def test_security_severity_security_bug_with_severity_set(
self, project_name, policy):
"""Test security severity label is set when testcase is a security bug and
has a security severity."""
self.mock.get.return_value = policy
security_severity_string_map = {
data_types.SecuritySeverity.HIGH: 'Security_Severity-High',
data_types.SecuritySeverity.MEDIUM: 'Security_Severity-Medium',
data_types.SecuritySeverity.LOW: 'Security_Severity-Low',
}
for security_severity in security_severity_string_map:
issue_tracker = monorail.IssueTracker(
IssueTrackerManager(project_name))
self.testcase1.security_flag = True
self.testcase1.security_severity = security_severity
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn(security_severity_string_map[security_severity],
issue_tracker._itm.last_issue.labels)
self.assertEqual(
1,
len(
issue_tracker._itm.last_issue.get_labels_by_prefix(
'Security_Severity-')))
def test_testcase_metadata_invalid(self):
"""Tests issue filing with invalid metadata."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
issue_filer.file_issue(self.testcase6, issue_tracker)
self.assertItemsEqual(
['ClusterFuzz', 'Reproducible', 'Pri-1', 'Stability-Crash', 'Type-Bug'],
issue_tracker._itm.last_issue.labels)
def test_filed_issues_chromium(self):
"""Tests issue filing for chromium."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
issue_filer.file_issue(self.testcase4, issue_tracker)
self.assertIn('OS-Chrome', issue_tracker._itm.last_issue.labels)
self.assertEqual('Untriaged', issue_tracker._itm.last_issue.status)
self.assertNotIn('Restrict-View-SecurityTeam',
issue_tracker._itm.last_issue.labels)
def test_memory_tool_used(self, project_name, policy):
"""Test memory tool label is correctly set."""
self.mock.get.return_value = policy
for entry in issue_filer.MEMORY_TOOLS_LABELS:
issue_tracker = monorail.IssueTracker(IssueTrackerManager(project_name))
self.testcase1.crash_stacktrace = '\n\n%s\n' % entry['token']
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Stability-' + entry['label'],
issue_tracker._itm.last_issue.labels)
def test_security_severity_functional_bug(self, project_name, policy):
"""Test security severity label is not set for a functional bug."""
self.mock.get.return_value = policy
issue_tracker = monorail.IssueTracker(IssueTrackerManager(project_name))
self.testcase1.security_flag = False
self.testcase1.security_severity = None
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertFalse(
issue_tracker._itm.last_issue.has_label_by_prefix('Security_Severity-'))
def test_reproducible_flag(self):
"""Test (un)reproducible flag is correctly set."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
self.testcase1.one_time_crasher_flag = True
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Unreproducible', issue_tracker._itm.last_issue.labels)
self.testcase1.one_time_crasher_flag = False
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Reproducible', issue_tracker._itm.last_issue.labels)
def test_crash_labels(self):
"""Test crash label setting."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
self.testcase1.crash_type = 'UNKNOWN'
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Pri-1', issue_tracker._itm.last_issue.labels)
self.assertIn('Stability-Crash', issue_tracker._itm.last_issue.labels)
self.testcase1.crash_type = 'Undefined-shift'
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Pri-2', issue_tracker._itm.last_issue.labels)
self.assertNotIn('Stability-Crash', issue_tracker._itm.last_issue.labels)
def test_security_severity_security_bug_default_severity(
self, project_name, policy):
"""Test security severity label is set when testcase is a security bug and
no severity can be determined."""
self.mock.get.return_value = policy
issue_tracker = monorail.IssueTracker(IssueTrackerManager(project_name))
self.testcase1.security_flag = True
self.testcase1.security_severity = None
self.testcase1.put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Security_Severity-High',
issue_tracker._itm.last_issue.labels)
self.assertEqual(
1,
len(
issue_tracker._itm.last_issue.get_labels_by_prefix(
'Security_Severity-')))
def test_testcase_metadata_labels_and_components(self):
"""Tests issue filing with additional labels and components."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
issue_filer.file_issue(self.testcase5, issue_tracker)
six.assertCountEqual(self, [
'ClusterFuzz',
'Reproducible',
'Pri-1',
'Stability-Crash',
'Type-Bug',
'label1',
'label2',
], issue_tracker._itm.last_issue.labels)
six.assertCountEqual(self, [
'component1',
'component2',
], issue_tracker._itm.last_issue.components)
def test_filed_issues_oss_fuzz_disable_disclose(self):
"""Test filing oss-fuzz issues with disclosure disabled."""
