コード例 #1
0
    def testProjectLevelCVEAllowlist(self):
        # User(RA) reads the project(PA), verify the "reuse_sys_cve_allowlist" is empty in the metadata,
        # and the CVE allowlist is empty
        p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
        self.assertIsNone(p.metadata.reuse_sys_cve_allowlist)
        self.assertEqual(0, len(p.cve_allowlist.items))

        # User(RA) updates the project CVE allowlist, verify it fails with Forbidden error.
        item_list = [swagger_client.CVEAllowlistItem(cve_id="CVE-2019-12310")]
        exp = int(time.time()) + 1000
        wl = swagger_client.CVEAllowlist(expires_at=exp, items=item_list)
        self.project.update_project(self.project_pa_id,
                                    cve_allowlist=wl,
                                    expect_status_code=403,
                                    **self.USER_RA_CLIENT)

        # Admin user updates User(RA) as project admin.
        self.project.update_project_member_role(self.project_pa_id,
                                                self.member_id, 1,
                                                **ADMIN_CLIENT)

        # User(RA) updates the project CVE allowlist with expiration date and one item in the items list.
        self.project.update_project(self.project_pa_id,
                                    cve_allowlist=wl,
                                    **self.USER_RA_CLIENT)
        p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
        self.assertEqual("CVE-2019-12310", p.cve_allowlist.items[0].cve_id)
        self.assertEqual(exp, p.cve_allowlist.expires_at)

        # User(RA) updates the project CVE allowlist with empty items list
        wl2 = swagger_client.CVEAllowlist(items=[])
        self.project.update_project(self.project_pa_id,
                                    cve_allowlist=wl2,
                                    **self.USER_RA_CLIENT)
        p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
        self.assertEqual(0, len(p.cve_allowlist.items))
        self.assertIsNone(p.cve_allowlist.expires_at)

        # User(RA) updates the project metadata to set "reuse_sys_cve_allowlist" to true.
        meta = swagger_client.ProjectMetadata(reuse_sys_cve_allowlist="true")
        self.project.update_project(self.project_pa_id,
                                    metadata=meta,
                                    **self.USER_RA_CLIENT)
        p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
        self.assertEqual("true", p.metadata.reuse_sys_cve_allowlist)
コード例 #2
0
ファイル: system.py プロジェクト: zzcandor/harbor 
 def set_cve_allowlist(self, expires_at=None, expected_status_code=200, *cve_ids, **kwargs):
     client = self._get_client(**kwargs)
     cve_list = [swagger_client.CVEAllowlistItem(cve_id=c) for c in cve_ids]
     allowlist = swagger_client.CVEAllowlist(expires_at=expires_at, items=cve_list)
     try:
         r = client.system_cve_allowlist_put_with_http_info(allowlist=allowlist, _preload_content=False)
     except Exception as e:
         base._assert_status_code(expected_status_code, e.status)
     else:
         base._assert_status_code(expected_status_code, r.status)