def _create_image(dockerfile_mode="actual"): img = Image() img.id = image_id img.user_id = user img.dockerfile_contents = dockerfile_contents img.dockerfile_mode = dockerfile_mode return img
def image(monkeypatch): monkeypatch.setattr(Image, 'analysis_artifacts', MockAnalysisArtifacts(), raising=True) img = Image() img.id = image_id img.digest = digest img.user_id = user return img
def _create_image(artifact_key): monkeypatch.setattr( Image, "analysis_artifacts", MockAnalysisArtifacts(artifact_key), raising=True, ) img = Image() img.id = image_id img.digest = digest img.user_id = user return img
def alpine_image(): img = Image() img.distro_name = "alpine" img.distro_version = "3.10" img.id = "abc123abc123" img.analysis_artifacts = [] img.digest = "sha256:abc123abc123" img.created_at = datetime.datetime.utcnow() img.last_modified = img.created_at img.cpes = [] img.docker_data_json = {} img.dockerfile_contents = "" img.dockerfile_mode = "guessed" img.docker_history_json = [] img.packages = [] img.gems = [] img.npms = [] img.state = "analyzed" img.size = "1000" img.user_id = "admin" return img
def test_tag_mapping(self): test_rules = [ { # All allowed "rule": matcher_for_tag(), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": True, }, { # All allowed, none provided "rule": matcher_for_tag(), "id": "0", "digest": "sha256:123abc", "tag": "*/*:*", "match": True, }, { # Case where tag not provided for eval, but rule requires it "rule": matcher_for_tag(tag="latest"), "id": "0", "digest": "sha256:123abc", "tag": "*/*:*", "match": False, }, { # Registry match failure "rule": matcher_for_tag(registry="gcr.io"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": False, }, { # Repo match failure "rule": matcher_for_tag(repository="mysql"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": False, }, { # Tag match failure "rule": matcher_for_tag(registry="docker.io", repository="mysql", tag="latest"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/mysql:alpine", "match": False, }, { # Wildcard sub match "rule": matcher_for_tag(tag="*-dev"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:1.8-dev", "match": True, }, { # Registry only match "rule": matcher_for_tag(registry="docker.io"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": True, }, { # Registry & repo match "rule": matcher_for_tag(registry="docker.io", repository="nginx"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": True, }, { # Docker name handling should happen upstream "rule": matcher_for_tag(registry="docker.io", repository="library/nginx"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/nginx:latest", "match": False, }, { # Exact match "rule": matcher_for_tag(registry="docker.io", repository="library/nginx", tag="latest"), "id": "0", "digest": "sha256:123abc", "tag": "docker.io/library/nginx:latest", "match": True, }, ] for test in test_rules: rule = PolicyMappingRule(test["rule"]) test_img = Image() test_img.id = test["id"] test_img.digest = test["digest"] m = rule.matches(test_img, tag=test["tag"]) self.assertEqual( test["match"], m, "Failed on: {} with tag {}".format(test["rule"], test["tag"]), )
def test_id_mapping(self): test_rules = [ { # id only specified "rule": matcher_for_id(id="0"), "tag": "docker.io/nginx:latest", "id": "0", "digest": "sha256:123abc", "match": True, }, { # Registry fail "rule": matcher_for_id(registry="gcr.io", id="0"), "tag": "docker.io/nginx:latest", "id": "0", "digest": "sha256:123abc", "match": False, }, { # Repository fail "rule": matcher_for_id(repository="mysql", id="0"), "tag": "docker.io/nginx:latest", "id": "0", "digest": "sha256:123abc", "match": False, }, { # Case where no tag provided so default wildcard set "rule": matcher_for_id(repository="mysql", id="0"), "tag": "*/*:*", "id": "0", "digest": "sha256:123abc", "match": False, }, { # ID fail "rule": matcher_for_id(id="1"), "tag": "docker.io/nginx:latest", "id": "0", "digest": "sha256:123abd", "match": False, }, { # Repository fail "rule": matcher_for_id(repository="mysql", id="0"), "tag": "docker.io/nginx:latest", "id": "0", "digest": "sha256:123abd", "match": False, }, { # Repository wildcard "rule": matcher_for_id(id="0"), "tag": "*/*:*", "id": "0", "digest": "sha256:123abc", "match": True, }, { # Repository wildcard, fail on digest match "rule": matcher_for_id(id="1"), "tag": "*/*:*", "id": "0", "digest": "sha256:123abc", "match": False, }, ] for test in test_rules: rule = PolicyMappingRule(test["rule"]) test_img = Image() test_img.id = test["id"] test_img.digest = test["digest"] m = rule.matches(test_img, tag=test["tag"]) self.assertEqual( test["match"], m, "Failed on: {} with id {}".format(test["rule"], test["id"]), )
