def test_last_updated_attribute(properties):
"""Check that the 'last_updated' attribute contains proper timestamp."""
now = time.time()
last_updated = check_and_get_attribute(properties, "last_updated")
value = check_and_get_attribute(last_updated[0], "value")
assert value >= BAYESSIAN_PROJECT_START_DATE
assert value <= now
def get_results_from_gremlin(context):
"""Try to take the results from the Gremlin response."""
data = context.response.json()
result = check_and_get_attribute(data, "result")
data = check_and_get_attribute(result, "data")
meta = check_and_get_attribute(result, "meta")
return data, meta
def check_repository_url(context, url):
"""Check the repository URL (if set) for the component."""
details = get_details_node(context)[0]
code_repository = check_and_get_attribute(details, "code_repository")
actual_url = check_and_get_attribute(code_repository, "url")
assert actual_url == url, "Repository URL should be set to {u1}, " \
"but {u2} has been found instead".format(u1=url, u2=actual_url)
def check_vsc(context, vcs):
"""Check the type of version control system for the component."""
details = get_details_node(context)[0]
code_repository = check_and_get_attribute(details, "code_repository")
actual_vcs = check_and_get_attribute(code_repository, "type")
assert actual_vcs == vcs.lower(), "Expected {v1} version control system type, " \
"but {v2} has been found instead".format(v1=vcs, v2=actual_vcs)
def check_gremlin_result_node(data):
"""Check the basic structure of the 'result' node in Gremlin response."""
result = check_and_get_attribute(data, "result")
data = check_and_get_attribute(result, "data")
meta = check_and_get_attribute(result, "meta")
assert type(data) is list
assert type(meta) is dict
def check_schema_existence(context, schema, version, selector=None):
"""Check the existence of given schema."""
data = context.response.json()
if selector is not None:
api_schemas = check_and_get_attribute(data, selector)
schema = check_and_get_attribute(api_schemas, schema)
else:
schema = check_and_get_attribute(data, schema)
check_and_get_attribute(schema, version)
def check_report_for_ecosystem(summary, ecosystem):
"""Check the stack report for the selected ecosystem."""
report = check_and_get_attribute(summary, ecosystem)
# try to retrieve all required attributes
response_time = check_and_get_attribute(report, "average_response_time")
# check actual values of required attributes
check_response_time(response_time)
def check_dates_difference(report, days_threshold):
"""Compute the difference between two dates and compare it with given threshold value."""
from_date = parse_date(check_and_get_attribute(report, "from"))
to_date = parse_date(check_and_get_attribute(report, "to"))
assert from_date is not None
assert to_date is not None
# a day (at least)
diff = to_date - from_date
assert diff.days >= days_threshold
def get_node_value(properties, property_name):
"""Retrieve the value of node taken from properties returned by Gremlin.
Please note, that each property is an array of id+value pairs and in
this case we are interested only in the first pair.
"""
node = check_and_get_attribute(properties, property_name)
assert node[0] is not None
return check_and_get_attribute(node[0], "value")
def check_runtime_dependency_count(context, num):
"""Check the number of runtime details for selected component."""
data = context.s3_data
details = check_and_get_attribute(data, "details")
runtime = check_and_get_attribute(details, "runtime")
cnt = len(runtime)
assert cnt == num, "Expected {n1} runtime details, but found {n2}".format(
n1=num, n2=cnt)
def oc_deployment_exist(context, deployment_name):
"""Check if the given deployment exists and is visible for logged in user."""
deployments = check_and_get_attribute(context.oc_result, "items")
for deployment in deployments:
metadata = check_and_get_attribute(deployment, "metadata")
name = check_and_get_attribute(metadata, "name")
if name == deployment_name:
return
raise Exception(
"Deployment {d} could not be found".format(d=deployment_name))
def check_no_really_unknown_licenses(context):
"""Check the computed really unknown licenses."""
json_data = context.response.json()
unknown_licenses = check_and_get_attribute(json_data, "unknown_licenses")
really_unknown = check_and_get_attribute(unknown_licenses,
"really_unknown")
assert len(really_unknown) == 0, \
"There should not be any really unknown licenses reported, " \
"but the service returned {c} unknown licenses" \
.format(c=", ".join(really_unknown))
def check_no_component_conflicts(context):
"""Check the computed component conflicts."""
json_data = context.response.json()
unknown_licenses = check_and_get_attribute(json_data, "unknown_licenses")
component_conflicts = check_and_get_attribute(unknown_licenses,
"component_conflict")
assert len(component_conflicts) == 0, \
"There should not be any component conflicts reported, " \
"but the service returned {c} conflicts" \
.format(c=", ".join(component_conflicts))
def check_stacks_detail(detail):
"""Check selected stacks detail in generated stack report."""
# try to retrieve all required attributes
ecosystem = check_and_get_attribute(detail, "ecosystem")
license = check_and_get_attribute(detail, "license")
response_time = check_and_get_attribute(detail, "response_time")
security = check_and_get_attribute(detail, "security")
stack = check_and_get_attribute(detail, "stack")
unknown_dependencies = check_and_get_attribute(detail,
"unknown_dependencies")
# check actual values of required attributes
assert ecosystem in SUPPORTED_ECOSYSTEMS
check_response_time(response_time)
for package in stack:
# TODO: add some package+version check
is_string(package)
for package in unknown_dependencies:
# TODO: add some package+version check
is_string(package)
cve_list = check_and_get_attribute(security, "cve_list")
check_license(license)
for cve_record in cve_list:
cve = check_and_get_attribute(cve_record, "CVE")
cvss = check_and_get_attribute(cve_record, "CVSS")
check_cve_value(cve, with_score=False)
check_cve_score(cvss)
def check_runtime_dependency_count_in_summary(context, num):
"""Check the number of dependencies in dependency snapshot summary."""
data = context.s3_data
summary = check_and_get_attribute(data, "summary")
dependency_counts = check_and_get_attribute(summary, "dependency_counts")
runtime_count = check_and_get_attribute(dependency_counts, "runtime")
cnt = int(runtime_count)
assert cnt == num, "Expected {n1} runtime dependency counts, but found {n2}".format(
n1=num, n2=cnt)
def validate_result_post_registration(context):
"""Check that json response contains appropriate data."""
json_data = context.response.json()
assert context.response.status_code == 200
assert json_data
check_attribute_presence(json_data, "user_key")
endpoints = check_and_get_attribute(json_data, "endpoints")
prod_url = check_and_get_attribute(endpoints, "prod")
assert prod_url.startswith("https://")
def check_package_name_and_version(context, name, version):
"""Check the package name and version."""
details = get_details_node(context)[0]
actual_name = check_and_get_attribute(details, "name")
actual_version = check_and_get_attribute(details, "version")
assert name == actual_name, "Name '{n1}' is different from " \
"expected name '{n2}'".format(n1=actual_name, n2=name)
assert version == actual_version, "Version {v1} is different from expected " \
"version {v2}".format(v1=actual_version, v2=version)
def check_dependents_count(context, expected_dependents_count):
"""Check the number of dependend projects for given package."""
details = get_details_node(context)
dependents = check_and_get_attribute(details, 'dependents')
dependents_count = check_and_get_attribute(dependents, 'count')
assert int(dependents_count) == expected_dependents_count, \
"Expected {e} dependents, but found {f} instead".format(e=expected_dependents_count,
f=dependents_count)
def get_pod_states(context):
"""Get states for all pods."""
states = {}
pods = check_and_get_attribute(context.oc_result, "items")
for pod in pods:
if is_pod(pod):
metadata = check_and_get_attribute(pod, "metadata")
name = check_and_get_attribute(metadata, "name")
phase = get_pod_phase(pod)
states[name] = phase
return states
def check_gremlin_status_node(data):
"""Check the basic structure of the 'status' node in Gremlin response."""
status = check_and_get_attribute(data, "status")
message = check_and_get_attribute(status, "message")
code = check_and_get_attribute(status, "code")
attributes = check_and_get_attribute(status, "attributes")
assert message == ""
assert code == 200
# this node should be empty
assert not attributes
def check_dependent_repositories_count(context, expected_repo_count):
"""Check the number of dependent repositories for given package."""
details = get_details_node(context)
dependent_repositories = check_and_get_attribute(details,
'dependent_repositories')
repo_count = check_and_get_attribute(dependent_repositories, 'count')
assert int(repo_count) == expected_repo_count, \
"Expected {e} repositories, but found {f} instead".format(e=expected_repo_count,
f=repo_count)
def check_report_from_to_dates(report):
"""Check all attributes stored in 'report' node from the stack analysis."""
