def main():
""" The main function. It creates VmaaS application, servers, run everything."""
vmaas_app = Application()
server = tornado.httpserver.HTTPServer(vmaas_app)
server.bind(PUBLIC_API_PORT)
num_servers = int(os.getenv("MAX_VMAAS_SERVERS", MAX_SERVERS))
server.start(num_servers) # start forking here
init_logging(num_servers)
LOGGER.info("Starting (version %s).", VMAAS_VERSION)
# The rest stuff must be done only after forking
BaseHandler.db_cache = Cache()
BaseHandler.updates_api = UpdatesAPI(BaseHandler.db_cache)
BaseHandler.repo_api = RepoAPI(BaseHandler.db_cache)
BaseHandler.cve_api = CveAPI(BaseHandler.db_cache)
BaseHandler.errata_api = ErrataAPI(BaseHandler.db_cache)
BaseHandler.dbchange_api = DBChange(BaseHandler.db_cache)
vmaas_app.websocket_reconnect()
vmaas_app.reconnect_callback = PeriodicCallback(
vmaas_app.websocket_reconnect, WEBSOCKET_RECONNECT_INTERVAL * 1000)
vmaas_app.reconnect_callback.start()
IOLoop.instance().start()
def load_cache_to_apis():
"""Reload cache in APIs."""
BaseHandler.updates_api = UpdatesAPI(BaseHandler.db_cache)
BaseHandler.repo_api = RepoAPI(BaseHandler.db_cache)
BaseHandler.cve_api = CveAPI(BaseHandler.db_cache)
BaseHandler.errata_api = ErrataAPI(BaseHandler.db_cache)
BaseHandler.packages_api = PackagesAPI(BaseHandler.db_cache)
BaseHandler.vulnerabilities_api = VulnerabilitiesAPI(BaseHandler.db_cache, BaseHandler.updates_api)
BaseHandler.dbchange_api = DBChange(BaseHandler.db_cache)
def setup_api(self, load_cache):
"""Set CveAPI object"""
# WORKAROUND: tzinfo from date is lost after loading YAML
cve_detail = self.cache.cve_detail["CVE-2016-0634"]
cve_detail_list = list(cve_detail)
cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
self.cache.cve_detail["CVE-2016-0634"] = cve_detail_list
# make cve_detail without CVE_MODIFIED_DATE
cve_detail2 = self.cache.cve_detail["CVE-2016-0634"]
cve_detail_list2 = list(cve_detail2)
cve_detail_list2[CVE_MODIFIED_DATE] = None
self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2
# Initialize CveAPI
self.cve = CveAPI(self.cache)
def __init__(self):
handlers = [
(r"/api/internal/refresh/?", RefreshHandler), # GET request
(r"/api/v1/updates/?", UpdatesHandler), # POST request
(r"/api/v1/updates/[a-zA-Z0-9-._:]+",
UpdatesHandler), # GET request with package name
(r"/api/v1/cves/?", CVEHandler),
(r"/api/v1/cves/[a-zA-Z0-9*-]+", CVEHandler),
(r"/api/v1/repos/?", ReposHandler),
(r"/api/v1/repos/[a-zA-Z0-9*-_]+", ReposHandler),
(r"/api/v1/errata/?", ErrataHandler), # POST request
(r"/api/v1/errata/[a-zA-Z0-9*-:]+", ErrataHandler) # GET request
]
cursor = Database().cursor()
self.updatesapi = UpdatesAPI(cursor)
self.cveapi = CveAPI(cursor)
self.repoapi = RepoAPI(cursor)
self.errataapi = ErrataAPI(cursor)
tornado.web.Application.__init__(self, handlers)
class TestCveAPI(TestBase):
"""Test CveAPI class."""
cve = None
@pytest.fixture(autouse=True)
def setup_api(self, load_cache):
"""Set CveAPI object"""
# WORKAROUND: tzinfo from date is lost after loading YAML
cve_detail = self.cache.cve_detail["CVE-2016-0634"]
cve_detail_list = list(cve_detail)
cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
self.cache.cve_detail["CVE-2016-0634"] = cve_detail_list
# make cve_detail without CVE_MODIFIED_DATE
cve_detail2 = self.cache.cve_detail["CVE-2016-0634"]
cve_detail_list2 = list(cve_detail2)
cve_detail_list2[CVE_MODIFIED_DATE] = None
self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2
# Initialize CveAPI
self.cve = CveAPI(self.cache)
def test_regex(self):
"""Test finding CVEs by correct regex."""
