def setUp(self):
test_helpers.patch(self, [
'libs.access._is_domain_allowed',
'libs.auth.get_current_user',
'clusterfuzz._internal.config.db_config.get',
'libs.issue_management.issue_tracker.IssueTracker.get_original_issue',
'libs.issue_management.issue_tracker_utils.'
'get_issue_tracker_for_testcase',
'libs.issue_management.monorail.issue_tracker_manager.'
'IssueTrackerManager',
])
self.itm = issue_tracker_manager.IssueTrackerManager('test')
self.itm.project_name = 'test-project'
self.mock.get_issue_tracker_for_testcase.return_value = (
monorail.IssueTracker(self.itm))
self.get_issue = self.itm.get_issue
self.email = '*****@*****.**'
self.mock.get_current_user.return_value = auth.User(self.email)
self.bug = issue.Issue()
self.bug.id = 1234
self.bug.itm = self.itm
self.original_bug = issue.Issue()
self.original_bug.id = 5678
self.original_bug.itm = self.itm
self.testcase = data_types.Testcase()
self.mock.get.return_value = (data_types.Config(
relax_testcase_restrictions=True))
self.mock._is_domain_allowed.return_value = False
def test_allowed_because_of_owner(self):
"""Ensure it is allowed because the user is the owner."""
self.bug.owner = self.email.capitalize()
self._test_bug_access()
self.mock.get.return_value = (data_types.Config(
relax_testcase_restrictions=False))
self._test_bug_access()
def test_denied_security_bug_access_for_domain_user(self):
"""Ensure that a domain user can't access a security bug in default
configuration."""
self.mock._is_domain_allowed.return_value = True
self.testcase.security_flag = True
self.mock.get.return_value = (data_types.Config(
relax_security_bug_restrictions=False))
self.assertFalse(access.can_user_access_testcase(self.testcase))
def test_allowed_because_of_domain_allowed(self):
"""Ensure it is true when user has bug access and user's email is on the
domain list but the relaxation is not enabled."""
self.mock._is_domain_allowed.return_value = True
self.testcase.security_flag = True
self.mock.get.return_value = (data_types.Config(
relax_testcase_restrictions=False))
self.bug.add_cc(self.email)
self._test_bug_access()
def setup_config(non_dry_run):
"""Set up configuration."""
config = data_types.Config.query().get()
if not config:
config = data_types.Config()
if non_dry_run:
print('Creating config')
config.put()
else:
print('Skip creating config (dry-run mode)')
def test_allowed_because_of_owner_in_original_issue(self):
"""Ensure it is allowed because the user is the owner of original issue."""
self.bug.merged_into = 5678
self.bug.merged_into_project = 'test-project'
self.original_bug.owner = self.email
self.mock.get_original_issue.return_value = monorail.Issue(
self.original_bug)
self._test_bug_access()
self.mock.get.return_value = (data_types.Config(
relax_testcase_restrictions=False))
self._test_bug_access()
def test_denied_no_access(self):
"""Ensure it is false when user has bug access but the relaxation is not
enabled and user's email is not on the allowed domain list."""
self.mock._is_domain_allowed.return_value = False
self.mock.get.return_value = (data_types.Config(
relax_testcase_restrictions=False))
self.testcase.bug_information = '1234'
self.get_issue.return_value = self.bug
self.bug.add_cc(self.email)
self.bug.reporter = self.email
self.bug.owner = ''
self.assertFalse(access.can_user_access_testcase(self.testcase))
def setUp(self):
"""Set up."""
