gitlabcis 1.3.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- gitlabcis/__init__.py +12 -0
- gitlabcis/__main__.py +7 -0
- gitlabcis/benchmarks/__init__.py +8 -0
- gitlabcis/benchmarks/artifacts_4/__init__.py +4 -0
- gitlabcis/benchmarks/artifacts_4/access_to_artifacts_4_2.py +139 -0
- gitlabcis/benchmarks/artifacts_4/origin_traceability_4_4.py +11 -0
- gitlabcis/benchmarks/artifacts_4/package_registries_4_3.py +105 -0
- gitlabcis/benchmarks/artifacts_4/verification_4_1.py +83 -0
- gitlabcis/benchmarks/build_pipelines_2/__init__.py +4 -0
- gitlabcis/benchmarks/build_pipelines_2/build_environment_2_1.py +268 -0
- gitlabcis/benchmarks/build_pipelines_2/build_worker_2_2.py +129 -0
- gitlabcis/benchmarks/build_pipelines_2/pipeline_instructions_2_3.py +444 -0
- gitlabcis/benchmarks/build_pipelines_2/pipeline_integrity_2_4.py +146 -0
- gitlabcis/benchmarks/dependencies_3/__init__.py +2 -0
- gitlabcis/benchmarks/dependencies_3/third_party_packages_3_1.py +171 -0
- gitlabcis/benchmarks/dependencies_3/validate_packages_3_2.py +182 -0
- gitlabcis/benchmarks/deployment_5/__init__.py +2 -0
- gitlabcis/benchmarks/deployment_5/deployment_configuration_5_1.py +165 -0
- gitlabcis/benchmarks/deployment_5/deployment_environment_5_2.py +66 -0
- gitlabcis/benchmarks/source_code_1/__init__.py +6 -0
- gitlabcis/benchmarks/source_code_1/code_changes_1_1.py +665 -0
- gitlabcis/benchmarks/source_code_1/code_risks_1_5.py +506 -0
- gitlabcis/benchmarks/source_code_1/contribution_access_1_3.py +334 -0
- gitlabcis/benchmarks/source_code_1/repository_management_1_2.py +168 -0
- gitlabcis/benchmarks/source_code_1/third_party_1_4.py +139 -0
- gitlabcis/cli/__init__.py +0 -0
- gitlabcis/cli/log.py +30 -0
- gitlabcis/cli/main.py +541 -0
- gitlabcis/cli/output.py +151 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/external_auth_server.yml +51 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/limit_artifact_uploaders.yml +57 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/limit_certifying_artifacts.yml +53 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/minimum_package_registry_admins.yml +54 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/readme.md +14 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/require_mfa_to_package_registry.yml +52 -0
- gitlabcis/recommendations/artifacts_4/access_to_artifacts_4_2/restrict_anonymous_access.yml +67 -0
- gitlabcis/recommendations/artifacts_4/origin_traceability_4_4/artifact_origin_info.yml +56 -0
- gitlabcis/recommendations/artifacts_4/origin_traceability_4_4/readme.md +7 -0
- gitlabcis/recommendations/artifacts_4/package_registries_4_3/all_artifact_versions_signed.yml +70 -0
- gitlabcis/recommendations/artifacts_4/package_registries_4_3/audit_package_registry_config.yml +46 -0
- gitlabcis/recommendations/artifacts_4/package_registries_4_3/readme.md +12 -0
- gitlabcis/recommendations/artifacts_4/package_registries_4_3/secure_repo_webhooks.yml +50 -0
- gitlabcis/recommendations/artifacts_4/package_registries_4_3/validate_signed_artifacts_on_upload.yml +72 -0
- gitlabcis/recommendations/artifacts_4/readme.md +12 -0
- gitlabcis/recommendations/artifacts_4/verification_4_1/encrypt_artifacts_before_distribution.yml +47 -0
- gitlabcis/recommendations/artifacts_4/verification_4_1/only_authorized_platforms_can_decrypt_artifacts.yml +59 -0
- gitlabcis/recommendations/artifacts_4/verification_4_1/readme.md +11 -0
- gitlabcis/recommendations/artifacts_4/verification_4_1/sign_artifacts_in_build_pipeline.yml +40 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/authenticate_build_access.yml +55 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/build_automation.yml +54 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/build_env_admins.yml +55 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/build_logging.yml +49 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/disable_build_tools_default_passwords.yml +54 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/immutable_pipeline_infrastructure.yml +60 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/limit_build_access.yml +64 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/limit_build_secrets_scope.yml +56 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/readme.md +19 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/secure_build_env_webhooks.yml +43 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/single_responsibility_pipeline.yml +58 -0
- gitlabcis/recommendations/build_pipelines_2/build_environment_2_1/vuln_scanning.yml +64 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/build_worker_vuln_scanning.yml +58 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/monitor_worker_resource_consumption.yml +59 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/pass_worker_envs_and_commands.yml +48 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/readme.md +16 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/restrict_worker_connectivity.yml +61 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/segregate_worker_duties.yml +78 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/single_use_workers.yml +47 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/store_worker_config.yml +62 -0
