def get(self):
"""Handle a get request."""
helpers.log('Jobs', helpers.VIEW_OPERATION)
templates = list(data_types.JobTemplate.query().order(
data_types.JobTemplate.name))
queues = get_queues()
fuzzers = [
fuzzer.name
for fuzzer in data_types.Fuzzer.query(projection=['name'])
]
result, params = get_results(self)
self.render(
'jobs.html', {
'result': result,
'templates': templates,
'fieldValues': {
'csrf_token': form.generate_csrf_token(),
'fuzzers': fuzzers,
'queues': queues,
'update_job_url': '/update-job',
'update_job_template_url': '/update-job-template',
'upload_info': gcs.prepare_blob_upload()._asdict(),
},
'params': params,
})
def test_creating_fails(self):
"""Fail to create issue."""
issue_tracker = mock.Mock()
self.mock.get_issue_tracker_for_testcase.return_value = issue_tracker
self.mock.file_issue.return_value = None, None
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'severity': 3,
'ccMe': True,
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(resp.status_int, 500)
self.mock.get_issue_tracker_for_testcase.assert_has_calls(
[mock.call(mock.ANY)])
self.assertEqual(
self.testcase.key.id(),
self.mock.get_issue_tracker_for_testcase.call_args[0][0].key.id())
self.mock.file_issue.assert_has_calls([
mock.call(
mock.ANY,
issue_tracker,
security_severity=3,
user_email='*****@*****.**',
additional_ccs=['*****@*****.**'])
])
self.assertEqual(self.testcase.key.id(),
self.mock.file_issue.call_args[0][0].key.id())
def test_create_successfully(self):
"""Create issue successfully."""
issue_tracker = mock.Mock()
self.mock.get_issue_tracker_for_testcase.return_value = issue_tracker
self.mock.file_issue.return_value = 100, None
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'severity': 3,
'ccMe': True,
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual('yes', resp.json['testcase'])
self.mock.get_issue_tracker_for_testcase.assert_has_calls(
[mock.call(mock.ANY)])
self.assertEqual(
self.testcase.key.id(),
self.mock.get_issue_tracker_for_testcase.call_args[0][0].key.id())
self.mock.file_issue.assert_has_calls([
mock.call(
mock.ANY,
issue_tracker,
security_severity=3,
user_email='*****@*****.**',
additional_ccs=['*****@*****.**'])
])
self.assertEqual(self.testcase.key.id(),
self.mock.file_issue.call_args[0][0].key.id())
def get(self):
"""Handle a get request."""
fuzzer_logs_bucket = fuzzer_logs.get_bucket()
fuzzers = list(data_types.Fuzzer.query().order(data_types.Fuzzer.name))
jobs = data_handler.get_all_job_type_names()
corpora = [
bundle.name for bundle in data_types.DataBundle.query().order(
data_types.DataBundle.name)
]
privileged = access.has_access(need_privileged_access=True)
# Unprivileged users can't download fuzzers, so hide the download keys.
if not privileged:
for fuzzer in fuzzers:
fuzzer.blobstore_key = ''
template_values = {
'privileged': privileged,
'fuzzers': fuzzers,
'fuzzerLogsBucket': fuzzer_logs_bucket,
'fieldValues': {
'corpora': corpora,
'jobs': jobs,
'uploadInfo': gcs.prepare_blob_upload()._asdict(),
'csrfToken': form.generate_csrf_token(),
}
}
self.render('fuzzers.html', template_values)
def make_logout_url(dest_url):
"""Make the switch account url."""
return '/logout?' + urllib.parse.urlencode(
{
'csrf_token': form.generate_csrf_token(),
'dest': dest_url,
})
def test_succeed(self):
"""Update an issue."""
bug = issue.Issue()
bug.open = True
itm = mock.Mock(project_name='chromium')
itm.get_issue.return_value = bug
self.mock.get_issue_tracker_for_testcase.return_value = (
monorail.IssueTracker(itm))
self.mock.get_issue_description.return_value = 'description'
self.mock.get_issue_summary.return_value = 'summary'
self.mock.get_stacktrace.return_value = 'stacktrace'
self.mock.get_memory_tool_labels.return_value = ['tool']
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'issueId': '2',
'needsSummaryUpdate': 'true',
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
self.assertEqual('description', bug.comment)
self.assertEqual('summary', bug.summary)
self.assertListEqual(['Stability-tool'], bug.labels)
self.assertEqual('2', self.testcase.key.get().bug_information)
def test_valid_token_html(self):
"""Ensure it returns the valid token in HTML when the valid token is
there."""
self.mock.utcnow.return_value = self._NOW
self.make_token(value='token', time=self._LATER).put()
self.assertEqual(
form.generate_csrf_token(html=True),
'<input type="hidden" name="csrf_token" value="token" />')
def test_invalid_task(self):
"""Invalid testcase."""
self.mock.redo_testcase.side_effect = tasks.InvalidRedoTask('rand')
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id(),
'tasks': ['rand'],
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(400, resp.status_int)
def get(self):
"""Handles get request."""
email = helpers.get_user_email()
if not email:
raise helpers.AccessDeniedException()
is_privileged_or_domain_user = access.has_access(
need_privileged_access=False)
if is_privileged_or_domain_user or _is_uploader_allowed(email):
# Privileged, domain and upload users can see all job and fuzzer names.
allowed_jobs = data_handler.get_all_job_type_names()
allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children(
include_parents=True)
else:
# Check if this is an external user with access to certain fuzzers/jobs.
allowed_jobs = external_users.allowed_jobs_for_user(email)
allowed_fuzzers = external_users.allowed_fuzzers_for_user(
email, include_from_jobs=True)
if not allowed_fuzzers and not allowed_jobs:
raise helpers.AccessDeniedException()
has_issue_tracker = bool(data_handler.get_issue_tracker_name())
result, params = get_result()
return self.render(
'upload.html', {
'fieldValues': {
'blackboxFuzzers':
filter_blackbox_fuzzers(allowed_fuzzers),
'jobs':
allowed_jobs,
'libfuzzerTargets':
filter_target_names(allowed_fuzzers, 'libFuzzer'),
'aflTargets':
filter_target_names(allowed_fuzzers, 'afl'),
'honggfuzzTargets':
filter_target_names(allowed_fuzzers, 'honggfuzz'),
'isChromium':
utils.is_chromium(),
'sandboxedJobs':
data_types.INTERNAL_SANDBOXED_JOB_TYPES,
'csrfToken':
form.generate_csrf_token(),
'isExternalUser':
not is_privileged_or_domain_user,
'uploadInfo':
gcs.prepare_blob_upload()._asdict(),
'hasIssueTracker':
has_issue_tracker,
},
'params': params,
'result': result
})
def test_no_issue_tracker(self):
"""No IssueTracker."""
self.mock.get_issue_tracker_for_testcase.return_value = None
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id(),
'severity': 3,
'ccMe': True,
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(resp.status_int, 404)
def test_succeed(self):
"""Delete."""
testcase = data_types.Testcase()
testcase.bug_information = None
testcase.put()
resp = self.app.post_json('/', {
'testcaseId': testcase.key.id(),
'csrf_token': form.generate_csrf_token()
})
self.assertEqual(200, resp.status_int)
self.assertIsNone(testcase.key.get())
def get(self):
"""Handles get request."""
email = helpers.get_user_email()
if not email:
raise helpers.AccessDeniedException()
is_privileged_or_domain_user = access.has_access(
need_privileged_access=False)
if is_privileged_or_domain_user or _is_uploader_allowed(email):
# Privileged, domain and upload users can see all job and fuzzer names.
allowed_jobs = data_handler.get_all_job_type_names()
allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children(
include_parents=True)
else:
# Check if this is an external user with access to certain fuzzers/jobs.
allowed_jobs = external_users.allowed_jobs_for_user(email)
allowed_fuzzers = external_users.allowed_fuzzers_for_user(
email, include_from_jobs=True)
if not allowed_fuzzers and not allowed_jobs:
raise helpers.AccessDeniedException()
has_issue_tracker = bool(data_handler.get_issue_tracker_name())
result, params = get_result(self)
self.render(
"upload.html",
{
"fieldValues": {
"jobs":
allowed_jobs,
"libfuzzerTargets":
filter_target_names(allowed_fuzzers, "libFuzzer"),
"aflTargets":
filter_target_names(allowed_fuzzers, "afl"),
"isChromium":
utils.is_chromium(),
"sandboxedJobs":
data_types.INTERNAL_SANDBOXED_JOB_TYPES,
"csrfToken":
form.generate_csrf_token(),
"isExternalUser":
not is_privileged_or_domain_user,
"uploadInfo":
gcs.prepare_blob_upload()._asdict(),
"hasIssueTracker":
has_issue_tracker,
},
"params": params,
"result": result,
},
)
def test_invalid_testcase(self):
"""Invalid testcase."""
