def test_assessment(self):
"""Test collisions between assessment template and assessments.
Assessment template is not allowed to have local CAD that match Assessment
global CAD, because that will cause collisions when assessments are
generated when using the mentioned template.
"""
with app.app_context():
CAD(
title="assessment CAD",
definition_type="assessment_template",
definition_id=1,
)
with app.app_context():
# check that local assessment local CAD can match AT CAD.
CAD(
title="assessment CAD",
definition_type="assessment",
definition_id=1,
)
with app.app_context():
with self.assertRaises(ValueError):
CAD(
title="assessment CAD",
definition_type="assessment",
)
def test_assessment(self):
"""Test collisions between assessment template and assessments.
Assessment template is not allowed to have local CAD that match Assessment
global CAD, because that will cause collisions when assessments are
generated when using the mentioned template.
"""
with app.app_context():
CAD(
title="assessment CAD",
definition_type="assessment_template",
definition_id=1,
)
with app.app_context():
# check that local assessment local CAD can match AT CAD.
CAD(
title="assessment CAD",
definition_type="assessment",
definition_id=1,
)
with app.app_context():
with self.assertRaises(ValueError):
CAD(
title="assessment CAD",
definition_type="assessment",
)
def upgrade():
"""Upgrade database schema and/or data, creating a new revision."""
with app.app_context():
rename_ca_title("Assessment Procedure",
["assessment", "assessment_template", "control"])
rename_ca_title("Use Control Assessment Procedure",
["assessment_template"])
def run_export(objects, ie_id, user_id, url_root):
"""Run export"""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
ie = import_export.get(ie_id)
check_for_previous_run()
content, _ = make_export(objects)
db.session.refresh(ie)
if ie.status == "Stopped":
return
ie.status = "Finished"
ie.content = content
db.session.commit()
job_emails.send_email(job_emails.EXPORT_COMPLETED, user.email, url_root,
ie.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Export failed: %s", e.message)
try:
ie.status = "Failed"
ie.end_date = datetime.now()
db.session.commit()
job_emails.send_email(job_emails.EXPORT_FAILED, user.email, url_root)
except Exception as e: # pylint: disable=broad-except
logger.exception("Failed to set job status: %s", e.message)
def run_export(objects, ie_id, user_id, url_root):
"""Run export"""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
ie = import_export.get(ie_id)
check_for_previous_run()
content, _ = make_export(objects)
db.session.refresh(ie)
if ie.status == "Stopped":
return
ie.status = "Finished"
ie.content = content
db.session.commit()
job_emails.send_email(job_emails.EXPORT_COMPLETED, user.email,
url_root, ie.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Export failed: %s", e.message)
try:
ie.status = "Failed"
ie.end_date = datetime.now()
db.session.commit()
job_emails.send_email(job_emails.EXPORT_FAILED, user.email,
url_root)
except Exception as e: # pylint: disable=broad-except
logger.exception("Failed to set job status: %s", e.message)
def _create_cas():
"""Create custom attribute definitions."""
ca_model_names = [
"facility",
"control",
"market",
"section",
"threat",
"access_group",
"data_asset"
]
ca_args = [
{"title": "CA text", "attribute_type": "Text"},
{"title": "CA rich text", "attribute_type": "Rich Text"},
{"title": "CA date", "attribute_type": "Date"},
{"title": "CA checkbox", "attribute_type": "Checkbox"},
{"title": "CA person", "attribute_type": "Map:Person"},
{"title": "CA dropdown", "attribute_type": "Dropdown",
"multi_choice_options": "one,two,three,four,five"},
]
for type_ in ca_model_names:
with app.app_context():
for args in ca_args:
factories.CustomAttributeDefinitionFactory(
definition_type=type_,
**args
)
def test_collect_audit_emails(self):
"""Test _collect_audit_emails function."""
