def app():
app = create_app(TEST_CONFIG)
# Establish an application context before running the tests.
ctx = app.app_context()
ctx.push()
yield app
ctx.pop()
def setUpClass(cls):
app = create_app(TEST_CONFIG)
cls.app = app
cls.test_client = app.test_client()
# Push one single global flask app context for usage.
ctx = app.app_context()
ctx.push()
from flask import (send_from_directory, render_template)
import alembic.script
import alembic.runtime.environment
from lib.utils import manually_read_app_config
if not "MYSQL_CONNECTION_NAME" in os.environ:
print("[~] Executed outside AppEngine context. Manually loading config.")
manually_read_app_config()
from app.vulnerability.views.vulncode_db import VulncodeDB
import cfg
from data.database import DEFAULT_DATABASE
from lib.app_factory import create_app
app = create_app()
db = DEFAULT_DATABASE.db
@app.route("/static/<path:path>")
def serve_static(path):
return send_from_directory("static", path)
@app.route("/")
def serve_index():
vcdb = VulncodeDB()
return render_template("index.html", vcdb=vcdb)
@app.route("/maintenance")
def app():
app = create_app(TEST_CONFIG)
# Establish an application context before running the tests.
with app.app_context():
yield app
def app_without_db() -> Flask:
app = create_app(TEST_CONFIG, with_db=False)
# Establish an application context before running the tests.
with app.app_context():
yield app
def setup_test_database():
"""Returns session-wide initialised database."""
# Create a temporary flask app for the database setup.
# We don't use the app or db fixtures here as they should be
# executed in the function scope, not in the session scope like
# this function is.
app = create_app(TEST_CONFIG)
with app.app_context():
db: SQLAlchemy = app.extensions["sqlalchemy"].db
# setup databases and tables
with open(os.path.join(cfg.BASE_DIR, "docker/db_schema.sql"), "rb") as f:
create_schemas_sql = f.read().decode("utf8")
# with app.app_context():
# clear database
db.drop_all()
db.engine.execute("DROP TABLE IF EXISTS alembic_version")
# build database
db.engine.execute(create_schemas_sql)
alembic_upgrade()
# create data
session = db.session
roles = [
Role(name=role) for role in (PredefinedRoles.ADMIN, PredefinedRoles.USER)
]
session.add_all(roles)
users = [
User(
login="******",
full_name="Admin McAdmin",
roles=roles,
state=UserState.ACTIVE,
login_type=LoginType.LOCAL,
),
User(
login="******",
full_name="User McUser",
roles=[roles[1]],
state=UserState.ACTIVE,
login_type=LoginType.LOCAL,
),
User(
login="******",
full_name="Blocked User",
roles=[roles[1]],
state=UserState.BLOCKED,
login_type=LoginType.LOCAL,
),
]
session.add_all(users)
vuln_cves = list("CVE-1970-{}".format(1000 + i) for i in range(10))
new_cves = list("CVE-1970-{}".format(2000 + i) for i in range(10))
cves = vuln_cves + new_cves
nvds = []
for i, cve in enumerate(cves, 1):
nvds.append(
Nvd(
cve_id=cve,
descriptions=[
Description(
value="Description {}".format(i),
),
],
references=[
Reference(
link="https://cve.mitre.org/cgi-bin/cvename.cgi?name={}".format(
cve
),
source="cve.mitre.org",
),
],
published_date=datetime.date.today(),
cpes=[
Cpe(
vendor="Vendor {}".format(i),
product="Product {}".format(j),
)
for j in range(1, 4)
],
)
)
session.add_all(nvds)
vulns = []
for i, cve in enumerate(vuln_cves, 1):
repo_owner = "OWNER"
repo_name = "REPO{i}".format(i=i)
repo_url = "https://github.com/{owner}/{repo}/".format(
owner=repo_owner,
repo=repo_name,
)
commit = "{:07x}".format(0x1234567 + i)
vulns.append(
Vulnerability(
vcdb_id=i,
cve_id=cve,
date_created=datetime.date.today(),
creator=users[1],
state=VulnerabilityState.PUBLISHED,
version=0,
comment="Vulnerability {} comment".format(i),
commits=[
VulnerabilityGitCommits(
commit_link="{repo_url}commit/{commit}".format(
repo_url=repo_url,
commit=commit,
),
repo_owner=repo_owner,
repo_name=repo_name,
# TODO: test conflicting data?
repo_url=repo_url,
commit_hash=commit,
)
],
)
)
vulns.append(
Vulnerability(
state=VulnerabilityState.PUBLISHED,
version=0,
vcdb_id=len(vulns) + 1,
cve_id="CVE-1970-1500",
date_created=datetime.date.today(),
comment="Vulnerability {} comment".format(len(vuln_cves) + 1),
commits=[],
)
)
session.add_all(vulns)
session.commit()