assert self.cve.find_cves_by_regex("CVE-2018-5750") == [
"CVE-2018-5750"
]
assert "CVE-2018-5750" in self.cve.find_cves_by_regex("CVE-2018-5.*")
assert len(self.cve.find_cves_by_regex("CVE-2018-5.*")) > 1
def test_wrong_regex(self):
"""Test CVE API with wrong regex."""
with pytest.raises(Exception) as context:
self.cve.find_cves_by_regex("*")
assert "nothing to repeat" in str(context)
def test_missing_required(self):
"""Test CVE API without required property 'cve_list'."""
with pytest.raises(Exception) as context:
self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
assert "'cve_list' is a required property" in str(context)
def test_empty_json(self):
"""Test CVE API with empty JSON."""
with pytest.raises(Exception) as context:
self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
assert "'cve_list' is a required property" in str(context)
def test_empty_cve_list(self):
"""Test CVE API with with empty 'cve_list' property."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_EMPTY_CVE)
assert response == EMPTY_RESPONSE
def test_non_existing_cve(self):
"""Test CVE API response with non-existing CVE."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_NON_EXIST)
assert response == EMPTY_RESPONSE
def test_schema(self):
"""Test CVE API response schema."""
response = self.cve.process_list(api_version=1, data=CVE_JSON)
assert schemas.cves_schema.validate(response)
def test_cve_response(self):
"""Test if CVE API response is correct for correct JSON."""
response = self.cve.process_list(api_version=1, data=CVE_JSON)
cve, = response["cve_list"].items()
assert cve[0] == CVE_JSON["cve_list"][0]
assert tools.match(CORRECT_RESPONSE, cve[1]) is True
@pytest.mark.skip(
"Blocked by https://github.com/RedHatInsights/vmaas/issues/419")
def test_modified_since(self):
"""Test CVE API with 'modified_since' property."""
cve = CVE_JSON.copy()
cve["modified_since"] = str(
datetime.datetime.now().replace(tzinfo=pytz.UTC))
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
# without modified date
cve["cve_list"] = ["CVE-W/O-MODIFIED"]
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
class TestCveAPI(TestBase):
"""Test CveAPI class."""
cve = None
@pytest.fixture(autouse=True)
def setup_api(self, load_cache):
"""Set CveAPI object"""
# WORKAROUND: tzinfo from date is lost after loading YAML
cve_detail = self.cache.cve_detail[CVE_NAME]
cve_detail_list = list(cve_detail)
cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
self.cache.cve_detail[CVE_NAME] = cve_detail_list
# make cve_detail without CVE_MODIFIED_DATE
cve_detail2 = self.cache.cve_detail[CVE_NAME]
cve_detail_list2 = list(cve_detail2)
cve_detail_list2[CVE_MODIFIED_DATE] = None
self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2
# Initialize CveAPI
self.cve = CveAPI(self.cache)
def test_regex(self):
"""Test finding CVEs by correct regex."""
assert self.cve.find_cves_by_regex(CVE_NAME) == [CVE_NAME]
assert self.cve.find_cves_by_regex("CVE-2014-.*") == [CVE_NAME]
def test_wrong_regex(self):
"""Test CVE API with wrong regex."""
with pytest.raises(Exception) as context:
self.cve.find_cves_by_regex("*")
assert "nothing to repeat" in str(context)
def test_missing_required(self):
"""Test CVE API without required property 'cve_list'."""
with pytest.raises(Exception) as context:
self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
assert "'cve_list' is a required property" in str(context)
def test_empty_json(self):
"""Test CVE API with empty JSON."""
with pytest.raises(Exception) as context:
self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
assert "'cve_list' is a required property" in str(context)
def test_empty_cve_list(self):
"""Test CVE API with with empty 'cve_list' property."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_EMPTY_CVE)
assert response == EMPTY_RESPONSE
def test_non_existing_cve(self):
"""Test CVE API response with non-existing CVE."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_NON_EXIST)
assert response == EMPTY_RESPONSE
def test_cve_response(self):
"""Test if CVE API response is correct for correct JSON."""
response = self.cve.process_list(api_version=1, data=CVE_JSON)
assert schemas.cves_schema.validate(response)
assert CVE_NAME in response["cve_list"]
assert tools.match(CORRECT_RESPONSE,
response["cve_list"][CVE_NAME]) is True
def test_modified_since(self):
"""Test CVE API with 'modified_since' property."""