audit_captains = factories.PersonFactory.create_batch(3)
auditors = factories.PersonFactory.create_batch(3)
audit_captain_role_id = all_models.AccessControlRole.query.filter(
all_models.AccessControlRole.name == "Audit Captains",
all_models.AccessControlRole.object_type == "Audit",
).one().id
auditor_role_id = all_models.AccessControlRole.query.filter(
all_models.AccessControlRole.name == "Auditors",
all_models.AccessControlRole.object_type == "Audit",
).one().id
acl_data = self._prepare_acl({
audit_captain_role_id: audit_captains,
auditor_role_id: auditors
})
with app.app_context():
# pylint: disable=protected-access
reporter_email, cc_list = assessment_integration._collect_audit_emails(
acl_data)
audit_reporter = audit_captains[0].email
audit_ccs = set(captain.email for captain in audit_captains[1:])
self.assertEquals(reporter_email, audit_reporter)
self.assertEquals(set(cc_list), audit_ccs)
def setUpClass(cls):
"""
Set up read-only test data to test GET requests.
"""
super(TestSavedSearchDelete, cls).setUpClass()
with app.app_context():
cls._person_0 = Person(
name="Aniki",
email="aniki_baniki_{}@test.com".format(random()),
)
db.session.add(cls._person_0)
db.session.flush()
saved_search = SavedSearch(
name="test_ss_1",
object_type="Assessment",
user=cls._person_0,
search_type="GlobalSearch"
)
cls._person_0.saved_searches.append(saved_search)
db.session.flush()
cls._user_role = setup_user_role(cls._person_0)
db.session.commit()
cls._client, cls._headers = get_client_and_headers(
app, cls._person_0,
)
cls._saved_search_id = saved_search.id
def _create_cas(self):
"""Create custom attribute definitions."""
self._ca_objects = {}
external_ca_model_names = [
"control",
]
ca_model_names = [
"facility",
"market",
"requirement",
"threat",
"access_group",
"data_asset"
]
external_ca_args = [
{"title": "CA text", "attribute_type": "Text"},
{"title": "CA rich text", "attribute_type": "Rich Text"},
{"title": "CA date", "attribute_type": "Date"},
{"title": "CA multiselect", "attribute_type": "Multiselect",
"multi_choice_options": "yes,no"},
{"title": "CA dropdown", "attribute_type": "Dropdown",
"multi_choice_options": "one,two,three,four,five"},
]
ca_args = [
{"title": "CA text", "attribute_type": "Text"},
{"title": "CA rich text", "attribute_type": "Rich Text"},
{"title": "CA date", "attribute_type": "Date"},
{"title": "CA checkbox", "attribute_type": "Checkbox"},
{"title": "CA multiselect", "attribute_type": "Multiselect",
"multi_choice_options": "yes,no"},
{"title": "CA dropdown", "attribute_type": "Dropdown",
"multi_choice_options": "one,two,three,four,five"},
]
for type_ in ca_model_names:
with app.app_context():
for args in ca_args:
factories.CustomAttributeDefinitionFactory(
definition_type=type_,
**args
)
for type_ in external_ca_model_names:
with app.app_context():
for args in external_ca_args:
factories.ExternalCustomAttributeDefinitionFactory(
definition_type=type_,
**args
)
def run_import_phases(ie_id, user_id, url_root): # noqa: ignore=C901
"""Execute import phases"""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
ie_job = import_export.get(ie_id)
check_for_previous_run()
csv_data = read_csv_file(StringIO(ie_job.content.encode("utf-8")))
if ie_job.status == "Analysis":
info = make_import(csv_data, True)
db.session.rollback()
db.session.refresh(ie_job)
if ie_job.status == "Stopped":
return
ie_job.results = json.dumps(info)
for block_info in info:
if block_info["block_errors"] or block_info["row_errors"]:
ie_job.status = "Analysis Failed"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
return
for block_info in info:
if block_info["block_warnings"] or block_info["row_warnings"]:
ie_job.status = "Blocked"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_BLOCKED, user.email,
url_root, ie_job.title)
return
ie_job.status = "In Progress"
db.session.commit()
if ie_job.status == "In Progress":
info = make_import(csv_data, False)
ie_job.results = json.dumps(info)
for block_info in info:
if block_info["block_errors"] or block_info["row_errors"]:
ie_job.status = "Analysis Failed"
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
db.session.commit()
return
ie_job.status = "Finished"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_COMPLETED, user.email,
url_root, ie_job.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Import failed: %s", e.message)
try:
ie_job.status = "Failed"
ie_job.end_date = datetime.now()
db.session.commit()
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Failed to set job status: %s", e.message)
def run_import_phases(ie_id, user_id, url_root): # noqa: ignore=C901
"""Execute import phases"""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
ie_job = import_export.get(ie_id)
check_for_previous_run()
csv_data = read_csv_file(StringIO(ie_job.content.encode("utf-8")))
if ie_job.status == "Analysis":
info = make_import(csv_data, True)
db.session.rollback()
db.session.refresh(ie_job)
if ie_job.status == "Stopped":
return
ie_job.results = json.dumps(info)
