PyPI - gitlabcis - Versions diffs - 1.3.2__py3-none-any.whl - Mend

gitlabcis 1.3.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (218) hide show

gitlabcis/tests/unit/benchmarks/source_code_1/repository_management_1_2_test.py ADDED Viewed

@@ -0,0 +1,142 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock
+from gitlabcis.benchmarks.source_code_1 import repository_management_1_2
+from conftest import run
+# -----------------------------------------------------------------------------
+def test_public_repos_have_security_file(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    test = repository_management_1_2.public_repos_have_security_file
+    unauthorised.visibility.side_effect \
+        = GitlabGetError(response_code=401)
+    unauthorised.repository_tree.side_effect \
+        = GitlabGetError(response_code=401)
+    run(unauthorised, glObject, test, None)
+    del unauthorised.visibility
+    run(unauthorised, glObject, test, None)
+    unauthorised.visibility = 'private'
+    unauthorised.repository_tree.side_effect = (
+        GitlabGetError(response_code=401))
+    run(unauthorised, glObject, test, None)
+    visibility = Mock()
+    visibility.visibility = 'private'
+    run(visibility, glObject, test, None)
+    visibility = Mock()
+    del visibility.visibility
+    run(visibility, glObject, test, None)
+    files = [
+        {'name': 'security.md'}
+    ]
+    glEntity.repository_tree.return_value = files
+    run(glEntity, glObject, test, True)
+    files = [
+        {'name': 'not-security.md'}
+    ]
+    glEntity.repository_tree.return_value = files
+    run(glEntity, glObject, test, False)
+# -----------------------------------------------------------------------------
+def test_limit_repo_creations(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    test = repository_management_1_2.limit_repo_creations
+    unauthorised.settings.get.side_effect \
+        = GitlabGetError(response_code=401)
+    run(unauthorised, unauthorised, test, None)
+    settings = Mock()
+    settings.signup_enabled = False
+    glObject.settings.get.return_value = settings
+    run(glEntity, glObject, test, True)
+    settings.signup_enabled = True
+    settings.require_admin_approval_after_user_signup = True
+    settings.email_confirmation_setting = 'hard'
+    run(glEntity, glObject, test, True)
+    settings.require_admin_approval_after_user_signup = False
+    settings.email_confirmation_setting = 'no'
+    run(glEntity, glObject, test, False)
+# -----------------------------------------------------------------------------
+def test_limit_repo_deletions(glEntity, glObject, unauthorised):
+    test = repository_management_1_2.limit_repo_deletions
+    run(unauthorised, unauthorised, test, None)
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_limit_issue_deletions(glEntity, glObject, unauthorised):
+    test = repository_management_1_2.limit_issue_deletions
+    run(unauthorised, unauthorised, test, None)
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_track_forks(glEntity, glObject):
+    test = repository_management_1_2.track_forks
+    glEntity.forks.list.return_value = []
+    run(glEntity, glObject, test, True)
+    glEntity.forks.list.return_value = ['yes']
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_track_project_visibility_status(glEntity, glObject):
+    test = repository_management_1_2.track_project_visibility_status
+    run(glEntity, glObject, test, None)
+# -----------------------------------------------------------------------------
+def test_review_and_archive_stale_repos(glEntity, glObject):
+    from datetime import datetime, timezone
+    from dateutil.relativedelta import relativedelta
+    test = repository_management_1_2.review_and_archive_stale_repos
+    threeMonthsAgo = datetime.strftime(
+        datetime.now(timezone.utc) - relativedelta(months=3),
+        '%Y-%m-%dT%H:%M:%S.%fZ')
+    glEntity.last_activity_at = threeMonthsAgo
+    run(glEntity, glObject, test, True)
+    sevenMonthsAgo = datetime.strftime(
+        datetime.now(timezone.utc) - relativedelta(months=7),
+        '%Y-%m-%dT%H:%M:%S.%fZ')
+    glEntity.last_activity_at = sevenMonthsAgo
+    run(glEntity, glObject, test, False)

gitlabcis/tests/unit/benchmarks/source_code_1/third_party_1_4_test.py ADDED Viewed