self.job2.environment_string += 'DISABLE_DISCLOSURE = True\n'
self.job2.put()
self.mock.get.return_value = OSS_FUZZ_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('oss-fuzz'))
issue_filer.file_issue(self.testcase2_security, issue_tracker)
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
self.assertIn(FIX_NOTE, issue_tracker._itm.last_issue.body)
self.assertIn(QUESTIONS_NOTE, issue_tracker._itm.last_issue.body)
def test_security_severity_security_bug_severity_override(
self, project_name, policy):
"""Test security severity label is set correct when testcase has its own
severity but there is an override provided."""
self.mock.get.return_value = policy
issue_tracker = monorail.IssueTracker(IssueTrackerManager(project_name))
self.testcase1.security_flag = True
self.testcase1.security_severity = data_types.SecuritySeverity.HIGH
self.testcase1.put()
issue_filer.file_issue(
self.testcase1,
issue_tracker,
security_severity=data_types.SecuritySeverity.MEDIUM)
self.assertNotIn('Security_Severity-High',
issue_tracker._itm.last_issue.labels)
self.assertIn('Security_Severity-Medium',
issue_tracker._itm.last_issue.labels)
self.assertEqual(
1,
len(
issue_tracker._itm.last_issue.get_labels_by_prefix(
'Security_Severity-')))
def test_testcase_save_exception(self):
"""Tests issue filing when issue.save exception"""
self.mock.get.return_value = CHROMIUM_POLICY_FALLBACK
original_save = monorail.issue.Issue.save
helpers.patch(self,
['libs.issue_management.monorail.issue.Issue.save'])
def my_save(*args, **kwargs):
if getattr(my_save, 'raise_exception', True):
setattr(my_save, 'raise_exception', False)
raise Exception("Boom!")
return original_save(*args, **kwargs)
self.mock.save.side_effect = my_save
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
_, exception = issue_filer.file_issue(self.testcase5, issue_tracker)
self.assertIsInstance(exception, Exception)
six.assertCountEqual(
self, ['fallback>component', '-component1', '-component2'],
issue_tracker._itm.last_issue.components)
self.assertIn(
'**NOTE**: This bug was filed into this component due to permission or '
'configuration issues with the specified component(s) component1 component2',
issue_tracker._itm.last_issue.body)
# call without fallback_component in policy
# Expected result: no issue is added to itm
setattr(my_save, 'raise_exception', True)
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
self.mock.get.return_value = CHROMIUM_POLICY
with self.assertRaises(Exception):
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIsNone(issue_tracker._itm.last_issue)
def test_footer_formatting(self):
"""Test footer message with formatting."""
policy = issue_tracker_policy.IssueTrackerPolicy({
'status': {
'assigned': 'Assigned',
'duplicate': 'Duplicate',
'verified': 'Verified',
'new': 'Untriaged',
'wontfix': 'WontFix',
'fixed': 'Fixed'
},
'all': {
'status': 'new',
'issue_body_footer': 'Target: %FUZZ_TARGET%, Project: %PROJECT%'
},
'non_security': {},
'labels': {},
'security': {},
'existing': {},
})
self.mock.get.return_value = policy
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
self.testcase1.project_name = 'proj'
self.testcase1.fuzzer_name = 'libFuzzer'
self.testcase1.overridden_fuzzer_name = 'libFuzzer_proj_target'
data_types.FuzzTarget(
id='libFuzzer_proj_target',
project='proj',
engine='libFuzzer',
binary='target').put()
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertIn('Target: target, Project: proj',
issue_tracker._itm.last_issue.body)
def create_issue(testcase, severity, cc_me):
"""Create an issue."""