cve = CVE_JSON.copy()
cve["modified_since"] = str(
datetime.datetime.now().replace(tzinfo=pytz.UTC))
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
# without modified date
cve["cve_list"] = ["CVE-W/O-MODIFIED"]
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
def test_published_since(self):
"""Test CVE API with 'published_since' property. """
cve = CVE_JSON_PUBLISHED.copy()
cve["published_since"] = str(
datetime.datetime.now().replace(tzinfo=pytz.UTC))
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
# correct date since publish of dummy cve
cve["published_since"] = "2013-01-01T00:00:00+02:00"
response = self.cve.process_list(api_version=1, data=cve)
assert response["cve_list"][CVE_NAME]["synopsis"] == CVE_NAME
# without published date
cve["cve_list"] = ["CVE-W/O-PUBLISHED"]
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
class TestCveAPI(TestBase):
"""Test CveAPI class."""
cve = None
@pytest.fixture(autouse=True)
def setup_api(self, load_cache):
"""Set CveAPI object"""
# WORKAROUND: tzinfo from date is lost after loading YAML
cve_detail = self.cache.cve_detail[CVE_NAME]
cve_detail_list = list(cve_detail)
cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
self.cache.cve_detail[CVE_NAME] = cve_detail_list
# make cve_detail without CVE_MODIFIED_DATE and CVE_PUBLISHED_DATE
cve_detail2 = self.cache.cve_detail[CVE_NAME]
cve_detail_list2 = list(cve_detail2)
cve_detail_list2[CVE_MODIFIED_DATE] = None
cve_detail_list2[CVE_PUBLISHED_DATE] = None
self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2
self.cache.cve_detail["CVE-W/O-PUBLISHED"] = cve_detail_list2
# Initialize CveAPI
self.cve = CveAPI(self.cache)
def test_regex(self):
"""Test finding CVEs by correct regex."""
assert self.cve.try_expand_by_regex([CVE_NAME]) == [CVE_NAME]
assert self.cve.try_expand_by_regex(["CVE-2014-.*"]) == [CVE_NAME]
def test_wrong_regex(self):
"""Test CVE API with wrong regex."""
with pytest.raises(Exception) as context:
_ = self.cve.try_expand_by_regex(["*"])
assert "nothing to repeat" in str(context.value)
def test_empty_cve_list(self):
"""Test CVE API with with empty 'cve_list' property."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_EMPTY_CVE)
assert response == EMPTY_RESPONSE
def test_non_existing_cve(self):
"""Test CVE API response with non-existing CVE."""
response = self.cve.process_list(api_version=1,
data=CVE_JSON_NON_EXIST)
assert response == EMPTY_RESPONSE
def test_cve_response(self):
"""Test if CVE API response is correct for correct JSON."""
response = self.cve.process_list(api_version=1, data=CVE_JSON)
assert schemas.cves_schema.validate(response)
assert CVE_NAME in response["cve_list"]
assert tools.match(CORRECT_RESPONSE,
response["cve_list"][CVE_NAME]) is True
def test_modified_since(self):
"""Test CVE API with 'modified_since' property."""
response = self.cve.process_list(api_version=1, data=CVE_JSON_MODIFIED)
modified_from_resp = parse_datetime(
response['cve_list'][CVE_NAME]['modified_date'])
modified_since = parse_datetime(DATE_SINCE)
assert modified_from_resp >= modified_since
assert DATE_SINCE == response['modified_since']
def test_modified_in_future(self):
"""Test CVE API with 'modified_since' property in future."""
cve = CVE_JSON_MODIFIED.copy()
cve["modified_since"] = DATE_IN_FUTURE
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
def test_without_modified(self):
"""Test CVEs without modified date. In response {modified_date: None}."""
cve = CVE_JSON_MODIFIED.copy()
cve["cve_list"] = ["CVE-W/O-MODIFIED"]
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
def test_published_since(self):
"""Test CVE API with 'published_since' property."""
cve = CVE_JSON_PUBLISHED.copy()
# correct date since publish of dummy cve
cve["published_since"] = "2013-01-01T00:00:00+02:00"
response = self.cve.process_list(api_version=1, data=cve)
assert response["cve_list"][CVE_NAME]["synopsis"] == CVE_NAME
def test_published_in_future(self):
"""Test CVE API with 'published_since' property with date in future"""
cve = CVE_JSON_PUBLISHED.copy()
cve["published_since"] = DATE_IN_FUTURE
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True
def test_without_published(self):
"""Test CVEs without published date. In response {public_date: None}."""
cve = CVE_JSON_PUBLISHED.copy()
cve["cve_list"] = ["CVE-W/O-PUBLISHED"]
response = self.cve.process_list(api_version=1, data=cve)
assert tools.match(EMPTY_RESPONSE, response) is True