PyPI - gitlabcis - Versions diffs - 1.3.2__py3-none-any.whl - Mend

gitlabcis 1.3.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (218) hide show

gitlabcis/tests/unit/benchmarks/dependencies_3/validate_packages_3_2_test.py ADDED Viewed

@@ -0,0 +1,171 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock
+from conftest import run
+from gitlabcis.benchmarks.dependencies_3 import validate_packages_3_2
+# -----------------------------------------------------------------------------
+def test_org_wide_dependency_policy(glEntity, glObject, gqlClient):
+    from gql.transport.exceptions import TransportServerError
+    test = validate_packages_3_2.org_wide_dependency_policy
+    glEntity.path_with_namespace = 'test/project'
+    kwargs = {
+        'graphQLEndpoint': 'https://gitlab.com/api/graphql',
+        'graphQLHeaders': {'Authorization': 'Bearer token'}
+    }
+    gqlClient.return_value.execute.return_value = {'project': {}}
+    run(glEntity, glObject, test, False, **kwargs)
+    mock_result = {
+        'project': {
+            'scanExecutionPolicies': {
+                'nodes': [
+                    {
+                        'enabled': True,
+                        'yaml': '''
+                            actions:
+                              - scan: secret_detection
+                              - scan: dast
+                              - scan: cluster_image_scanning
+                              - scan: container_scanning
+                              - scan: sast
+                              - scan: sast_iac
+                              - scan: dependency_scanning
+                            rules:
+                              - type: pipeline
+                                branches: ['*']
+                        '''
+                    }
+                ]
+            }
+        }
+    }
+    gqlClient.return_value.execute.return_value = mock_result
+    run(glEntity, glObject, test, True, **kwargs)
+    mock_result = {
+        'project': {
+            'scanExecutionPolicies': {
+                'nodes': [
+                    {
+                        'enabled': True,
+                        'yaml': '''
+                            actions:
+                              - scan: dast
+                            rules:
+                              - type: pipeline
+                                branches: ['*']
+                        '''
+                    }
+                ]
+            }
+        }
+    }
+    gqlClient.return_value.execute.return_value = mock_result
+    run(glEntity, glObject, test, False, **kwargs)
+    gqlClient.return_value.execute.side_effect = \
+        TransportServerError('GraphQL Error')
+    run(glEntity, glObject, test, None, **kwargs)
+    gqlClient.return_value.execute.side_effect = \
+        AttributeError()
+    run(glEntity, glObject, test, None, **kwargs)
+# -----------------------------------------------------------------------------
+def test_package_vuln_scanning(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    from gitlab.v4.objects.files import ProjectFile
+    test = validate_packages_3_2.package_vuln_scanning
+    # throw an exception
+    unauthorised.settings.get.side_effect = Mock(side_effect=GitlabGetError(
+        response_code=401))
+    run(unauthorised, unauthorised, test, None)
+    # test success
+    settings = Mock(auto_devops_enabled=True)
+    glObject.settings.get.return_value = settings
+    run(glEntity, glObject, test, True)
+    # test success
+    settings = Mock(auto_devops_enabled=False)
+    glObject.settings.get.return_value = settings
+    glEntity.ci_config_path = ''
+    _projectFile = Mock(spec=ProjectFile)
+    # We need to fake "file contents" as base64 encoded str
+    # its value is: dependency_scanning
+    # this is passed to the ci.searchConfig() function
+    _projectFile.content = 'ZGVwZW5kZW5jeV9zY2FubmluZw=='
+    glEntity.files.get.return_value = _projectFile
+    run(glEntity, glObject, test, True)
+# -----------------------------------------------------------------------------
+def test_package_license_scanning(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    from gitlab.v4.objects.files import ProjectFile
+    test = validate_packages_3_2.package_license_scanning
+    # throw an exception
+    unauthorised.settings.get.side_effect = Mock(side_effect=GitlabGetError(
+        response_code=401))
+    run(unauthorised, unauthorised, test, None)
+    # test success
+    settings = Mock(auto_devops_enabled=True)
+    glObject.settings.get.return_value = settings
+    run(glEntity, glObject, test, True)
+    # test fail
+    # we need to bypass the run function and call the test directly
+    settings = Mock(auto_devops_enabled=False)
+    glObject.settings.get.return_value = settings
+    glEntity.ci_config_path = 'https://gitlab.com/.gitlab-ci.yml'
+    assert next(iter(validate_packages_3_2.package_license_scanning(
+            glEntity, glObject))) is None
+    # test success
+    settings = Mock(auto_devops_enabled=False)
+    glObject.settings.get.return_value = settings
+    glEntity.ci_config_path = ''
+    _projectFile = Mock(spec=ProjectFile)
+    # We need to fake "file contents" as base64 encoded str
+    # its value is: dependency_scanning
+    # this is passed to the ci.searchConfig() function
+    _projectFile.content = 'ZGVwZW5kZW5jeV9zY2FubmluZw=='
+    glEntity.files.get.return_value = _projectFile
+    run(glEntity, glObject, test, True)
+# -----------------------------------------------------------------------------
+def test_package_ownership_change(glEntity, glObject):
+    test = validate_packages_3_2.package_ownership_change
+    run(glEntity, glObject, test, None)

