)
utils.assert_status_code_exception(
exception=e.value,
status_code=500,
method="POST",
url=utils.get_url("organization"),
data={"error": "Failed to update organization"},
)
def assert_org_update_fails_forbidden(org, new_name):
with pytest.raises(StatusCodeException) as e:
org.update(name=new_name)
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="POST",
url=utils.get_url("organization"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_update(client, org["tag"], org["name"], "org3")
assert_org_update(client, org["tag"], "org3", org["name"])
for org_name in data["organizations"]:
assert_org_update_fails_exists(org_, org_name)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_update_fails_forbidden(org_, "org3")
for org_name in data["organizations"]:
assert_org_update_fails_forbidden(org_, org_name)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
for org in data["organizations"].values():
org_ = Organization(client, org["tag"], org["name"])
assert_org_update_fails_missing_auth(org_, "org3")
client = utils.get_client_sysadmin()
org_ = client.organizations.create_organization("org3")
org_.delete()
assert_org_update_fails_invalid_org(org_, "org4")
client.logout()
def test_create_org(data):
def assert_create_org(client, name):
org = client.organizations.create_organization(name)
assert (org.name == name
), f'Unexpected organization name "{org.name}" != "{name}"'
org.delete()
def assert_create_org_invalid(client, name):
with pytest.raises(StatusCodeException) as e:
client.organizations.create_organization(name)
utils.assert_status_code_exception(
exception=e.value,
status_code=400,
method="PUT",
url=utils.get_url("organization"),
data={"error": f"Organization {name} already exists"},
)
def assert_create_org_fails(client, name):
with pytest.raises(StatusCodeException) as e:
client.organizations.create_organization(name)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="PUT",
url=utils.get_url("organization"),
data={"msg": "Missing Authorization Header"},
)
def assert_create_org_forbidden(client, name):
with pytest.raises(StatusCodeException) as e:
client.organizations.create_organization(name)
utils.assert_status_code_exception(
exception=e.value,
status_code=403,
method="PUT",
url=utils.get_url("organization"),
data={
"error":
"You are not authorized to access this resource: system_admin required."
},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_create_org(client, "org3")
for org in data["organizations"].values():
assert_create_org_invalid(client, org["name"])
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_create_org_forbidden(client, "org3")
for org in data["organizations"].values():
assert_create_org_forbidden(client, org["name"])
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_create_org_fails(client, "org3")
def assert_password_correct(username, password, org):
client = utils.get_client_org(username, password, org)
def test_change_password(data):
def assert_password_correct(username, password, org):
client = utils.get_client_org(username, password, org)
def assert_password_incorrect(username, password, org):
with pytest.raises(StatusCodeException) as e:
utils.get_client_org(username, password, org)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="POST",
url=utils.get_url("auth/login"),
data={"error": "Invalid login"},
)
def assert_change_password(client, username, old_password, new_password,
org):
assert_password_correct(username, old_password, org)
assert_password_incorrect(username, new_password, org)
utils.assert_access_token(client)
old_token = client._get_access_token()
client.users.change_password(old_password, new_password)
assert_password_incorrect(username, old_password, org)
assert_password_correct(username, new_password, org)
utils.assert_access_token(client)
new_token = client._get_access_token()
assert old_token != new_token
def assert_change_password_invalid(client, old_password, new_password):
with pytest.raises(StatusCodeException) as e:
client.users.change_password(old_password, new_password)
utils.assert_status_code_exception(
exception=e.value,
status_code=400,
method="POST",
url=utils.get_url("changepwd"),
data={
"error":
"Unable to update password: Old password does not match."
},
)
def assert_change_password_fails(client, old_password, new_password):
with pytest.raises(StatusCodeException) as e:
client.users.change_password(old_password, new_password)
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="POST",
url=utils.get_url("changepwd"),
data={"msg": "Missing Authorization Header"},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_change_password(client, user_data["username"],
user_data["password"], "password", None)
assert_change_password(client, user_data["username"], "password",
user_data["password"], None)
assert_change_password_invalid(client, "password",
user_data["password"])
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_change_password(
client,
user_data["username"],
user_data["password"],
"password",
org_data["name"],
)
assert_change_password(
client,
user_data["username"],
"password",
user_data["password"],
org_data["name"],
)
assert_change_password_invalid(client, "password",
user_data["password"])
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_change_password_fails(client, "old_password", "new_password")
def assert_init_org(username, password, org):
client = utils.get_client_org(username, password, org)
utils.assert_access_token(client)
client.logout()
def test_list_parsers(data):
def assert_lists_eq(list1_name, list1, list2_name, list2):
if list1 is not None and list2 is not None:
assert len(list1) == len(
list2
), f"len({list1_name}) != len({list2_name}), {len(list1)} != {len(list2)}"
for item in list1:
assert item in list2, f'Item "{item}" not in list "{list2_name}"'
for item in list2:
assert item in list1, f'Item "{item}" not in list "{list1_name}"'
else:
assert list1 is None
assert list2 is None
def assert_parsers_eq(actual_parsers, expected_parsers):
assert len(actual_parsers) == len(
expected_parsers
), f"len(actual_parsers) != len(expected_parsers), {len(actual_parsers)} == {len(expected_parsers)}"
for actual_parser in actual_parsers:
for expected_parser in expected_parsers:
if actual_parser["name"] != expected_parser["name"]:
continue
assert_lists_eq(
f"actual.{actual_parser['name']}.sub_parsers",
actual_parser["sub_parsers"],
f"expected.{expected_parser['name']}.sub_parsers",
expected_parser["sub_parsers"],
)
break
else:
assert (
False
), f"Parser {actual_parser['name']} not found in expected_parsers"
for expected_parser in expected_parsers:
for actual_parser in actual_parsers:
if expected_parser["name"] != actual_parser["name"]:
continue
assert_lists_eq(
f"expected.{expected_parser['name']}.sub_parsers",
expected_parser["sub_parsers"],
f"actual.{actual_parser['name']}.sub_parsers",
actual_parser["sub_parsers"],
)
break
else:
assert (
False
), f"Parser {expected_parser['name']} not found in actual_parsers"
def assert_list_parsers(client):
parsers = client.parsers.list_parsers()
assert_parsers_eq(parsers, PARSERS)
def assert_list_parsers_fails(client):
with pytest.raises(StatusCodeException) as e:
client.parsers.list_parsers()
utils.assert_status_code_exception(
exception=e.value,
status_code=401,
method="GET",
url=utils.get_url("parsers"),
data={"msg": "Missing Authorization Header"},
)
for user_data in data["users"].values():
client = utils.get_client(user_data["username"], user_data["password"])
assert_list_parsers(client)
client.logout()
for org_data in data["organizations"].values():
for user_data in org_data["users"].values():
client = utils.get_client_org(user_data["username"],
user_data["password"],
org_data["name"])
assert_list_parsers(client)
client.logout()
client = utils.get_client_sysadmin()
client.logout()
assert_list_parsers_fails(client)