def test_analyze_disclosure_invalid_macaroon(): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) find = pretend.raiser(utils.InvalidMacaroonError("Bla", "bla")) svc = { utils.IMetricsService: pretend.stub(increment=metrics_increment), utils.IMacaroonService: pretend.stub(find_from_raw=find), } request = pretend.stub(find_service=lambda iface, context: svc[iface]) utils.analyze_disclosure( request=request, disclosure_record={ "type": "pypi_api_token", "token": "pypi-1234", "url": "http://example.com", }, origin="github", ) assert metrics == { "warehouse.token_leak.github.recieved": 1, "warehouse.token_leak.github.error.invalid": 1, }
def test_analyze_disclosure(monkeypatch): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) user = pretend.stub() database_macaroon = pretend.stub(user=user, id=12) check = pretend.call_recorder(lambda *a, **kw: database_macaroon) delete = pretend.call_recorder(lambda *a, **kw: None) svc = { utils.IMetricsService: pretend.stub(increment=metrics_increment), utils.IMacaroonService: pretend.stub(check_if_macaroon_exists=check, delete_macaroon=delete), } request = pretend.stub(find_service=lambda iface, context: svc[iface]) send_email = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email) utils.analyze_disclosure( request=request, disclosure_record={ "type": "token", "token": "pypi-1234", "url": "http://example.com", }, origin="github", ) assert metrics == { "warehouse.token_leak.github.recieved": 1, "warehouse.token_leak.github.processed": 1, "warehouse.token_leak.github.valid": 1, } assert send_email.calls == [ pretend.call(request, user, public_url="http://example.com", origin="github") ] assert check.calls == [pretend.call(raw_macaroon="pypi-1234")] assert delete.calls == [pretend.call(macaroon_id="12")]
def test_analyze_disclosure_unknown_error(monkeypatch): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) request = pretend.stub( find_service=lambda *a, **k: pretend.stub(increment=metrics_increment) ) monkeypatch.setattr(utils, "_analyze_disclosure", pretend.raiser(ValueError())) with pytest.raises(ValueError): utils.analyze_disclosure( request=request, disclosure_record={}, origin="github", ) assert metrics == { "warehouse.token_leak.github.error.unknown": 1, }
def test_analyze_disclosure_wrong_record(): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) svc = { utils.IMetricsService: pretend.stub(increment=metrics_increment), utils.IMacaroonService: pretend.stub(), } request = pretend.stub(find_service=lambda iface, context: svc[iface]) utils.analyze_disclosure( request=request, disclosure_record={}, origin="github", ) assert metrics == { "warehouse.token_leak.github.recieved": 1, "warehouse.token_leak.github.error.format": 1, }
def analyze_disclosure_task(request, disclosure_record, origin): utils.analyze_disclosure( request=request, disclosure_record=disclosure_record, origin=origin, )
def test_analyze_disclosure(monkeypatch): metrics = collections.Counter() def metrics_increment(key): metrics.update([key]) user_id = uuid.UUID(bytes=b"0" * 16) user = pretend.stub(id=user_id) database_macaroon = pretend.stub( user=user, id=12, permissions_caveat={"permissions": "user", "version": 1}, description="foo", ) find = pretend.call_recorder(lambda *a, **kw: database_macaroon) delete = pretend.call_recorder(lambda *a, **kw: None) record_event = pretend.call_recorder(lambda user_id, *, tag, additional=None: None) svc = { utils.IMetricsService: pretend.stub(increment=metrics_increment), utils.IMacaroonService: pretend.stub( find_from_raw=find, delete_macaroon=delete ), utils.IUserService: pretend.stub(record_event=record_event), } request = pretend.stub(find_service=lambda iface, context: svc[iface]) send_email = pretend.call_recorder(lambda *a, **kw: None) monkeypatch.setattr(utils, "send_token_compromised_email_leak", send_email) utils.analyze_disclosure( request=request, disclosure_record={ "type": "pypi_api_token", "token": "pypi-1234", "url": "http://example.com", }, origin="github", ) assert metrics == { "warehouse.token_leak.github.recieved": 1, "warehouse.token_leak.github.processed": 1, "warehouse.token_leak.github.valid": 1, } assert send_email.calls == [ pretend.call(request, user, public_url="http://example.com", origin="github") ] assert find.calls == [pretend.call(raw_macaroon="pypi-1234")] assert delete.calls == [pretend.call(macaroon_id="12")] assert record_event.calls == [ pretend.call( user_id, tag="account:api_token:removed_leak", additional={ "macaroon_id": "12", "public_url": "http://example.com", "permissions": "user", "description": "foo", }, ) ]