Add testing of the new secscan-for-local endpoint and fix a bug
This commit is contained in:
Joseph Schorr
parent
67031e4e33
commit
232fa42897
3 changed files with 40 additions and 6 deletions
|
|
@ -11,6 +11,7 @@ from util.secscan.analyzer import LayerAnalyzer
|
|||
from util.secscan.notifier import process_notification_data
|
||||
from data import model
|
||||
from workers.security_notification_worker import SecurityNotificationWorker
|
||||
from endpoints.v2 import v2_bp
|
||||
|
||||
|
||||
ADMIN_ACCESS_USER = 'devtable'
|
||||
|
|
@ -155,6 +156,43 @@ class TestSecurityScanner(unittest.TestCase):
|
|||
self.assertIsNone(result)
|
||||
|
||||
|
||||
def test_analyze_layer_nodirectdownload_success(self):
|
||||
# Disable direct download in fake storage.
|
||||
storage.put_content(['local_us'], 'supports_direct_download', 'false')
|
||||
|
||||
try:
|
||||
app.register_blueprint(v2_bp, url_prefix='/v2')
|
||||
except:
|
||||
# Already registered.
|
||||
pass
|
||||
|
||||
layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
|
||||
self.assertFalse(layer.security_indexed)
|
||||
self.assertEquals(-1, layer.security_indexed_engine)
|
||||
|
||||
# Ensure that the download is a registry+JWT download.
|
||||
uri, auth_header = self.api._get_image_url_and_auth(layer)
|
||||
self.assertIsNotNone(uri)
|
||||
self.assertIsNotNone(auth_header)
|
||||
|
||||
# Ensure the download doesn't work without the header.
|
||||
rv = self.app.head(uri)
|
||||
self.assertEquals(rv.status_code, 401)
|
||||
|
||||
# Ensure the download works with the header. Note we use a HEAD here, as GET causes DB
|
||||
# access which messes with the test runner's rollback.
|
||||
rv = self.app.head(uri, headers=[('authorization', auth_header)])
|
||||
self.assertEquals(rv.status_code, 200)
|
||||
|
||||
# Ensure the code works when called via analyze.
|
||||
with HTTMock(analyze_layer_success_mock, get_layer_success_mock, response_content):
|
||||
analyzer = LayerAnalyzer(app.config, self.api)
|
||||
analyzer.analyze_recursively(layer)
|
||||
|
||||
layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
|
||||
self.assertAnalyzed(layer, True, 1)
|
||||
|
||||
|
||||
def test_analyze_layer_success(self):
|
||||
layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, SIMPLE_REPO, 'latest')
|
||||
self.assertFalse(layer.security_indexed)
|
||||
|
|
|
|||
Reference in a new issue