def test_report_webhook_request_exception(mock_send, mock_post, create_user,
handle_events):
mock_post.return_value = mock_response(
404, "404 Not Found", raise_exception=HTTPError("404 NOT FOUND"))
handle_events("modified_cves/CVE-2018-18074.json")
handle_events("modified_cves/CVE-2018-18074_summary.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
report = reports[0]
assert report.user.id == user.id
assert report.details == ["canonical"]
assert report.alerts == Alert.query.filter_by(user_id=user.id).all()
assert len(reports[0].alerts) == 1
assert len(reports[0].alerts[0].events) == 2
assert mock_send.called
assert mock_post.called
assert Alert.query.filter_by(notify=False).count() == 0
def test_report_with_notification(mock_send, create_user, handle_events):
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
assert reports[0].user.id == user.id
assert reports[0].details == ["canonical"]
assert reports[0].alerts == Alert.query.filter_by(user_id=user.id).all()
assert mock_send.called
mock_send.assert_called_with(
user,
**{
"subject": "1 alert on Canonical",
"total_alerts": 1,
"alerts_sorted": get_sorted_alerts(Alert.query.all()),
"report_public_link": Report.query.first().public_link,
},
)
assert Alert.query.filter_by(notify=False).count() == 0
def test_get_alert(mock_send, mock_webhook_send, client, create_user,
create_cve, handle_events):
create_cve("CVE-2018-18074")
handle_events("modified_cves/CVE-2018-18074_cvss.json")
user = create_user("opencve")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
alert = Alert.query.first()
alert.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.login("opencve").get(
f"/api/reports/{report.public_link}/alerts/{alert.id}")
assert response.json == [{
"cve": "CVE-2018-18074",
"type": "cvss",
"details": {
"old": {
"v2": 5.0,
"v3": 9.8
},
"new": {
"v2": 6.0,
"v3": 10
}
},
}]
def test_list_reports(mock_send, mock_webhook_send, client, create_user,
handle_events):
user = create_user("opencve")
response = client.login("opencve").get("/api/reports")
assert response.status_code == 200
assert response.json == []
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.login("opencve").get("/api/reports")
assert response.status_code == 200
assert len(response.json) == 1
assert response.json[0] == {
"id": report.public_link,
"details": ["canonical"],
"created_at": "2021-01-01T00:00:00Z",
}
db.session.commit()
def test_list_alerts(mock_send, mock_webhook_send, client, create_user,
create_cve, handle_events):
create_cve("CVE-2018-18074")
handle_events("modified_cves/CVE-2018-18074_cvss.json")
user = create_user("opencve")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
alert = Alert.query.first()
alert.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.login("opencve").get(
f"/api/reports/{report.public_link}/alerts")
assert response.json == [
{
"created_at": "2021-01-01T00:00:00Z",
"cve": "CVE-2018-18074",
"details": {
"filters": ["cvss"],
"products": [],
"vendors": ["canonical"]
},
"id": str(alert.id),
},
]
def test_server_name_exceptions(app):
old = app.config["SERVER_NAME"]
app.config["SERVER_NAME"] = None
with pytest.raises(ValueError):
handle_reports()
app.config["SERVER_NAME"] = old
def test_list(mock_send, app, handle_events, create_user):
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
with app.test_request_context():
reports = ReportController.list_items({"user_id": user.id})
assert len(reports) == 1
assert reports[0].user.id == user.id
assert reports[0].details == ["canonical"]
assert reports[0].alerts == Alert.query.filter_by(user_id=user.id).all()
def test_list_reports(mock_send, client, login, handle_events):
user = User.query.first()
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.get("/reports")
assert response.status_code == 200
assert b"Canonical" in response.data
assert b"Jan 01 '21 at 00:00" in response.data
db.session.commit()
def test_get(mock_send, app, handle_events, create_user):
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report_1 = Report.query.first()
assert report_1.seen == False
with app.test_request_context():
report_2 = ReportController.get({"public_link": report_1.public_link})
assert report_1.id == report_2.id
assert report_2.seen == True
def test_get_report(mock_send, mock_webhook_send, client, create_user,
handle_events):
user = create_user("opencve")
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
alert = Alert.query.first()
alert.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.login("opencve").get("/api/reports")
assert response.status_code == 200
assert len(response.json) == 1
assert response.json[0] == {
"id": report.public_link,
"details": ["canonical"],
"created_at": "2021-01-01T00:00:00Z",
}
response = client.login("opencve").get(
f"/api/reports/{report.public_link}")
assert response.status_code == 200
data = response.json
alerts = data.pop("alerts")
assert alerts == [{
"id": str(alert.id),
"created_at": "2021-01-01T00:00:00Z",
"cve": "CVE-2018-18074",
"details": {
"products": [],
"vendors": ["canonical"],
"filters": ["new_cve"],
},
}]
assert data == {
"id": report.public_link,
"details": ["canonical"],
"created_at": "2021-01-01T00:00:00Z",
}
db.session.commit()
def test_report_without_notification(mock_send, create_user, handle_events):
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
user.enable_notifications = False
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
