Refactor the security worker and API calls and add a bunch of tests

test/test_api_usage.py

@@ -11,6 +11,7 @@ from urllib import urlencode
 from urlparse import urlparse, urlunparse, parse_qs
 
 from playhouse.test_utils import assert_query_count, _QueryLogHandler
+from httmock import urlmatch, HTTMock
 
 from endpoints.api import api_bp, api
 from endpoints.building import PreparedBuild
@@ -52,6 +53,7 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                       RepositoryTeamPermissionList, RepositoryUserPermissionList)
 from endpoints.api.superuser import SuperUserLogs, SuperUserList, SuperUserManagement
+from endpoints.api.secscan import RepositoryImageSecurity
 from endpoints.api.suconfig import (SuperUserRegistryStatus, SuperUserConfig, SuperUserConfigFile,
                                     SuperUserCreateInitialSuperUser)
 
@@ -3430,6 +3432,75 @@ class TestSuperUserConfig(ApiTestCase):
     self.assertTrue(json['exists'])
 
 
+
+@urlmatch(netloc=r'(.*\.)?mockclairservice', path=r'/v1/layers/(.+)')
+def get_layer_success_mock(url, request):
+  vulnerabilities = [
+    {
+      "Name": "CVE-2014-9471",
+      "Namespace": "debian:8",
+      "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
+      "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
+      "Severity": "Low",
+      "FixedBy": "9.23-5"
+    }
+  ]
+
+  features = [
+    {
+      "Name": "coreutils",
+      "Namespace": "debian:8",
+      "Version": "8.23-4",
+      "Vulnerabilities": vulnerabilities,
+    }
+  ]
+
+  if not request.url.endswith('?vulnerabilities'):
+    vulnerabilities = []
+
+    if not request.url.endswith('?features'):
+      features = []
+
+  return py_json.dumps({
+    "Layer": {
+      "Name": "17675ec01494d651e1ccf81dc9cf63959ebfeed4f978fddb1666b6ead008ed52",
+      "Namespace": "debian:8",
+      "ParentName": "140f9bdfeb9784cf8730e9dab5dd12fbd704151cf555ac8cae650451794e5ac2",
+      "IndexedByVersion": 1,
+      "Features": features
+    }
+  })
+
+
+
+class TestRepositoryImageSecurity(ApiTestCase):
+  def test_get_vulnerabilities(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    layer = model.tag.get_tag_image(ADMIN_ACCESS_USER, 'simple', 'latest')
+
+    # Grab the security info for the tag. It should be queued.
+    response = self.getJsonResponse(RepositoryImageSecurity,
+                                    params=dict(repository=ADMIN_ACCESS_USER + '/simple',
+                                                imageid=layer.docker_image_id,
+                                                vulnerabilities='true'))
+    self.assertEquals('queued', response['status'])
+
+    # Mark the layer as indexed.
+    layer.security_indexed = True
+    layer.security_indexed_engine = app.config['SECURITY_SCANNER']['ENGINE_VERSION_TARGET']
+    layer.save()
+
+    # Grab the security info again.
+    with HTTMock(get_layer_success_mock):
+      response = self.getJsonResponse(RepositoryImageSecurity,
+                                      params=dict(repository=ADMIN_ACCESS_USER + '/simple',
+                                                  imageid=layer.docker_image_id,
+                                                  vulnerabilities='true'))
+      self.assertEquals('scanned', response['status'])
+      self.assertEquals(1, response['data']['Layer']['IndexedByVersion'])
+
+
 class TestSuperUserManagement(ApiTestCase):
   def test_get_user(self):
     self.login(ADMIN_ACCESS_USER)