@@ -0,0 +1,119 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock
+from conftest import run
+from gitlabcis.benchmarks.source_code_1 import third_party_1_4
+# -----------------------------------------------------------------------------
+def test_admin_approval_for_app_installs(glEntity, glObject):
+    test = third_party_1_4.admin_approval_for_app_installs
+    run(glEntity, glObject, test, True)
+# -----------------------------------------------------------------------------
+def test_stale_app_reviews(glEntity, glObject, gqlClient):
+    from gql.transport.exceptions import TransportServerError
+    test = third_party_1_4.stale_app_reviews
+    kwargs = {
+        'graphQLEndpoint': 'https://example.com/graphql',
+        'graphQLHeaders': {'Authorization': 'Bearer token'}
+    }
+    run(glEntity, glObject, test, False, **kwargs)
+    glEntity.path_with_namespace = 'test/project'
+    gqlClient.return_value.execute.return_value = {
+        "project": {
+            "securityScanners": {
+                "enabled": ["DEPENDENCY_SCANNING", "CONTAINER_SCANNING"]
+            }
+        }
+    }
+    run(glEntity, glObject, test, True, **kwargs)
+    glEntity.path_with_namespace = 'test/project'
+    gqlClient.return_value.execute.return_value = {
+        "project": {
+            "securityScanners": {
+                "enabled": ["CONTAINER_SCANNING"]
+            }
+        }
+    }
+    run(glEntity, glObject, test, False, **kwargs)
+    glEntity.path_with_namespace = 'test/project'
+    gqlClient.return_value.execute.return_value = {
+        "project": {
+            "securityScanners": {
+                "enabled": []
+            }
+        }
+    }
+    run(glEntity, glObject, test, False, **kwargs)
+    glEntity.path_with_namespace = 'test/project'
+    gqlClient.return_value.execute.return_value = {
+        "project": {}
+    }
+    run(glEntity, glObject, test, False, **kwargs)
+    gqlClient.return_value.execute.side_effect = \
+        TransportServerError('GraphQL Error')
+    run(glEntity, glObject, test, None, **kwargs)
+    gqlClient.return_value.execute.side_effect = \
+        AttributeError()
+    run(glEntity, glObject, test, None, **kwargs)
+# -----------------------------------------------------------------------------
+def test_least_privilge_app_permissions(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    test = third_party_1_4.least_privilge_app_permissions
+    unauthorised.integrations.list.side_effect \
+        = GitlabGetError(response_code=401)
+    run(unauthorised, glObject, test, None)
+    glEntity.integrations.list.return_value = ['one']
+    run(glEntity, glObject, test, None)
+    glEntity.integrations.list.return_value = []
+    run(glEntity, glObject, test, True)
+# -----------------------------------------------------------------------------
+def test_secure_webhooks(glEntity, glObject, unauthorised):
+    from gitlab.exceptions import GitlabGetError
+    test = third_party_1_4.secure_webhooks
+    unauthorised.hooks.list.side_effect \
+        = GitlabGetError(response_code=401)
+    run(unauthorised, glObject, test, None)
+    hook = Mock()
+    hook.enable_ssl_verification = False
+    hook.url = 'http://example.com'
+    glEntity.hooks.list.return_value = [hook]
+    run(glEntity, glObject, test, False)
+    hook.enable_ssl_verification = True
+    hook.url = 'https://example.com'
+    glEntity.hooks.list.return_value = [hook]
+    run(glEntity, glObject, test, True)
+    glEntity.hooks.list.return_value = []
+    run(glEntity, glObject, test, None)

