def setUp(self): test_helpers.patch_environ(self) flaskapp = flask.Flask('testflask') flaskapp.add_url_rule( '/apply-ccs', view_func=oss_fuzz_apply_ccs.Handler.as_view('/apply-ccs')) self.app = webtest.TestApp(flaskapp) data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() test_helpers.patch(self, [ 'clusterfuzz._internal.base.utils.utcnow', 'handlers.base_handler.Handler.is_cron', 'libs.issue_management.issue_tracker.IssueTracker.get_original_issue', 'libs.issue_management.issue_tracker_policy.get', 'libs.issue_management.issue_tracker_utils.' 'get_issue_tracker_for_testcase', ]) self.itm = IssueTrackerManager('oss-fuzz') self.mock.get_issue_tracker_for_testcase.return_value = ( monorail.IssueTracker(self.itm)) self.mock.utcnow.return_value = datetime.datetime(2016, 1, 1) self.mock.get.return_value = OSS_FUZZ_POLICY self.mock.get_original_issue.side_effect = get_original_issue self.job = data_types.Job(name='job', environment_string='') self.job.put() data_types.Testcase(open=True, status='Processed', bug_information='1337', job_type='job').put() data_types.Testcase(open=True, status='Processed', bug_information='1338', job_type='job').put() data_types.Testcase(open=True, status='Processed', bug_information='1339', job_type='job').put() data_types.Testcase(open=True, status='Processed', bug_information='1340', job_type='job').put()
def setUp(self): test_helpers.patch(self, [ 'libs.auth.get_current_user', 'libs.auth.is_current_user_admin', 'handlers.fuzzer_stats.build_results', ]) self.mock.build_results.return_value = json.dumps({}) flaskapp = flask.Flask('testflask') flaskapp.add_url_rule( '/fuzzer-stats/load', view_func=fuzzer_stats.LoadHandler.as_view('/fuzzer-stats/load')) self.app = webtest.TestApp(flaskapp) data_types.ExternalUserPermission( email='*****@*****.**', entity_kind=data_types.PermissionEntityKind.JOB, entity_name='job1', is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_kind=data_types.PermissionEntityKind.JOB, entity_name='job2', is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.Job(name='job1').put() data_types.Job(name='job2').put() data_types.Job(name='job3').put()
def post(self): """Handle a post request.""" email = utils.normalize_email(request.get('email')) entity_kind = request.get('entity_kind') entity_name = request.get('entity_name') is_prefix = request.get('is_prefix') auto_cc = request.get('auto_cc') if not email: raise helpers.EarlyExitException('No email provided.', 400) if not entity_kind or entity_kind == 'undefined': raise helpers.EarlyExitException('No entity_kind provided.', 400) entity_kind = get_value_by_name(USER_PERMISSION_ENTITY_KINDS, entity_kind) if entity_kind is None: raise helpers.EarlyExitException('Invalid entity_kind provided.', 400) if entity_kind == data_types.PermissionEntityKind.UPLOADER: # Enforce null values for entity name and auto-cc when uploader is chosen. entity_name = None auto_cc = data_types.AutoCCType.NONE else: if not entity_name: raise helpers.EarlyExitException('No entity_name provided.', 400) if not auto_cc or auto_cc == 'undefined': raise helpers.EarlyExitException('No auto_cc provided.', 400) auto_cc = get_value_by_name(USER_PERMISSION_AUTO_CC_TYPES, auto_cc) if auto_cc is None: raise helpers.EarlyExitException('Invalid auto_cc provided.', 400) # Check for existing permission. query = data_types.ExternalUserPermission.query( data_types.ExternalUserPermission.email == email, data_types.ExternalUserPermission.entity_kind == entity_kind, data_types.ExternalUserPermission.entity_name == entity_name) permission = query.get() if not permission: # Doesn't exist, create new one. permission = data_types.ExternalUserPermission( email=email, entity_kind=entity_kind, entity_name=entity_name) permission.is_prefix = bool(is_prefix) permission.auto_cc = auto_cc permission.put() helpers.log('Configuration', helpers.MODIFY_OPERATION) template_values = { 'title': 'Success', 'message': (f'User {email} permission for entity {entity_name} ' 'is successfully added. ' 'Redirecting to the configuration page...'), 'redirect_url': '/configuration', } return self.render('message.html', template_values)
def sync_user_permissions(self, project, info): """Sync permissions of project based on project.yaml.""" ccs = ccs_from_info(info) for template in get_jobs_for_project(project, info): job_name = template.job_name(project, self._config_suffix) # Delete removed CCs. existing_ccs = data_types.ExternalUserPermission.query( data_types.ExternalUserPermission.entity_kind == data_types.PermissionEntityKind.JOB, data_types.ExternalUserPermission.entity_name == job_name) ndb_utils.delete_multi([ permission.key for permission in existing_ccs if permission.email not in ccs ]) for cc in ccs: query = data_types.ExternalUserPermission.query( data_types.ExternalUserPermission.email == cc, data_types.ExternalUserPermission.entity_kind == data_types.PermissionEntityKind.JOB, data_types.ExternalUserPermission.entity_name == job_name) existing_permission = query.get() if existing_permission: continue data_types.ExternalUserPermission( email=cc, entity_kind=data_types.PermissionEntityKind.JOB, entity_name=job_name, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put()
def test_allowed(self): """Ensure it is true when check_user_access allows for a specific job_type.""" data_types.ExternalUserPermission( email=self.email, entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, auto_cc=data_types.AutoCCType.ALL).put() self.testcase.job_type = 'job' self.testcase.fuzzer_name = 'fuzzer' self.testcase.security_flag = True self.assertTrue(access.can_user_access_testcase(self.testcase))
def setUp(self): helpers.patch_environ(self) # Fake permissions. data_types.ExternalUserPermission( email='*****@*****.**', entity_name='fuzzer', entity_kind=data_types.PermissionEntityKind.FUZZER, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='fuzz', entity_kind=data_types.PermissionEntityKind.FUZZER, is_prefix=True, auto_cc=data_types.AutoCCType.SECURITY).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='parent_', entity_kind=data_types.PermissionEntityKind.FUZZER, is_prefix=True, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='parent', entity_kind=data_types.PermissionEntityKind.FUZZER, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='parent_cg', entity_kind=data_types.PermissionEntityKind.FUZZER, is_prefix=True, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='parens', entity_kind=data_types.PermissionEntityKind.FUZZER, is_prefix=True, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='parent', entity_kind=data_types.PermissionEntityKind.FUZZER, is_prefix=True, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=True, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job2', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job2', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job3', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.NONE).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name=None, entity_kind=data_types.PermissionEntityKind.UPLOADER, is_prefix=False, auto_cc=data_types.AutoCCType.NONE).put() # Fake fuzzers. data_types.Fuzzer(name='fuzzer').put() data_types.Fuzzer(name='parent', jobs=['job', 'job2', 'job3']).put() data_types.Job(name='job').put() data_types.Job(name='job2').put() data_types.Job(name='job3').put() data_types.FuzzTarget(engine='parent', binary='child', project='test-project').put() data_types.FuzzTargetJob(fuzz_target_name='parent_child', job='job', last_run=datetime.datetime.utcnow()).put() data_types.FuzzTarget(engine='parent', binary='child2', project='test-project').put() data_types.FuzzTargetJob(fuzz_target_name='parent_child2', job='job', last_run=datetime.datetime.utcnow()).put() data_types.FuzzTarget(engine='parent', binary='child', project='test-project').put() data_types.FuzzTargetJob(fuzz_target_name='parent_child', job='job3', last_run=datetime.datetime.utcnow()).put()
def setUp(self): data_types.Job(name='job1', environment_string= 'ISSUE_VIEW_RESTRICTIONS = all\nPROJECT_NAME = proj', platform='linux').put() data_types.Job(name='job2', environment_string='ISSUE_VIEW_RESTRICTIONS = security', platform='linux').put() data_types.Job(name='job3', environment_string='ISSUE_VIEW_RESTRICTIONS = none', platform='linux').put() data_types.Job(name='chromeos_job4', environment_string='', platform='linux').put() data_types.Job(name='ios_job', environment_string='', platform='mac').put() testcase_args = { 'crash_type': 'Heap-use-after-free', 'crash_address': '0x1337', 'crash_state': '1\n2\n3\n', 'crash_stacktrace': 'stack\n', 'fuzzer_name': 'fuzzer', } self.testcase1 = data_types.Testcase(job_type='job1', **testcase_args) self.testcase1.put() self.testcase1_security = data_types.Testcase(security_flag=True, job_type='job1', **testcase_args) self.testcase1_security.put() self.testcase2 = data_types.Testcase(job_type='job2', **testcase_args) self.testcase2.put() self.testcase2_security = data_types.Testcase(security_flag=True, job_type='job2', **testcase_args) self.testcase2_security.put() self.testcase3 = data_types.Testcase(job_type='job3', **testcase_args) self.testcase3.put() self.testcase3_security = data_types.Testcase(job_type='job3', security_flag=True, **testcase_args) self.testcase3_security.put() self.testcase4 = data_types.Testcase(job_type='chromeos_job4', **testcase_args) self.testcase4.put() self.testcase5 = data_types.Testcase( job_type='job', additional_metadata=( '{"issue_labels": "label1 , label2,,", ' '"issue_components": "component1,component2"}'), **testcase_args) self.testcase5.put() self.testcase6 = data_types.Testcase(job_type='job', additional_metadata='invalid', **testcase_args) self.testcase6.put() self.testcase7 = data_types.Testcase(job_type='ios_job4', **testcase_args) self.testcase7.put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job2', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.ALL).put() data_types.ExternalUserPermission( email='*****@*****.**', entity_name='job3', entity_kind=data_types.PermissionEntityKind.JOB, is_prefix=False, auto_cc=data_types.AutoCCType.SECURITY).put() helpers.patch(self, [ 'clusterfuzz._internal.base.utils.utcnow', 'clusterfuzz._internal.datastore.data_handler.get_issue_description', 'libs.issue_management.issue_tracker_policy.get', ]) self.mock.get_issue_description.return_value = 'Issue' self.mock.utcnow.return_value = datetime.datetime(2016, 1, 1)
def _make_permissions(is_prefix, name): perm = data_types.ExternalUserPermission() perm.entity_name = name perm.is_prefix = is_prefix return perm