Ejemplo n.º 1
0
def as_admin(client: testing.FlaskClient):
    ui = admin_user_info()
    with client.session_transaction() as session:
        session["user_info"] = ui

    user = User(full_name=ui["name"], login=ui["email"], profile_picture=ui["picture"])
    user.roles = [
        Role(name=PredefinedRoles.ADMIN),
        Role(name=PredefinedRoles.REVIEWER),
        Role(name=PredefinedRoles.USER),
    ]
    return user
Ejemplo n.º 2
0
def as_admin(client: testing.FlaskClient):
    ui = admin_user_info()
    with client.session_transaction() as session:
        session['user_info'] = ui

    user = User(full_name=ui['name'],
                email=ui['email'],
                profile_picture=ui['picture'])
    user.roles = [
        Role(name=PredefinedRoles.ADMIN),
        Role(name=PredefinedRoles.REVIEWER),
        Role(name=PredefinedRoles.USER),
    ]
    return user
Ejemplo n.º 3
0
def as_user(client: testing.FlaskClient):
    ui = regular_user_info()
    with client.session_transaction() as session:
        session['user_info'] = ui
        session['google_token'] = 'testing-user'

    user = User(full_name=ui['name'],
                email=ui['email'],
                profile_picture=ui['picture'])
    user.roles = [
        Role(name=PredefinedRoles.USER),
    ]
    return user
Ejemplo n.º 4
0
def get_or_create_role(name) -> Role:
    role = Role.query.filter_by(name=name).first()
    if not role:
        role = Role(name=name)
        db.session.add(role)
    return role
Ejemplo n.º 5
0
def _db(app):
    """Returns session-wide initialised database."""
    db = app.extensions['sqlalchemy'].db

    # setup databases and tables
    with open(os.path.join(cfg.BASE_DIR, 'docker/db_schema.sql'), 'rb') as f:
        create_schemas_sql = f.read().decode('utf8')

    with app.app_context():
        # clear database
        db.drop_all()
        db.engine.execute('DROP TABLE IF EXISTS alembic_version')

        # build database
        db.engine.execute(create_schemas_sql)
        alembic_upgrade()

        # create data
        session = db.session
        roles = [
            Role(name=role)
            for role in (PredefinedRoles.ADMIN, PredefinedRoles.USER)
        ]
        session.add_all(roles)
        users = [
            User(
                email='*****@*****.**',
                full_name='Admin McAdmin',
                roles=roles,
            ),
            User(
                email='*****@*****.**',
                full_name='User McUser',
                roles=[roles[1]],
            ),
        ]
        session.add_all(users)

        vuln_cves = list('CVE-1970-{}'.format(1000 + i) for i in range(10))
        new_cves = list('CVE-1970-{}'.format(2000 + i) for i in range(10))
        cves = vuln_cves + new_cves

        nvds = []
        for i, cve in enumerate(cves, 1):
            nvds.append(
                Nvd(cve_id=cve,
                    descriptions=[
                        Description(value='Description {}'.format(i), ),
                    ],
                    references=[
                        Reference(
                            link=
                            'https://cve.mitre.org/cgi-bin/cvename.cgi?name={}'
                            .format(cve),
                            source='cve.mitre.org',
                        ),
                    ],
                    published_date=datetime.date.today(),
                    cpes=[
                        Cpe(
                            vendor='Vendor {}'.format(i),
                            product='Product {}'.format(j),
                        ) for j in range(1, 4)
                    ]))
        session.add_all(nvds)

        vulns = []
        for i, cve in enumerate(vuln_cves, 1):
            repo_owner = 'OWNER'
            repo_name = 'REPO{i}'.format(i=i)
            repo_url = 'https://github.com/{owner}/{repo}/'.format(
                owner=repo_owner,
                repo=repo_name,
            )
            commit = '{:07x}'.format(0x1234567 + i)
            vulns.append(
                Vulnerability(
                    vcdb_id=i,
                    cve_id=cve,
                    date_created=datetime.date.today(),
                    creator=users[1],
                    state=VulnerabilityState.PUBLISHED,
                    version=0,
                    comment='Vulnerability {} comment'.format(i),
                    commits=[
                        VulnerabilityGitCommits(
                            commit_link='{repo_url}commit/{commit}'.format(
                                repo_url=repo_url,
                                commit=commit,
                            ),
                            repo_owner=repo_owner,
                            repo_name=repo_name,
                            # repo_url=repo_url,
                            commit_hash=commit)
                    ]))
        vulns.append(
            Vulnerability(
                state=VulnerabilityState.PUBLISHED,
                version=0,
                vcdb_id=len(vulns) + 1,
                cve_id='CVE-1970-1500',
                date_created=datetime.date.today(),
                comment='Vulnerability {} comment'.format(len(vuln_cves) + 1),
                commits=[]))
        session.add_all(vulns)

        session.commit()
    return db
Ejemplo n.º 6
0
def setup_test_database():
    """Returns session-wide initialised database."""