gitlabcis/tests/unit/conftest.py ADDED Viewed

@@ -0,0 +1,94 @@
+# -----------------------------------------------------------------------------
+from pathlib import Path
+from unittest.mock import Mock
+import pytest
+import yaml
+# -----------------------------------------------------------------------------
+@pytest.fixture
+def projectRoot(scope='function'):
+    try:
+        return next(
+            p for p in Path(__file__).parents if (p / 'gitlabcis').exists())
+    except StopIteration:
+        pytest.skip('Parent directory containing "gitlabcis" not found.')
+# -----------------------------------------------------------------------------
+@pytest.fixture
+def recommendationFiles(projectRoot, scope='function'):
+    return list(filter(
+        lambda pathObj: pathObj.name != 'template.yml',
+        Path(f'{projectRoot}/gitlabcis/recommendations').rglob('*.yml')))
+# -----------------------------------------------------------------------------
+@pytest.fixture
+def recommendationDirs(projectRoot, scope='function'):
+    dirNames = set()
+    for entry in filter(
+        lambda pathObj: pathObj.is_dir() is True,
+        Path(f'{projectRoot}/gitlabcis/recommendations').rglob('*')
+            ):
+        dirNames.update(entry.parts)
+    return dirNames
+# -----------------------------------------------------------------------------
+@pytest.fixture
+def recommendations(recommendationFiles, scope='module'):
+    _recommendations = {}
+    for rec in recommendationFiles:
+        with open(rec, 'r') as f:
+            _data = yaml.safe_load(f)
+            _recommendations[_data.get('name')] = _data
+    return _recommendations
+# -----------------------------------------------------------------------------
+@pytest.fixture
+def benchmarkFunctions(projectRoot, scope='module'):
+    from gitlabcis import benchmarks
+    return [
+        getattr(getattr(getattr(benchmarks, catFile), subCatFile), func)
+        for catFile in dir(benchmarks)
+        if not catFile.startswith('__')
+        for subCatFile in dir(getattr(benchmarks, catFile))
+        if not subCatFile.startswith('__')
+        for func in dir(getattr(getattr(benchmarks, catFile), subCatFile))
+        if not func.startswith('__')
+    ]
+# -----------------------------------------------------------------------------
+@pytest.fixture(scope="function")
+def glEntity():
+    # mock a project:
+    return Mock()
+# -----------------------------------------------------------------------------
+@pytest.fixture(scope="function")
+def glObject(glEntity):
+    # mock a gitlab object:
+    return Mock()

gitlabcis/tests/unit/log/log_test.py ADDED Viewed

@@ -0,0 +1,23 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import Mock
+# -----------------------------------------------------------------------------
+def test_log():
+    from gitlabcis.cli import log
+    token = 'a real token'
+    logFilter = log.CustomLogFilter(token)
+    mockLog = Mock()
+    mockLog.getMessage.return_value = (
+        'Connection pool is full, discarding connection')
+    logFilter = log.CustomLogFilter(token)
+    assert logFilter.filter(mockLog) is False
+    mockLog.getMessage.return_value = f'oh look its my: {token}'
+    logFilter = log.CustomLogFilter(token)
+    assert logFilter.filter(mockLog) is True

gitlabcis/tests/unit/utils/argfilters_test.py ADDED Viewed

@@ -0,0 +1,9 @@
+# -------------------------------------------------------------------------
+from gitlabcis.utils.__init__ import readRecommendations
+# -------------------------------------------------------------------------
+def test_none_argfilters():
+    assert readRecommendations(argFilters=None) is not None

