예제 #1
0
파일: app.py 프로젝트: pombredanne/vmaas
def main():
    """ The main function. It creates VmaaS application, servers, run everything."""

    vmaas_app = Application()

    server = tornado.httpserver.HTTPServer(vmaas_app)
    server.bind(PUBLIC_API_PORT)
    num_servers = int(os.getenv("MAX_VMAAS_SERVERS", MAX_SERVERS))
    server.start(num_servers)  # start forking here
    init_logging(num_servers)
    LOGGER.info("Starting (version %s).", VMAAS_VERSION)

    # The rest stuff must be done only after forking
    BaseHandler.db_cache = Cache()
    BaseHandler.updates_api = UpdatesAPI(BaseHandler.db_cache)
    BaseHandler.repo_api = RepoAPI(BaseHandler.db_cache)
    BaseHandler.cve_api = CveAPI(BaseHandler.db_cache)
    BaseHandler.errata_api = ErrataAPI(BaseHandler.db_cache)
    BaseHandler.dbchange_api = DBChange(BaseHandler.db_cache)

    vmaas_app.websocket_reconnect()
    vmaas_app.reconnect_callback = PeriodicCallback(
        vmaas_app.websocket_reconnect, WEBSOCKET_RECONNECT_INTERVAL * 1000)
    vmaas_app.reconnect_callback.start()

    IOLoop.instance().start()
예제 #2
0
def load_cache_to_apis():
    """Reload cache in APIs."""
    BaseHandler.updates_api = UpdatesAPI(BaseHandler.db_cache)
    BaseHandler.repo_api = RepoAPI(BaseHandler.db_cache)
    BaseHandler.cve_api = CveAPI(BaseHandler.db_cache)
    BaseHandler.errata_api = ErrataAPI(BaseHandler.db_cache)
    BaseHandler.packages_api = PackagesAPI(BaseHandler.db_cache)
    BaseHandler.vulnerabilities_api = VulnerabilitiesAPI(BaseHandler.db_cache, BaseHandler.updates_api)
    BaseHandler.dbchange_api = DBChange(BaseHandler.db_cache)
예제 #3
0
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail["CVE-2016-0634"] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE
        cve_detail2 = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)
예제 #4
0
 def __init__(self):
     handlers = [
         (r"/api/internal/refresh/?", RefreshHandler),  # GET request
         (r"/api/v1/updates/?", UpdatesHandler),  # POST request
         (r"/api/v1/updates/[a-zA-Z0-9-._:]+",
          UpdatesHandler),  # GET request with package name
         (r"/api/v1/cves/?", CVEHandler),
         (r"/api/v1/cves/[a-zA-Z0-9*-]+", CVEHandler),
         (r"/api/v1/repos/?", ReposHandler),
         (r"/api/v1/repos/[a-zA-Z0-9*-_]+", ReposHandler),
         (r"/api/v1/errata/?", ErrataHandler),  # POST request
         (r"/api/v1/errata/[a-zA-Z0-9*-:]+", ErrataHandler)  # GET request
     ]
     cursor = Database().cursor()
     self.updatesapi = UpdatesAPI(cursor)
     self.cveapi = CveAPI(cursor)
     self.repoapi = RepoAPI(cursor)
     self.errataapi = ErrataAPI(cursor)
     tornado.web.Application.__init__(self, handlers)
예제 #5
0
class TestCveAPI(TestBase):
    """Test CveAPI class."""

    cve = None

    @pytest.fixture(autouse=True)
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail["CVE-2016-0634"] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE
        cve_detail2 = self.cache.cve_detail["CVE-2016-0634"]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)

    def test_regex(self):
        """Test finding CVEs by correct regex."""
        assert self.cve.find_cves_by_regex("CVE-2018-5750") == [
            "CVE-2018-5750"
        ]
        assert "CVE-2018-5750" in self.cve.find_cves_by_regex("CVE-2018-5.*")
        assert len(self.cve.find_cves_by_regex("CVE-2018-5.*")) > 1

    def test_wrong_regex(self):
        """Test CVE API with wrong regex."""
        with pytest.raises(Exception) as context:
            self.cve.find_cves_by_regex("*")
        assert "nothing to repeat" in str(context)