issue_tracker = mock.Mock()
self.mock.get_issue_tracker_for_testcase.return_value = issue_tracker
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id() + 1,
'severity': 3,
'ccMe': True,
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(resp.status_int, 404)
def test_assigned_issue(self):
"""The testcase is assigned an issue."""
testcase = data_types.Testcase()
testcase.bug_information = '1234'
testcase.put()
resp = self.app.post_json('/', {
'testcaseId': testcase.key.id(),
'csrf_token': form.generate_csrf_token()
},
expect_errors=True)
self.assertEqual(400, resp.status_int)
self.assertIsNotNone(testcase.key.get())
def test_invalid_token(self):
"""Ensure it returns a new token when the valid token expires"""
self.mock.utcnow.return_value = self._NOW
self.mock.urandom.return_value = b'a'
self.make_token(value='token', time=self._BEFORE).put()
self.assertEqual(form.generate_csrf_token(), 'YQ==')
tokens = list(
data_types.CSRFToken.query(
data_types.CSRFToken.user_email == '*****@*****.**'))
self.assertEqual(len(tokens), 1)
self.assertGreater(tokens[0].expiration_time, self._NOW)
self.assertEqual(tokens[0].value, 'YQ==')
def test_succeed(self):
"""Remove issue from a testcase."""
testcase = data_types.Testcase()
testcase.bug_information = '1234'
testcase.put()
resp = self.app.post_json('/', {
'testcaseId': testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
self.assertEqual('', testcase.key.get().bug_information)
def test_issue_id_not_a_number(self):
"""issue_id is not a number."""
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'issueId': 'aaa',
'needsSummaryUpdate': '',
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(400, resp.status_int)
self.assertEqual('Issue ID (aaa) is not a number!', resp.json['message'])
self.assertEqual('*****@*****.**', resp.json['email'])
def get(self):
"""Handle a get request."""
data_bundles = list(data_types.DataBundle.query().order(
data_types.DataBundle.name))
template_values = {
'corpora': data_bundles,
'fieldValues': {
'csrfToken': form.generate_csrf_token(),
'createUrl': '/corpora/create',
'deleteUrl': '/corpora/delete',
},
}
self.render('corpora.html', template_values)
def test_invalid_severity(self):
"""Invalid severity."""
itm = mock.Mock()
self.mock.get_issue_tracker_manager.return_value = itm
self.mock.file_issue.return_value = 100
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id(),
'severity': 'a',
'ccMe': 'true',
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(resp.status_int, 400)
def test_post(self):
"""Test post method."""
self.mock.has_access.return_value = True
job = self._create_job('test_job', 'PROJECT_NAME = proj\n')
resp = self.app.post('/', {
'csrf_token': form.generate_csrf_token(),
'name': job.name,
'desciption': job.description,
'platform': job.platform,
'fuzzers': ['test_fuzzer']
},
expect_errors=True)
self.assertEqual(200, resp.status_int)
self.mock.update_mappings_for_job.assert_called_with(
mock.ANY, ['test_fuzzer'])
def test_succeed(self):
"""Mark a testcase as security-related."""
self.testcase.security_flag = False
self.testcase.put()
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
testcase = self.testcase.key.get()
self.assertTrue(testcase.security_flag)
def test_redo(self):
"""Redo all tasks."""