gitlabcis/tests/unit/benchmarks/deployment_5/deployment_configuration_5_1_test.py ADDED Viewed

@@ -0,0 +1,140 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock, patch
+import pytest  # noqa: F401
+from conftest import run
+from gitlab.exceptions import GitlabHttpError
+from gitlabcis.benchmarks.deployment_5 import deployment_configuration_5_1
+# -----------------------------------------------------------------------------
+@patch('gitlabcis.utils.ci.getConfig')
+def test_separate_deployment_config(mockGetConfig, glEntity, glObject):
+    test = deployment_configuration_5_1.separate_deployment_config
+    mockGetConfig.return_value = {None: 'No CI file found'}
+    run(glEntity, glObject, test, None)
+    mockGetConfig.return_value = {False: 'Invalid CI file'}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {Mock(file_path=None): None}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {Mock(file_path='.gitlab-ci.yml'): None}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {
+        Mock(file_path='.gitlab/.gitlab-ci.yml'): None}
+    run(glEntity, glObject, test, True)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=401)
+    run(glEntity, glObject, test, None)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=418)
+    assert test(glEntity, glObject) is None
+# -----------------------------------------------------------------------------
+@patch('gitlabcis.utils.ci.getConfig')
+def test_audit_deployment_config(mockGetConfig, glEntity, glObject):
+    test = deployment_configuration_5_1.audit_deployment_config
+    mockGetConfig.return_value = {None: 'No CI file found'}
+    run(glEntity, glObject, test, None)
+    mockGetConfig.return_value = {False: 'Invalid CI file'}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {'gitlab-ci.yml': None}
+    glEntity.approvalrules.list.return_value = [Mock(approvals_required=0)]
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {'gitlab-ci.yml': None}
+    glEntity.approvalrules.list.return_value = [Mock(approvals_required=2)]
+    glObject.get_license.return_value = {'plan': 'GOLD PLATED PLATNUM'}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {'gitlab-ci.yml': None}
+    glEntity.approvalrules.list.return_value = [Mock(approvals_required=2)]
+    glObject.get_license.return_value = {'plan': 'ultimate'}
+    run(glEntity, glObject, test, True)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=401)
+    run(glEntity, glObject, test, None)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=418)
+    assert test(glEntity, glObject) is None
+# -----------------------------------------------------------------------------
+@patch('gitlabcis.utils.ci.searchConfig')
+def test_secret_scan_deployment_config(mockSearchConfig, glEntity, glObject):
+    test = deployment_configuration_5_1.secret_scan_deployment_config
+    mockSearchConfig.return_value = {True: 'Secret-Detection found'}
+    run(glEntity, glObject, test, True)
+    mockSearchConfig.return_value = {False: 'Secret-Detection not found'}
+    run(glEntity, glObject, test, False)
+    mockSearchConfig.side_effect = GitlabHttpError(response_code=401)
+    run(glEntity, glObject, test, None)
+    mockSearchConfig.side_effect = GitlabHttpError(response_code=418)
+    assert test(glEntity, glObject) is None
+# -----------------------------------------------------------------------------
+def test_limit_deployment_config_access(glEntity, glObject):
+    test = deployment_configuration_5_1.limit_deployment_config_access
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+@patch('gitlabcis.utils.ci.searchConfig')
+def test_scan_iac(mockSearchConfig, glEntity, glObject):
+    test = deployment_configuration_5_1.scan_iac
+    mockSearchConfig.return_value = {True: 'SAST-IaC found'}
+    run(glEntity, glObject, test, True)
+    mockSearchConfig.return_value = {False: 'SAST-IaC not found'}
+    run(glEntity, glObject, test, False)
+    mockSearchConfig.side_effect = GitlabHttpError(response_code=401)
+    run(glEntity, glObject, test, None)
+    mockSearchConfig.side_effect = GitlabHttpError(response_code=418)
+    assert test(glEntity, glObject) is None
+# -----------------------------------------------------------------------------
+def test_verify_deployment_config(glEntity, glObject):
+    test = deployment_configuration_5_1.verify_deployment_config
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_pin_deployment_config_manifests(glEntity, glObject):
+    test = deployment_configuration_5_1.pin_deployment_config_manifests
+    run(glEntity, glObject, test, None)

