Browse Source

Add bandit to pipeline

pull/7/head
Inex Code 12 months ago
parent
commit
c6873c2af3
  1. 4
      .coveragerc
  2. 5
      .drone.yml
  3. 6
      selfprivacy_api/restic_controller/__init__.py
  4. 3
      selfprivacy_api/utils.py
  5. 14
      tests/conftest.py
  6. 17
      tests/test_system.py
  7. 1
      tests/test_system/domain
  8. 52
      tests/test_system/turned_off.json
  9. 52
      tests/test_system/turned_on.json
  10. 47
      tests/test_system/undefined.json

4
.coveragerc

@ -1,2 +1,4 @@
[run]
source = selfprivacy_api
source = selfprivacy_api
[report]
omit = selfprivacy_api/app.py

5
.drone.yml

@ -10,4 +10,7 @@ steps:
- name: test
commands:
- coverage run -m pytest -q
- coverage xml
- coverage xml
- name: bandit
commands:
- bandit -ll -r selfprivacy_api

6
selfprivacy_api/restic_controller/__init__.py

@ -181,7 +181,7 @@ class ResticController:
"backup",
"/var",
]
with open("/tmp/backup.log", "w", encoding="utf-8") as log_file:
with open("/var/backup.log", "w", encoding="utf-8") as log_file:
subprocess.Popen(
backup_command,
shell=False,
@ -196,7 +196,7 @@ class ResticController:
"""
Check progress of ongoing backup operation
"""
backup_status_check_command = ["tail", "-1", "/tmp/backup.log"]
backup_status_check_command = ["tail", "-1", "/var/backup.log"]
if (
self.state == ResticStates.NO_KEY
@ -205,7 +205,7 @@ class ResticController:
return
# If the log file does not exists
if os.path.exists("/tmp/backup.log") is False:
if os.path.exists("/var/backup.log") is False:
self.state = ResticStates.INITIALIZED
with subprocess.Popen(

3
selfprivacy_api/utils.py

@ -5,11 +5,12 @@ import portalocker
USERDATA_FILE = "/etc/nixos/userdata/userdata.json"
DOMAIN_FILE = "/var/domain"
def get_domain():
"""Get domain from /var/domain without trailing new line"""
with open("/var/domain", "r", encoding="utf-8") as domain_file:
with open(DOMAIN_FILE, "r", encoding="utf-8") as domain_file:
domain = domain_file.readline().rstrip()
return domain

14
tests/conftest.py

@ -31,12 +31,26 @@ class AuthorizedClient(testing.FlaskClient):
kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
return super().open(*args, **kwargs)
class WrongAuthClient(testing.FlaskClient):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.token = "WRONG_TOKEN"
def open(self, *args, **kwargs):
if "headers" not in kwargs:
kwargs["headers"] = {}
kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
return super().open(*args, **kwargs)
@pytest.fixture
def authorized_client(app):
app.test_client_class = AuthorizedClient
return app.test_client()
@pytest.fixture
def wrong_auth_client(app):
app.test_client_class = WrongAuthClient
return app.test_client()
@pytest.fixture
def runner(app):

17
tests/test_system.py

@ -0,0 +1,17 @@
# pylint: disable=redefined-outer-name
# pylint: disable=unused-argument
import json
import pytest
from selfprivacy_api.utils import get_domain
@pytest.fixture
def domain_file(mocker, datadir):
mocker.patch("selfprivacy_api.utils.DOMAIN_FILE", datadir / "domain")
return datadir
def test_wrong_auth(wrong_auth_client):
response = wrong_auth_client.get("/system/pythonVersion")
assert response.status_code == 401
def test_get_domain(authorized_client, domain_file):
assert get_domain() == "test-domain.tld"

1
tests/test_system/domain

@ -0,0 +1 @@
test-domain.tld

52
tests/test_system/turned_off.json

@ -0,0 +1,52 @@
{
"backblaze": {
"accountId": "ID",
"accountKey": "KEY",
"bucket": "selfprivacy"
},
"api": {
"token": "TEST_TOKEN",
"enableSwagger": false
},
"bitwarden": {
"enable": true
},
"cloudflare": {
"apiKey": "TOKEN"
},
"databasePassword": "PASSWORD",
"domain": "test.tld",
"hashedMasterPassword": "HASHED_PASSWORD",
"hostname": "test-instance",
"nextcloud": {
"adminPassword": "ADMIN",
"databasePassword": "ADMIN",
"enable": true
},
"resticPassword": "PASS",
"ssh": {
"enable": true,
"passwordAuthentication": true,
"rootKeys": [
"ssh-ed25519 KEY test@pc"
]
},
"username": "tester",
"gitea": {
"enable": false
},
"ocserv": {
"enable": true
},
"pleroma": {
"enable": true
},
"autoUpgrade": {
"enable": false,
"allowReboot": false
},
"timezone": "Europe/Moscow",
"sshKeys": [
"ssh-rsa KEY test@pc"
]
}

52
tests/test_system/turned_on.json

@ -0,0 +1,52 @@
{
"backblaze": {
"accountId": "ID",
"accountKey": "KEY",
"bucket": "selfprivacy"
},
"api": {
"token": "TEST_TOKEN",
"enableSwagger": false
},
"bitwarden": {
"enable": true
},
"cloudflare": {
"apiKey": "TOKEN"
},
"databasePassword": "PASSWORD",
"domain": "test.tld",
"hashedMasterPassword": "HASHED_PASSWORD",
"hostname": "test-instance",
"nextcloud": {
"adminPassword": "ADMIN",
"databasePassword": "ADMIN",
"enable": true
},
"resticPassword": "PASS",
"ssh": {
"enable": true,
"passwordAuthentication": true,
"rootKeys": [
"ssh-ed25519 KEY test@pc"
]
},
"username": "tester",
"gitea": {
"enable": false
},
"ocserv": {
"enable": true
},
"pleroma": {
"enable": true
},
"autoUpgrade": {
"enable": true,
"allowReboot": true
},
"timezone": "Europe/Moscow",
"sshKeys": [
"ssh-rsa KEY test@pc"
]
}

47
tests/test_system/undefined.json

@ -0,0 +1,47 @@
{
"backblaze": {
"accountId": "ID",
"accountKey": "KEY",
"bucket": "selfprivacy"
},
"api": {
"token": "TEST_TOKEN",
"enableSwagger": false
},
"bitwarden": {
"enable": true
},
"cloudflare": {
"apiKey": "TOKEN"
},
"databasePassword": "PASSWORD",
"domain": "test.tld",
"hashedMasterPassword": "HASHED_PASSWORD",
"hostname": "test-instance",
"nextcloud": {
"adminPassword": "ADMIN",
"databasePassword": "ADMIN",
"enable": true
},
"resticPassword": "PASS",
"ssh": {
"enable": true,
"passwordAuthentication": true,
"rootKeys": [
"ssh-ed25519 KEY test@pc"
]
},
"username": "tester",
"gitea": {
"enable": false
},
"ocserv": {
"enable": true
},
"pleroma": {
"enable": true
},
"sshKeys": [
"ssh-rsa KEY test@pc"
]
}
Loading…
Cancel
Save