From c6873c2af39b58a36ba9988b15fa6fd22b7b7843 Mon Sep 17 00:00:00 2001 From: Inex Code Date: Wed, 15 Dec 2021 10:58:58 +0300 Subject: [PATCH] Add bandit to pipeline --- .coveragerc | 4 +- .drone.yml | 5 +- selfprivacy_api/restic_controller/__init__.py | 6 +-- selfprivacy_api/utils.py | 3 +- tests/conftest.py | 14 +++++ tests/test_system.py | 17 ++++++ tests/test_system/domain | 1 + tests/test_system/turned_off.json | 52 +++++++++++++++++++ tests/test_system/turned_on.json | 52 +++++++++++++++++++ tests/test_system/undefined.json | 47 +++++++++++++++++ 10 files changed, 195 insertions(+), 6 deletions(-) create mode 100644 tests/test_system.py create mode 100644 tests/test_system/domain create mode 100644 tests/test_system/turned_off.json create mode 100644 tests/test_system/turned_on.json create mode 100644 tests/test_system/undefined.json diff --git a/.coveragerc b/.coveragerc index f227e0f..0e4ede6 100644 --- a/.coveragerc +++ b/.coveragerc @@ -1,2 +1,4 @@ [run] -source = selfprivacy_api \ No newline at end of file +source = selfprivacy_api +[report] +omit = selfprivacy_api/app.py \ No newline at end of file diff --git a/.drone.yml b/.drone.yml index c094c91..0f30dc5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,4 +10,7 @@ steps: - name: test commands: - coverage run -m pytest -q - - coverage xml \ No newline at end of file + - coverage xml +- name: bandit + commands: + - bandit -ll -r selfprivacy_api diff --git a/selfprivacy_api/restic_controller/__init__.py b/selfprivacy_api/restic_controller/__init__.py index cefef53..be533ac 100644 --- a/selfprivacy_api/restic_controller/__init__.py +++ b/selfprivacy_api/restic_controller/__init__.py @@ -181,7 +181,7 @@ class ResticController: "backup", "/var", ] - with open("/tmp/backup.log", "w", encoding="utf-8") as log_file: + with open("/var/backup.log", "w", encoding="utf-8") as log_file: subprocess.Popen( backup_command, shell=False, @@ -196,7 +196,7 @@ class ResticController: """ Check progress of ongoing backup operation """ - backup_status_check_command = ["tail", "-1", "/tmp/backup.log"] + backup_status_check_command = ["tail", "-1", "/var/backup.log"] if ( self.state == ResticStates.NO_KEY @@ -205,7 +205,7 @@ class ResticController: return # If the log file does not exists - if os.path.exists("/tmp/backup.log") is False: + if os.path.exists("/var/backup.log") is False: self.state = ResticStates.INITIALIZED with subprocess.Popen( diff --git a/selfprivacy_api/utils.py b/selfprivacy_api/utils.py index 1b0c43c..7ed2b57 100644 --- a/selfprivacy_api/utils.py +++ b/selfprivacy_api/utils.py @@ -5,11 +5,12 @@ import portalocker USERDATA_FILE = "/etc/nixos/userdata/userdata.json" +DOMAIN_FILE = "/var/domain" def get_domain(): """Get domain from /var/domain without trailing new line""" - with open("/var/domain", "r", encoding="utf-8") as domain_file: + with open(DOMAIN_FILE, "r", encoding="utf-8") as domain_file: domain = domain_file.readline().rstrip() return domain diff --git a/tests/conftest.py b/tests/conftest.py index e963224..93f1e04 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -31,12 +31,26 @@ class AuthorizedClient(testing.FlaskClient): kwargs["headers"]["Authorization"] = f"Bearer {self.token}" return super().open(*args, **kwargs) +class WrongAuthClient(testing.FlaskClient): + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.token = "WRONG_TOKEN" + + def open(self, *args, **kwargs): + if "headers" not in kwargs: + kwargs["headers"] = {} + kwargs["headers"]["Authorization"] = f"Bearer {self.token}" + return super().open(*args, **kwargs) @pytest.fixture def authorized_client(app): app.test_client_class = AuthorizedClient return app.test_client() +@pytest.fixture +def wrong_auth_client(app): + app.test_client_class = WrongAuthClient + return app.test_client() @pytest.fixture def runner(app): diff --git a/tests/test_system.py b/tests/test_system.py new file mode 100644 index 0000000..33aed6f --- /dev/null +++ b/tests/test_system.py @@ -0,0 +1,17 @@ +# pylint: disable=redefined-outer-name +# pylint: disable=unused-argument +import json +import pytest +from selfprivacy_api.utils import get_domain + +@pytest.fixture +def domain_file(mocker, datadir): + mocker.patch("selfprivacy_api.utils.DOMAIN_FILE", datadir / "domain") + return datadir + +def test_wrong_auth(wrong_auth_client): + response = wrong_auth_client.get("/system/pythonVersion") + assert response.status_code == 401 + +def test_get_domain(authorized_client, domain_file): + assert get_domain() == "test-domain.tld" diff --git a/tests/test_system/domain b/tests/test_system/domain new file mode 100644 index 0000000..3679d0d --- /dev/null +++ b/tests/test_system/domain @@ -0,0 +1 @@ +test-domain.tld \ No newline at end of file diff --git a/tests/test_system/turned_off.json b/tests/test_system/turned_off.json new file mode 100644 index 0000000..f451683 --- /dev/null +++ b/tests/test_system/turned_off.json @@ -0,0 +1,52 @@ +{ + "backblaze": { + "accountId": "ID", + "accountKey": "KEY", + "bucket": "selfprivacy" + }, + "api": { + "token": "TEST_TOKEN", + "enableSwagger": false + }, + "bitwarden": { + "enable": true + }, + "cloudflare": { + "apiKey": "TOKEN" + }, + "databasePassword": "PASSWORD", + "domain": "test.tld", + "hashedMasterPassword": "HASHED_PASSWORD", + "hostname": "test-instance", + "nextcloud": { + "adminPassword": "ADMIN", + "databasePassword": "ADMIN", + "enable": true + }, + "resticPassword": "PASS", + "ssh": { + "enable": true, + "passwordAuthentication": true, + "rootKeys": [ + "ssh-ed25519 KEY test@pc" + ] + }, + "username": "tester", + "gitea": { + "enable": false + }, + "ocserv": { + "enable": true + }, + "pleroma": { + "enable": true + }, + "autoUpgrade": { + "enable": false, + "allowReboot": false + }, + "timezone": "Europe/Moscow", + "sshKeys": [ + "ssh-rsa KEY test@pc" + ] +} \ No newline at end of file diff --git a/tests/test_system/turned_on.json b/tests/test_system/turned_on.json new file mode 100644 index 0000000..337e47f --- /dev/null +++ b/tests/test_system/turned_on.json @@ -0,0 +1,52 @@ +{ + "backblaze": { + "accountId": "ID", + "accountKey": "KEY", + "bucket": "selfprivacy" + }, + "api": { + "token": "TEST_TOKEN", + "enableSwagger": false + }, + "bitwarden": { + "enable": true + }, + "cloudflare": { + "apiKey": "TOKEN" + }, + "databasePassword": "PASSWORD", + "domain": "test.tld", + "hashedMasterPassword": "HASHED_PASSWORD", + "hostname": "test-instance", + "nextcloud": { + "adminPassword": "ADMIN", + "databasePassword": "ADMIN", + "enable": true + }, + "resticPassword": "PASS", + "ssh": { + "enable": true, + "passwordAuthentication": true, + "rootKeys": [ + "ssh-ed25519 KEY test@pc" + ] + }, + "username": "tester", + "gitea": { + "enable": false + }, + "ocserv": { + "enable": true + }, + "pleroma": { + "enable": true + }, + "autoUpgrade": { + "enable": true, + "allowReboot": true + }, + "timezone": "Europe/Moscow", + "sshKeys": [ + "ssh-rsa KEY test@pc" + ] +} \ No newline at end of file diff --git a/tests/test_system/undefined.json b/tests/test_system/undefined.json new file mode 100644 index 0000000..b67b296 --- /dev/null +++ b/tests/test_system/undefined.json @@ -0,0 +1,47 @@ +{ + "backblaze": { + "accountId": "ID", + "accountKey": "KEY", + "bucket": "selfprivacy" + }, + "api": { + "token": "TEST_TOKEN", + "enableSwagger": false + }, + "bitwarden": { + "enable": true + }, + "cloudflare": { + "apiKey": "TOKEN" + }, + "databasePassword": "PASSWORD", + "domain": "test.tld", + "hashedMasterPassword": "HASHED_PASSWORD", + "hostname": "test-instance", + "nextcloud": { + "adminPassword": "ADMIN", + "databasePassword": "ADMIN", + "enable": true + }, + "resticPassword": "PASS", + "ssh": { + "enable": true, + "passwordAuthentication": true, + "rootKeys": [ + "ssh-ed25519 KEY test@pc" + ] + }, + "username": "tester", + "gitea": { + "enable": false + }, + "ocserv": { + "enable": true + }, + "pleroma": { + "enable": true + }, + "sshKeys": [ + "ssh-rsa KEY test@pc" + ] +} \ No newline at end of file