def test_rolling_deployment(namespace, api_gateway, from_deployment, to_deployment, change): from_file_path = to_resources_path(from_deployment) retry_run(f"kubectl apply -f {from_file_path} -n {namespace}") wait_for_status("mymodel", namespace) wait_for_rollout("mymodel", namespace) assert_model("mymodel", namespace, initial=True, endpoint=api_gateway) old_pod_name = get_pod_name_for_sdep("mymodel", namespace)[0] to_file_path = to_resources_path(to_deployment) def _update_model(): retry_run(f"kubectl apply -f {to_file_path} -n {namespace}") if change: wait_for_pod_shutdown(old_pod_name, namespace) wait_for_status("mymodel", namespace) time.sleep(2) # Wait a little after deployment marked Available assert_model_during_op(_update_model, "mymodel", namespace, endpoint=api_gateway) delete_cmd = f"kubectl delete --ignore-not-found -n {namespace}" run(f"{delete_cmd} -f {from_file_path}", shell=True) run(f"{delete_cmd} -f {to_file_path}", shell=True)
def test_xss_header(namespace): sdep_name = "mymodel" sdep_path = to_resources_path("graph-echo.json") retry_run(f"kubectl apply -f {sdep_path} -n {namespace}") wait_for_status(sdep_name, namespace) wait_for_rollout(sdep_name, namespace) res = initial_rest_request(sdep_name, namespace) assert "X-Content-Type-Options" in res.headers assert res.headers["X-Content-Type-Options"] == "nosniff"
def test_xss_escaping(namespace): sdep_name = "mymodel" sdep_path = to_resources_path("graph-echo.json") retry_run(f"kubectl apply -f {sdep_path} -n {namespace}") wait_for_status(sdep_name, namespace) wait_for_rollout(sdep_name, namespace) payload = '<div class="div-class"></div>' expected = '\\u003cdiv class=\\"div-class\\"\\u003e\\u003c/div\\u003e' res = rest_request(sdep_name, namespace, data=payload, dtype="strData") # We need to compare raw text. Otherwise, Python interprets the escaped # sequences. assert res.text == f'{{"meta":{{}},"strData":"{expected}"}}\n'
def test_xss_escaping(namespace): sdep_name = "mymodel" sdep_path = to_resources_path("graph-echo.json") retry_run(f"kubectl apply -f {sdep_path} -n {namespace}") wait_for_status(sdep_name, namespace) wait_for_rollout(sdep_name, namespace) payload = '<div class="div-class"></div>' # There is a small difference between the engine and the executor, where # the engine will escape the `=` symbol as its unicode equivalent, so we # need to consider both. expected = '\\u003cdiv class=\\"div-class\\"\\u003e\\u003c/div\\u003e' res = initial_rest_request(sdep_name, namespace, data=payload, dtype="strData") # We need to compare raw text (instead of `.json()`). Otherwise, Python # interprets the escaped sequences. assert expected in res.text