- gitlabcis/recommendations/build_pipelines_2/build_worker_2_2/worker_runtime_security.yml +37 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/build_stage_io.yml +49 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/build_steps_as_code.yml +42 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/limit_pipeline_triggers.yml +76 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/pipeline_misconfiguration_scanning.yml +48 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/pipeline_secret_scanning.yml +56 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/pipeline_vuln_scanning.yml +44 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/readme.md +16 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/secure_pipeline_output.yml +52 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_instructions_2_3/track_pipeline_files.yml +48 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/create_reproducible_artifacts.yml +52 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/lock_dependencies.yml +59 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/pipeline_produces_sbom.yml +81 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/pipeline_signs_sbom.yml +38 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/readme.md +14 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/sign_artifacts.yml +35 -0
- gitlabcis/recommendations/build_pipelines_2/pipeline_integrity_2_4/validate_dependencies.yml +63 -0
- gitlabcis/recommendations/build_pipelines_2/readme.md +12 -0
- gitlabcis/recommendations/dependencies_3/readme.md +10 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/define_package_managers.yml +84 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/dependency_sbom.yml +84 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/monitor_dependencies.yml +61 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/packages_over_60_days_old.yml +95 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/pin_dependency_version.yml +48 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/readme.md +14 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/third_party_sbom_required.yml +70 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/verify_artifacts.yml +45 -0
- gitlabcis/recommendations/dependencies_3/third_party_packages_3_1/verify_signed_metadata.yml +41 -0
- gitlabcis/recommendations/dependencies_3/validate_packages_3_2/org_wide_dependency_policy.yml +47 -0
- gitlabcis/recommendations/dependencies_3/validate_packages_3_2/package_license_scanning.yml +47 -0
- gitlabcis/recommendations/dependencies_3/validate_packages_3_2/package_ownership_change.yml +42 -0
- gitlabcis/recommendations/dependencies_3/validate_packages_3_2/package_vuln_scanning.yml +62 -0
- gitlabcis/recommendations/dependencies_3/validate_packages_3_2/readme.md +10 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/audit_deployment_config.yml +46 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/limit_deployment_config_access.yml +51 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/pin_deployment_config_manifests.yml +59 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/readme.md +13 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/scan_iac.yml +72 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/secret_scan_deployment_config.yml +45 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/separate_deployment_config.yml +50 -0
- gitlabcis/recommendations/deployment_5/deployment_configuration_5_1/verify_deployment_config.yml +49 -0
- gitlabcis/recommendations/deployment_5/deployment_environment_5_2/automate_deployment.yml +47 -0
- gitlabcis/recommendations/deployment_5/deployment_environment_5_2/disable_default_passwords.yml +63 -0
- gitlabcis/recommendations/deployment_5/deployment_environment_5_2/limit_prod_access.yml +45 -0
- gitlabcis/recommendations/deployment_5/deployment_environment_5_2/readme.md +12 -0
- gitlabcis/recommendations/deployment_5/deployment_environment_5_2/reproducible_deployment.yml +50 -0
- gitlabcis/recommendations/deployment_5/readme.md +10 -0
