def test_user_turnover_verdicts(db_session): user = UserFactory.create() project = ProjectFactory.create() RoleFactory.create(user=user, project=project, role_name="Owner") project.record_event( tag="project:role:add", ip_address="0.0.0.0", additional={"target_user": user.username}, ) MalwareCheckFactory.create( name="PackageTurnoverCheck", state=MalwareCheckState.Enabled, ) check = c.PackageTurnoverCheck(db_session) check.user_turnover_verdicts(project) assert len(check._verdicts) == 1 assert check._verdicts[0].check_id == check.id assert check._verdicts[0].project_id == project.id assert check._verdicts[0].classification == VerdictClassification.Threat assert check._verdicts[0].confidence == VerdictConfidence.High assert (check._verdicts[0].message == "Suspicious user turnover; all current maintainers are new")
def test_scan(db_session, monkeypatch): user = UserFactory.create() project = ProjectFactory.create() RoleFactory.create(user=user, project=project, role_name="Owner") for _ in range(3): ReleaseFactory.create(project=project) MalwareCheckFactory.create( name="PackageTurnoverCheck", state=MalwareCheckState.Enabled, ) check = c.PackageTurnoverCheck(db_session) monkeypatch.setattr(check, "user_posture_verdicts", pretend.call_recorder(lambda project: None)) monkeypatch.setattr(check, "user_turnover_verdicts", pretend.call_recorder(lambda project: None)) check.scan() # Each verdict rendering method is only called once per project, # thanks to deduplication. assert check.user_posture_verdicts.calls == [pretend.call(project)] assert check.user_turnover_verdicts.calls == [pretend.call(project)]
def test_initializes(db_session): check_model = MalwareCheckFactory.create( name="PackageTurnoverCheck", state=MalwareCheckState.Enabled, ) check = c.PackageTurnoverCheck(db_session) assert check.id == check_model.id
def test_user_posture_verdicts_hasnt_removed_2fa(db_session): user = UserFactory.create() project = pretend.stub(users=[user], id=pretend.stub()) MalwareCheckFactory.create(name="PackageTurnoverCheck", state=MalwareCheckState.Enabled) check = c.PackageTurnoverCheck(db_session) check.user_posture_verdicts(project) assert len(check._verdicts) == 0
def test_user_turnover_verdicts_no_turnover(db_session): user = UserFactory.create() project = ProjectFactory.create() RoleFactory.create(user=user, project=project, role_name="Owner") MalwareCheckFactory.create(name="PackageTurnoverCheck", state=MalwareCheckState.Enabled) check = c.PackageTurnoverCheck(db_session) check.user_turnover_verdicts(project) assert len(check._verdicts) == 0
def test_user_posture_verdicts_has_2fa(db_session): user = UserFactory.create(totp_secret=b"fake secret") project = pretend.stub(users=[user], id=pretend.stub()) MalwareCheckFactory.create(name="PackageTurnoverCheck", state=MalwareCheckState.Enabled) check = c.PackageTurnoverCheck(db_session) user.record_event(tag="account:two_factor:method_removed", ip_address="0.0.0.0", additional={}) check.user_posture_verdicts(project) assert len(check._verdicts) == 0
def test_scan_too_few_releases(db_session, monkeypatch): user = UserFactory.create() project = ProjectFactory.create() RoleFactory.create(user=user, project=project, role_name="Owner") ReleaseFactory.create(project=project) MalwareCheckFactory.create(name="PackageTurnoverCheck", state=MalwareCheckState.Enabled) check = c.PackageTurnoverCheck(db_session) monkeypatch.setattr(check, "user_posture_verdicts", pretend.call_recorder(lambda project: None)) monkeypatch.setattr(check, "user_turnover_verdicts", pretend.call_recorder(lambda project: None)) check.scan() assert check.user_posture_verdicts.calls == [] assert check.user_turnover_verdicts.calls == []
def test_user_posture_verdicts(db_session): user = UserFactory.create() project = pretend.stub(users=[user], id=pretend.stub()) MalwareCheckFactory.create(name="PackageTurnoverCheck", state=MalwareCheckState.Enabled) check = c.PackageTurnoverCheck(db_session) user.record_event(tag="account:two_factor:method_removed", ip_address="0.0.0.0", additional={}) check.user_posture_verdicts(project) assert len(check._verdicts) == 1 assert check._verdicts[0].check_id == check.id assert check._verdicts[0].project_id == project.id assert check._verdicts[0].classification == VerdictClassification.Threat assert check._verdicts[0].confidence == VerdictConfidence.High assert (check._verdicts[0].message == "User with control over this package has disabled 2FA")