Exemple #1
0
def test_prepare_response():
    """
    Test the preparation or a json response.

    * ``_id`` to ``id``
    * ``url`` added
    """
    for indata, expected in (
        ({"key": "value"}, {"key": "value"}),
        ({"_id": "value"}, {"id": "value"}),
        ({"_id": {"_id": "value"}}, {"id": {"id": "value"}}),
    ):
        utils.prepare_response(indata)
        assert indata == expected

    indata = {"lvl1": {"lvl2": "value"}}
    url = "https://www.example.com/api/v1/stuff"
    expected = {
        "url": "https://www.example.com/api/v1/stuff",
        "lvl1": {"lvl2": "value"},
    }
    utils.prepare_response(indata, url)
    assert indata == expected

    indata = {"list": [{"_id": "value"}, {"_id": "value"}, {"_id": "value"}, {"_id": "value"}]}
    expected = {"list": [{"id": "value"}, {"id": "value"}, {"id": "value"}, {"id": "value"}]}
    utils.prepare_response(indata)
    assert indata == expected

    indata = {
        "lvl1_1": 0,
        "lvl1_2": {"lvl2": {"lvl3_1": "value", "lvl3_2": {"_id": "value"}}},
    }
    expected = {
        "lvl1_1": 0,
        "lvl1_2": {"lvl2": {"lvl3_1": "value", "lvl3_2": {"id": "value"}}},
    }
    utils.prepare_response(indata)
    assert indata == expected

    indata = {"list": ({"_id": "value"}, {"_id": "value"}, {"_id": "value"}, {"_id": "value"})}
    expected = {"list": [{"id": "value"}, {"id": "value"}, {"id": "value"}, {"id": "value"}]}
    utils.prepare_response(indata)
    assert indata == expected
Exemple #2
0
def user_agent():
    # Get additional parameters from request
    output_format = request.args.get(
        "output_format") or app.config['OUTPUT_FORMAT']
    callback = request.args.get("callback")

    # Parse useragent string and give response
    ua_string = request.args.get("s") or request.user_agent.string
    return prepare_response(parse_useragent(ua_string), 200, output_format,
                            callback, "useragent")
Exemple #3
0
def geoip(ip_address):
    # Get additional parameters from request
    output_format = request.args.get(
        "output_format") or app.config['OUTPUT_FORMAT']
    callback = request.args.get("callback")

    # Check if ip_address is a valid IPv4 or IPv6 address
    ip_address = request.remote_addr if ip_address == None else ip_address
    if not ipv4(ip_address) and not ipv6(ip_address):
        return error(
            ip_address + " does not appear to be an IPv4 or IPv6 address", 400,
            output_format, callback)

    # Try to fetch data from GeoLite2 databases
    try:
        data = fetch_geoip(ip_address)  # TODO: Add multi-language support
    except Exception as ex:
        return error(str(ex), 404, output_format, callback)

    # Strip off empty sections
    for k in [k for k, v in data.items() if not v or None]:
        del data[k]

    return prepare_response(data, 200, output_format, callback)
Exemple #4
0
def test_add_collection_data(mdb):
    """
    Test the functionality for adding collections.

    Checks:
    * fields are set correctly
    * logs are created
    * logs contain the relevant data
    """
    ds_id = next(mdb["datasets"].aggregate([{"$sample": {"size": 1}}]))["_id"]
    order_info = mdb["orders"].find_one({"datasets": ds_id})
    user_info = mdb["users"].find_one({"_id": {"$in": order_info["editors"]}})

    session = requests.Session()
    as_user(session, user_info["auth_ids"][0])

    # add data
    indata = {
        "collection": {
            "description": "Test description",
            "editors": [str(user_info["_id"])],
            "title": "Test add title",
            "datasets": [str(ds_id)],
            "tags": [],
            "properties": {
                "Source": "Added from test"
            },
        }
    }
    indata["collection"].update(TEST_LABEL)
    response = make_request(session,
                            "/api/v1/collection",
                            method="POST",
                            data=indata,
                            ret_json=True)
    assert response.code == 200
    assert "id" in response.data
    assert len(response.data["id"]) == 38

    added_id = response.data["id"]

    # validate added data
    collection = mdb["collections"].find_one({"_id": added_id})
    utils.prepare_response(collection)
    for field in ("editors", "datasets"):
        collection[field] = [str(entry) for entry in collection[field]]
    for field in indata["collection"]:
        assert collection[field] == indata["collection"][field]

    # validate log
    log_query = {
        "data._id": added_id,
        "data_type": "collection",
        "user": user_info["_id"],
        "action": "add",
    }
    log_entry = mdb["logs"].find_one(log_query)
    assert log_entry
    for field in ("editors", "datasets"):
        log_entry["data"][field] = [
            str(entry) for entry in log_entry["data"][field]
        ]

    print(log_entry, indata)
    for field in indata["collection"]:
        assert log_entry["data"][field] == indata["collection"][field]
Exemple #5
0
def test_get_collection(mdb):
    """
    Request multiple collections by uuid, one at a time.

    * Normal collection
    * Collection as editor; confirm that the user gets the editors field
    * Collection as DATA_MANAGEMENT; confirm that the user gets the editors field
    """
    session = requests.Session()
    for _ in range(3):
        # Get a random collection, use external data structure
        collection = list(mdb["collections"].aggregate([{
            "$sample": {
                "size": 1
            }
        }]))[0]
        utils.prepare_response(collection)
        proj_owner = mdb["users"].find_one(
            {"_id": {
                "$in": collection["editors"]
            }})
        collection["id"] = str(collection["id"])
        collection["editors"] = [str(entry) for entry in collection["editors"]]
        collection["datasets"] = [
            str(entry) for entry in collection["datasets"]
        ]

        as_user(session, USERS["base"])

        response = make_request(session,
                                f'/api/v1/collection/{collection["id"]}')
        assert response.code == 200
        for field in collection:
            if field == "datasets":
                for i, ds_uuid in enumerate(collection[field]):
                    assert ds_uuid == response.data["collection"][field][i][
                        "id"]
            elif field == "editors":
                continue
            else:
                assert collection[field] == response.data["collection"][field]

        as_user(session, proj_owner["auth_ids"][0])
        response = make_request(session,
                                f'/api/v1/collection/{collection["id"]}')
        assert response.code == 200
        for field in collection:
            if field in ("datasets", "editors"):
                entries = [
                    entry["id"] for entry in response.data["collection"][field]
                ]
                assert len(collection[field]) == len(entries)
                for i, ds_uuid in enumerate(collection[field]):
                    assert ds_uuid in entries
            else:
                assert collection[field] == response.data["collection"][field]

        as_user(session, USERS["root"])
        response = make_request(session,
                                f'/api/v1/collection/{collection["id"]}')
        assert response.code == 200
        for field in collection:
            if field in ("datasets", "editors"):
                entries = [
                    entry["id"] for entry in response.data["collection"][field]
                ]
                assert len(collection[field]) == len(entries)
                for i, ds_uuid in enumerate(collection[field]):
                    assert ds_uuid in entries
            else:
                assert collection[field] == response.data["collection"][field]
Exemple #6
0
 def get_cves(self, script, bindings):
     """Call Gremlin and get the CVE information."""
     json_payload = self.prepare_payload(script, bindings)
     response = call_gremlin(json_payload)
     cve_list = prepare_response(response)
     return cve_list