for block_info in info:
if block_info["block_errors"] or block_info["row_errors"]:
ie_job.status = "Analysis Failed"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
return
for block_info in info:
if block_info["block_warnings"] or block_info["row_warnings"]:
ie_job.status = "Blocked"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_BLOCKED, user.email,
url_root, ie_job.title)
return
ie_job.status = "In Progress"
db.session.commit()
if ie_job.status == "In Progress":
info = make_import(csv_data, False)
ie_job.results = json.dumps(info)
for block_info in info:
if block_info["block_errors"] or block_info["row_errors"]:
ie_job.status = "Analysis Failed"
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
db.session.commit()
return
ie_job.status = "Finished"
db.session.commit()
job_emails.send_email(job_emails.IMPORT_COMPLETED, user.email,
url_root, ie_job.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Import failed: %s", e.message)
try:
ie_job.status = "Failed"
ie_job.end_date = datetime.now()
db.session.commit()
job_emails.send_email(job_emails.IMPORT_FAILED, user.email,
url_root, ie_job.title)
except Exception as e: # pylint: disable=broad-except
logger.exception("Failed to set job status: %s", e.message)
def setUpClass(cls):
"""Prepare data needed to run the tests."""
TestCase.clear_data()
with app.app_context():
cls.response = cls._import_file("audit_rbac.csv")
cls.people = {
person.name: person
for person in all_models.Person.eager_query().all()
}
created_objects = (
(all_models.Audit, all_models.Audit.slug == 'AUDIT-1',
'audit'), (all_models.Audit,
all_models.Audit.slug == 'AUDIT-2',
'archived_audit'),
(all_models.Issue, all_models.Issue.slug == 'PMRBACISSUE-1',
'issue'), (all_models.Issue,
all_models.Issue.slug == 'PMRBACISSUE-2',
'archived_issue'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-1',
'assessment'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-2',
'archived_assessment'))
for obj, cond, name in created_objects:
setattr(cls, name, obj.eager_query().filter(cond).first())
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == 'Objective').first()
cls.rev_id = revision.id
# Create snapshot objects:
for audit, name in ((cls.audit, 'snapshot'),
(cls.archived_audit, 'archived_snapshot')):
snapshot = factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
parent=audit,
revision=revision,
context=audit.context,
)
factories.RelationshipFactory(source=audit,
destination=snapshot)
setattr(cls, name, snapshot)
# Create asessment template objects:
for audit, name in ((cls.audit, 'template'),
(cls.archived_audit, 'archived_template')):
template = factories.AssessmentTemplateFactory(
context=audit.context, )
factories.RelationshipFactory(source=audit,
destination=template,
context=audit.context)
setattr(cls, name, template)
# Refresh objects in the session
for obj in db.session:
db.session.refresh(obj)
def setUpClass(cls):
"""Prepare data needed to run the tests"""
TestCase.clear_data()
cls.response = cls._import_file("audit_rbac.csv")
with app.app_context():
cls.people = {
person.name: person
for person in all_models.Person.eager_query().all()
}
created_objects = (
(all_models.Audit, all_models.Audit.slug == 'AUDIT-1', 'audit'),
(all_models.Audit,
all_models.Audit.slug == 'AUDIT-2', 'archived_audit'),
(all_models.Issue, all_models.Issue.slug == 'PMRBACISSUE-1',
'issue'),
(all_models.Issue, all_models.Issue.slug == 'PMRBACISSUE-2',
'archived_issue'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-1', 'assessment'),
(all_models.Assessment,
all_models.Assessment.slug == 'PMRBACASSESSMENT-2',
'archived_assessment')
)
for obj, cond, name in created_objects:
setattr(cls, name, obj.eager_query().filter(cond).first())
revision = all_models.Revision.query.filter(
all_models.Revision.resource_type == 'Objective').first()
cls.rev_id = revision.id
# Create snapshot objects:
for audit, name in ((cls.audit, 'snapshot'),
(cls.archived_audit, 'archived_snapshot')):
setattr(cls, name, factories.SnapshotFactory(
child_id=revision.resource_id,
child_type=revision.resource_type,
revision=revision,
parent=audit,
context=audit.context,
))
# Create asessment template objects:
for audit, name in ((cls.audit, 'template'),
(cls.archived_audit, 'archived_template')):
template = factories.AssessmentTemplateFactory(
context=audit.context,
)
factories.RelationshipFactory(
source=audit,
destination=template,
context=audit.context
)
setattr(cls, name, template)
# Refresh objects in the session
for obj in db.session:
db.session.refresh(obj)
def calculate_computed_attributes(revision_ids, user_id):
"""Calculate computed attributes as deferred task."""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
computed_attributes.compute_attributes(revision_ids)
except Exception as e: # pylint: disable=broad-except
logger.exception("Calculation of computed attributes failed: %s",
e.message)
def upgrade():
"""Upgrade database schema and/or data, creating a new revision."""