assert report is not None
from_date = check_and_get_attribute(report, "from")
to_date = check_and_get_attribute(report, "to")
generated_on = check_and_get_attribute(report, "generated_on")
# 'generated_on' attribute should contain a proper timestamp
check_timestamp(generated_on)
# 'from' and 'to' attributes should contain a date in format YYYY-MM-DD
check_date(from_date)
check_date(to_date)
def check_valid_monthly_report(context):
"""Check if the monthly stacks report is valid."""
response = context.response.json()
assert response is not None
# try to retrieve all required attributes
report = check_and_get_attribute(response, "report")
stacks_details = check_and_get_attribute(response, "stacks_details")
stacks_summary = check_and_get_attribute(response, "stacks_summary")
# check actual values of required attributes
check_report_from_to_dates_monthly(report)
check_stacks_details(stacks_details)
check_stacks_summary(stacks_summary)
def check_component_digest_metadata_value(context, selector, expected_value):
"""Check if the digest metadata can be found for the component."""
data = context.s3_data
details = check_and_get_attribute(data, "details")
for detail in details:
actual_value = check_and_get_attribute(detail, selector)
if actual_value == expected_value:
return
# nothing was found
raise Exception(
'Can not find the digest metadata {selector} set to {expected_value}'.
format(selector=selector, expected_value=expected_value))
def package_data_timestamp_comparison_with_remembered_time(
context, comparison):
"""Check if the last_updated attribute is older or newer than remembered time.
The timestamp is checked for all package versions.
"""
remembered_time = context.current_time
data, meta = get_results_from_gremlin(context)
for package in data:
properties = check_and_get_attribute(package, "properties")
last_updated = check_and_get_attribute(properties, "last_updated")
value = check_and_get_attribute(last_updated[0], "value")
check_last_updated_value(comparison, value, remembered_time)
def check_cves_for_epv(context, cves, p, v, e):
"""Check number of CVEs reported for given e/p/v in dependencies."""
response = context.response.json()
depencencies = check_and_get_attribute(response, "dependencies")
for dependency in depencencies:
cve_count = check_and_get_attribute(dependency, "cve_count")
ecosystem = check_and_get_attribute(dependency, "ecosystem")
package = check_and_get_attribute(dependency, "name")
version = check_and_get_attribute(dependency, "version")
if ecosystem == e and package == p and version == v:
assert int(cve_count) == int(cves), \
"{exp} CVEs expected, but {found} was found".format(exp=cves, found=cve_count)
return
raise Exception("{e}/{p}/{v} was not found".format(e=e, p=p, v=v))
def check_cves_for_epv(context, cves, p, v, e):
"""Check number of CVEs reported for given e/p/v in dependencies."""
response = context.response.json()
depencencies = check_and_get_attribute(response, "dependencies")
for dependency in depencencies:
cve_count = check_and_get_attribute(dependency, "cve_count")
ecosystem = check_and_get_attribute(dependency, "ecosystem")
package = check_and_get_attribute(dependency, "name")
version = check_and_get_attribute(dependency, "version")
if ecosystem == e and package == p and version == v:
# check whether at least 'cves' CVEs has been reported
check_cve_count(cve_count, cves)
return
raise Exception("{e}/{p}/{v} was not found".format(e=e, p=p, v=v))
def read_property_value_from_gremlin_response(context, property_name):
"""Read property value from the Gremlin response with all checks."""
data, meta = get_results_from_gremlin(context)
package = data[0]
properties = check_and_get_attribute(package, "properties")
# try to retrieve list of id+value pairs
id_values = check_and_get_attribute(properties, property_name)
# we expect list with one value only
assert type(id_values) is list and len(id_values) == 1
id_value = id_values[0]
# check the content of 'value' attribute
return check_and_get_attribute(id_value, "value")
def check_hash_attribute(context):
"""Check the commit hash in the JSON response."""
response = context.response
assert response is not None
data = response.json()
commit_hash = check_and_get_attribute(data, "commit_hash")
check_hash_value(commit_hash)
def check_timestamp_for_all_packages_in_gremlin_response(context):
"""Check if the last_updated attribute exists and if it contain proper timestamp."""
data, meta = get_results_from_gremlin(context)
for package in data:
properties = check_and_get_attribute(package, "properties")
test_last_updated_attribute(properties)