super(UntrustedRunnerIntegrationTest, self).setUp()
data_types.Config().put()
environment_string = ('APP_NAME = app\n'
'RELEASE_BUILD_BUCKET_PATH = '
'gs://clusterfuzz-test-data/test_builds/'
'test-build-([0-9]+).zip\n')
data_types.Job(name='job', environment_string=environment_string).put()
environment_string = (
'RELEASE_BUILD_BUCKET_PATH = '
'gs://clusterfuzz-test-data/test_libfuzzer_builds/'
'test-libfuzzer-build-([0-9]+).zip\n'
'UNPACK_ALL_FUZZ_TARGETS_AND_FILES = True')
data_types.Job(name='libfuzzer_asan_job',
environment_string=environment_string).put()
data_types.Fuzzer(name='fuzzer', data_bundle_name='bundle').put()
data_types.DataBundle(name='bundle',
is_local=True,
sync_to_worker=True).put()
def post(self):
"""Handle a post request."""
config = db_config.get()
if not config:
config = data_types.Config()
previous_hash = request.get('previous_hash')
if config.previous_hash and config.previous_hash != previous_hash:
raise helpers.EarlyExitException(
'Your change conflicts with another configuration update. '
'Please refresh and try again.', 500)
build_apiary_service_account_private_key = request.get(
'build_apiary_service_account_private_key')
bug_report_url = request.get('bug_report_url')
client_credentials = request.get('client_credentials')
jira_url = request.get('jira_url')
jira_credentials = request.get('jira_credentials')
component_repository_mappings = request.get('component_repository_mappings')
contact_string = request.get('contact_string')
documentation_url = request.get('documentation_url')
github_credentials = request.get('github_credentials')
oss_fuzz_robot_github_personal_access_token = request.get(
'oss_fuzz_robot_github_personal_access_token')
platform_group_mappings = request.get('platform_group_mappings')
privileged_users = request.get('privileged_users')
blacklisted_users = request.get('blacklisted_users')
relax_security_bug_restrictions = request.get(
'relax_security_bug_restrictions')
relax_testcase_restrictions = request.get('relax_testcase_restrictions')
reproduce_tool_client_id = request.get('reproduce_tool_client_id')
reproduce_tool_client_secret = request.get('reproduce_tool_client_secret')
reproduction_help_url = request.get('reproduction_help_url')
test_account_email = request.get('test_account_email')
test_account_password = request.get('test_account_password')
wifi_ssid = request.get('wifi_ssid')
wifi_password = request.get('wifi_password')
sendgrid_api_key = request.get('sendgrid_api_key')
sendgrid_sender = request.get('sendgrid_sender')
config.build_apiary_service_account_private_key = (
build_apiary_service_account_private_key)
config.bug_report_url = bug_report_url
config.client_credentials = client_credentials
config.component_repository_mappings = component_repository_mappings
config.contact_string = contact_string
config.documentation_url = documentation_url
config.github_credentials = github_credentials
config.oss_fuzz_robot_github_personal_access_token = (
oss_fuzz_robot_github_personal_access_token)
config.jira_credentials = jira_credentials
config.jira_url = jira_url
config.platform_group_mappings = platform_group_mappings
config.privileged_users = privileged_users
config.blacklisted_users = blacklisted_users
config.relax_security_bug_restrictions = bool(
relax_security_bug_restrictions)
config.relax_testcase_restrictions = bool(relax_testcase_restrictions)
config.reproduce_tool_client_id = reproduce_tool_client_id
config.reproduce_tool_client_secret = reproduce_tool_client_secret
config.reproduction_help_url = reproduction_help_url
config.test_account_email = test_account_email
config.test_account_password = test_account_password
config.wifi_ssid = wifi_ssid
config.wifi_password = wifi_password
config.sendgrid_api_key = sendgrid_api_key
config.sendgrid_sender = sendgrid_sender
helpers.log('Configuration', helpers.MODIFY_OPERATION)
# Before hashing the entity, we must put it so that the internal maps are
# updated.
config.put()
config.previous_hash = utils.entity_hash(config)
config.put()
template_values = {
'title':
'Success',
'message': ('Configuration is successfully updated. '
'Redirecting to the configuration page...'),
'redirect_url':
'/configuration',
}
return self.render('message.html', template_values)