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'tasks': self.ALL_TASKS,
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
called_testcase = self.mock.redo_testcase.call_args_list[0][0][0]
self.assertEqual(self.testcase.key.id(), called_testcase.key.id())
self.mock.redo_testcase.assert_called_once_with(
called_testcase, self.ALL_TASKS, self.USER_EMAIL)
def test_issue_not_found(self):
"""Issue is not found."""
itm = mock.Mock(spec_set=issue_tracker_manager.IssueTrackerManager)
self.mock.get_issue_tracker_manager.return_value = itm
itm.get_issue.return_value = None
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id(),
'issueId': '2',
'needsSummaryUpdate': '',
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(404, resp.status_int)
self.assertEqual('Issue (id=2) is not found!', resp.json['message'])
self.assertEqual('*****@*****.**', resp.json['email'])
def test_succeed(self):
"""Remove the testcase from the group."""
testcase = data_types.Testcase()
testcase.group_id = 1234
testcase.group_bug_information = 999
testcase.put()
resp = self.app.post_json('/', {
'testcaseId': testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
modified_testcase = testcase.key.get()
self.assertEqual(0, modified_testcase.group_id)
self.assertEqual(0, modified_testcase.group_bug_information)
def get_results():
"""Get results for the jobs page."""
jobs = list(data_types.Job.query().order(data_types.Job.name))
templates = list(data_types.JobTemplate.query().order(
data_types.JobTemplate.name))
queues = get_queues()
return {
'jobs': jobs,
'templates': templates,
'fieldValues': {
'csrf_token': form.generate_csrf_token(),
'queues': queues,
'update_job_url': '/update-job',
'update_job_template_url': '/update-job-template',
'upload_info': gcs.prepare_blob_upload()._asdict(),
},
}
def test_succeed(self):
"""Mark a testcase as fixed."""
self.testcase.fixed = 'NA'
self.testcase.open = True
self.testcase.put()
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
testcase = self.testcase.key.get()
self.assertEqual('Yes', testcase.fixed)
self.assertFalse(testcase.open)
def test_succeed(self):
"""Remove the duplicate status."""
self.testcase.status = 'Something'
self.testcase.duplicate_of = 124
self.testcase.put()
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
testcase = self.testcase.key.get()
self.assertEqual('Processed', testcase.status)
self.assertIsNone(testcase.duplicate_of)
def test_succeed(self):
"""Mark a testcase as unconfirmed."""
self.testcase.one_time_crasher_flag = False
self.testcase.put()
resp = self.app.post_json(
'/', {
'testcaseId': self.testcase.key.id(),
'csrf_token': form.generate_csrf_token(),
})
self.assertEqual(200, resp.status_int)
self.assertEqual('yes', resp.json['testcase'])
testcase = self.testcase.key.get()
self.assertTrue(testcase.one_time_crasher_flag)
self.assertEqual('NA', testcase.fixed)
self.assertEqual('NA', testcase.regression)
self.assertEqual('NA', testcase.minimized_keys)
def test_issue_not_open(self):
"""Issue is not open."""
itm = mock.Mock(spec_set=issue_tracker_manager.IssueTrackerManager)
bug = issue.Issue()
bug.open = False
self.mock.get_issue_tracker_manager.return_value = itm
itm.get_issue.return_value = bug
resp = self.app.post_json('/', {
'testcaseId': self.testcase.key.id(),
'issueId': '2',
'needsSummaryUpdate': '',
'csrf_token': form.generate_csrf_token(),
},
expect_errors=True)
self.assertEqual(400, resp.status_int)
self.assertIn('file a new issue', resp.json['message'])
self.assertEqual('*****@*****.**', resp.json['email'])
def get(self):
"""Handle a get request."""
external_user_permissions = list(
data_types.ExternalUserPermission.query().order(
data_types.ExternalUserPermission.entity_kind,
data_types.ExternalUserPermission.entity_name,
data_types.ExternalUserPermission.email))
template_values = {
'config': db_config.get(),
'permissions': external_user_permissions,
'fieldValues': {
'csrf_token': form.generate_csrf_token(),
'user_permission_entity_kinds': USER_PERMISSION_ENTITY_KINDS,
'user_permission_auto_cc_types': USER_PERMISSION_AUTO_CC_TYPES,
'add_permission_url': '/add-external-user-permission',
'delete_permission_url': '/delete-external-user-permission',
}
}
helpers.log('Configuration', helpers.VIEW_OPERATION)
self.render('configuration.html', template_values)