gitlabcis/tests/unit/utils/ci_test.py ADDED Viewed

@@ -0,0 +1,156 @@
+# -----------------------------------------------------------------------------
+from unittest.mock import MagicMock, Mock, patch
+import pytest  # noqa: F401
+from gitlab.exceptions import GitlabAuthenticationError, GitlabGetError
+from gitlab.v4.objects.files import ProjectFile
+from gitlabcis.utils.ci import getConfig, searchConfig
+# -----------------------------------------------------------------------------
+mock_project_file = Mock(spec=ProjectFile)
+# -----------------------------------------------------------------------------
+def test_getConfig_remote_ci_file(glEntity, glObject):
+    glEntity.ci_config_path = 'https://example.com/.gitlab-ci.yml'
+    result = getConfig(glEntity, glObject)
+    assert result == {
+        None: 'Remote CI file: '
+        'https://example.com/.gitlab-ci.yml not supported'}
+def test_getConfig_default_path(glEntity, glObject):
+    glEntity.ci_config_path = ''
+    glEntity.default_branch = 'main'
+    glEntity.files.get.return_value = mock_project_file
+    result = getConfig(glEntity, glObject)
+    assert isinstance(next(iter(result)), ProjectFile)
+def test_getConfig_file_not_found(glEntity, glObject):
+    glEntity.ci_config_path = '.gitlab-ci.yml'
+    glEntity.default_branch = 'main'
+    glEntity.files.get.side_effect = GitlabGetError(response_code=404)
+    result = getConfig(glEntity, glObject)
+    assert result == {
+        False: f'Pipeline config file not found: {glEntity.ci_config_path}'}
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_string_found(mock_get_config, glEntity, glObject):
+    mock_get_config.return_value = {mock_project_file: None}
+    mock_project_file.content = 'SGVsbG8gV29ybGQ='
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result == {True: 'Hello was found in CI config file'}
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_string_not_found(mock_get_config, glEntity, glObject):
+    mock_get_config.return_value = {mock_project_file: None}
+    mock_project_file.content = 'SGVsbG8gV29ybGQ='
+    result = searchConfig(glEntity, glObject, 'Python')
+    assert result == {False: 'Python was not found in CI config file'}
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_skip_condition(mock_get_config, glEntity, glObject):
+    mock_get_config.return_value = {None: 'Some skip reason'}
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result == {None: 'Some skip reason'}
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_file_not_found(mock_get_config, glEntity, glObject):
+    mock_get_config.return_value = {
+        False: 'Pipeline config file not found: .gitlab-ci.yml'}
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result == {False: 'Pipeline config file not found: .gitlab-ci.yml'}
+def test_searchConfig_insufficient_permissions(glEntity, glObject):
+    glEntity.ci_config_path = '.gitlab-ci.yml'
+    glEntity.default_branch = 'main'
+    glEntity.files.get.side_effect = GitlabAuthenticationError(
+        response_code=401)
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result == {None: 'Insufficient permissions'}
+def test_getConfig_insufficient_permissions(glEntity, glObject):
+    glEntity.ci_config_path = '.gitlab-ci.yml'
+    glEntity.default_branch = 'main'
+    glEntity.files.get.side_effect = GitlabGetError(response_code=418)
+    result = getConfig(glEntity, glObject)
+    assert result == {
+        False: f'Pipeline config file not found: {glEntity.ci_config_path}'}
+@patch('re.match')
+def test_nonetype_getConfig(reMatch, glEntity, glObject):
+    mockRemote = MagicMock()
+    mockRemote.group.side_effect = lambda name: {
+        'refName': 'main',
+        'namespace': 'stuff/things',
+        'filePath': 'some/path'
+    }[name]
+    reMatch.return_value = mockRemote
+    glEntity.ci_config_path = b'12345'
+    glObject.projects.get.return_value = 'meh'
+    glEntity.files.get.side_effect = GitlabGetError(response_code=404)
+    result = getConfig(glEntity, glObject)
+    assert result == {None: 'Insufficient permissions'}
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_handles_type_error(getConfig, glEntity, glObject):
+    typeErrorMock = MagicMock()
+    typeErrorMock.return_value = {None: 'lel'}
+    getConfig.return_value = typeErrorMock
+    getConfig.return_value.__iter__.side_effect = TypeError
+    result = searchConfig(glEntity, glObject, 'search_string')
+    assert next(iter(result)) is None
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_teapot(getConfig, glEntity, glObject):
+    glEntity.ci_config_path = '.gitlab-ci.yml'
+    glEntity.default_branch = 'main'
+    getConfig.side_effect = GitlabAuthenticationError(response_code=418)
+    glEntity.files.get.side_effect = GitlabAuthenticationError(
+        response_code=418)
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result is None
+@patch('gitlabcis.utils.ci.getConfig')
+def test_searchConfig_unauth(getConfig, glEntity, glObject):
+    glEntity.ci_config_path = '.gitlab-ci.yml'
+    glEntity.default_branch = 'main'
+    getConfig.side_effect = GitlabAuthenticationError(response_code=401)
+    glEntity.files.get.side_effect = GitlabAuthenticationError(
+        response_code=401)
+    result = searchConfig(glEntity, glObject, 'Hello')
+    assert result == {None: 'Insufficient permissions'}
+@patch('re.match')
+def test_nonetype_getConfig_teapot(reMatch, glEntity, glObject):
+    mockRemote = MagicMock()
+    mockRemote.group.side_effect = lambda name: {
+        'refName': 'main',
+        'namespace': 'stuff/things',
+        'filePath': 'some/path'
+    }[name]
+    reMatch.return_value = mockRemote
+    glEntity.ci_config_path = b'12345'
+    glObject.projects.get.return_value = 'meh'
+    glEntity.files.get.side_effect = GitlabAuthenticationError(
+        response_code=418)
+    result = getConfig(glEntity, glObject)
+    assert result == {None: 'Insufficient permissions'}