    def test_missing_required(self):
        """Test CVE API without required property 'cve_list'."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_json(self):
        """Test CVE API with empty JSON."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_cve_list(self):
        """Test CVE API with with empty 'cve_list' property."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_EMPTY_CVE)
        assert response == EMPTY_RESPONSE

    def test_non_existing_cve(self):
        """Test CVE API response with non-existing CVE."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_NON_EXIST)
        assert response == EMPTY_RESPONSE

    def test_schema(self):
        """Test CVE API response schema."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        assert schemas.cves_schema.validate(response)

    def test_cve_response(self):
        """Test if CVE API response is correct for correct JSON."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        cve, = response["cve_list"].items()
        assert cve[0] == CVE_JSON["cve_list"][0]
        assert tools.match(CORRECT_RESPONSE, cve[1]) is True

    @pytest.mark.skip(
        "Blocked by https://github.com/RedHatInsights/vmaas/issues/419")
    def test_modified_since(self):
        """Test CVE API with 'modified_since' property."""
        cve = CVE_JSON.copy()
        cve["modified_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # without modified date
        cve["cve_list"] = ["CVE-W/O-MODIFIED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True
예제 #6
0
파일: test_cve.py 프로젝트: Josca/vmaas
class TestCveAPI(TestBase):
    """Test CveAPI class."""

    cve = None

    @pytest.fixture(autouse=True)
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail[CVE_NAME]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail[CVE_NAME] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE
        cve_detail2 = self.cache.cve_detail[CVE_NAME]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)

    def test_regex(self):
        """Test finding CVEs by correct regex."""
        assert self.cve.find_cves_by_regex(CVE_NAME) == [CVE_NAME]
        assert self.cve.find_cves_by_regex("CVE-2014-.*") == [CVE_NAME]

    def test_wrong_regex(self):
        """Test CVE API with wrong regex."""
        with pytest.raises(Exception) as context:
            self.cve.find_cves_by_regex("*")
        assert "nothing to repeat" in str(context)

    def test_missing_required(self):
        """Test CVE API without required property 'cve_list'."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_BAD)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_json(self):
        """Test CVE API with empty JSON."""
        with pytest.raises(Exception) as context:
            self.cve.process_list(api_version=1, data=CVE_JSON_EMPTY)
        assert "'cve_list' is a required property" in str(context)

    def test_empty_cve_list(self):
        """Test CVE API with with empty 'cve_list' property."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_EMPTY_CVE)
        assert response == EMPTY_RESPONSE

    def test_non_existing_cve(self):
        """Test CVE API response with non-existing CVE."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_NON_EXIST)
        assert response == EMPTY_RESPONSE

    def test_cve_response(self):
        """Test if CVE API response is correct for correct JSON."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        assert schemas.cves_schema.validate(response)
        assert CVE_NAME in response["cve_list"]
        assert tools.match(CORRECT_RESPONSE,
                           response["cve_list"][CVE_NAME]) is True

    def test_modified_since(self):
        """Test CVE API with 'modified_since' property."""
        cve = CVE_JSON.copy()
        cve["modified_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # without modified date
        cve["cve_list"] = ["CVE-W/O-MODIFIED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

    def test_published_since(self):
        """Test CVE API with 'published_since' property. """
        cve = CVE_JSON_PUBLISHED.copy()
        cve["published_since"] = str(
            datetime.datetime.now().replace(tzinfo=pytz.UTC))
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

        # correct date since publish of dummy cve
        cve["published_since"] = "2013-01-01T00:00:00+02:00"
        response = self.cve.process_list(api_version=1, data=cve)
        assert response["cve_list"][CVE_NAME]["synopsis"] == CVE_NAME

        # without published date
        cve["cve_list"] = ["CVE-W/O-PUBLISHED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True
예제 #7
0
파일: test_cve.py 프로젝트: psegedy/vmaas
class TestCveAPI(TestBase):
    """Test CveAPI class."""

    cve = None

    @pytest.fixture(autouse=True)
    def setup_api(self, load_cache):
        """Set CveAPI object"""
        # WORKAROUND: tzinfo from date is lost after loading YAML
        cve_detail = self.cache.cve_detail[CVE_NAME]
        cve_detail_list = list(cve_detail)
        cve_detail_list[CVE_MODIFIED_DATE] = cve_detail[
            CVE_MODIFIED_DATE].replace(tzinfo=pytz.utc)
        cve_detail_list[CVE_PUBLISHED_DATE] = cve_detail[
            CVE_PUBLISHED_DATE].replace(tzinfo=pytz.utc)
        self.cache.cve_detail[CVE_NAME] = cve_detail_list

        # make cve_detail without CVE_MODIFIED_DATE and CVE_PUBLISHED_DATE
        cve_detail2 = self.cache.cve_detail[CVE_NAME]
        cve_detail_list2 = list(cve_detail2)
        cve_detail_list2[CVE_MODIFIED_DATE] = None
        cve_detail_list2[CVE_PUBLISHED_DATE] = None
        self.cache.cve_detail["CVE-W/O-MODIFIED"] = cve_detail_list2
        self.cache.cve_detail["CVE-W/O-PUBLISHED"] = cve_detail_list2

        # Initialize CveAPI
        self.cve = CveAPI(self.cache)

    def test_regex(self):
        """Test finding CVEs by correct regex."""
        assert self.cve.try_expand_by_regex([CVE_NAME]) == [CVE_NAME]
        assert self.cve.try_expand_by_regex(["CVE-2014-.*"]) == [CVE_NAME]

    def test_wrong_regex(self):
        """Test CVE API with wrong regex."""
        with pytest.raises(Exception) as context:
            _ = self.cve.try_expand_by_regex(["*"])
        assert "nothing to repeat" in str(context.value)

    def test_empty_cve_list(self):
        """Test CVE API with with empty 'cve_list' property."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_EMPTY_CVE)
        assert response == EMPTY_RESPONSE

    def test_non_existing_cve(self):
        """Test CVE API response with non-existing CVE."""
        response = self.cve.process_list(api_version=1,
                                         data=CVE_JSON_NON_EXIST)
        assert response == EMPTY_RESPONSE

    def test_cve_response(self):
        """Test if CVE API response is correct for correct JSON."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON)
        assert schemas.cves_schema.validate(response)
        assert CVE_NAME in response["cve_list"]
        assert tools.match(CORRECT_RESPONSE,
                           response["cve_list"][CVE_NAME]) is True

    def test_modified_since(self):
        """Test CVE API with 'modified_since' property."""
        response = self.cve.process_list(api_version=1, data=CVE_JSON_MODIFIED)
        modified_from_resp = parse_datetime(
            response['cve_list'][CVE_NAME]['modified_date'])
        modified_since = parse_datetime(DATE_SINCE)
        assert modified_from_resp >= modified_since
        assert DATE_SINCE == response['modified_since']

    def test_modified_in_future(self):
        """Test CVE API with 'modified_since' property in future."""
        cve = CVE_JSON_MODIFIED.copy()
        cve["modified_since"] = DATE_IN_FUTURE
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

    def test_without_modified(self):
        """Test CVEs without modified date. In response {modified_date: None}."""
        cve = CVE_JSON_MODIFIED.copy()
        cve["cve_list"] = ["CVE-W/O-MODIFIED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

    def test_published_since(self):
        """Test CVE API with 'published_since' property."""
        cve = CVE_JSON_PUBLISHED.copy()
        # correct date since publish of dummy cve
        cve["published_since"] = "2013-01-01T00:00:00+02:00"
        response = self.cve.process_list(api_version=1, data=cve)
        assert response["cve_list"][CVE_NAME]["synopsis"] == CVE_NAME

    def test_published_in_future(self):
        """Test CVE API with 'published_since' property with date in future"""
        cve = CVE_JSON_PUBLISHED.copy()
        cve["published_since"] = DATE_IN_FUTURE
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True

    def test_without_published(self):
        """Test CVEs without published date. In response {public_date: None}."""
        cve = CVE_JSON_PUBLISHED.copy()
        cve["cve_list"] = ["CVE-W/O-PUBLISHED"]
        response = self.cve.process_list(api_version=1, data=cve)
        assert tools.match(EMPTY_RESPONSE, response) is True