def test_tag_mapping(self): test_rules = [ { # All allowed 'rule': matcher_for_tag(), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': True }, { # All allowed, none provided 'rule': matcher_for_tag(), 'id': '0', 'digest': 'sha256:123abc', 'tag': '*/*:*', 'match': True }, { # Case where tag not provided for eval, but rule requires it 'rule': matcher_for_tag(tag='latest'), 'id': '0', 'digest': 'sha256:123abc', 'tag': '*/*:*', 'match': False }, { # Registry match failure 'rule': matcher_for_tag(registry='gcr.io'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': False }, { # Repo match failure 'rule': matcher_for_tag(repository='mysql'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': False }, { # Tag match failure 'rule': matcher_for_tag(registry='docker.io', repository='mysql', tag='latest'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/mysql:alpine', 'match': False }, { # Wildcard sub match 'rule': matcher_for_tag(tag='*-dev'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:1.8-dev', 'match': True }, { # Registry only match 'rule': matcher_for_tag(registry='docker.io'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': True }, { # Registry & repo match 'rule': matcher_for_tag(registry='docker.io', repository='nginx'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': True }, { # Docker name handling should happen upstream 'rule': matcher_for_tag(registry='docker.io', repository='library/nginx'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/nginx:latest', 'match': False }, { # Exact match 'rule': matcher_for_tag(registry='docker.io', repository='library/nginx', tag='latest'), 'id': '0', 'digest': 'sha256:123abc', 'tag': 'docker.io/library/nginx:latest', 'match': True } ] for test in test_rules: rule = PolicyMappingRule(test['rule']) test_img = Image() test_img.id = test['id'] test_img.digest = test['digest'] m = rule.matches(test_img, tag=test['tag']) self.assertEqual( test['match'], m, 'Failed on: {} with tag {}'.format(test['rule'], test['tag']))
def test_id_mapping(self): test_rules = [ { # id only specified 'rule': matcher_for_id(id='0'), 'tag': 'docker.io/nginx:latest', 'id': '0', 'digest': 'sha256:123abc', 'match': True }, { # Registry fail 'rule': matcher_for_id(registry='gcr.io', id='0'), 'tag': 'docker.io/nginx:latest', 'id': '0', 'digest': 'sha256:123abc', 'match': False }, { # Repository fail 'rule': matcher_for_id(repository='mysql', id='0'), 'tag': 'docker.io/nginx:latest', 'id': '0', 'digest': 'sha256:123abc', 'match': False }, { # Case where no tag provided so default wildcard set 'rule': matcher_for_id(repository='mysql', id='0'), 'tag': '*/*:*', 'id': '0', 'digest': 'sha256:123abc', 'match': False }, { # ID fail 'rule': matcher_for_id(id='1'), 'tag': 'docker.io/nginx:latest', 'id': '0', 'digest': 'sha256:123abd', 'match': False }, { # Repository fail 'rule': matcher_for_id(repository='mysql', id='0'), 'tag': 'docker.io/nginx:latest', 'id': '0', 'digest': 'sha256:123abd', 'match': False }, { # Repository wildcard 'rule': matcher_for_id(id='0'), 'tag': '*/*:*', 'id': '0', 'digest': 'sha256:123abc', 'match': True }, { # Repository wildcard, fail on digest match 'rule': matcher_for_id(id='1'), 'tag': '*/*:*', 'id': '0', 'digest': 'sha256:123abc', 'match': False } ] for test in test_rules: rule = PolicyMappingRule(test['rule']) test_img = Image() test_img.id = test['id'] test_img.digest = test['digest'] m = rule.matches(test_img, tag=test['tag']) self.assertEqual( test['match'], m, 'Failed on: {} with id {}'.format(test['rule'], test['id']))