issue_tracker = helpers.get_issue_tracker_for_testcase(testcase)
user_email = helpers.get_user_email()
if severity is not None:
severity = helpers.cast(
severity, int,
'Invalid value for security severity (%s).' % severity)
additional_ccs = []
if cc_me:
additional_ccs.append(user_email)
issue_id = issue_filer.file_issue(testcase,
issue_tracker,
security_severity=severity,
user_email=user_email,
additional_ccs=additional_ccs)
if not issue_id:
raise helpers.EarlyExitException('Unable to create new issue.',
500)
def get(self):
"""Handle a get request."""
try:
grouper.group_testcases()
except:
logs.log_error('Error occurred while grouping test cases.')
return
# Free up memory after group task run.
utils.python_gc()
# Get a list of jobs excluded from bug filing.
excluded_jobs = _get_excluded_jobs()
# Get a list of all jobs. This is used to filter testcases whose jobs have
# been removed.
all_jobs = data_handler.get_all_job_type_names()
for testcase_id in data_handler.get_open_testcase_id_iterator():
try:
testcase = data_handler.get_testcase_by_id(testcase_id)
except errors.InvalidTestcaseError:
# Already deleted.
continue
# Skip if testcase's job is removed.
if testcase.job_type not in all_jobs:
continue
# Skip if testcase's job is in exclusions list.
if testcase.job_type in excluded_jobs:
continue
# Skip if we are running progression task at this time.
if testcase.get_metadata('progression_pending'):
continue
# If the testcase has a bug filed already, no triage is needed.
if _is_bug_filed(testcase):
continue
# Check if the crash is important, i.e. it is either a reproducible crash
# or an unreproducible crash happening frequently.
if not _is_crash_important(testcase):
continue
# Require that all tasks like minimizaton, regression testing, etc have
# finished.
if not data_handler.critical_tasks_completed(testcase):
continue
# For testcases that are not part of a group, wait an additional time till
# group task completes.
# FIXME: In future, grouping might be dependent on regression range, so we
# would have to add an additional wait time.
if not testcase.group_id and not dates.time_has_expired(
testcase.timestamp,
hours=data_types.MIN_ELAPSED_TIME_SINCE_REPORT):
continue
# If this project does not have an associated issue tracker, we cannot
# file this crash anywhere.
issue_tracker = issue_tracker_utils.get_issue_tracker_for_testcase(
testcase)
if not issue_tracker:
continue
# If there are similar issues to this test case already filed or recently
# closed, skip filing a duplicate bug.
if _check_and_update_similar_bug(testcase, issue_tracker):
continue
# Clean up old triage messages that would be not applicable now.
testcase.delete_metadata(TRIAGE_MESSAGE_KEY, update_testcase=False)
# File the bug first and then create filed bug metadata.
try:
issue_filer.file_issue(testcase, issue_tracker)
except Exception:
logs.log_error('Failed to file issue for testcase %d.' %
testcase_id)
continue
_create_filed_bug_metadata(testcase)
logs.log('Filed new issue %s for testcase %d.' %
(testcase.bug_information, testcase_id))
def test_filed_issues_chromium_ios(self):
"""Tests issue filing for chromium iOS."""
self.mock.get.return_value = CHROMIUM_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('chromium'))
issue_filer.file_issue(self.testcase7, issue_tracker)
self.assertIn('OS-iOS', issue_tracker._itm.last_issue.labels)
def test_filed_issues_oss_fuzz(self):
"""Tests issue filing for oss-fuzz."""
self.mock.get.return_value = OSS_FUZZ_POLICY
issue_tracker = monorail.IssueTracker(IssueTrackerManager('oss-fuzz'))
issue_filer.file_issue(self.testcase1, issue_tracker)
self.assertEqual('New', issue_tracker._itm.last_issue.status)
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
issue_filer.file_issue(self.testcase1_security, issue_tracker)
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
issue_filer.file_issue(self.testcase2, issue_tracker)
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
issue_filer.file_issue(self.testcase2_security, issue_tracker)
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
issue_filer.file_issue(self.testcase3, issue_tracker)
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
issue_filer.file_issue(self.testcase3_security, issue_tracker)
self.assertFalse(
issue_tracker._itm.last_issue.has_label_matching(
'restrict-view-commit'))
self.assertTrue(
issue_tracker._itm.last_issue.has_label_matching(
'reported-2016-01-01'))
self.assertNotIn(DEADLINE_NOTE, issue_tracker._itm.last_issue.body)
