Add bandit to pipeline
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
parent
2f64397730
commit
c6873c2af3
|
@ -1,2 +1,4 @@
|
||||||
[run]
|
[run]
|
||||||
source = selfprivacy_api
|
source = selfprivacy_api
|
||||||
|
[report]
|
||||||
|
omit = selfprivacy_api/app.py
|
|
@ -10,4 +10,7 @@ steps:
|
||||||
- name: test
|
- name: test
|
||||||
commands:
|
commands:
|
||||||
- coverage run -m pytest -q
|
- coverage run -m pytest -q
|
||||||
- coverage xml
|
- coverage xml
|
||||||
|
- name: bandit
|
||||||
|
commands:
|
||||||
|
- bandit -ll -r selfprivacy_api
|
||||||
|
|
|
@ -181,7 +181,7 @@ class ResticController:
|
||||||
"backup",
|
"backup",
|
||||||
"/var",
|
"/var",
|
||||||
]
|
]
|
||||||
with open("/tmp/backup.log", "w", encoding="utf-8") as log_file:
|
with open("/var/backup.log", "w", encoding="utf-8") as log_file:
|
||||||
subprocess.Popen(
|
subprocess.Popen(
|
||||||
backup_command,
|
backup_command,
|
||||||
shell=False,
|
shell=False,
|
||||||
|
@ -196,7 +196,7 @@ class ResticController:
|
||||||
"""
|
"""
|
||||||
Check progress of ongoing backup operation
|
Check progress of ongoing backup operation
|
||||||
"""
|
"""
|
||||||
backup_status_check_command = ["tail", "-1", "/tmp/backup.log"]
|
backup_status_check_command = ["tail", "-1", "/var/backup.log"]
|
||||||
|
|
||||||
if (
|
if (
|
||||||
self.state == ResticStates.NO_KEY
|
self.state == ResticStates.NO_KEY
|
||||||
|
@ -205,7 +205,7 @@ class ResticController:
|
||||||
return
|
return
|
||||||
|
|
||||||
# If the log file does not exists
|
# If the log file does not exists
|
||||||
if os.path.exists("/tmp/backup.log") is False:
|
if os.path.exists("/var/backup.log") is False:
|
||||||
self.state = ResticStates.INITIALIZED
|
self.state = ResticStates.INITIALIZED
|
||||||
|
|
||||||
with subprocess.Popen(
|
with subprocess.Popen(
|
||||||
|
|
|
@ -5,11 +5,12 @@ import portalocker
|
||||||
|
|
||||||
|
|
||||||
USERDATA_FILE = "/etc/nixos/userdata/userdata.json"
|
USERDATA_FILE = "/etc/nixos/userdata/userdata.json"
|
||||||
|
DOMAIN_FILE = "/var/domain"
|
||||||
|
|
||||||
|
|
||||||
def get_domain():
|
def get_domain():
|
||||||
"""Get domain from /var/domain without trailing new line"""
|
"""Get domain from /var/domain without trailing new line"""
|
||||||
with open("/var/domain", "r", encoding="utf-8") as domain_file:
|
with open(DOMAIN_FILE, "r", encoding="utf-8") as domain_file:
|
||||||
domain = domain_file.readline().rstrip()
|
domain = domain_file.readline().rstrip()
|
||||||
return domain
|
return domain
|
||||||
|
|
||||||
|
|
|
@ -31,12 +31,26 @@ class AuthorizedClient(testing.FlaskClient):
|
||||||
kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
|
kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
|
||||||
return super().open(*args, **kwargs)
|
return super().open(*args, **kwargs)
|
||||||
|
|
||||||
|
class WrongAuthClient(testing.FlaskClient):
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
self.token = "WRONG_TOKEN"
|
||||||
|
|
||||||
|
def open(self, *args, **kwargs):
|
||||||
|
if "headers" not in kwargs:
|
||||||
|
kwargs["headers"] = {}
|
||||||
|
kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
|
||||||
|
return super().open(*args, **kwargs)
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def authorized_client(app):
|
def authorized_client(app):
|
||||||
app.test_client_class = AuthorizedClient
|
app.test_client_class = AuthorizedClient
|
||||||
return app.test_client()
|
return app.test_client()
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def wrong_auth_client(app):
|
||||||
|
app.test_client_class = WrongAuthClient
|
||||||
|
return app.test_client()
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def runner(app):
|
def runner(app):
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# pylint: disable=redefined-outer-name
|
||||||
|
# pylint: disable=unused-argument
|
||||||
|
import json
|
||||||
|
import pytest
|
||||||
|
from selfprivacy_api.utils import get_domain
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def domain_file(mocker, datadir):
|
||||||
|
mocker.patch("selfprivacy_api.utils.DOMAIN_FILE", datadir / "domain")
|
||||||
|
return datadir
|
||||||
|
|
||||||
|
def test_wrong_auth(wrong_auth_client):
|
||||||
|
response = wrong_auth_client.get("/system/pythonVersion")
