def cve_found(cve_items, cve): """Look for CVE in security node.""" for cve_item in cve_items: check_attribute_presence(cve_item, "CVE") if cve_item["CVE"] == cve: return True return False
def check_stack_analyses_request_status_attribute(context): """Check if the status is set to success in the JSON response.""" response = context.response json_data = response.json() check_attribute_presence(json_data, 'status') assert json_data['status'] == "success"
def check_for_distinct_license(context, licenses): """Verify lisense analysis data.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'license_analysis') license_analysis = json_data['license_analysis'] license_found = False for lic in license_analysis['distinct_licenses']: if lic == licenses: license_found = True assert license_found, "The Given License was not found."
def check_component_digest_data(context, package, version, ecosystem): """Check the digest data for the given package, version, and ecosystem.""" data = context.s3_data check_audit_metadata(data) check_release_attribute(data, ecosystem, package, version) check_schema_attribute(data, "digests", "1-0-0") check_status_attribute(data) check_summary_attribute(data) check_attribute_presence(data, "details")
def check_keywords_tagging_file(context, package, ecosystem): """Check that the tagging metadata are correct for given package and ecosystem.""" data = context.s3_data check_audit_metadata(data) check_release_attribute(data, ecosystem, package) check_status_attribute(data) details = get_details_node(context) check_attribute_presence(details, "package_name") check_attribute_presence(details, "repository_description")
def validate_result_post_registration(context): """Check that json response contains appropriate data.""" json_data = context.response.json() assert context.response.status_code == 200 assert json_data check_attribute_presence(json_data, "user_key") endpoints = check_and_get_attribute(json_data, "endpoints") prod_url = check_and_get_attribute(endpoints, "prod") assert prod_url.startswith("https://")
def check_analyzed_packages_count_at_least(context, num=1): """Check number of analyzed packages.""" context_reponse_existence_check(context) json_data = context.response.json() check_attribute_presence(json_data, "result") result = json_data["result"] check_attribute_presence(result, "data") data = result["data"] assert len(data) >= num, \ "At least {} packages expected, but found {} instead".format(num, len(data))
def check_weight_for_word_in_keywords_tagging(context, word, where): """Check that the given word and its weight can be found in the tagging report.""" selector = S3Interface.selector_to_key(where) assert selector in [ "package_name", "repository_description", "description" ] details = get_details_node(context) word_dict = check_and_get_attribute(details, selector) check_attribute_presence(word_dict, word) assert float(word_dict[word]) > 0.0
def check_github_details_file(context, package, ecosystem): """Check all relevant attributes stored in the JSON with GitHub details.""" data = context.s3_data check_audit_metadata(data) check_release_attribute(data, ecosystem, package) check_status_attribute(data) check_attribute_presence(data, "summary") check_attribute_presence(data, "details") check_schema_attribute(data, "github_details", "2-0-1")
def check_analyzed_packages(context, package, ecosystem): """Check the package in component analysis.""" context_reponse_existence_check(context) json_data = context.response.json() package_data = get_value_using_path(json_data, "result/data/0/package") assert package_data is not None check_attribute_presence(package_data, "ecosystem") assert package_data["ecosystem"][0] == ecosystem check_attribute_presence(package_data, "name") assert package_data["name"][0] == package
def verify_premium_feilds(context): """I should verify the registered user feilds in result.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'analyzed_dependencies') for dep in json_data['analyzed_dependencies']: if dep['public_vulnerabilities'] != []: for vuln in dep['public_vulnerabilities']: check_vulenrability_attributes(vuln) check_premium_vuln_attributes(vuln) elif dep['private_vulnerabilities'] != []: for vuln in dep['private_vulnerabilities']: check_vulenrability_attributes(vuln) check_premium_vuln_attributes(vuln)
def check_stack_analysis_id(context): """Check the ID of stack analysis.""" previous_id = context.stack_analysis_id json_data = context.response.json() assert json_data is not None check_attribute_presence(json_data, "request_id") request_id = json_data["request_id"] assert previous_id is not None assert request_id is not None assert previous_id == request_id
def check_get_request_id(context): """Check the ID of stack analysis.""" previous_id = context.stack_analysis_id assert previous_id is not None json_data = get_json_data(context) id_name = 'external_request_id' check_attribute_presence(json_data, id_name) request_id = json_data[id_name] logger.debug('Post id: {} Get id: {}'.format(previous_id, request_id)) assert request_id is not None assert previous_id == request_id
def verify_valid_data_companion(context, component, latest_version): """Check valid data in companion packages.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'recommendation') is_component_present = False for dep in json_data['recommendation']['companion']: if dep['name'] == component: is_component_present = True actual_version = dep['latest_version'] assert actual_version == latest_version, \ 'Component {} have {} but expected {}'.format(component, actual_version, latest_version) assert is_component_present, 'Component {} not present'.format(component)
def verify_vulnerability_count(context, component, vulnerability, expected): """Check vulnerabiltiy count for given type of vulnerability.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'analyzed_dependencies') is_component_present = False for dep in json_data['analyzed_dependencies']: if dep['name'] == component: is_component_present = True actual = len(dep[vulnerability]) assert actual == expected, \ 'Component {} have {} {} but expected {}'.format(component, actual, vulnerability, expected) assert is_component_present, 'Component {} not present'.format(component)
def perform_alternate_components_validation(json_data): """Check the user components and alternate components.""" user_components = get_user_components(json_data) # in order to use the 'in' operator later we need to have a sequence # of dictionaries with 'name' and 'version' keys user_components = [{ "name": c["package"], "version": c["version"] } for c in user_components] alternate_components = get_alternate_components(json_data) for alternate_component in alternate_components: check_attribute_presence(alternate_component, "name") check_attribute_presence(alternate_component, "replaces") replaces = alternate_component["replaces"] for replace in replaces: check_attribute_presence(replace, "name") r_name = replace["name"] check_attribute_presence(replace, "version") r_version = replace["version"] assert replace in user_components, \ "The component %s version %s does not replace any user " \ "component" % (r_name, r_version)
def check_recommended_version_if_cve_is_detected(context): """Check the existence of recommended version in case the CVE is detected.""" context_reponse_existence_check(context) json_data = context.response.json() check_attribute_presence(json_data, "result") result = json_data["result"] check_attribute_presence(result, "recommendation") recommendation = result["recommendation"] if "component_analyses" in recommendation: assert "change_to" in recommendation, \ "The new version should be recommended for the component"
def verify_license_data(context, component, license_c): """Licenses check.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'analyzed_dependencies') is_component_present = False for dep in json_data['analyzed_dependencies']: if dep['name'] == component: is_component_present = True assert "licenses" in dep, 'Licenses not found' licenses = dep["licenses"] for lic in licenses: if lic == license_c: assert lic == license_c assert is_component_present, 'Component {} not present'.format(component)
def check_recommended_version_for_cve(context): """Check that all E/P/V with CVE detected also have recommended versions.""" # retrieve all components components = get_analyzed_components(context) # retrieve components with CVE record(s) components_with_cve = get_components_with_cve(components) # check if at least one recommendation is found for a component with CVE for component_with_cve in components_with_cve: check_attribute_presence(component_with_cve, "recommended_latest_version") recommended = component_with_cve["recommended_latest_version"] assert len(recommended) >= 1
def verify_dependency_count(context, component, expected): """Check dependency count for given component.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'analyzed_dependencies') is_component_present = False for dep in json_data['analyzed_dependencies']: if dep['name'] == component: is_component_present = True dependencies = dep['dependencies'] print(dep) actual = len(dependencies) assert actual == expected, \ 'Component {} have {} deps but expected {}'.format(component, actual, expected) assert is_component_present, 'Component {} not present'.format(component)
def check_request_id_value_in_json_response(context, attribute_name): """Check the request ID attribute in the JSON response. Check if ID is stored in a format like: '71769af6-0a39-4242-94be-1f84f04c8a56' """ response = context.response assert response is not None json_data = response.json() assert json_data is not None check_attribute_presence(json_data, attribute_name) id_attribute = json_data[attribute_name] assert id_attribute is not None assert check_uuid(id_attribute)
def check_security_issue_nonexistence(context, package): """Check than none security issue can be found for the given analyzed package.""" components = get_analyzed_components(context) for component in components: if component["name"] == package: check_attribute_presence(component, "security") cve_items = component["security"] if cve_items: raise Exception( 'Found security issue(s) for the package {p}'.format( p=package)) break else: raise Exception( 'Could not find the analyzed package {p}'.format(p=package))
def check_package_toplevel_file(context, package, ecosystem): """Check the content of package toplevel file.""" data = context.s3_data check_attribute_presence(data, 'id') assert int(data['id']) check_attribute_presence(data, 'package_id') assert int(data['package_id']) check_attribute_presence(data, 'analyses') check_attribute_presence(data, 'started_at') check_timestamp(data['started_at']) check_attribute_presence(data, 'finished_at') check_timestamp(data['finished_at'])
def check_security_issue_existence(context, cve, package): """Check if the security issue CVE-yyyy-xxxx can be found for the given analyzed package.""" components = get_analyzed_components(context) for component in components: if component["name"] == package: check_attribute_presence(component, "security") cve_items = component["security"] if cve_found(cve_items, cve): # CVE for the component has been found - > let's finish this check return else: raise Exception('Could not find the CVE {c} for the ' 'package {p}'.format(c=cve, p=package)) else: raise Exception( 'Could not find the analyzed package {p}'.format(p=package))
def check_id_value_in_json_response(context, id_attribute_name): """Check the ID attribute in the JSON response. Check if ID is stored in a format like: '477e85660c504b698beae2b5f2a28b4e' ie. it is a string with 32 characters containing 32 hexadecimal digits """ response = context.response assert response is not None json_data = response.json() assert json_data is not None check_attribute_presence(json_data, id_attribute_name) id_attribute = json_data[id_attribute_name] assert id_attribute is not None assert isinstance(id_attribute, str) and len(id_attribute) == 32 assert all(char in string.hexdigits for char in id_attribute)
def check_unexpected_properties_in_results(context, properties): """Check if only given optional properties can be found in all packages returned by Gremlin.""" data, meta = get_results_from_gremlin(context) expected_properties = split_comma_separated_list(properties) for package in data: check_attribute_presence(package, "properties") properties = package["properties"].keys() assert properties is not None for prop in properties: # check that the property is contained in a list of expected properties if prop not in expected_properties: raise Exception( "Unexpected property has been found: {prop}".format( prop=prop))
def check_latest_package_version_publication(context, version, date): """Check the latest package version and publication date.""" releases = _get_releases_node_from_libraries_io(context) latest_release = check_and_get_attribute(releases, 'latest') check_attribute_presence(latest_release, "version") check_attribute_presence(latest_release, "published_at") stored_version = latest_release["version"] stored_date = latest_release["published_at"] assert stored_version == version, \ "Package latest version differs, {v} is expected, but {f} is found instead".\ format(v=version, f=stored_version) assert latest_release["published_at"] == date, \ "Package latest release data differs, {d} is expected, but {f} is found instead".\ format(d=date, f=stored_date)
def retrieve_stacks_from_report(context, num): """Retrieve stacks from Gemini stacks report.""" response = context.response.json() assert not context.history check_attribute_presence(response, "report") stacks_details = check_and_get_attribute(response, "stacks_details") i = 0 stacks = [] for stack_detail in stacks_details: ecosystem = check_and_get_attribute(stack_detail, "ecosystem") stack = stack_detail["stack"] i += 1 if i > num: break item = {"ecosystem": ecosystem, "stack": stack} stacks.append(item) context.stacks = stacks
def verify_severity_analyzed_deps(context, component, title, severity, vulenerability): """Check valid vulenerability title and severity.""" json_data = get_json_data(context) check_attribute_presence(json_data, 'analyzed_dependencies') is_component_present = False for dep in json_data['analyzed_dependencies']: if dep['name'] == component: is_component_present = True if vulenerability == 'public_vulnerabilities': for vuln in dep['public_vulnerabilities']: if vuln['title'] == title: assert vuln[ 'severity'] == severity, "severity not matched" elif vulenerability == 'private_vulnerabilities': for vuln in dep['private_vulnerabilities']: if vuln['title'] == title: assert vuln[ 'severity'] == severity, "severity not matched" assert is_component_present, 'Component {} not present'.format(component)
def check_properties_in_results(context, properties): """Check if all given properties can be found in all packages returned by Gremlin.""" data, meta = get_results_from_gremlin(context) expected_properties = split_comma_separated_list(properties) # we need to check if all expected properties are really returned by the Gremlin for package in data: check_attribute_presence(package, "properties") properties = package["properties"].keys() assert properties is not None for expected_property in expected_properties: if expected_property not in properties: # print examined data so users would know what happened formatted_data = pprint.pformat(package) message = "Required property could not be found: {prop}\n" \ "Tested Gremlin results:\n{r}" raise Exception( message.format(prop=expected_property, r=formatted_data))