with app.app_context():
rename_ca_title(
"Assessment Procedure",
["assessment", "assessment_template", "control"]
)
rename_ca_title(
"Use Control Assessment Procedure",
["assessment_template"]
)
def calculate_computed_attributes(revision_ids, user_id):
"""Calculate computed attributes as deferred task."""
with app.app_context():
try:
user = person.Person.query.get(user_id)
setattr(g, '_current_user', user)
computed_attributes.compute_attributes(revision_ids)
except Exception as e: # pylint: disable=broad-except
logger.exception(
"Calculation of computed attributes failed: %s", e.message
)
def _get_acl_subdict(acr_name, person, model):
"""Generate ACL sub-dict representation for using inside JSON.
Args:
acr_name: Access Control Role name.
person: Person instance, who should get `acr_name` in scope of `model`.
model: Model, in which scope ACR should be assigned to `person`.
Returns:
ACL entry sub-dict representation. It is used for inserting into object
JSON representation under 'access_control_list' key.
"""
with app.app_context():
acr = role.get_ac_roles_for(model.__name__)[acr_name]
return {"ac_role_id": acr.id, "person": utils.create_stub(person)}
def test_with_extra_duplicate_obj(self, created_count, modified_count,
deleted_count):
"""Generated test number of simple objects (extra obj from dirty pool)"""
expected_results = self.build_expected_action_list(
created_count, modified_count, deleted_count)
new = self.populate_object_list(created_count)
deleted = self.populate_object_list(deleted_count)
dirty = self.populate_object_list(modified_count)
with mock.patch.object(revisions_diff, 'changes_present'):
with app.app_context():
with self.mock_get_cache(new, deleted, dirty):
self.assertEqual(expected_results, [
r["action"] for r in self.get_log_revisions(dirty[0])
])
def init_globals(models):
"""Load all ACRs and CADs into memory from db"""
with app.app_context():
with factories.single_commit():
for model in models:
AC_ROLES[model] = {
name: id for id, name in
get_custom_roles_for(model).items()
}
CADS[model] = {
CAD_PERSON_TYPE: factories.CustomAttributeDefinitionFactory(
title=CAD_PERSON_TITLE,
definition_type=utils.underscore_from_camelcase(model),
attribute_type=CAD_PERSON_TYPE,
).id
}
def _get_acl_subdict(acr_name, person, model):
"""Generate ACL sub-dict representation for using inside JSON.
Args:
acr_name: Access Control Role name.
person: Person instance, who should get `acr_name` in scope of `model`.
model: Model, in which scope ACR should be assigned to `person`.
Returns:
ACL entry sub-dict representation. It is used for inserting into object
JSON representation under 'access_control_list' key.