    # Create a temporary flask app for the database setup.
    # We don't use the app or db fixtures here as they should be
    # executed in the function scope, not in the session scope like
    # this function is.
    app = create_app(TEST_CONFIG)
    with app.app_context():
        db: SQLAlchemy = app.extensions["sqlalchemy"].db

        # setup databases and tables
        with open(os.path.join(cfg.BASE_DIR, "docker/db_schema.sql"), "rb") as f:
            create_schemas_sql = f.read().decode("utf8")

        # with app.app_context():
        # clear database
        db.drop_all()
        db.engine.execute("DROP TABLE IF EXISTS alembic_version")

        # build database
        db.engine.execute(create_schemas_sql)
        alembic_upgrade()

        # create data
        session = db.session
        roles = [
            Role(name=role) for role in (PredefinedRoles.ADMIN, PredefinedRoles.USER)
        ]
        session.add_all(roles)
        users = [
            User(
                login="******",
                full_name="Admin McAdmin",
                roles=roles,
                state=UserState.ACTIVE,
                login_type=LoginType.LOCAL,
            ),
            User(
                login="******",
                full_name="User McUser",
                roles=[roles[1]],
                state=UserState.ACTIVE,
                login_type=LoginType.LOCAL,
            ),
            User(
                login="******",
                full_name="Blocked User",
                roles=[roles[1]],
                state=UserState.BLOCKED,
                login_type=LoginType.LOCAL,
            ),
        ]
        session.add_all(users)

        vuln_cves = list("CVE-1970-{}".format(1000 + i) for i in range(10))
        new_cves = list("CVE-1970-{}".format(2000 + i) for i in range(10))
        cves = vuln_cves + new_cves

        nvds = []
        for i, cve in enumerate(cves, 1):
            nvds.append(
                Nvd(
                    cve_id=cve,
                    descriptions=[
                        Description(
                            value="Description {}".format(i),
                        ),
                    ],
                    references=[
                        Reference(
                            link="https://cve.mitre.org/cgi-bin/cvename.cgi?name={}".format(
                                cve
                            ),
                            source="cve.mitre.org",
                        ),
                    ],
                    published_date=datetime.date.today(),
                    cpes=[
                        Cpe(
                            vendor="Vendor {}".format(i),
                            product="Product {}".format(j),
                        )
                        for j in range(1, 4)
                    ],
                )
            )
        session.add_all(nvds)

        vulns = []
        for i, cve in enumerate(vuln_cves, 1):
            repo_owner = "OWNER"
            repo_name = "REPO{i}".format(i=i)
            repo_url = "https://github.com/{owner}/{repo}/".format(
                owner=repo_owner,
                repo=repo_name,
            )
            commit = "{:07x}".format(0x1234567 + i)
            vulns.append(
                Vulnerability(
                    vcdb_id=i,
                    cve_id=cve,
                    date_created=datetime.date.today(),
                    creator=users[1],
                    state=VulnerabilityState.PUBLISHED,
                    version=0,
                    comment="Vulnerability {} comment".format(i),
                    commits=[
                        VulnerabilityGitCommits(
                            commit_link="{repo_url}commit/{commit}".format(
                                repo_url=repo_url,
                                commit=commit,
                            ),
                            repo_owner=repo_owner,
                            repo_name=repo_name,
                            # TODO: test conflicting data?
                            repo_url=repo_url,
                            commit_hash=commit,
                        )
                    ],
                )
            )
        vulns.append(
            Vulnerability(
                state=VulnerabilityState.PUBLISHED,
                version=0,
                vcdb_id=len(vulns) + 1,
                cve_id="CVE-1970-1500",
                date_created=datetime.date.today(),
                comment="Vulnerability {} comment".format(len(vuln_cves) + 1),
                commits=[],
            )
        )
        session.add_all(vulns)

        session.commit()