- gitlabcis/recommendations/readme.md +24 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/audit_branch_protections.yml +56 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/auto_risk_scan_merges.yml +62 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/branch_protections_for_admins.yml +60 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/branches_updated_before_merging.yml +56 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/checks_pass_before_merging.yml +57 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_approval_dismissals.yml +62 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_approvals.yml +65 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_changes_require_code_owners.yml +68 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_dismissal_restrictions.yml +69 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_owners.yml +61 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/code_tracing.yml +52 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/comments_resolved_before_merging.yml +59 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/commits_must_be_signed_before_merging.yml +63 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/default_branch_protected.yml +85 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/deny_branch_deletions.yml +76 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/ensure_force_push_is_denied.yml +59 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/linear_history_required.yml +56 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/merging_restrictions.yml +65 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/readme.md +26 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/stale_branch_reviews.yml +72 -0
- gitlabcis/recommendations/source_code_1/code_changes_1_1/version_control.yml +45 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/dast_api_scanning.yml +50 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/dast_web_scanning.yml +51 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/dependency_scanning.yml +84 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/enable_secret_detection.yml +45 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/license_scanning.yml +47 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/readme.md +14 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/secure_iac_instructions.yml +81 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/secure_pipeline_instructions.yml +62 -0
- gitlabcis/recommendations/source_code_1/code_risks_1_5/vulnerability_scanning.yml +48 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/domain_verification.yml +65 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/ensure_2_admins_per_repo.yml +56 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/limit_top_level_group_creation.yml +61 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/limit_user_registration_domain.yml +58 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/minimum_number_of_admins.yml +56 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/org_provided_ssh_certs.yml +70 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/readme.md +21 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/require_mfa_at_org_level.yml +89 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/require_mfa_for_contributors.yml +76 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/restrict_ip_addresses.yml +84 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/review_and_remove_inactive_users.yml +62 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/scm_notification_restriction.yml +46 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/strict_permissions_for_repo.yml +62 -0
- gitlabcis/recommendations/source_code_1/contribution_access_1_3/track_code_anomalies.yml +43 -0
- gitlabcis/recommendations/source_code_1/readme.md +13 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/limit_issue_deletions.yml +57 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/limit_repo_creations.yml +64 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/limit_repo_deletions.yml +57 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/public_repos_have_security_file.yml +59 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/readme.md +15 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/review_and_archive_stale_repos.yml +65 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/track_forks.yml +74 -0
- gitlabcis/recommendations/source_code_1/repository_management_1_2/track_project_visibility_status.yml +74 -0
- gitlabcis/recommendations/source_code_1/third_party_1_4/README.md +12 -0
- gitlabcis/recommendations/source_code_1/third_party_1_4/admin_approval_for_app_installs.yml +83 -0
- gitlabcis/recommendations/source_code_1/third_party_1_4/least_privilge_app_permissions.yml +103 -0
- gitlabcis/recommendations/source_code_1/third_party_1_4/secure_webhooks.yml +73 -0
- gitlabcis/recommendations/source_code_1/third_party_1_4/stale_app_reviews.yml +66 -0
- gitlabcis/recommendations/template.yml +30 -0
- gitlabcis/tests/__init__.py +0 -0
- gitlabcis/tests/input/__init__.py +0 -0
- gitlabcis/tests/input/conftest.py +29 -0
- gitlabcis/tests/input/no_input_test.py +82 -0
- gitlabcis/tests/input/switch_test.py +19 -0
- gitlabcis/tests/input/version_test.py +7 -0
- gitlabcis/tests/unit/__init__.py +0 -0
- gitlabcis/tests/unit/benchmarks/artifacts_4/access_to_artifacts_4_2_test.py +131 -0
- gitlabcis/tests/unit/benchmarks/artifacts_4/origin_traceability_4_4_test.py +15 -0
- gitlabcis/tests/unit/benchmarks/artifacts_4/package_registries_4_3_test.py +102 -0
- gitlabcis/tests/unit/benchmarks/artifacts_4/verification_4_1_test.py +78 -0
- gitlabcis/tests/unit/benchmarks/build_pipelines_2/build_environment_2_1_test.py +239 -0
