def setUp(self): test_helpers.patch(self, [ 'libs.access._is_domain_allowed', 'libs.auth.get_current_user', 'clusterfuzz._internal.config.db_config.get', 'libs.issue_management.issue_tracker.IssueTracker.get_original_issue', 'libs.issue_management.issue_tracker_utils.' 'get_issue_tracker_for_testcase', 'libs.issue_management.monorail.issue_tracker_manager.' 'IssueTrackerManager', ]) self.itm = issue_tracker_manager.IssueTrackerManager('test') self.itm.project_name = 'test-project' self.mock.get_issue_tracker_for_testcase.return_value = ( monorail.IssueTracker(self.itm)) self.get_issue = self.itm.get_issue self.email = '*****@*****.**' self.mock.get_current_user.return_value = auth.User(self.email) self.bug = issue.Issue() self.bug.id = 1234 self.bug.itm = self.itm self.original_bug = issue.Issue() self.original_bug.id = 5678 self.original_bug.itm = self.itm self.testcase = data_types.Testcase() self.mock.get.return_value = (data_types.Config( relax_testcase_restrictions=True)) self.mock._is_domain_allowed.return_value = False
def test_allowed_because_of_owner(self): """Ensure it is allowed because the user is the owner.""" self.bug.owner = self.email.capitalize() self._test_bug_access() self.mock.get.return_value = (data_types.Config( relax_testcase_restrictions=False)) self._test_bug_access()
def test_denied_security_bug_access_for_domain_user(self): """Ensure that a domain user can't access a security bug in default configuration.""" self.mock._is_domain_allowed.return_value = True self.testcase.security_flag = True self.mock.get.return_value = (data_types.Config( relax_security_bug_restrictions=False)) self.assertFalse(access.can_user_access_testcase(self.testcase))
def test_allowed_because_of_domain_allowed(self): """Ensure it is true when user has bug access and user's email is on the domain list but the relaxation is not enabled.""" self.mock._is_domain_allowed.return_value = True self.testcase.security_flag = True self.mock.get.return_value = (data_types.Config( relax_testcase_restrictions=False)) self.bug.add_cc(self.email) self._test_bug_access()
def setup_config(non_dry_run): """Set up configuration.""" config = data_types.Config.query().get() if not config: config = data_types.Config() if non_dry_run: print('Creating config') config.put() else: print('Skip creating config (dry-run mode)')
def test_allowed_because_of_owner_in_original_issue(self): """Ensure it is allowed because the user is the owner of original issue.""" self.bug.merged_into = 5678 self.bug.merged_into_project = 'test-project' self.original_bug.owner = self.email self.mock.get_original_issue.return_value = monorail.Issue( self.original_bug) self._test_bug_access() self.mock.get.return_value = (data_types.Config( relax_testcase_restrictions=False)) self._test_bug_access()
def test_denied_no_access(self): """Ensure it is false when user has bug access but the relaxation is not enabled and user's email is not on the allowed domain list.""" self.mock._is_domain_allowed.return_value = False self.mock.get.return_value = (data_types.Config( relax_testcase_restrictions=False)) self.testcase.bug_information = '1234' self.get_issue.return_value = self.bug self.bug.add_cc(self.email) self.bug.reporter = self.email self.bug.owner = '' self.assertFalse(access.can_user_access_testcase(self.testcase))
def setUp(self): """Set up.""" super(UntrustedRunnerIntegrationTest, self).setUp() data_types.Config().put() environment_string = ('APP_NAME = app\n' 'RELEASE_BUILD_BUCKET_PATH = ' 'gs://clusterfuzz-test-data/test_builds/' 'test-build-([0-9]+).zip\n') data_types.Job(name='job', environment_string=environment_string).put() environment_string = ( 'RELEASE_BUILD_BUCKET_PATH = ' 'gs://clusterfuzz-test-data/test_libfuzzer_builds/' 'test-libfuzzer-build-([0-9]+).zip\n' 'UNPACK_ALL_FUZZ_TARGETS_AND_FILES = True') data_types.Job(name='libfuzzer_asan_job', environment_string=environment_string).put() data_types.Fuzzer(name='fuzzer', data_bundle_name='bundle').put() data_types.DataBundle(name='bundle', is_local=True, sync_to_worker=True).put()
def post(self): """Handle a post request.""" config = db_config.get() if not config: config = data_types.Config() previous_hash = request.get('previous_hash') if config.previous_hash and config.previous_hash != previous_hash: raise helpers.EarlyExitException( 'Your change conflicts with another configuration update. ' 'Please refresh and try again.', 500) build_apiary_service_account_private_key = request.get( 'build_apiary_service_account_private_key') bug_report_url = request.get('bug_report_url') client_credentials = request.get('client_credentials') jira_url = request.get('jira_url') jira_credentials = request.get('jira_credentials') component_repository_mappings = request.get('component_repository_mappings') contact_string = request.get('contact_string') documentation_url = request.get('documentation_url') github_credentials = request.get('github_credentials') oss_fuzz_robot_github_personal_access_token = request.get( 'oss_fuzz_robot_github_personal_access_token') platform_group_mappings = request.get('platform_group_mappings') privileged_users = request.get('privileged_users') blacklisted_users = request.get('blacklisted_users') relax_security_bug_restrictions = request.get( 'relax_security_bug_restrictions') relax_testcase_restrictions = request.get('relax_testcase_restrictions') reproduce_tool_client_id = request.get('reproduce_tool_client_id') reproduce_tool_client_secret = request.get('reproduce_tool_client_secret') reproduction_help_url = request.get('reproduction_help_url') test_account_email = request.get('test_account_email') test_account_password = request.get('test_account_password') wifi_ssid = request.get('wifi_ssid') wifi_password = request.get('wifi_password') sendgrid_api_key = request.get('sendgrid_api_key') sendgrid_sender = request.get('sendgrid_sender') config.build_apiary_service_account_private_key = ( build_apiary_service_account_private_key) config.bug_report_url = bug_report_url config.client_credentials = client_credentials config.component_repository_mappings = component_repository_mappings config.contact_string = contact_string config.documentation_url = documentation_url config.github_credentials = github_credentials config.oss_fuzz_robot_github_personal_access_token = ( oss_fuzz_robot_github_personal_access_token) config.jira_credentials = jira_credentials config.jira_url = jira_url config.platform_group_mappings = platform_group_mappings config.privileged_users = privileged_users config.blacklisted_users = blacklisted_users config.relax_security_bug_restrictions = bool( relax_security_bug_restrictions) config.relax_testcase_restrictions = bool(relax_testcase_restrictions) config.reproduce_tool_client_id = reproduce_tool_client_id config.reproduce_tool_client_secret = reproduce_tool_client_secret config.reproduction_help_url = reproduction_help_url config.test_account_email = test_account_email config.test_account_password = test_account_password config.wifi_ssid = wifi_ssid config.wifi_password = wifi_password config.sendgrid_api_key = sendgrid_api_key config.sendgrid_sender = sendgrid_sender helpers.log('Configuration', helpers.MODIFY_OPERATION) # Before hashing the entity, we must put it so that the internal maps are # updated. config.put() config.previous_hash = utils.entity_hash(config) config.put() template_values = { 'title': 'Success', 'message': ('Configuration is successfully updated. ' 'Redirecting to the configuration page...'), 'redirect_url': '/configuration', } return self.render('message.html', template_values)