示例#1
0
def run_action(version_id):
    log.info('Checking rules and actions for version %s.', version_id)
    version = Version.objects.get(pk=version_id)

    rule = (
        ScannerRule.objects.filter(scannerresult__version=version,
                                   is_active=True).order_by(
                                       # The `-` sign means descending order.
                                       '-action').first())

    if not rule:
        log.info('No action to execute for version %s.', version_id)
        return

    action_id = rule.action
    action_name = ACTIONS.get(action_id, None)

    if not action_name:
        raise Exception("invalid action %s" % action_id)

    ACTION_FUNCTIONS = {
        NO_ACTION: _no_action,
        FLAG_FOR_HUMAN_REVIEW: _flag_for_human_review,
    }

    action_function = ACTION_FUNCTIONS.get(action_id, None)

    if not action_function:
        raise Exception("no implementation for action %s" % action_id)

    # We have a valid action to execute, so let's do it!
    log.info('Starting action "%s" for version %s.', action_name, version_id)
    action_function(version)
    log.info('Ending action "%s" for version %s.', action_name, version_id)
示例#2
0
    def run_action(cls, version):
        """Try to find and execute an action for a given version, based on the
        scanner results and associated rules.

        If an action is found, it is run synchronously from this method, not in
        a task.
        """
        log.info('Checking rules and actions for version %s.', version.pk)

        rule_model = cls.matched_rules.rel.model
        result_query_name = cls._meta.get_field(
            'matched_rules').related_query_name()

        rule = (
            rule_model.objects.filter(**{
                f'{result_query_name}__version': version, 'is_active': True,
            })
            .order_by(
                # The `-` sign means descending order.
                '-action'
            )
            .first()
        )

        if not rule:
            log.info('No action to execute for version %s.', version.pk)
            return

        action_id = rule.action
        action_name = ACTIONS.get(action_id, None)

        if not action_name:
            raise Exception("invalid action %s" % action_id)

        ACTION_FUNCTIONS = {
            NO_ACTION: _no_action,
            FLAG_FOR_HUMAN_REVIEW: _flag_for_human_review,
            DELAY_AUTO_APPROVAL: _delay_auto_approval,
            DELAY_AUTO_APPROVAL_INDEFINITELY: (
                _delay_auto_approval_indefinitely),
        }

        action_function = ACTION_FUNCTIONS.get(action_id, None)

        if not action_function:
            raise Exception("no implementation for action %s" % action_id)

        # We have a valid action to execute, so let's do it!
        log.info(
            'Starting action "%s" for version %s.', action_name, version.pk)
        action_function(version)
        log.info('Ending action "%s" for version %s.', action_name, version.pk)
示例#3
0
def run_action(version_id):
    """This function tries to find an action to execute for a given version,
    based on the scanner results and associated rules.

    It is not run as a Celery task but as a simple function, in the
    auto_approve CRON."""
    log.info('Checking rules and actions for version %s.', version_id)
    version = Version.objects.get(pk=version_id)

    rule = (
        ScannerRule.objects.filter(
            scannerresult__version=version, is_active=True
        )
        .order_by(
            # The `-` sign means descending order.
            '-action'
        )
        .first()
    )

    if not rule:
        log.info('No action to execute for version %s.', version_id)
        return

    action_id = rule.action
    action_name = ACTIONS.get(action_id, None)

    if not action_name:
        raise Exception("invalid action %s" % action_id)

    ACTION_FUNCTIONS = {
        NO_ACTION: _no_action,
        FLAG_FOR_HUMAN_REVIEW: _flag_for_human_review,
        DELAY_AUTO_APPROVAL: _delay_auto_approval,
        DELAY_AUTO_APPROVAL_INDEFINITELY: _delay_auto_approval_indefinitely,
    }

    action_function = ACTION_FUNCTIONS.get(action_id, None)

    if not action_function:
        raise Exception("no implementation for action %s" % action_id)

    # We have a valid action to execute, so let's do it!
    log.info('Starting action "%s" for version %s.', action_name, version_id)
    action_function(version)
    log.info('Ending action "%s" for version %s.', action_name, version_id)
示例#4
0
    def run_action(cls, version):
        """Try to find and execute an action for a given version, based on the
        scanner results and associated rules.

        If an action is found, it is run synchronously from this method, not in
        a task.
        """
        log.info('Checking rules and actions for version %s.', version.pk)

        try:
            mad_result = cls.objects.filter(version=version, scanner=MAD).get()
            customs = mad_result.results.get('scanners', {}).get('customs', {})
            customs_score = customs.get('score', 0.5)
            customs_models_agree = customs.get('result_details', {}).get(
                'models_agree', True
            )

            if (
                customs_score <= 0.01 or
                customs_score >= 0.99 or
                not customs_models_agree
            ):
                log.info('Flagging version %s for human review by MAD.',
                         version.pk)
                _flag_for_human_review_by_scanner(version, MAD)
        except cls.DoesNotExist:
            log.info('No MAD scanner result for version %s.', version.pk)
            pass

        rule_model = cls.matched_rules.rel.model
        result_query_name = cls._meta.get_field(
            'matched_rules'
        ).related_query_name()

        rule = (
            rule_model.objects.filter(
                **{f'{result_query_name}__version': version, 'is_active': True}
            )
            .order_by(
                # The `-` sign means descending order.
                '-action'
            )
            .first()
        )

        if not rule:
            log.info('No action to execute for version %s.', version.pk)
            return

        action_id = rule.action
        action_name = ACTIONS.get(action_id, None)

        if not action_name:
            raise Exception("invalid action %s" % action_id)

        ACTION_FUNCTIONS = {
            NO_ACTION: _no_action,
            FLAG_FOR_HUMAN_REVIEW: _flag_for_human_review,
            DELAY_AUTO_APPROVAL: _delay_auto_approval,
            DELAY_AUTO_APPROVAL_INDEFINITELY: (
                _delay_auto_approval_indefinitely
            ),
        }

        action_function = ACTION_FUNCTIONS.get(action_id, None)

        if not action_function:
            raise Exception("no implementation for action %s" % action_id)

        # We have a valid action to execute, so let's do it!
        log.info(
            'Starting action "%s" for version %s.', action_name, version.pk
        )
        action_function(version)
        log.info('Ending action "%s" for version %s.', action_name, version.pk)