- gitlabcis/tests/unit/benchmarks/build_pipelines_2/build_worker_2_2_test.py +105 -0
- gitlabcis/tests/unit/benchmarks/build_pipelines_2/pipeline_instructions_2_3_test.py +340 -0
- gitlabcis/tests/unit/benchmarks/build_pipelines_2/pipeline_integrity_2_4_test.py +115 -0
- gitlabcis/tests/unit/benchmarks/conftest.py +47 -0
- gitlabcis/tests/unit/benchmarks/dependencies_3/third_party_packages_3_1_test.py +135 -0
- gitlabcis/tests/unit/benchmarks/dependencies_3/validate_packages_3_2_test.py +171 -0
- gitlabcis/tests/unit/benchmarks/deployment_5/deployment_configuration_5_1_test.py +140 -0
- gitlabcis/tests/unit/benchmarks/deployment_5/deployment_environment_5_2_test.py +60 -0
- gitlabcis/tests/unit/benchmarks/function_test.py +24 -0
- gitlabcis/tests/unit/benchmarks/source_code_1/code_changes_1_1_test.py +565 -0
- gitlabcis/tests/unit/benchmarks/source_code_1/code_risks_1_5_test.py +419 -0
- gitlabcis/tests/unit/benchmarks/source_code_1/contribution_access_1_3_test.py +265 -0
- gitlabcis/tests/unit/benchmarks/source_code_1/repository_management_1_2_test.py +142 -0
- gitlabcis/tests/unit/benchmarks/source_code_1/third_party_1_4_test.py +119 -0
- gitlabcis/tests/unit/conftest.py +94 -0
- gitlabcis/tests/unit/log/log_test.py +23 -0
- gitlabcis/tests/unit/utils/argfilters_test.py +9 -0
- gitlabcis/tests/unit/utils/ci_test.py +156 -0
- gitlabcis/tests/unit/utils/output_test.py +95 -0
- gitlabcis/tests/unit/utils/utils_general_test.py +149 -0
- gitlabcis/tests/unit/utils/version_test.py +11 -0
- gitlabcis/tests/unit/yaml/bad_file_test.py +15 -0
- gitlabcis/tests/unit/yaml/recommendation_test.py +123 -0
- gitlabcis/utils/__init__.py +146 -0
- gitlabcis/utils/ci.py +132 -0
- gitlabcis-1.3.2.dist-info/LICENSE +21 -0
- gitlabcis-1.3.2.dist-info/METADATA +241 -0
- gitlabcis-1.3.2.dist-info/RECORD +218 -0
- gitlabcis-1.3.2.dist-info/WHEEL +5 -0
- gitlabcis-1.3.2.dist-info/entry_points.txt +2 -0
- gitlabcis-1.3.2.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,340 @@
|
|
|
1
|
+
# -----------------------------------------------------------------------------
|
|
2
|
+
|
|
3
|
+
import base64
|
|
4
|
+
from unittest.mock import Mock, patch
|
|
5
|
+
|
|
6
|
+
import pytest # noqa: F401
|
|
7
|
+
import yaml
|
|
8
|
+
from conftest import run
|
|
9
|
+
from gitlab.exceptions import GitlabHttpError
|
|
10
|
+
|
|
11
|
+
from gitlabcis.benchmarks.build_pipelines_2 import pipeline_instructions_2_3
|
|
12
|
+
|
|
13
|
+
# -----------------------------------------------------------------------------
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
@patch('gitlabcis.utils.ci.getConfig')
|
|
17
|
+
def test_build_steps_as_code(mockGetConfig, glEntity, glObject):
|
|
18
|
+
|
|
19
|
+
test = pipeline_instructions_2_3.build_steps_as_code
|
|
20
|
+
|
|
21
|
+
mockGetConfig.return_value = {'gitlab-ci.yml': 'content'}
|
|
22
|
+
run(glEntity, glObject, test, True)
|
|
23
|
+
|
|
24
|
+
mockGetConfig.return_value = {None: 'No CI file found'}
|
|
25
|
+
run(glEntity, glObject, test, None)
|
|
26
|
+
|
|
27
|
+
mockGetConfig.return_value = {False: 'Invalid CI file'}
|
|
28
|
+
run(glEntity, glObject, test, False)
|
|
29
|
+
|
|
30
|
+
mockGetConfig.side_effect = GitlabHttpError('Error', response_code=401)
|
|
31
|
+
run(glEntity, glObject, test, None)
|
|
32
|
+
|
|
33
|
+
mockGetConfig.side_effect = GitlabHttpError('Error', response_code=418)
|
|
34
|
+
assert test(glEntity, glObject) is None
|
|
35
|
+
|
|
36
|
+
# -----------------------------------------------------------------------------
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
@patch('gitlabcis.utils.ci.getConfig')
|
|
40
|
+
def test_build_stage_io(mockGetConfig, glEntity, glObject):
|
|
41
|
+
|
|
42
|
+
test = pipeline_instructions_2_3.build_stage_io
|
|
43
|
+
|
|
44
|
+
def setup_ci_yaml(yaml_content):
|
|
45
|
+
mock_file = Mock()
|
|
46
|
+
mock_file.content = base64.b64encode(
|
|
47
|
+
yaml.dump(
|
|
48
|
+
yaml_content
|
|
49
|
+
).encode()).decode('utf-8')
|
|
50
|
+
return {mock_file: 'reason'}
|
|
51
|
+
|
|
52
|
+
mockGetConfig.return_value = {None: 'No CI file found'}
|
|
53
|
+
run(glEntity, glObject, test, None)
|
|
54
|
+
|
|
55
|
+
mockGetConfig.return_value = setup_ci_yaml({})
|
|
56
|
+
run(glEntity, glObject, test, False)
|
|
57
|
+
|
|
58
|
+
mockGetConfig.return_value = setup_ci_yaml({'stages': ['test']})
|
|
59
|
+
run(glEntity, glObject, test, False)
|
|
60
|
+
|
|
61
|
+
mockGetConfig.return_value = setup_ci_yaml({'stages': ['build', 'test']})
|
|
62
|
+
run(glEntity, glObject, test, True)
|
|
63
|
+
|
|
64
|
+
mockGetConfig.return_value = setup_ci_yaml({
|
|
65
|
+
'stages': ['build', 'test'],
|
|
66
|
+
'build_job': {'stage': 'build'}
|
|
67
|
+
})
|
|
68
|
+
run(glEntity, glObject, test, False)
|
|
69
|
+
|
|
70
|
+
mockGetConfig.return_value = setup_ci_yaml({
|
|
71
|
+
'stages': ['build', 'test'],
|
|
72
|
+
'build_job': {'stage': 'build', 'script': ['echo "Building"']}
|
|
73
|
+
})
|
|
74
|
+
run(glEntity, glObject, test, False)
|
|
75
|