|
||||||
|
assert response.status_code == 401
|
||||||
|
|
||||||
|
def test_get_domain(authorized_client, domain_file):
|
||||||
|
assert get_domain() == "test-domain.tld"
|
|
@ -0,0 +1 @@
|
||||||
|
test-domain.tld
|
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"backblaze": {
|
||||||
|
"accountId": "ID",
|
||||||
|
"accountKey": "KEY",
|
||||||
|
"bucket": "selfprivacy"
|
||||||
|
},
|
||||||
|
"api": {
|
||||||
|
"token": "TEST_TOKEN",
|
||||||
|
"enableSwagger": false
|
||||||
|
},
|
||||||
|
"bitwarden": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"cloudflare": {
|
||||||
|
"apiKey": "TOKEN"
|
||||||
|
},
|
||||||
|
"databasePassword": "PASSWORD",
|
||||||
|
"domain": "test.tld",
|
||||||
|
"hashedMasterPassword": "HASHED_PASSWORD",
|
||||||
|
"hostname": "test-instance",
|
||||||
|
"nextcloud": {
|
||||||
|
"adminPassword": "ADMIN",
|
||||||
|
"databasePassword": "ADMIN",
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"resticPassword": "PASS",
|
||||||
|
"ssh": {
|
||||||
|
"enable": true,
|
||||||
|
"passwordAuthentication": true,
|
||||||
|
"rootKeys": [
|
||||||
|
"ssh-ed25519 KEY test@pc"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"username": "tester",
|
||||||
|
"gitea": {
|
||||||
|
"enable": false
|
||||||
|
},
|
||||||
|
"ocserv": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"pleroma": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"autoUpgrade": {
|
||||||
|
"enable": false,
|
||||||
|
"allowReboot": false
|
||||||
|
},
|
||||||
|
"timezone": "Europe/Moscow",
|
||||||
|
"sshKeys": [
|
||||||
|
"ssh-rsa KEY test@pc"
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"backblaze": {
|
||||||
|
"accountId": "ID",
|
||||||
|
"accountKey": "KEY",
|
||||||
|
"bucket": "selfprivacy"
|
||||||
|
},
|
||||||
|
"api": {
|
||||||
|
"token": "TEST_TOKEN",
|
||||||
|
"enableSwagger": false
|
||||||
|
},
|
||||||
|
"bitwarden": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"cloudflare": {
|
||||||
|
"apiKey": "TOKEN"
|
||||||
|
},
|
||||||
|
"databasePassword": "PASSWORD",
|
||||||
|
"domain": "test.tld",
|
||||||
|
"hashedMasterPassword": "HASHED_PASSWORD",
|
||||||
|
"hostname": "test-instance",
|
||||||
|
"nextcloud": {
|
||||||
|
"adminPassword": "ADMIN",
|
||||||
|
"databasePassword": "ADMIN",
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"resticPassword": "PASS",
|
||||||
|
"ssh": {
|
||||||
|
"enable": true,
|
||||||
|
"passwordAuthentication": true,
|
||||||
|
"rootKeys": [
|
||||||
|
"ssh-ed25519 KEY test@pc"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"username": "tester",
|
||||||
|
"gitea": {
|
||||||
|
"enable": false
|
||||||
|
},
|
||||||
|
"ocserv": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"pleroma": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"autoUpgrade": {
|
||||||
|
"enable": true,
|
||||||
|
"allowReboot": true
|
||||||
|
},
|
||||||
|
"timezone": "Europe/Moscow",
|
||||||
|
"sshKeys": [
|
||||||
|
"ssh-rsa KEY test@pc"
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
"backblaze": {
|
||||||
|
"accountId": "ID",
|
||||||
|
"accountKey": "KEY",
|
||||||
|
"bucket": "selfprivacy"
|
||||||
|
},
|
||||||
|
"api": {
|
||||||
|
"token": "TEST_TOKEN",
|
||||||
|
"enableSwagger": false
|
||||||
|
},
|
||||||
|
"bitwarden": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"cloudflare": {
|
||||||
|
"apiKey": "TOKEN"
|
||||||
|
},
|
||||||
|
"databasePassword": "PASSWORD",
|
||||||
|
"domain": "test.tld",
|
||||||
|
"hashedMasterPassword": "HASHED_PASSWORD",
|
||||||
|
"hostname": "test-instance",
|
||||||
|
"nextcloud": {
|
||||||
|
"adminPassword": "ADMIN",
|
||||||
|
"databasePassword": "ADMIN",
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"resticPassword": "PASS",
|
||||||
|
"ssh": {
|
||||||
|
"enable": true,
|
||||||
|
"passwordAuthentication": true,
|
||||||
|
"rootKeys": [
|
||||||
|
"ssh-ed25519 KEY test@pc"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"username": "tester",
|
||||||
|
"gitea": {
|
||||||
|
"enable": false
|
||||||
|
},
|
||||||
|
"ocserv": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"pleroma": {
|
||||||
|
"enable": true
|
||||||
|
},
|
||||||
|
"sshKeys": [
|
||||||
|
"ssh-rsa KEY test@pc"
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue