Esempio n. 1
0
def test_analyze_disclosure_invalid_macaroon():

    metrics = collections.Counter()

    def metrics_increment(key):
        metrics.update([key])

    find = pretend.raiser(utils.InvalidMacaroonError("Bla", "bla"))
    svc = {
        utils.IMetricsService: pretend.stub(increment=metrics_increment),
        utils.IMacaroonService: pretend.stub(find_from_raw=find),
    }

    request = pretend.stub(find_service=lambda iface, context: svc[iface])

    utils.analyze_disclosure(
        request=request,
        disclosure_record={
            "type": "pypi_api_token",
            "token": "pypi-1234",
            "url": "http://example.com",
        },
        origin="github",
    )
    assert metrics == {
        "warehouse.token_leak.github.recieved": 1,
        "warehouse.token_leak.github.error.invalid": 1,
    }
Esempio n. 2
0
def test_analyze_disclosure(monkeypatch):

    metrics = collections.Counter()

    def metrics_increment(key):
        metrics.update([key])

    user = pretend.stub()
    database_macaroon = pretend.stub(user=user, id=12)

    check = pretend.call_recorder(lambda *a, **kw: database_macaroon)
    delete = pretend.call_recorder(lambda *a, **kw: None)
    svc = {
        utils.IMetricsService:
        pretend.stub(increment=metrics_increment),
        utils.IMacaroonService:
        pretend.stub(check_if_macaroon_exists=check, delete_macaroon=delete),
    }

    request = pretend.stub(find_service=lambda iface, context: svc[iface])

    send_email = pretend.call_recorder(lambda *a, **kw: None)
    monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email)

    utils.analyze_disclosure(
        request=request,
        disclosure_record={
            "type": "token",
            "token": "pypi-1234",
            "url": "http://example.com",
        },
        origin="github",
    )
    assert metrics == {
        "warehouse.token_leak.github.recieved": 1,
        "warehouse.token_leak.github.processed": 1,
        "warehouse.token_leak.github.valid": 1,
    }
    assert send_email.calls == [
        pretend.call(request,
                     user,
                     public_url="http://example.com",
                     origin="github")
    ]
    assert check.calls == [pretend.call(raw_macaroon="pypi-1234")]
    assert delete.calls == [pretend.call(macaroon_id="12")]
Esempio n. 3
0
def test_analyze_disclosure_unknown_error(monkeypatch):

    metrics = collections.Counter()

    def metrics_increment(key):
        metrics.update([key])

    request = pretend.stub(
        find_service=lambda *a, **k: pretend.stub(increment=metrics_increment)
    )
    monkeypatch.setattr(utils, "_analyze_disclosure", pretend.raiser(ValueError()))

    with pytest.raises(ValueError):
        utils.analyze_disclosure(
            request=request,
            disclosure_record={},
            origin="github",
        )
    assert metrics == {
        "warehouse.token_leak.github.error.unknown": 1,
    }
Esempio n. 4
0
def test_analyze_disclosure_wrong_record():

    metrics = collections.Counter()

    def metrics_increment(key):
        metrics.update([key])

    svc = {
        utils.IMetricsService: pretend.stub(increment=metrics_increment),
        utils.IMacaroonService: pretend.stub(),
    }

    request = pretend.stub(find_service=lambda iface, context: svc[iface])

    utils.analyze_disclosure(
        request=request,
        disclosure_record={},
        origin="github",
    )
    assert metrics == {
        "warehouse.token_leak.github.recieved": 1,
        "warehouse.token_leak.github.error.format": 1,
    }
Esempio n. 5
0
def analyze_disclosure_task(request, disclosure_record, origin):
    utils.analyze_disclosure(
        request=request,
        disclosure_record=disclosure_record,
        origin=origin,
    )
Esempio n. 6
0
def test_analyze_disclosure(monkeypatch):

    metrics = collections.Counter()

    def metrics_increment(key):
        metrics.update([key])

    user_id = uuid.UUID(bytes=b"0" * 16)
    user = pretend.stub(id=user_id)
    database_macaroon = pretend.stub(
        user=user,
        id=12,
        permissions_caveat={"permissions": "user", "version": 1},
        description="foo",
    )

    find = pretend.call_recorder(lambda *a, **kw: database_macaroon)
    delete = pretend.call_recorder(lambda *a, **kw: None)
    record_event = pretend.call_recorder(lambda user_id, *, tag, additional=None: None)
    svc = {
        utils.IMetricsService: pretend.stub(increment=metrics_increment),
        utils.IMacaroonService: pretend.stub(
            find_from_raw=find, delete_macaroon=delete
        ),
        utils.IUserService: pretend.stub(record_event=record_event),
    }

    request = pretend.stub(find_service=lambda iface, context: svc[iface])

    send_email = pretend.call_recorder(lambda *a, **kw: None)
    monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email)

    utils.analyze_disclosure(
        request=request,
        disclosure_record={
            "type": "pypi_api_token",
            "token": "pypi-1234",
            "url": "http://example.com",
        },
        origin="github",
    )
    assert metrics == {
        "warehouse.token_leak.github.recieved": 1,
        "warehouse.token_leak.github.processed": 1,
        "warehouse.token_leak.github.valid": 1,
    }
    assert send_email.calls == [
        pretend.call(request, user, public_url="http://example.com", origin="github")
    ]
    assert find.calls == [pretend.call(raw_macaroon="pypi-1234")]
    assert delete.calls == [pretend.call(macaroon_id="12")]
    assert record_event.calls == [
        pretend.call(
            user_id,
            tag="account:api_token:removed_leak",
            additional={
                "macaroon_id": "12",
                "public_url": "http://example.com",
                "permissions": "user",
                "description": "foo",
            },
        )
    ]