def as_admin(client: testing.FlaskClient):
ui = admin_user_info()
with client.session_transaction() as session:
session["user_info"] = ui
user = User(full_name=ui["name"], login=ui["email"], profile_picture=ui["picture"])
user.roles = [
Role(name=PredefinedRoles.ADMIN),
Role(name=PredefinedRoles.REVIEWER),
Role(name=PredefinedRoles.USER),
]
return user
def as_admin(client: testing.FlaskClient):
ui = admin_user_info()
with client.session_transaction() as session:
session['user_info'] = ui
user = User(full_name=ui['name'],
email=ui['email'],
profile_picture=ui['picture'])
user.roles = [
Role(name=PredefinedRoles.ADMIN),
Role(name=PredefinedRoles.REVIEWER),
Role(name=PredefinedRoles.USER),
]
return user
def as_user(client: testing.FlaskClient):
ui = regular_user_info()
with client.session_transaction() as session:
session['user_info'] = ui
session['google_token'] = 'testing-user'
user = User(full_name=ui['name'],
email=ui['email'],
profile_picture=ui['picture'])
user.roles = [
Role(name=PredefinedRoles.USER),
]
return user
def get_or_create_role(name) -> Role:
role = Role.query.filter_by(name=name).first()
if not role:
role = Role(name=name)
db.session.add(role)
return role
def _db(app):
"""Returns session-wide initialised database."""
db = app.extensions['sqlalchemy'].db
# setup databases and tables
with open(os.path.join(cfg.BASE_DIR, 'docker/db_schema.sql'), 'rb') as f:
create_schemas_sql = f.read().decode('utf8')
with app.app_context():
# clear database
db.drop_all()
db.engine.execute('DROP TABLE IF EXISTS alembic_version')
# build database
db.engine.execute(create_schemas_sql)
alembic_upgrade()
# create data
session = db.session
roles = [
Role(name=role)
for role in (PredefinedRoles.ADMIN, PredefinedRoles.USER)
]
session.add_all(roles)
users = [
User(
email='*****@*****.**',
full_name='Admin McAdmin',
roles=roles,
),
User(
email='*****@*****.**',
full_name='User McUser',
roles=[roles[1]],
),
]
session.add_all(users)
vuln_cves = list('CVE-1970-{}'.format(1000 + i) for i in range(10))
new_cves = list('CVE-1970-{}'.format(2000 + i) for i in range(10))
cves = vuln_cves + new_cves
nvds = []
for i, cve in enumerate(cves, 1):
nvds.append(
Nvd(cve_id=cve,
descriptions=[
Description(value='Description {}'.format(i), ),
],
references=[
Reference(
link=
'https://cve.mitre.org/cgi-bin/cvename.cgi?name={}'
.format(cve),
source='cve.mitre.org',
),
],
published_date=datetime.date.today(),
cpes=[
Cpe(
vendor='Vendor {}'.format(i),
product='Product {}'.format(j),
) for j in range(1, 4)
]))
session.add_all(nvds)
vulns = []
for i, cve in enumerate(vuln_cves, 1):
repo_owner = 'OWNER'
repo_name = 'REPO{i}'.format(i=i)
repo_url = 'https://github.com/{owner}/{repo}/'.format(
owner=repo_owner,
repo=repo_name,
)
commit = '{:07x}'.format(0x1234567 + i)
vulns.append(
Vulnerability(
vcdb_id=i,
cve_id=cve,
date_created=datetime.date.today(),
creator=users[1],
state=VulnerabilityState.PUBLISHED,
version=0,
comment='Vulnerability {} comment'.format(i),
commits=[
VulnerabilityGitCommits(
commit_link='{repo_url}commit/{commit}'.format(
repo_url=repo_url,
commit=commit,
),
repo_owner=repo_owner,
repo_name=repo_name,
# repo_url=repo_url,
commit_hash=commit)
]))
vulns.append(
Vulnerability(
state=VulnerabilityState.PUBLISHED,
version=0,
vcdb_id=len(vulns) + 1,
cve_id='CVE-1970-1500',
date_created=datetime.date.today(),
comment='Vulnerability {} comment'.format(len(vuln_cves) + 1),
commits=[]))
session.add_all(vulns)
session.commit()
return db
def setup_test_database():
"""Returns session-wide initialised database."""
# Create a temporary flask app for the database setup.
# We don't use the app or db fixtures here as they should be
# executed in the function scope, not in the session scope like
# this function is.
app = create_app(TEST_CONFIG)
with app.app_context():
db: SQLAlchemy = app.extensions["sqlalchemy"].db
# setup databases and tables
with open(os.path.join(cfg.BASE_DIR, "docker/db_schema.sql"), "rb") as f:
create_schemas_sql = f.read().decode("utf8")
# with app.app_context():
# clear database
db.drop_all()
db.engine.execute("DROP TABLE IF EXISTS alembic_version")
# build database
db.engine.execute(create_schemas_sql)
alembic_upgrade()
# create data
session = db.session
roles = [
Role(name=role) for role in (PredefinedRoles.ADMIN, PredefinedRoles.USER)
]
session.add_all(roles)
users = [
User(
login="******",
full_name="Admin McAdmin",
roles=roles,
state=UserState.ACTIVE,
login_type=LoginType.LOCAL,
),
User(
login="******",
full_name="User McUser",
roles=[roles[1]],
state=UserState.ACTIVE,
login_type=LoginType.LOCAL,
),
User(
login="******",
full_name="Blocked User",
roles=[roles[1]],
state=UserState.BLOCKED,
login_type=LoginType.LOCAL,
),
]
session.add_all(users)
vuln_cves = list("CVE-1970-{}".format(1000 + i) for i in range(10))
new_cves = list("CVE-1970-{}".format(2000 + i) for i in range(10))
cves = vuln_cves + new_cves
nvds = []
for i, cve in enumerate(cves, 1):
nvds.append(
Nvd(
cve_id=cve,
descriptions=[
Description(
value="Description {}".format(i),
),
],
references=[
Reference(
link="https://cve.mitre.org/cgi-bin/cvename.cgi?name={}".format(
cve
),
source="cve.mitre.org",
),
],
published_date=datetime.date.today(),
cpes=[
Cpe(
vendor="Vendor {}".format(i),
product="Product {}".format(j),
)
for j in range(1, 4)
],
)
)
session.add_all(nvds)
vulns = []
for i, cve in enumerate(vuln_cves, 1):
repo_owner = "OWNER"
repo_name = "REPO{i}".format(i=i)
repo_url = "https://github.com/{owner}/{repo}/".format(
owner=repo_owner,
repo=repo_name,
)
commit = "{:07x}".format(0x1234567 + i)
vulns.append(
Vulnerability(
vcdb_id=i,
cve_id=cve,
date_created=datetime.date.today(),
creator=users[1],
state=VulnerabilityState.PUBLISHED,
version=0,
comment="Vulnerability {} comment".format(i),
commits=[
VulnerabilityGitCommits(
commit_link="{repo_url}commit/{commit}".format(
repo_url=repo_url,
commit=commit,
),
repo_owner=repo_owner,
repo_name=repo_name,
# TODO: test conflicting data?
repo_url=repo_url,
commit_hash=commit,
)
],
)
)
vulns.append(
Vulnerability(
state=VulnerabilityState.PUBLISHED,
version=0,
vcdb_id=len(vulns) + 1,
cve_id="CVE-1970-1500",
date_created=datetime.date.today(),
comment="Vulnerability {} comment".format(len(vuln_cves) + 1),
commits=[],
)
)
session.add_all(vulns)
session.commit()