Merge pull request #2417 from coreos-inc/qss-notification-error

Small fixes and tests for QSS notifications
This commit is contained in:
josephschorr 2017-03-10 12:13:18 -05:00 committed by GitHub
commit 8075460e71
4 changed files with 51 additions and 6 deletions

View file

@ -112,6 +112,7 @@ def _build_summary(event_data):
class VulnerabilityFoundEvent(NotificationEvent): class VulnerabilityFoundEvent(NotificationEvent):
CONFIG_LEVEL = 'level' CONFIG_LEVEL = 'level'
PRIORITY_KEY = 'priority'
VULNERABILITY_KEY = 'vulnerability' VULNERABILITY_KEY = 'vulnerability'
MULTIPLE_VULNERABILITY_KEY = 'vulnerabilities' MULTIPLE_VULNERABILITY_KEY = 'vulnerabilities'
@ -120,7 +121,8 @@ class VulnerabilityFoundEvent(NotificationEvent):
return 'vulnerability_found' return 'vulnerability_found'
def get_level(self, event_data, notification_data): def get_level(self, event_data, notification_data):
priority = event_data[VulnerabilityFoundEvent.CONFIG_LEVEL]['priority'] vuln_data = event_data[VulnerabilityFoundEvent.VULNERABILITY_KEY]
priority = vuln_data[VulnerabilityFoundEvent.PRIORITY_KEY]
if priority == 'Defcon1' or priority == 'Critical': if priority == 'Defcon1' or priority == 'Critical':
return 'error' return 'error'
@ -138,6 +140,8 @@ class VulnerabilityFoundEvent(NotificationEvent):
'namespace_name': notification.repository.namespace_user.username, 'namespace_name': notification.repository.namespace_user.username,
'name': notification.repository.name, 'name': notification.repository.name,
}) })
level = event_config.get(VulnerabilityFoundEvent.CONFIG_LEVEL, 'Critical')
return build_event_data(repo, { return build_event_data(repo, {
'tags': ['latest', 'prod', 'foo', 'bar', 'baz'], 'tags': ['latest', 'prod', 'foo', 'bar', 'baz'],
'image': 'some-image-id', 'image': 'some-image-id',
@ -145,7 +149,7 @@ class VulnerabilityFoundEvent(NotificationEvent):
'id': 'CVE-FAKE-CVE', 'id': 'CVE-FAKE-CVE',
'description': 'A futurist vulnerability', 'description': 'A futurist vulnerability',
'link': 'https://security-tracker.debian.org/tracker/CVE-FAKE-CVE', 'link': 'https://security-tracker.debian.org/tracker/CVE-FAKE-CVE',
'priority': get_priority_for_index(event_config[VulnerabilityFoundEvent.CONFIG_LEVEL]) 'priority': get_priority_for_index(level)
}, },
}) })
@ -167,10 +171,13 @@ class VulnerabilityFoundEvent(NotificationEvent):
return actual_level_index <= filter_level_index return actual_level_index <= filter_level_index
def get_summary(self, event_data, notification_data): def get_summary(self, event_data, notification_data):
vuln_key = VulnerabilityFoundEvent.VULNERABILITY_KEY
priority_key = VulnerabilityFoundEvent.PRIORITY_KEY
multiple_vulns = event_data.get(VulnerabilityFoundEvent.MULTIPLE_VULNERABILITY_KEY) multiple_vulns = event_data.get(VulnerabilityFoundEvent.MULTIPLE_VULNERABILITY_KEY)
if multiple_vulns is not None: if multiple_vulns is not None:
top_priority = multiple_vulns[0].get('priority', 'Unknown') top_priority = multiple_vulns[0].get(priority_key, 'Unknown')
matching = [v for v in multiple_vulns if v.get('priority', 'Unknown') == top_priority] matching = [v for v in multiple_vulns if v.get(priority_key, 'Unknown') == top_priority]
msg = '%s %s' % (len(matching), top_priority) msg = '%s %s' % (len(matching), top_priority)
if len(matching) < len(multiple_vulns): if len(matching) < len(multiple_vulns):
@ -180,7 +187,7 @@ class VulnerabilityFoundEvent(NotificationEvent):
return msg % (event_data['repository'], len(event_data['tags'])) return msg % (event_data['repository'], len(event_data['tags']))
else: else:
msg = '%s vulnerability detected in repository %s in %s tags' msg = '%s vulnerability detected in repository %s in %s tags'
return msg % (event_data['vulnerability']['priority'], event_data['repository'], return msg % (event_data[vuln_key][priority_key], event_data['repository'],
len(event_data['tags'])) len(event_data['tags']))

View file

@ -0,0 +1,33 @@
import json
from endpoints.notificationevent import NotificationEvent
from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
from util.morecollections import AttrDict
def test_all_notifications(app):
# Create a test notification.
test_notification = AttrDict({
'repository': AttrDict({
'namespace_user': AttrDict(dict(username='foo')),
'name': 'bar',
}),
'event_config_json': json.dumps({
'level': 'low',
}),
})
for subc in NotificationEvent.__subclasses__():
if subc.event_name() is not None:
# Create the notification event.
found = NotificationEvent.get_event(subc.event_name())
sample_data = found.get_sample_data(test_notification)
# Make sure all calls succeed.
notification_data = {
'performer_data': {},
}
found.get_level(sample_data, notification_data)
found.get_summary(sample_data, notification_data)
found.get_message(sample_data, notification_data)

View file

@ -1,4 +1,8 @@
{% if event_data.vulnerabilities %}
{{ event_data.vulnerabilities|length }} vulnerabilities were detected in tags
{% else %}
A <a href="{{ event_data.vulnerability.link }}">{{ event_data.vulnerability.priority }} vulnerability</a> ({{ event_data.vulnerability.id }}) was detected in tags A <a href="{{ event_data.vulnerability.link }}">{{ event_data.vulnerability.priority }} vulnerability</a> ({{ event_data.vulnerability.id }}) was detected in tags
{% endif %}
{{ 'tags' | icon_image }} {{ 'tags' | icon_image }}
{% for tag in event_data.tags[0:3] %}{%if loop.index > 1 %}, {% endif %}{{ (event_data.repository, tag) | repository_tag_reference }}{% endfor %} {% if event_data.tags|length > 3 %}(and {{ event_data.tags|length - 3 }} more) {% endif %} in {% for tag in event_data.tags[0:3] %}{%if loop.index > 1 %}, {% endif %}{{ (event_data.repository, tag) | repository_tag_reference }}{% endfor %} {% if event_data.tags|length > 3 %}(and {{ event_data.tags|length - 3 }} more) {% endif %} in
repository {{ event_data.repository | repository_reference }} repository {{ event_data.repository | repository_reference }}

View file

@ -355,6 +355,7 @@ class TestSecurityScanner(unittest.TestCase):
event = VulnerabilityFoundEvent() event = VulnerabilityFoundEvent()
msg = '1 Low and 1 more vulnerabilities were detected in repository devtable/simple in 2 tags' msg = '1 Low and 1 more vulnerabilities were detected in repository devtable/simple in 2 tags'
self.assertEquals(msg, event.get_summary(body['event_data'], {})) self.assertEquals(msg, event.get_summary(body['event_data'], {}))
self.assertEquals('info', event.get_level(body['event_data'], {}))
else: else:
self.assertIsNone(queue_item) self.assertIsNone(queue_item)