def init_test_logging(level='debug', output_file=None):
"""
Initialize logging configured to use a standard logger rather than a twistd logger
:return:
"""
# For other services, but shows output as 'bootstrap'
enable_test_logging(level=level.upper(), outfile=output_file)
"""
Unit tests for the api controller utils of external API service
"""
import base64
import json
import yaml
import pytest
from anchore_engine.apis.exceptions import BadRequest
from anchore_engine.services.apiext.api.controllers import utils as api_utils
from anchore_engine.subsys import logger
logger.enable_test_logging("INFO")
spec_path = "anchore_engine/services/apiext/swagger/swagger.yaml"
b64_dockerfile = str(
base64.encodebytes(b'FROM stratch\nRUN echo "hello" > file\n'), "utf-8")
raw_dockerfile = 'FROM stratch\nRUN echo "hello" > file\n'
def _load_spec(path):
with open(path) as f:
if path.endswith("yaml") or path.endswith("yml"):
return yaml.safe_load(f)
else:
return json.load(f)
api_spec = _load_spec(spec_path)
test_digest = "sha256:0123456789012345678901234567890123456789012345678901234567890123"
test_ts = "2019-01-01T01:01:01Z"
import pytest
from tests.integration.services.policy_engine.engine.policy.gates import (
GateUnitTest,
cls_no_feeds_test_env,
)
from anchore_engine.db import Image, ImagePackageManifestEntry
from anchore_engine.services.policy_engine.engine.policy.gates.packages import (
PackagesCheckGate,
RequiredPackageTrigger,
VerifyTrigger,
BlackListTrigger,
)
from anchore_engine.db import get_thread_scoped_session
from anchore_engine.subsys import logger
logger.enable_test_logging()
@pytest.mark.usefixtures("cls_no_feeds_test_env")
class PackageCheckGateTest(GateUnitTest):
__default_image__ = "debian9-slim-custom" # Testing against a specifically broken analysis output (hand edited to fail in predictable ways)
gate_clazz = PackagesCheckGate
def test_blacklist(self):
# Match
t, gate, test_context = self.get_initialized_trigger(
BlackListTrigger.__trigger_name__,
name="libc6",
version="2.24-11+deb9u4")
db = get_thread_scoped_session()
import copy
import datetime
from anchore_engine.db.entities.policy_engine import (
FixedArtifact,
Vulnerability,
VulnerableArtifact,
ImagePackageVulnerability,
ImagePackage,
Image,
DistroTuple,
DistroNamespace,
DistroMapping,
)
from anchore_engine.subsys import logger
logger.enable_test_logging(level="DEBUG")
@pytest.fixture
def empty_vulnerability():
v = Vulnerability()
v.id = "CVE-1"
v.namespace_name = "rhel:8"
v.description = "test vulnerability"
v.metadata_json = {}
v.created_at = datetime.datetime.utcnow()
v.updated_at = datetime.datetime.utcnow()
v.fixed_in = []
v.vulnerable_in = []
v.severity = "high"
v.link = "somelink"
import pytest
import copy
import datetime
from anchore_engine.db.entities.policy_engine import FixedArtifact, Vulnerability, VulnerableArtifact, ImagePackageVulnerability, ImagePackage, Image, DistroTuple, DistroNamespace, DistroMapping
from anchore_engine.subsys import logger
logger.enable_test_logging(level='DEBUG')
@pytest.fixture(scope="session")
def monkeysession(request):
"""
This is an unfortunate kludge needed to force the monkeypatch fixture to
allow a specific scope (the whole test session in this case).
Without this, Pytest would raise an error explaining this is not possible.
See: https://github.com/pytest-dev/pytest/issues/363
If this ever stops working, then the `monkeypatch` needs to be done on
every test method *or* the scope needs to be removed, causing these to be
set for every test.