"""
with app.app_context():
acr = role.get_ac_roles_for(model.__name__)[acr_name]
return {
"ac_role_id": acr.id,
"person": utils.create_stub(person)
}
def setUpClass(cls):
"""Set up read-only test data to test GET requests."""
super(TestSavedSearchPost, cls).setUpClass()
email_0 = "aniki_baniki_{}@test.com".format(random())
with app.app_context():
cls._person_0 = Person(name="Aniki", email=email_0)
db.session.add(cls._person_0)
db.session.flush()
cls._user_role = setup_user_role(cls._person_0)
db.session.commit()
cls._client, cls._headers = get_client_and_headers(
app,
cls._person_0,
)
def test_audit_emails_wh_captains(self):
"""Test _collect_audit_emails without Audit Captains."""
auditors = factories.PersonFactory.create_batch(3)
auditor_role_id = all_models.AccessControlRole.query.filter(
all_models.AccessControlRole.name == "Auditors",
all_models.AccessControlRole.object_type == "Audit",
).one().id
acl_data = self._prepare_acl({
auditor_role_id: auditors,
})
with app.app_context():
# pylint: disable=protected-access
reporter_email, cc_list = assessment_integration._collect_audit_emails(
acl_data)
self.assertEquals(reporter_email, "")
self.assertEquals(cc_list, [])
def init_globals(models):
"""Load all ACRs and CADs into memory from db"""
with app.app_context():
with factories.single_commit():
for model in models:
AC_ROLES[model] = {
name: id for id, name in
get_custom_roles_for(model).items()
}
CADS[model] = {
CAD_PERSON_TYPE: factories.CustomAttributeDefinitionFactory(
title=CAD_PERSON_TITLE,
definition_type=utils.underscore_from_camelcase(model),
attribute_type=CAD_PERSON_TYPE,
).id
}
def _create_cas():
"""Create custom attribute definitions."""
for type_ in ["facility", "control", "market", "section"]:
with app.app_context():
factories.CustomAttributeDefinitionFactory(
title="CA dropdown",
definition_type=type_,
attribute_type="Dropdown",
multi_choice_options="one,two,three,four,five",
)
factories.CustomAttributeDefinitionFactory(
title="CA text",
definition_type=type_,
attribute_type="Text",
)
factories.CustomAttributeDefinitionFactory(
title="CA date",
definition_type=type_,
attribute_type="Date",
)
def upgrade():
"""Upgrade database schema and/or data, creating a new revision."""
with app.app_context():
rename_ca_title("state", ["audit"])
def new_call(*args, **kwargs):
with app.app_context():
return func(*args, **kwargs)
def new_call(*args, **kwargs):
with app.app_context():
return func(*args, **kwargs)
def obj_to_dict(self, obj, model_name=None):
with app.app_context():
return self.resource.object_for_json(obj, model_name)
def setUpClass(cls):
"""
Set up read-only test data to test GET requests.
"""
super(TestSavedSearchGet, cls).setUpClass()
with app.app_context():
email_0 = "aniki_baniki_{}@test.com".format(random())
cls._person_0 = Person(name="Aniki", email=email_0)
email_1 = "baniki_aniki_{}@test.com".format(random())
cls._person_1 = Person(name="Baniki", email=email_1)
db.session.add(cls._person_0)
db.session.add(cls._person_1)
db.session.flush()
locked_time = {
"year": 2025,
"month": 1,
"day": 25,
"minute": 0,
"second": 0,
}
with freeze_time(datetime(**locked_time)) as frozen_time:
for i in range(1, 5):
user = cls._person_0 if i != 4 else cls._person_1
saved_search = SavedSearch(
name="test_ss_{}".format(i),
object_type="Assessment",
user=user,
search_type=cls.SAVED_SEARCH_TYPE)
user.saved_searches.append(saved_search)
db.session.flush()
#
# we need to test the order in which saved
# searches are returned in response to GET
# request (descending order by created_at)
# created_at precision is seconds
#
locked_time["second"] = i
frozen_time.move_to(datetime(**locked_time))
saved_search_program = SavedSearch(
name="test_program_ss",
object_type="Program",
user=cls._person_0,
search_type=cls.SAVED_SEARCH_TYPE)
cls._person_0.saved_searches.append(saved_search_program)
db.session.flush()
cls._user_role = setup_user_role(cls._person_0)
db.session.commit()
cls._client, cls._headers = get_client_and_headers(
app,
cls._person_0,
)
def obj_to_dict(self, obj, model_name=None):
with app.app_context():
return self.resource.object_for_json(obj, model_name)