gitlabcis/tests/unit/benchmarks/deployment_5/deployment_environment_5_2_test.py ADDED Viewed

@@ -0,0 +1,60 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock, patch
+import pytest  # noqa: F401
+from conftest import run
+from gitlab.exceptions import GitlabHttpError
+from gitlabcis.benchmarks.deployment_5 import deployment_environment_5_2
+# -----------------------------------------------------------------------------
+@patch('gitlabcis.utils.ci.getConfig')
+def test_automate_deployment(mockGetConfig, glEntity, glObject):
+    test = deployment_environment_5_2.automate_deployment
+    mockGetConfig.return_value = {None: 'No CI file found'}
+    run(glEntity, glObject, test, None)
+    mockGetConfig.return_value = {False: 'Invalid CI file'}
+    run(glEntity, glObject, test, False)
+    mockGetConfig.return_value = {'gitlab-ci.yml': None}
+    glEntity.approvalrules.list.return_value = [Mock(approvals_required=0)]
+    run(glEntity, glObject, test, None)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=401)
+    run(glEntity, glObject, test, None)
+    mockGetConfig.side_effect = GitlabHttpError('Error', response_code=418)
+    assert test(glEntity, glObject) is None
+# -----------------------------------------------------------------------------
+def test_reproducible_deployment(glEntity, glObject):
+    test = deployment_environment_5_2.reproducible_deployment
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_limit_prod_access(glEntity, glObject):
+    test = deployment_environment_5_2.limit_prod_access
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_disable_default_passwords(glEntity, glObject):
+    test = deployment_environment_5_2.disable_default_passwords
+    run(glEntity, glObject, test, None)

gitlabcis/tests/unit/benchmarks/function_test.py ADDED Viewed

@@ -0,0 +1,24 @@
+# -----------------------------------------------------------------------------
+def test_function_doc_strings(benchmarkFunctions):
+    """
+    Test that the function docstring contains id and title of the
+    recommendation.
+    """
+    for benchmark in benchmarkFunctions:
+        assert 'id:' in benchmark.__doc__ and 'title:' in benchmark.__doc__
+# -----------------------------------------------------------------------------
+def test_function_name(benchmarkFunctions, recommendations):
+    """
+    Test that the function name matches that of a yaml recommendation name.
+    """
+    _recNames = recommendations.keys()
+    for benchmark in benchmarkFunctions:
+        assert benchmark.__name__ in _recNames