"""
from _pytest.monkeypatch import MonkeyPatch
mpatch = MonkeyPatch()
yield mpatch
mpatch.undo()
@pytest.fixture
def empty_vulnerability():
"""
Unit tests for the api controller utils of external API service
"""
import base64
import json
import yaml
import pytest
from anchore_engine.services.apiext.api.controllers import utils as api_utils
from anchore_engine.subsys import logger
logger.enable_test_logging('INFO')
spec_path = 'anchore_engine/services/apiext/swagger/swagger.yaml'
b64_dockerfile = str(
base64.encodebytes(b'FROM stratch\nRUN echo "hello" > file\n'), 'utf-8')
raw_dockerfile = 'FROM stratch\nRUN echo "hello" > file\n'
def _load_spec(path):
with open(path) as f:
if path.endswith('yaml') or path.endswith('yml'):
return yaml.load(f)
else:
return json.load(f)
api_spec = _load_spec(spec_path)
test_digest = 'sha256:0123456789012345678901234567890123456789012345678901234567890123'
test_ts = '2019-01-01T01:01:01Z'
import datetime
import pytest
from tests.fixtures import anchore_db
from anchore_engine.subsys import logger, simplequeue
from anchore_engine.subsys.logger import enable_test_logging
enable_test_logging()
singleton_queue = "testq1"
multi_queue = "testq2"
std_queue = "testq3"
@pytest.fixture
def test_qs(anchore_db):
"""
Expects to initialize the queues in an empty db, so it uses the anchore_db fixture itself to get initialized db
:return:
"""
global singleton_queue, multi_queue, std_queue
simplequeue.create_queue(singleton_queue,
max_outstanding_msgs=1,
visibility_timeout=10)
simplequeue.create_queue(multi_queue,
max_outstanding_msgs=5,
visibility_timeout=10)
simplequeue.create_queue(std_queue,
max_outstanding_msgs=0,
visibility_timeout=0)
from anchore_engine.utils import parse_dockerimage_string
from anchore_engine.subsys import logger
logger.enable_test_logging(level='INFO')
def test_parse_dockerimage_string():
tests = [
('docker.io/library/nginx', {
'digest': None,
'fulldigest': None,
'fulltag': 'docker.io/library/nginx:latest',
'host': 'docker.io',
'imageId': None,
'port': None,
'pullstring': 'docker.io/library/nginx:latest',
'registry': 'docker.io',
'repo': 'library/nginx',
'repotag': 'library/nginx:latest',
'tag': 'latest'}),
('docker.io/nginx', {
'digest': None,
'fulldigest': None,
'fulltag': 'docker.io/nginx:latest',
'host': 'docker.io',
'imageId': None,
'port': None,
'pullstring': 'docker.io/nginx:latest',
'registry': 'docker.io',
'repo': 'nginx',
'repotag': 'nginx:latest',
from anchore_engine.services.policy_engine.engine import vulnerabilities
from anchore_engine.subsys import logger
logger.enable_test_logging(level='info')
def test_namespace_has_no_feed():
"""
Test the caching mechanisms used during feed syncs to optimize lookups w/o db access
:return:
"""
# Nothing initially
assert vulnerabilities.namespace_has_no_feed('debian', '8')
vulnerabilities.ThreadLocalFeedGroupNameCache.add([('debian:8', True),
('debian:9', True),
('centos:4', False)])
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
'debian:8') == ('debian:8', True)
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
'debian:9') == ('debian:9', True)
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
'centos:4') == ('centos:4', False)
assert not vulnerabilities.namespace_has_no_feed('debian', '8')
assert not vulnerabilities.namespace_has_no_feed('debian', '9')
assert vulnerabilities.namespace_has_no_feed('debian', 'foobar')
assert vulnerabilities.namespace_has_no_feed('centos', '4')
# Empty
vulnerabilities.ThreadLocalFeedGroupNameCache.flush()
assert vulnerabilities.namespace_has_no_feed('debian', '8')
from anchore_engine.services.policy_engine.engine import vulnerabilities
from anchore_engine.subsys import logger
logger.enable_test_logging(level="info")
def test_namespace_has_no_feed():
"""
Test the caching mechanisms used during feed syncs to optimize lookups w/o db access
:return:
"""
# Nothing initially
assert vulnerabilities.namespace_has_no_feed("debian", "8")
vulnerabilities.ThreadLocalFeedGroupNameCache.add([("debian:8", True),
("debian:9", True),
("centos:4", False)])
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
"debian:8") == (
"debian:8",
True,
)
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
"debian:9") == (
"debian:9",
True,
)
assert vulnerabilities.ThreadLocalFeedGroupNameCache.lookup(
"centos:4") == (
"centos:4",
