def test_analyze_disclosure_invalid_macaroon():
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
find = pretend.raiser(utils.InvalidMacaroonError("Bla", "bla"))
svc = {
utils.IMetricsService: pretend.stub(increment=metrics_increment),
utils.IMacaroonService: pretend.stub(find_from_raw=find),
}
request = pretend.stub(find_service=lambda iface, context: svc[iface])
utils.analyze_disclosure(
request=request,
disclosure_record={
"type": "pypi_api_token",
"token": "pypi-1234",
"url": "http://example.com",
},
origin="github",
)
assert metrics == {
"warehouse.token_leak.github.recieved": 1,
"warehouse.token_leak.github.error.invalid": 1,
}
def test_analyze_disclosure(monkeypatch):
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
user = pretend.stub()
database_macaroon = pretend.stub(user=user, id=12)
check = pretend.call_recorder(lambda *a, **kw: database_macaroon)
delete = pretend.call_recorder(lambda *a, **kw: None)
svc = {
utils.IMetricsService:
pretend.stub(increment=metrics_increment),
utils.IMacaroonService:
pretend.stub(check_if_macaroon_exists=check, delete_macaroon=delete),
}
request = pretend.stub(find_service=lambda iface, context: svc[iface])
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email)
utils.analyze_disclosure(
request=request,
disclosure_record={
"type": "token",
"token": "pypi-1234",
"url": "http://example.com",
},
origin="github",
)
assert metrics == {
"warehouse.token_leak.github.recieved": 1,
"warehouse.token_leak.github.processed": 1,
"warehouse.token_leak.github.valid": 1,
}
assert send_email.calls == [
pretend.call(request,
user,
public_url="http://example.com",
origin="github")
]
assert check.calls == [pretend.call(raw_macaroon="pypi-1234")]
assert delete.calls == [pretend.call(macaroon_id="12")]
def test_analyze_disclosure_unknown_error(monkeypatch):
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
request = pretend.stub(
find_service=lambda *a, **k: pretend.stub(increment=metrics_increment)
)
monkeypatch.setattr(utils, "_analyze_disclosure", pretend.raiser(ValueError()))
with pytest.raises(ValueError):
utils.analyze_disclosure(
request=request,
disclosure_record={},
origin="github",
)
assert metrics == {
"warehouse.token_leak.github.error.unknown": 1,
}
def test_analyze_disclosure_wrong_record():
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
svc = {
utils.IMetricsService: pretend.stub(increment=metrics_increment),
utils.IMacaroonService: pretend.stub(),
}
request = pretend.stub(find_service=lambda iface, context: svc[iface])
utils.analyze_disclosure(
request=request,
disclosure_record={},
origin="github",
)
assert metrics == {
"warehouse.token_leak.github.recieved": 1,
"warehouse.token_leak.github.error.format": 1,
}
def analyze_disclosure_task(request, disclosure_record, origin):
utils.analyze_disclosure(
request=request,
disclosure_record=disclosure_record,
origin=origin,
)
def test_analyze_disclosure(monkeypatch):
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
user_id = uuid.UUID(bytes=b"0" * 16)
user = pretend.stub(id=user_id)
database_macaroon = pretend.stub(
user=user,
id=12,
permissions_caveat={"permissions": "user", "version": 1},
description="foo",
)
find = pretend.call_recorder(lambda *a, **kw: database_macaroon)
delete = pretend.call_recorder(lambda *a, **kw: None)
record_event = pretend.call_recorder(lambda user_id, *, tag, additional=None: None)
svc = {
utils.IMetricsService: pretend.stub(increment=metrics_increment),
utils.IMacaroonService: pretend.stub(
find_from_raw=find, delete_macaroon=delete
),
utils.IUserService: pretend.stub(record_event=record_event),
}
request = pretend.stub(find_service=lambda iface, context: svc[iface])
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email)
utils.analyze_disclosure(
request=request,
disclosure_record={
"type": "pypi_api_token",
"token": "pypi-1234",
"url": "http://example.com",
},
origin="github",
)
assert metrics == {
"warehouse.token_leak.github.recieved": 1,
"warehouse.token_leak.github.processed": 1,
"warehouse.token_leak.github.valid": 1,
}
assert send_email.calls == [
pretend.call(request, user, public_url="http://example.com", origin="github")
]
assert find.calls == [pretend.call(raw_macaroon="pypi-1234")]
assert delete.calls == [pretend.call(macaroon_id="12")]
assert record_event.calls == [
pretend.call(
user_id,
tag="account:api_token:removed_leak",
additional={
"macaroon_id": "12",
"public_url": "http://example.com",
"permissions": "user",
"description": "foo",
},
)
]