gitlabcis/tests/unit/utils/output_test.py ADDED Viewed

@@ -0,0 +1,95 @@
+# -----------------------------------------------------------------------------
+from gitlabcis import output
+# -----------------------------------------------------------------------------
+stats = {
+    'PASSED': 1,
+    'FAILED': 1,
+    'SKIPPED': 1,
+    'TOTAL': 3
+}
+results = [
+    {
+        'id': '1.1.1',
+        'title': 'Something',
+        'reason': 'Yes',
+        'result': 'PASS'
+    },
+    {
+        'id': '1.1.2',
+        'title': 'Something else',
+        'reason': 'No',
+        'result': 'FAIL'
+    },
+    {
+        'id': '1.1.3',
+        'title': 'Something even more else',
+        'reason': 'No',
+        'result': 'SKIP'
+    }
+]
+# -----------------------------------------------------------------------------
+def test_terminal_output():
+    output(results, stats, 'terminal', None)
+# -----------------------------------------------------------------------------
+def test_xml_output():
+    with open('results.xml', 'w') as f:
+        output(results, stats, 'xml', f)
+# -----------------------------------------------------------------------------
+def test_json_output():
+    with open('results.json', 'w') as f:
+        output(results, stats, 'json', f)
+# -----------------------------------------------------------------------------
+def test_txt_output():
+    with open('results.txt', 'w') as f:
+        output(results, stats, 'txt', f)
+# -----------------------------------------------------------------------------
+def test_csv_output():
+    with open('results.csv', 'w') as f:
+        output(results, stats, 'csv', f)
+# -----------------------------------------------------------------------------
+def test_yaml_output():
+    with open('results.yaml', 'w') as f:
+        output(results, stats, 'yaml', f)
+# -----------------------------------------------------------------------------
+def test_no_results():
+    stats = {"PASSED": 5, "TOTAL": 10, "SKIPPED": 10, "FAILED": 0}
+    output([], stats, 'terminal', None)
+# -----------------------------------------------------------------------------
+def test_high_score_csv_results():
+    stats = {"PASSED": 9001, "TOTAL": 9001, "SKIPPED": 0, "FAILED": 0}
+    output([], stats, 'csv', None)
+# -----------------------------------------------------------------------------
+def test_zero_division_error():
+    stats = {"PASSED": 10, "TOTAL": 10, "SKIPPED": 10, "FAILED": 1}
+    output([], stats, 'csv', None)