def test_prepare_response():
"""
Test the preparation or a json response.
* ``_id`` to ``id``
* ``url`` added
"""
for indata, expected in (
({"key": "value"}, {"key": "value"}),
({"_id": "value"}, {"id": "value"}),
({"_id": {"_id": "value"}}, {"id": {"id": "value"}}),
):
utils.prepare_response(indata)
assert indata == expected
indata = {"lvl1": {"lvl2": "value"}}
url = "https://www.example.com/api/v1/stuff"
expected = {
"url": "https://www.example.com/api/v1/stuff",
"lvl1": {"lvl2": "value"},
}
utils.prepare_response(indata, url)
assert indata == expected
indata = {"list": [{"_id": "value"}, {"_id": "value"}, {"_id": "value"}, {"_id": "value"}]}
expected = {"list": [{"id": "value"}, {"id": "value"}, {"id": "value"}, {"id": "value"}]}
utils.prepare_response(indata)
assert indata == expected
indata = {
"lvl1_1": 0,
"lvl1_2": {"lvl2": {"lvl3_1": "value", "lvl3_2": {"_id": "value"}}},
}
expected = {
"lvl1_1": 0,
"lvl1_2": {"lvl2": {"lvl3_1": "value", "lvl3_2": {"id": "value"}}},
}
utils.prepare_response(indata)
assert indata == expected
indata = {"list": ({"_id": "value"}, {"_id": "value"}, {"_id": "value"}, {"_id": "value"})}
expected = {"list": [{"id": "value"}, {"id": "value"}, {"id": "value"}, {"id": "value"}]}
utils.prepare_response(indata)
assert indata == expected
def user_agent():
# Get additional parameters from request
output_format = request.args.get(
"output_format") or app.config['OUTPUT_FORMAT']
callback = request.args.get("callback")
# Parse useragent string and give response
ua_string = request.args.get("s") or request.user_agent.string
return prepare_response(parse_useragent(ua_string), 200, output_format,
callback, "useragent")
def geoip(ip_address):
# Get additional parameters from request
output_format = request.args.get(
"output_format") or app.config['OUTPUT_FORMAT']
callback = request.args.get("callback")
# Check if ip_address is a valid IPv4 or IPv6 address
ip_address = request.remote_addr if ip_address == None else ip_address
if not ipv4(ip_address) and not ipv6(ip_address):
return error(
ip_address + " does not appear to be an IPv4 or IPv6 address", 400,
output_format, callback)
# Try to fetch data from GeoLite2 databases
try:
data = fetch_geoip(ip_address) # TODO: Add multi-language support
except Exception as ex:
return error(str(ex), 404, output_format, callback)
# Strip off empty sections
for k in [k for k, v in data.items() if not v or None]:
del data[k]
return prepare_response(data, 200, output_format, callback)
def test_add_collection_data(mdb):
"""
Test the functionality for adding collections.
Checks:
* fields are set correctly
* logs are created
* logs contain the relevant data
"""
ds_id = next(mdb["datasets"].aggregate([{"$sample": {"size": 1}}]))["_id"]
order_info = mdb["orders"].find_one({"datasets": ds_id})
user_info = mdb["users"].find_one({"_id": {"$in": order_info["editors"]}})
session = requests.Session()
as_user(session, user_info["auth_ids"][0])
# add data
indata = {
"collection": {
"description": "Test description",
"editors": [str(user_info["_id"])],
"title": "Test add title",
"datasets": [str(ds_id)],
"tags": [],
"properties": {
"Source": "Added from test"
},
}
}
indata["collection"].update(TEST_LABEL)
response = make_request(session,
"/api/v1/collection",
method="POST",
data=indata,
ret_json=True)
assert response.code == 200
assert "id" in response.data
assert len(response.data["id"]) == 38
added_id = response.data["id"]
# validate added data
collection = mdb["collections"].find_one({"_id": added_id})
utils.prepare_response(collection)
for field in ("editors", "datasets"):
collection[field] = [str(entry) for entry in collection[field]]
for field in indata["collection"]:
assert collection[field] == indata["collection"][field]
# validate log
log_query = {
"data._id": added_id,
"data_type": "collection",
"user": user_info["_id"],
"action": "add",
}
log_entry = mdb["logs"].find_one(log_query)
assert log_entry
for field in ("editors", "datasets"):
log_entry["data"][field] = [
str(entry) for entry in log_entry["data"][field]
]
print(log_entry, indata)
for field in indata["collection"]:
assert log_entry["data"][field] == indata["collection"][field]
def test_get_collection(mdb):
"""
Request multiple collections by uuid, one at a time.
* Normal collection
* Collection as editor; confirm that the user gets the editors field
* Collection as DATA_MANAGEMENT; confirm that the user gets the editors field
"""
session = requests.Session()
for _ in range(3):
# Get a random collection, use external data structure
collection = list(mdb["collections"].aggregate([{
"$sample": {
"size": 1
}
}]))[0]
utils.prepare_response(collection)
proj_owner = mdb["users"].find_one(
{"_id": {
"$in": collection["editors"]
}})
collection["id"] = str(collection["id"])
collection["editors"] = [str(entry) for entry in collection["editors"]]
collection["datasets"] = [
str(entry) for entry in collection["datasets"]
]
as_user(session, USERS["base"])
response = make_request(session,
f'/api/v1/collection/{collection["id"]}')
assert response.code == 200
for field in collection:
if field == "datasets":
for i, ds_uuid in enumerate(collection[field]):
assert ds_uuid == response.data["collection"][field][i][
"id"]
elif field == "editors":
continue
else:
assert collection[field] == response.data["collection"][field]
as_user(session, proj_owner["auth_ids"][0])
response = make_request(session,
f'/api/v1/collection/{collection["id"]}')
assert response.code == 200
for field in collection:
if field in ("datasets", "editors"):
entries = [
entry["id"] for entry in response.data["collection"][field]
]
assert len(collection[field]) == len(entries)
for i, ds_uuid in enumerate(collection[field]):
assert ds_uuid in entries
else:
assert collection[field] == response.data["collection"][field]
as_user(session, USERS["root"])
response = make_request(session,
f'/api/v1/collection/{collection["id"]}')
assert response.code == 200
for field in collection:
if field in ("datasets", "editors"):
entries = [
entry["id"] for entry in response.data["collection"][field]
]
assert len(collection[field]) == len(entries)
for i, ds_uuid in enumerate(collection[field]):
assert ds_uuid in entries
else:
assert collection[field] == response.data["collection"][field]
def get_cves(self, script, bindings):
"""Call Gremlin and get the CVE information."""
json_payload = self.prepare_payload(script, bindings)
response = call_gremlin(json_payload)
cve_list = prepare_response(response)
return cve_list