assert reports[0].user.id == user.id
assert reports[0].details == ["canonical"]
assert reports[0].alerts == Alert.query.filter_by(user_id=user.id).all()
assert not mock_send.called
def test_get_report(mock_send, client, login, handle_events):
user = User.query.first()
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
report.created_at = datetime(2021, 1, 1, tzinfo=timezone.utc)
response = client.get(f"/reports/{report.public_link}")
assert b"1 alert on 01/01/21" in response.data
assert b"Canonical" in response.data
assert b"CVE-2018-18074" in response.data
assert b"9.8" in response.data
assert b"New CVE" in response.data
db.session.commit()
def test_report_bad_smtp_config(mock_send, create_user, handle_events):
mock_send.side_effect = EmailError("error")
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
assert reports[0].user.id == user.id
assert reports[0].details == ["canonical"]
assert reports[0].alerts == Alert.query.filter_by(user_id=user.id).all()
assert len(reports[0].alerts) == 1
assert Alert.query.filter_by(notify=False).count() == 0
def test_report_with_notification_webhook_disabled(mock_send,
mock_webhook_send,
create_user, handle_events,
app):
old = app.config["GLOBAL_WEBHOOK_ENABLED"]
app.config["GLOBAL_WEBHOOK_ENABLED"] = False
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
report = reports[0]
assert report.user.id == user.id
assert report.details == ["canonical"]
assert report.alerts == Alert.query.filter_by(user_id=user.id).all()
alerts = report.alerts
assert len(alerts) == 1
assert mock_send.called
mock_send.assert_called_with(
user,
**{
"subject": "1 alert on Canonical",
"total_alerts": 1,
"alerts_sorted": get_sorted_alerts(Alert.query.all()),
"report_public_link": Report.query.first().public_link,
},
)
assert not mock_webhook_send.called
assert Alert.query.filter_by(notify=False).count() == 0
app.config["GLOBAL_WEBHOOK_ENABLED"] = old
def test_list_alerts_authentication(mock_send, mock_webhook_send, client,
create_user, handle_events):
user = create_user("opencve")
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
report = Report.query.first()
alert = Alert.query.first()
response = client.get(f"/api/reports/{report.public_link}/alerts")
assert response.status_code == 401
response = client.get(
f"/api/reports/{report.public_link}/alerts/{alert.id}")
assert response.status_code == 401
client.login("opencve")
response = client.get(f"/api/reports/{report.public_link}/alerts")
assert response.status_code == 200
response = client.get(f"/api/reports/{report.public_link}/alerts")
assert response.status_code == 200
def test_list_paginated(mock_send, mock_webhook_send, app, handle_events,
create_user):
old = app.config["REPORTS_PER_PAGE"]
app.config["REPORTS_PER_PAGE"] = 2
user = create_user()
db.session.commit()
handle_events("modified_cves/CVE-2018-18074.json")
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
handle_events("modified_cves/CVE-2019-17052.json")
user.vendors.append(Vendor.query.filter_by(name="linux").first())
db.session.commit()
handle_alerts()
handle_reports()
handle_events("modified_cves/CVE-2020-26116.json")
user.vendors.append(Vendor.query.filter_by(name="python").first())
db.session.commit()
handle_alerts()
handle_reports()
with app.test_request_context():
reports = ReportController.list_items({"user_id": user.id})
assert len(reports) == 2
assert reports[0].details == ["python"]
assert reports[1].details == ["linux"]
reports = ReportController.list_items({"user_id": user.id, "page": 2})
assert len(reports) == 1
assert reports[0].details == ["canonical"]
app.config["REPORTS_PER_PAGE"] = old
def test_report_with_notification_webhook_enabled(mock_send, mock_webhook_send,
create_user, handle_events,
app):
handle_events("modified_cves/CVE-2018-18074.json")
user = create_user()
user.vendors.append(Vendor.query.filter_by(name="canonical").first())
db.session.commit()
handle_alerts()
handle_reports()
reports = Report.query.all()
assert len(reports) == 1
report = reports[0]
assert report.user.id == user.id
assert report.details == ["canonical"]
assert report.alerts == Alert.query.filter_by(user_id=user.id).all()
alerts = report.alerts
assert len(alerts) == 1
alert = alerts[0]
cve = alert.cve
events = alert.events
assert len(events) == 1
event = events[0]
assert mock_send.called
mock_send.assert_called_with(
user,
**{
"subject": "1 alert on Canonical",
"total_alerts": 1,
"alerts_sorted": get_sorted_alerts(Alert.query.all()),
"report_public_link": Report.query.first().public_link,
},
)
assert mock_webhook_send.called
mock_webhook_send.assert_called_with(
app.config["WEBHOOK_URL"],
{
'username':
user.username,
'created_at':
report.created_at.isoformat(),
'updated_at':
report.updated_at.isoformat(),
'public_link':
report.public_link,
'vendors_products_summary':
report.details,
'alert_count':
len(alerts),
'alerts': [{
'cve':
cve.cve_id,
'description':
cve.summary,
'details':
alert.details,
'created_at':
alert.created_at.isoformat(),
# is updated once alert has been read
'updated_at':
mock_webhook_send.call_args[0][1]["alerts"][0]["updated_at"],
'vendors':
cve.vendors,
'cwes':
cve.cwes,
'cvss2':
cve.cvss2,
'cvss3':
cve.cvss3,
'event_count':
len(events),
'events': [{
'created_at': event.created_at.isoformat(),
'updated_at': event.updated_at.isoformat(),
'type': event.type.code,
'details': {}
}]
}]
},
mock_webhook_send.call_args[0][2])
assert Alert.query.filter_by(notify=False).count() == 0