+
|
|
76
|
+
mockGetConfig.return_value = setup_ci_yaml({
|
|
77
|
+
'stages': ['build', 'test'],
|
|
78
|
+
'build_job': {
|
|
79
|
+
'stage': 'build',
|
|
80
|
+
'script': ['echo "Building"'],
|
|
81
|
+
'artifacts': {'paths': ['build/']}
|
|
82
|
+
}
|
|
83
|
+
})
|
|
84
|
+
run(glEntity, glObject, test, True)
|
|
85
|
+
|
|
86
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=403)
|
|
87
|
+
run(glEntity, glObject, test, None)
|
|
88
|
+
|
|
89
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=418)
|
|
90
|
+
assert test(glEntity, glObject) is None
|
|
91
|
+
|
|
92
|
+
|
|
93
|
+
# -----------------------------------------------------------------------------
|
|
94
|
+
|
|
95
|
+
|
|
96
|
+
def test_secure_pipeline_output(glEntity, glObject):
|
|
97
|
+
|
|
98
|
+
test = pipeline_instructions_2_3.secure_pipeline_output
|
|
99
|
+
|
|
100
|
+
run(glEntity, glObject, test, None)
|
|
101
|
+
|
|
102
|
+
# -----------------------------------------------------------------------------
|
|
103
|
+
|
|
104
|
+
|
|
105
|
+
@patch('gitlabcis.utils.ci.getConfig')
|
|
106
|
+
def test_track_pipeline_files(mockGetConfig, glEntity, glObject):
|
|
107
|
+
|
|
108
|
+
test = pipeline_instructions_2_3.track_pipeline_files
|
|
109
|
+
|
|
110
|
+
mockGetConfig.return_value = {None: 'No CI file found'}
|
|
111
|
+
run(glEntity, glObject, test, None)
|
|
112
|
+
|
|
113
|
+
mockGetConfig.return_value = {'real-fake-file': 'i promise'}
|
|
114
|
+
run(glEntity, glObject, test, True)
|
|
115
|
+
|
|
116
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=403)
|
|
117
|
+
run(glEntity, glObject, test, None)
|
|
118
|
+
|
|
119
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=418)
|
|
120
|
+
assert test(glEntity, glObject) is None
|
|
121
|
+
|
|
122
|
+
# -----------------------------------------------------------------------------
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
def test_limit_pipeline_triggers(glEntity, glObject):
|
|
126
|
+
|
|
127
|
+
test = pipeline_instructions_2_3.limit_pipeline_triggers
|
|
128
|
+
|
|
129
|
+
glEntity.protected_environments.list.return_value = []
|
|
130
|
+
run(glEntity, glObject, test, False)
|
|
131
|
+
|
|
132
|
+
glEntity.protected_environments.list.return_value = [Mock()]
|
|
133
|
+
run(glEntity, glObject, test, None)
|
|
134
|
+
|
|
135
|
+
glEntity.protected_environments.list.side_effect = GitlabHttpError(
|
|
136
|
+
response_code=403)
|
|
137
|
+
run(glEntity, glObject, test, None)
|
|
138
|
+
|
|
139
|
+
glEntity.protected_environments.list.side_effect = GitlabHttpError(
|
|
140
|
+
response_code=418)
|
|
141
|
+
assert test(glEntity, glObject) is None
|
|
142
|
+
|
|
143
|
+
# -----------------------------------------------------------------------------
|
|
144
|
+
|
|
145
|
+
|
|
146
|
+
def test_pipeline_misconfiguration_scanning(glEntity, glObject, gqlClient):
|
|
147
|
+
|
|
148
|
+
test = pipeline_instructions_2_3.pipeline_misconfiguration_scanning
|
|
149
|
+
|
|
150
|
+
kwargs = {
|
|
151
|
+
'graphQLEndpoint': 'https://example.com/graphql',
|
|
152
|
+
'graphQLHeaders': {'Authorization': 'Bearer token'}
|
|
153
|
+
}
|
|
154
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
155
|
+
|
|
156
|
+
glEntity.path_with_namespace = 'test/project'
|
|
157
|
+
gqlClient.return_value.execute.return_value = {
|
|
158
|
+
'project': {
|
|
159
|
+
'scanExecutionPolicies': {
|
|
160
|
+
'nodes': [
|
|
161
|
+
{
|
|
162
|
+
'enabled': True,
|
|
163
|
+
'yaml': '''
|
|
164
|
+
actions:
|
|
165
|
+
- scan: sast
|
|
166
|
+
- scan: dast
|
|
167
|
+
- scan: secret_detection
|
|
168
|
+
- scan: cluster_image_scanning
|
|
169
|
+
- scan: container_scanning
|
|
170
|
+
- scan: sast_iac
|
|
171
|
+
- scan: dependency_scanning
|
|
172
|
+
rules:
|
|
173
|
+
- type: pipeline
|
|
174
|
+
branches: ['*']
|
|
175
|
+
'''
|
|
176
|
+
}
|
|
177
|
+
]
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
run(glEntity, glObject, test, True, **kwargs)
|
|
182
|
+
|
|
183
|
+
glEntity.path_with_namespace = 'test/project'
|
|
184
|
+
gqlClient.return_value.execute.return_value = {
|
|
185
|
+
'project': {
|
|
186
|
+
'scanExecutionPolicies': {
|
|
187
|
+
'nodes': [
|
|
188
|
+
{
|
|
189
|
+
'enabled': True,
|
|
190
|
+
'yaml': '''
|
|
191
|
+
actions:
|
|
192
|
+
- scan: sast
|
|
193
|
+
- scan: dast
|
|
194
|
+
rules:
|
|
195
|
+
- type: pipeline
|
|
196
|
+
branches: ['*']
|
|
197
|
+
'''
|
|
198
|
+
}
|
|
199
|
+
]
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
run(glEntity, glObject, test, True, **kwargs)
|
|
204
|
+
|
|
205
|
+
glEntity.path_with_namespace = 'test/project'
|
|
206
|
+
gqlClient.return_value.execute.return_value = {
|
|
207
|
+
'project': {
|
|
208
|
+
'scanExecutionPolicies': {
|
|
209
|
+
'nodes': [
|
|
210
|
+
{
|
|
211
|
+
'enabled': True,
|
|
212
|
+
'yaml': '''
|
|
213
|
+
actions:
|
|
214
|
+
- scan: secret_detection
|
|
215
|
+
rules:
|
|
216
|
+
- type: pipeline
|
|
217
|
+
branches: ['*']
|
|
218
|
+
'''
|
|
219
|
+
}
|
|
220
|
+
]
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
225
|
+
|
|
226
|
+
glEntity.path_with_namespace = 'test/project'
|
|
227
|
+
gqlClient.return_value.execute.return_value = {'project': {}}
|
|
228
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
229
|
+
|
|
230
|
+
# -----------------------------------------------------------------------------
|
|
231
|
+
|
|
232
|
+
|
|
233
|
+
def test_pipeline_vuln_scanning(glEntity, glObject, gqlClient):
|
|
234
|
+
|
|
235
|
+
test = pipeline_instructions_2_3.pipeline_vuln_scanning
|
|
236
|
+
|
|
237
|
+
kwargs = {
|
|
238
|
+
'graphQLEndpoint': 'https://example.com/graphql',
|
|
239
|
+
'graphQLHeaders': {'Authorization': 'Bearer token'}
|
|
240
|
+
}
|
|
241
|
+
glEntity.path_with_namespace = 'test/project'
|
|
242
|
+
|
|
243
|
+
gqlClient.return_value.execute.return_value = {
|
|
244
|
+
'project': {
|
|
245
|
+
'scanExecutionPolicies': {
|
|
246
|
+
'nodes': [
|
|
247
|
+
{
|
|
248
|
+
'enabled': True,
|
|
249
|
+
'yaml': '''
|
|
250
|
+
actions:
|
|
251
|
+
- scan: sast
|
|
252
|
+
- scan: dast
|
|
253
|
+
- scan: secret_detection
|
|
254
|
+
- scan: cluster_image_scanning
|
|
255
|
+
- scan: container_scanning
|
|
256
|
+
- scan: sast_iac
|
|
257
|
+
- scan: dependency_scanning
|
|
258
|
+
rules:
|
|
259
|
+
- type: pipeline
|
|
260
|
+
branches: ['*']
|
|
261
|
+
'''
|
|
262
|
+
}
|
|
263
|
+
]
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
run(glEntity, glObject, test, True, **kwargs)
|
|
268
|
+
|
|
269
|
+
gqlClient.return_value.execute.return_value = {
|
|
270
|
+
'project': {
|
|
271
|
+
'scanExecutionPolicies': {
|
|
272
|
+
'nodes': [
|
|
273
|
+
{
|
|
274
|
+
'enabled': True,
|
|
275
|
+
'yaml': '''
|
|
276
|
+
actions:
|
|
277
|
+
- scan: sast
|
|
278
|
+
- scan: dast
|
|
279
|
+
rules:
|
|
280
|
+
- type: pipeline
|
|
281
|
+
branches: ['*']
|
|
282
|
+
'''
|
|
283
|
+
}
|
|
284
|
+
]
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
run(glEntity, glObject, test, True, **kwargs)
|
|
289
|
+
|
|
290
|
+
gqlClient.return_value.execute.return_value = {
|
|
291
|
+
'project': {
|
|
292
|
+
'scanExecutionPolicies': {
|
|
293
|
+
'nodes': [
|
|
294
|
+
{
|
|
295
|
+
'enabled': True,
|
|
296
|
+
'yaml': '''
|
|
297
|
+
actions:
|
|
298
|
+
- scan: secret_detection
|
|
299
|
+
rules:
|
|
300
|
+
- type: pipeline
|
|
301
|
+
branches: ['*']
|
|
302
|
+
'''
|
|
303
|
+
}
|
|
304
|
+
]
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
309
|
+
|
|
310
|
+
gqlClient.return_value.execute.return_value = {
|
|
311
|
+
'project': {
|
|
312
|
+
'scanExecutionPolicies': {
|
|
313
|
+
'nodes': []
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
318
|
+
|
|
319
|
+
gqlClient.return_value.execute.return_value = {}
|
|
320
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
321
|
+
|
|
322
|
+
# -----------------------------------------------------------------------------
|
|
323
|
+
|
|
324
|
+
|
|
325
|
+
@patch('gitlabcis.utils.ci.searchConfig')
|
|
326
|
+
def test_pipeline_secret_scanning(mockSearchConfig, glEntity, glObject):
|
|
327
|
+
|
|
328
|
+
test = pipeline_instructions_2_3.pipeline_secret_scanning
|
|
329
|
+
|
|
330
|
+
mockSearchConfig.return_value = {True: 'Secret-Detection found'}
|
|
331
|
+
run(glEntity, glObject, test, True)
|
|
332
|
+
|
|
333
|
+
mockSearchConfig.return_value = {False: 'Secret-Detection not found'}
|
|
334
|
+
run(glEntity, glObject, test, False)
|
|
335
|
+
|
|
336
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=401)
|
|
337
|
+
run(glEntity, glObject, test, None)
|
|
338
|
+
|
|
339
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=418)
|
|
340
|
+
assert test(glEntity, glObject) is None
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
# -----------------------------------------------------------------------------
|
|
2
|
+
|
|
3
|
+
import base64
|
|
4
|
+
from unittest.mock import Mock, patch
|
|
5
|
+
|
|
6
|
+
import pytest # noqa: F401
|
|
7
|
+
import yaml
|
|
8
|
+
from conftest import run
|
|
9
|
+
from gitlab.exceptions import GitlabHttpError
|
|
10
|
+
|
|
11
|
+
from gitlabcis.benchmarks.build_pipelines_2 import pipeline_integrity_2_4
|
|
12
|
+
|
|
13
|
+
# -----------------------------------------------------------------------------
|
|
14
|
+
|
|
15
|
+
|
|
16
|
+
def test_sign_artifacts(glEntity, glObject):
|
|
17
|
+
|
|
18
|
+
test = pipeline_integrity_2_4.sign_artifacts
|
|
19
|
+
|
|
20
|
+
run(glEntity, glObject, test, None)
|
|
21
|
+
|
|
22
|
+
# -----------------------------------------------------------------------------
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
def test_lock_dependencies(glEntity, glObject):
|
|
26
|
+
|
|
27
|
+
test = pipeline_integrity_2_4.lock_dependencies
|
|
28
|
+
|
|
29
|
+
run(glEntity, glObject, test, None)
|
|
30
|
+
|
|
31
|
+
# -----------------------------------------------------------------------------
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
@patch('gitlabcis.utils.ci.searchConfig')
|
|
35
|
+
def test_validate_dependencies(mockSearchConfig, glEntity, glObject):
|
|
36
|
+
|
|
37
|
+
test = pipeline_integrity_2_4.validate_dependencies
|
|
38
|
+
|
|
39
|
+
mockSearchConfig.return_value = {True: 'Dependency Scanning found'}
|
|
40
|
+
run(glEntity, glObject, test, True)
|
|
41
|
+
|
|
42
|
+
mockSearchConfig.return_value = {False: 'Dependency Scanning not found'}
|
|
43
|
+
run(glEntity, glObject, test, False)
|
|
44
|
+
|
|
45
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=401)
|
|
46
|
+
run(glEntity, glObject, test, None)
|
|
47
|
+
|
|
48
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=418)
|
|
49
|
+
assert test(glEntity, glObject) is None
|
|
50
|
+
|
|
51
|
+
# -----------------------------------------------------------------------------
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
@patch('gitlabcis.utils.ci.getConfig')
|
|
55
|
+
def test_create_reproducible_artifacts(mockGetConfig, glEntity, glObject):
|
|
56
|
+
|
|
57
|
+
test = pipeline_integrity_2_4.create_reproducible_artifacts
|
|
58
|
+
|
|
59
|
+
def setup_ci_yaml(yaml_content):
|
|
60
|
+
mock_file = Mock()
|
|
61
|
+
mock_file.content = base64.b64encode(
|
|
62
|
+
yaml.dump(
|
|
63
|
+
yaml_content
|
|
64
|
+
).encode()).decode('utf-8')
|
|
65
|
+
return {mock_file: 'reason'}
|
|
66
|
+
|
|
67
|
+
mockGetConfig.return_value = {None: 'File not found'}
|
|
68
|
+
run(glEntity, glObject, test, None)
|
|
69
|
+
|
|
70
|
+
mockGetConfig.return_value = setup_ci_yaml({})
|
|
71
|
+
run(glEntity, glObject, test, True)
|
|
72
|
+
|
|
73
|
+
mockGetConfig.return_value = setup_ci_yaml({'stages': ['test']})
|
|
74
|
+
run(glEntity, glObject, test, True)
|
|
75
|
+
|
|
76
|
+
mockGetConfig.return_value = setup_ci_yaml({
|
|
77
|
+
'stages': ['build', 'test'],
|
|
78
|
+
'build_job': {'stage': 'build', 'artifacts': {'paths': ['**/*']}}
|
|
79
|
+
})
|
|
80
|
+
run(glEntity, glObject, test, True)
|
|
81
|
+
|
|
82
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=401)
|
|
83
|
+
run(glEntity, glObject, test, None)
|
|
84
|
+
|
|
85
|
+
mockGetConfig.side_effect = GitlabHttpError(response_code=418)
|
|
86
|
+
assert test(glEntity, glObject) is None
|
|
87
|
+
|
|
88
|
+
# -----------------------------------------------------------------------------
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
@patch('gitlabcis.utils.ci.searchConfig')
|
|
92
|
+
def test_pipeline_produces_sbom(mockSearchConfig, glEntity, glObject):
|
|
93
|
+
|
|
94
|
+
test = pipeline_integrity_2_4.pipeline_produces_sbom
|
|
95
|
+
|
|
96
|
+
mockSearchConfig.return_value = {True: 'Dependency Scanning found'}
|
|
97
|
+
run(glEntity, glObject, test, True)
|
|
98
|
+
|
|
99
|
+
mockSearchConfig.return_value = {False: 'Dependency Scanning not found'}
|
|
100
|
+
run(glEntity, glObject, test, False)
|
|
101
|
+
|
|
102
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=401)
|
|
103
|
+
run(glEntity, glObject, test, None)
|
|
104
|
+
|
|
105
|
+
mockSearchConfig.side_effect = GitlabHttpError(response_code=418)
|
|
106
|
+
assert test(glEntity, glObject) is None
|
|
107
|
+
|
|
108
|
+
# -----------------------------------------------------------------------------
|
|
109
|
+
|
|
110
|
+
|
|
111
|
+
def test_pipeline_sign_sbom(glEntity, glObject):
|
|
112
|
+
|
|
113
|
+
test = pipeline_integrity_2_4.pipeline_sign_sbom
|
|
114
|
+
|
|
115
|
+
run(glEntity, glObject, test, None)
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# -----------------------------------------------------------------------------
|
|
2
|
+
|
|
3
|
+
from unittest.mock import Mock, patch
|
|
4
|
+
|
|
5
|
+
import pytest
|
|
6
|
+
|
|
7
|
+
# -----------------------------------------------------------------------------
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
@pytest.fixture(scope="function")
|
|
11
|
+
def glEntity():
|
|
12
|
+
# mock a project:
|
|
13
|
+
return Mock()
|
|
14
|
+
|
|
15
|
+
# -----------------------------------------------------------------------------
|
|
16
|
+
|
|
17
|
+
|
|
18
|
+
@pytest.fixture(scope="function")
|
|
19
|
+
def glObject(glEntity):
|
|
20
|
+
# mock a gitlab object:
|
|
21
|
+
return Mock()
|
|
22
|
+
|
|
23
|
+
# -----------------------------------------------------------------------------
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
@pytest.fixture(scope="function")
|
|
27
|
+
def unauthorised():
|
|
28
|
+
from gitlab.exceptions import GitlabGetError
|
|
29
|
+
|
|
30
|
+
# mock an unauthorised gitlab object:
|
|
31
|
+
return Mock(side_effect=GitlabGetError(response_code=401))
|
|
32
|
+
|
|
33
|
+
# -----------------------------------------------------------------------------
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
@pytest.fixture
|
|
37
|
+
def gqlClient():
|
|
38
|
+
with patch('gql.Client') as mock:
|
|
39
|
+
yield mock
|
|
40
|
+
|
|
41
|
+
# -----------------------------------------------------------------------------
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
def run(glEntity, glObject, test, expectedResult, **kwargs):
|
|
45
|
+
actualResult = test(glEntity, glObject, **kwargs)
|
|
46
|
+
print(f'{expectedResult=} - {actualResult=}')
|
|
47
|
+
assert next(iter(actualResult)) is expectedResult
|
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
# -----------------------------------------------------------------------------
|
|
2
|
+
|
|
3
|
+
import pytest # noqa: F401
|
|
4
|
+
from conftest import run
|
|
5
|
+
|
|
6
|
+
from gitlabcis.benchmarks.dependencies_3 import third_party_packages_3_1
|
|
7
|
+
|
|
8
|
+
# -----------------------------------------------------------------------------
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
def test_verify_artifacts(glEntity, glObject):
|
|
12
|
+
|
|
13
|
+
test = third_party_packages_3_1.verify_artifacts
|
|
14
|
+
|
|
15
|
+
run(glEntity, glObject, test, None)
|
|
16
|
+
|
|
17
|
+
# -----------------------------------------------------------------------------
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
def test_third_party_sbom_required(glEntity, glObject):
|
|
21
|
+
|
|
22
|
+
test = third_party_packages_3_1.third_party_sbom_required
|
|
23
|
+
|
|
24
|
+
run(glEntity, glObject, test, None)
|
|
25
|
+
|
|
26
|
+
# -----------------------------------------------------------------------------
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
def test_verify_signed_metadata(glEntity, glObject):
|
|
30
|
+
|
|
31
|
+
test = third_party_packages_3_1.verify_signed_metadata
|
|
32
|
+
|
|
33
|
+
run(glEntity, glObject, test, None)
|
|
34
|
+
|
|
35
|
+
# -----------------------------------------------------------------------------
|
|
36
|
+
|
|
37
|
+
|
|
38
|
+
def test_monitor_dependencies(glEntity, glObject, gqlClient):
|
|
39
|
+
from gql.transport.exceptions import TransportServerError
|
|
40
|
+
|
|
41
|
+
test = third_party_packages_3_1.monitor_dependencies
|
|
42
|
+
|
|
43
|
+
kwargs = {
|
|
44
|
+
'graphQLEndpoint': 'https://example.com/graphql',
|
|
45
|
+
'graphQLHeaders': {'Authorization': 'Bearer token'}
|
|
46
|
+
}
|
|
47
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
48
|
+
|
|
49
|
+
glEntity.path_with_namespace = 'test/project'
|
|
50
|
+
gqlClient.return_value.execute.return_value = {
|
|
51
|
+
"project": {
|
|
52
|
+
"securityScanners": {
|
|
53
|
+
"enabled": ["DEPENDENCY_SCANNING", "CONTAINER_SCANNING"]
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
run(glEntity, glObject, test, True, **kwargs)
|
|
58
|
+
|
|
59
|
+
glEntity.path_with_namespace = 'test/project'
|
|
60
|
+
gqlClient.return_value.execute.return_value = {
|
|
61
|
+
"project": {
|
|
62
|
+
"securityScanners": {
|
|
63
|
+
"enabled": ["DEPENDENCY_SCANNING"]
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
68
|
+
|
|
69
|
+
glEntity.path_with_namespace = 'test/project'
|
|
70
|
+
gqlClient.return_value.execute.return_value = {
|
|
71
|
+
"project": {
|
|
72
|
+
"securityScanners": {
|
|
73
|
+
"enabled": ["CONTAINER_SCANNING"]
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
78
|
+
|
|
79
|
+
glEntity.path_with_namespace = 'test/project'
|
|
80
|
+
gqlClient.return_value.execute.return_value = {
|
|
81
|
+
"project": {
|
|
82
|
+
"securityScanners": {
|
|
83
|
+
"enabled": []
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
88
|
+
|
|
89
|
+
glEntity.path_with_namespace = 'test/project'
|
|
90
|
+
gqlClient.return_value.execute.return_value = {
|
|
91
|
+
"project": {
|
|
92
|
+
"securityScanners": {}
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
run(glEntity, glObject, test, False, **kwargs)
|
|
96
|
+
|
|
97
|
+
gqlClient.return_value.execute.side_effect = \
|
|
98
|
+
TransportServerError('GraphQL Error')
|
|
99
|
+
run(glEntity, glObject, test, None, **kwargs)
|
|
100
|
+
|
|
101
|
+
# -----------------------------------------------------------------------------
|
|
102
|
+
|
|
103
|
+
|
|
104
|
+
def test_define_package_managers(glEntity, glObject):
|
|
105
|
+
|
|
106
|
+
test = third_party_packages_3_1.define_package_managers
|
|
107
|
+
|
|
108
|
+
run(glEntity, glObject, test, None)
|
|
109
|
+
|
|
110
|
+
# -----------------------------------------------------------------------------
|
|
111
|
+
|
|
112
|
+
|
|
113
|
+
def test_dependency_sbom(glEntity, glObject):
|
|
114
|
+
|
|
115
|
+
test = third_party_packages_3_1.dependency_sbom
|
|
116
|
+
|
|
117
|
+
run(glEntity, glObject, test, None)
|
|
118
|
+
|
|
119
|
+
# -----------------------------------------------------------------------------
|
|
120
|
+
|
|
121
|
+
|
|
122
|
+
def test_pin_dependency_version(glEntity, glObject):
|
|
123
|
+
|
|
124
|
+
test = third_party_packages_3_1.pin_dependency_version
|
|
125
|
+
|
|
126
|
+
run(glEntity, glObject, test, None)
|
|
127
|
+
|
|
128
|
+
# -----------------------------------------------------------------------------
|
|
129
|
+
|
|
130
|
+
|
|
131
|
+
def test_packages_over_60_days_old(glEntity, glObject):
|
|
132
|
+
|
|
133
|
+
test = third_party_packages_3_1.packages_over_60_days_old
|
|
134
|
+
|
|
135
|
+
run(glEntity, glObject, test, None)
|