def test_begin_prescan(self):
"""
Test the begin_prescan function
"""
# Succeed when calling the begin_prescan function and the api call gets
# a valid response
with patch.object(
UploadAPI,
"http_post",
return_value=test_constants.
VALID_UPLOAD_API_BEGINPRESCAN_RESPONSE_XML["Element"],
):
with patch("veracode.submit_artifacts.element_contains_error",
return_value=False):
# Policy scan
upload_api = UploadAPI(
app_id=test_constants.VALID_UPLOAD_API["app_id"])
self.assertTrue(
submit_artifacts.begin_prescan(upload_api=upload_api))
# Sandbox scan
upload_api = UploadAPI(
app_id=test_constants.VALID_UPLOAD_API["app_id"])
upload_api.sandbox_id = "12345"
self.assertTrue(
submit_artifacts.begin_prescan(upload_api=upload_api))
# Fail when the begin_prescan function gets a response containing an
# error in the response body
with patch("veracode.submit_artifacts.element_contains_error",
return_value=True):
# Policy scan
upload_api = UploadAPI(
app_id=test_constants.VALID_UPLOAD_API["app_id"])
self.assertFalse(
submit_artifacts.begin_prescan(upload_api=upload_api))
# Sandbox scan
upload_api = UploadAPI(
app_id=test_constants.VALID_UPLOAD_API["app_id"])
upload_api.sandbox_id = "12345"
self.assertFalse(
submit_artifacts.begin_prescan(upload_api=upload_api))
# Fail when calling the begin_prescan function and the api call gets a
# mocked side effect of HTTPError
with patch.object(UploadAPI, "http_post", side_effect=HTTPError()):
with patch("veracode.submit_artifacts.element_contains_error",
return_value=False):
# Policy scan
upload_api = UploadAPI(app_id="31337")
self.assertFalse(
submit_artifacts.begin_prescan(upload_api=upload_api))
# Sandbox scan
upload_api = UploadAPI(app_id="31337")
upload_api.sandbox_id = "12345"
self.assertFalse(
submit_artifacts.begin_prescan(upload_api=upload_api))
def test_cancel_build(self):
"""
Test the cancel_build function
"""
# Succeed when calling the cancel_build function and the api call gets
# a valid response
with patch.object(
UploadAPI,
"http_get",
return_value=test_constants.VALID_UPLOAD_API_DELETEBUILD_RESPONSE_XML[
"Element"
],
):
# Policy scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(app_name="31337")
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
self.assertTrue(submit_artifacts.cancel_build(upload_api=upload_api))
# Sandbox scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api.sandbox_id = "12345"
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
self.assertTrue(submit_artifacts.cancel_build(upload_api=upload_api))
# Return False when element_contains_error returns True
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=True
):
self.assertFalse(submit_artifacts.cancel_build(upload_api=upload_api))
# Return False when calling the cancel_build function and the api call
# raises a ConnectionError
with patch.object(
UploadAPI,
"http_get",
return_value=test_constants.VALID_UPLOAD_API_DELETEBUILD_RESPONSE_XML[
"Element"
],
side_effect=ConnectionError,
):
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(app_name="31337")
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
self.assertFalse(submit_artifacts.cancel_build(upload_api=upload_api))
def test_build_exists(self):
"""
Test the build_exists function
"""
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(app_name=test_constants.VALID_UPLOAD_API["app_name"])
with patch.object(
UploadAPI,
"http_get",
return_value=test_constants.VALID_UPLOAD_API_GETBUILDLIST_MISSING_BUILDID_IN_RESPONSE_XML[
"Element"
],
):
# Succeed when no existing build IDs are present
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
self.assertTrue(submit_artifacts.build_exists(upload_api=upload_api))
# Raise a RuntimeError when element_contains_error returns True
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=True
):
self.assertRaises(
RuntimeError,
submit_artifacts.build_exists,
upload_api=upload_api,
)
## Create Sandbox Scan and have existing build ID
upload_api.sandbox_id = "12345"
with patch.object(
UploadAPI,
"http_get",
return_value=test_constants.VALID_UPLOAD_API_GETBUILDLIST_BUILDID_IN_RESPONSE_XML[
"Element"
],
):
# Fail when build already exists
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
self.assertFalse(submit_artifacts.build_exists(upload_api=upload_api))
# Raise RuntimeError when HTTPError occurs
with patch("veracode.api.VeracodeXMLAPI.http_get") as mock_http:
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
mock_http.side_effect = HTTPError()
self.assertRaises(
RuntimeError,
submit_artifacts.build_exists,
upload_api=upload_api,
)
# Raise RuntimeError when HTTPError occurs
with patch("veracode.api.VeracodeXMLAPI.http_get") as mock_http:
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
mock_http.side_effect = HTTPError()
self.assertRaises(
RuntimeError,
submit_artifacts.build_exists,
upload_api=upload_api,
)
def test_setup_scan_prereqs(self):
"""
Test the setup_scan_prereqs function
"""
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(app_name=test_constants.VALID_UPLOAD_API["app_id"])
## Policy Scan
# Successful when build exists and new build creation succeeds
with patch("veracode.submit_artifacts.create_build", return_value=True):
with patch("veracode.submit_artifacts.build_exists", return_value=True):
self.assertTrue(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
# Fail when build already exists and build creation fails
with patch("veracode.submit_artifacts.create_build", return_value=False):
with patch("veracode.submit_artifacts.build_exists", return_value=True):
self.assertFalse(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
## Sandbox Scan
upload_api.sandbox_id = "12345"
# Succeed when build exists and new build creation succeeds
with patch("veracode.submit_artifacts.create_build", return_value=True):
with patch("veracode.submit_artifacts.build_exists", return_value=True):
self.assertTrue(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
# Succeed when no builds exist and build creation succeeds
with patch("veracode.submit_artifacts.build_exists", return_value=False):
with patch("veracode.submit_artifacts.create_build", return_value=True):
# Succeed when no build exists and build creation succeeds
with patch("veracode.submit_artifacts.cancel_build", return_value=True):
self.assertTrue(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
# Fail when when build cancellation fails
with patch(
"veracode.submit_artifacts.cancel_build", return_value=False
):
self.assertFalse(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
# Fail when build exists, build cancellation succeeds, and build creation fails
with patch("veracode.submit_artifacts.build_exists", return_value=True):
with patch("veracode.submit_artifacts.create_build", return_value=False):
with patch("veracode.submit_artifacts.cancel_build", return_value=True):
self.assertFalse(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
# Fail when build cancellation fails
with patch(
"veracode.submit_artifacts.cancel_build", return_value=False
):
self.assertFalse(
submit_artifacts.setup_scan_prereqs(upload_api=upload_api)
)
def test_create_build(self):
"""
Test the create_build function
"""
# Test the create_build function when the api call gets a valid response
with patch.object(
UploadAPI,
"http_post",
return_value=test_constants.VALID_UPLOAD_API_CREATEBUILD_RESPONSE_XML[
"Element"
],
):
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
with patch("veracode.api.get_app_id", return_value="1337"):
# Policy scan, no error in response body
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
self.assertTrue(
submit_artifacts.create_build(upload_api=upload_api)
)
# Sandbox scan, no error in response body
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
upload_api.sandbox_id = "12345"
self.assertTrue(
submit_artifacts.create_build(upload_api=upload_api)
)
# Fail when the create_build function gets a response containing an
# error in the response body
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=True
):
with patch("veracode.api.get_app_id", return_value="1337"):
# Policy scan, response body contains error
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
self.assertFalse(
submit_artifacts.create_build(upload_api=upload_api)
)
# Sandbox scan, response body contains error
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
upload_api.sandbox_id = "12345"
self.assertFalse(
submit_artifacts.create_build(upload_api=upload_api)
)
# Fail when calling the create_build function and the api call gets a
# mocked error message response and a mocked side effect of HTTPError
with patch.object(
UploadAPI,
"http_post",
return_value=test_constants.VERACODE_ERROR_RESPONSE_XML["Element"],
side_effect=HTTPError(),
):
with patch(
"veracode.submit_artifacts.element_contains_error", return_value=False
):
with patch("veracode.api.get_app_id", return_value="1337"):
# Policy scan, no error in response body
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
self.assertFalse(
submit_artifacts.create_build(upload_api=upload_api)
)
# Sandbox scan, no error in response body
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
upload_api.sandbox_id = "12345"
self.assertFalse(
submit_artifacts.create_build(upload_api=upload_api)
)
def test_upload_large_file(self, mock_element_contains_error):
"""
Test the upload_large_file function
"""
mock_element_contains_error.return_value = False
# Succeed when calling the upload_large_file function and the api call
# gets a valid response
with patch.object(
UploadAPI,
"http_post",
return_value=test_constants.VALID_UPLOAD_API_UPLOADLARGEFILE_RESPONSE_XML[
"bytes"
],
):
# Policy scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
valid_artifact = test_constants.VALID_FILE["Path"]
with patch(
"veracode.submit_artifacts.open",
new=mock_open(read_data=test_constants.VALID_FILE["bytes"]),
):
self.assertTrue(
submit_artifacts.upload_large_file(
upload_api=upload_api, artifact=valid_artifact
)
)
# Sandbox scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
upload_api.sandbox_id = "12345"
valid_artifact = test_constants.VALID_FILE["Path"]
with patch(
"veracode.submit_artifacts.open",
new=mock_open(read_data=test_constants.VALID_FILE["bytes"]),
):
self.assertTrue(
submit_artifacts.upload_large_file(
upload_api=upload_api, artifact=valid_artifact
)
)
# Fail when calling the upload_large_file function and the api call
# raises a HTTPError
with patch.object(
UploadAPI,
"http_post",
return_value=test_constants.VALID_UPLOAD_API_UPLOADLARGEFILE_RESPONSE_XML[
"bytes"
],
side_effect=HTTPError(),
):
# Policy scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
valid_artifact = test_constants.VALID_FILE["Path"]
with patch(
"veracode.submit_artifacts.open",
new=mock_open(read_data=test_constants.VALID_FILE["bytes"]),
):
self.assertRaises(
HTTPError,
submit_artifacts.upload_large_file,
upload_api=upload_api,
artifact=valid_artifact,
)
# Sandbox scan
with patch("veracode.api.get_app_id", return_value="1337"):
upload_api = UploadAPI(
app_name=test_constants.VALID_UPLOAD_API["app_name"]
)
upload_api.sandbox_id = "12345"
valid_artifact = test_constants.VALID_FILE["Path"]
with patch(
"veracode.submit_artifacts.open",
new=mock_open(read_data=test_constants.VALID_FILE["bytes"]),
):
self.assertRaises(
HTTPError,
submit_artifacts.upload_large_file,
upload_api=upload_api,
artifact=valid_artifact,
)
def submit_artifacts( # pylint: disable=too-many-return-statements, too-many-branches
*,
upload_api: UploadAPI,
sandbox_api: SandboxAPI = None) -> bool:
"""
Submit build artifacts to Veracode for SAST
"""
artifacts: List[Path] = []
# If we were provided a sandbox_api object, attempt to get the sandbox_id
# that maps to the sandbox_name and if it doesn't exist, make one
if sandbox_api:
try:
upload_api.sandbox_id = get_sandbox_id(sandbox_api=sandbox_api)
except RuntimeError:
LOG.warning(
"Unable to get the sandbox_id for sandbox_name %s",
sandbox_api.sandbox_name,
)
return False
if not upload_api.sandbox_id:
try:
upload_api.sandbox_id = create_sandbox(sandbox_api=sandbox_api)
except RuntimeError:
LOG.error(
"Unable to create a sandbox named %s in app_id %s",
sandbox_api.sandbox_name,
sandbox_api.app_id,
)
return False
# Setup the scan prereqs
if not setup_scan_prereqs(upload_api=upload_api):
# Scan prereq setup failed
return False
LOG.info("Successfully setup the scan prerequisites in Veracode")
LOG.info("Beginning pre-upload file filtering")
for artifact in upload_api.build_dir.iterdir():
LOG.debug("Calling filter_file on %s", artifact)
if filter_file(artifact=artifact):
artifacts += [artifact]
# Check to see if the artifacts list is empty
if not artifacts:
LOG.error("Nothing to upload")
return False
LOG.info("Beginning file uploads")
for artifact in artifacts:
if upload_large_file(upload_api=upload_api, artifact=artifact):
LOG.info("Successfully uploaded %s", artifact)
else:
LOG.error("Failed to upload %s", artifact)
return False
LOG.info("File uploads complete")
if begin_prescan(upload_api=upload_api):
LOG.info("Successfully began the prescan")
else:
LOG.error("Failed to start the prescan")
return False
return True