def test_schedule_multiple_pkgs_advisory(db, client): resp = client.post(url_for('tracker.schedule_advisory', avg=DEFAULT_GROUP_NAME), follow_redirects=True, data={'advisory_type': issue_types[1]}) assert 200 == resp.status_code assert_advisory_data(advisory_get_label(number=1)) assert_advisory_data(advisory_get_label(number=2)) assert 2 == advisory_count()
def test_switch_issue_type_changes_multi_package_advisory_to_single_type(db, client): data = default_group_dict(dict( cve='\n'.join(['CVE-1111-1111']), pkgnames='\n'.join(['foo', 'bar']), )) resp = client.post(url_for('tracker.edit_group', avg=DEFAULT_GROUP_NAME), follow_redirects=True, data=data) assert 200 == resp.status_code assert_advisory_data(advisory_get_label(number=1), advisory_type=issue_types[2]) assert_advisory_data(advisory_get_label(number=2), advisory_type=issue_types[2]) assert 2 == advisory_count()
def test_cant_schedule_already_existing_advisory(db, client): resp = client.post(url_for('tracker.schedule_advisory', avg=DEFAULT_GROUP_NAME), follow_redirects=True, data={'advisory_type': issue_types[1]}) assert 200 == resp.status_code assert ERROR_ADVISORY_ALREADY_EXISTS in resp.data.decode() assert None is get_advisory(advisory_get_label(number=2)) assert 1 == advisory_count()
def schedule_advisory(avg): avg_id = avg.replace('AVG-', '') form = AdvisoryForm() if not form.validate_on_submit(): flash('Form validation failed', 'error') return redirect('/{}'.format(avg)) entries = (db.session.query( CVEGroup, CVE, CVEGroupPackage, Advisory).filter(CVEGroup.id == avg_id).join( CVEGroupEntry, CVEGroup.issues).join(CVE, CVEGroupEntry.cve).join( CVEGroupPackage, CVEGroup.packages).outerjoin( Advisory, and_(Advisory.group_package_id == CVEGroupPackage.id)) ).all() if not entries: return not_found() pkgs = set() advisories = set() for group_entry, cve, pkg, advisory in entries: pkgs.add(pkg) if advisory: advisories.add(advisory) if Status.fixed != group_entry.status: flash(ERROR_ADVISORY_GROUP_NOT_FIXED, 'error') return redirect('/{}'.format(avg)) if 0 < len(advisories): flash(ERROR_ADVISORY_ALREADY_EXISTS, 'error') return redirect('/{}'.format(avg)) last_advisory_date = advisory_get_date_label() last_advisory_num = 0 last_advisory = (db.session.query(Advisory).order_by( Advisory.created.desc()).limit(1)).first() if last_advisory: m = match(advisory_regex, last_advisory.id) if last_advisory_date == m.group(2): last_advisory_num = int(m.group(3)) for pkg in pkgs: last_advisory_num += 1 asa = advisory_get_label(last_advisory_date, last_advisory_num) db.create(Advisory, id=asa, advisory_type=form.advisory_type.data, publication=Publication.scheduled, group_package=pkg) db.session.commit() flash('Scheduled {}'.format(asa)) return redirect('/{}'.format(asa))
fixed='1.2.3-4') @create_group(id=456, issues=['CVE-1111-2222'], packages=['foo', 'bar'], affected='1.2.3-3') @create_group(id=789, issues=['CVE-1111-2222'], packages=['foo', 'bar'], affected='1.2.3-3', status=Status.unknown) @create_group(id=4242, issues=['CVE-1111-2222'], packages=['foo', 'bar'], affected='1.2.3-4') @create_advisory(id=DEFAULT_ADVISORY_ID, advisory_type='multiple issues') @create_advisory(id=advisory_get_label(number=2), group_package_id=2, advisory_type='multiple issues', publication=Publication.published) def test_todo_json_success(db, client): resp = client.get(url_for('tracker.todo_json', postfix='.json')) assert 200 == resp.status_code data = resp.get_json() assert data['advisories']['scheduled'] assert data['advisories']['incomplete'] assert data['advisories']['unhandled'] assert data['groups']['unknown'] assert data['groups']['bumped']
from tracker.model.cvegroup import CVEGroup from tracker.model.cvegroupentry import CVEGroupEntry from tracker.model.cvegrouppackage import CVEGroupPackage from tracker.model.enum import Affected from tracker.model.enum import Publication from tracker.model.enum import Remote from tracker.model.enum import Severity from tracker.model.enum import UserRole from tracker.model.enum import affected_to_status from tracker.model.enum import highest_severity from tracker.model.package import Package from tracker.model.user import User from tracker.user import hash_password from tracker.user import random_string DEFAULT_ADVISORY_ID = advisory_get_label() DEFAULT_USERNAME = '******' ERROR_LOGIN_REQUIRED = 'Please log in to access this page.' ERROR_INVALID_CHOICE = 'Not a valid choice' @pytest.fixture(scope="session") def app(request): flask_app = create_app() flask_app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:' flask_app.config['TESTING'] = True flask_app.config['WTF_CSRF_ENABLED'] = False flask_app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False flask_app.config['SERVER_NAME'] = 'cyber.local' with flask_app.app_context(): yield flask_app
@create_advisory(id=DEFAULT_ADVISORY_ID, advisory_type=issue_types[1]) @logged_in def test_switch_issue_type_changes_single_issue_advisory_to_multiple(db, client): data = default_issue_dict(dict(issue_type=issue_types[2])) resp = client.post(url_for('tracker.edit_cve', cve='CVE-1111-2222'), follow_redirects=True, data=data) assert 200 == resp.status_code assert_advisory_data(DEFAULT_ADVISORY_ID, advisory_type='multiple issues') assert 1 == advisory_count() @create_issue(id='CVE-1111-1111', issue_type=issue_types[2]) @create_issue(id='CVE-1111-2222', issue_type=issue_types[3]) @create_package(name='foo', base='lol', version='1.2.3-4') @create_package(name='bar', base='lol', version='1.2.3-4') @create_group(id=DEFAULT_GROUP_ID, issues=['CVE-1111-1111'], packages=['foo', 'bar'], affected='1.2.3-3', fixed='1.2.3-4') @create_advisory(id=advisory_get_label(number=1), group_package_id=1, advisory_type=issue_types[2]) @create_advisory(id=advisory_get_label(number=2), group_package_id=2, advisory_type=issue_types[2]) @logged_in def test_switch_issue_type_changes_multi_package_advisory_to_multiple(db, client): data = default_group_dict(dict( cve='\n'.join(['CVE-1111-1111', 'CVE-1111-2222']), pkgnames='\n'.join(['foo', 'bar']), )) resp = client.post(url_for('tracker.edit_group', avg=DEFAULT_GROUP_NAME), follow_redirects=True, data=data) assert 200 == resp.status_code assert_advisory_data(advisory_get_label(number=1), advisory_type='multiple issues') assert_advisory_data(advisory_get_label(number=2), advisory_type='multiple issues') assert 2 == advisory_count() @create_issue(id='CVE-1111-1111', issue_type=issue_types[2])