2019-08-13 08:02:00 +02:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
|
|
|
import unittest
|
|
|
|
import swagger_client
|
|
|
|
import time
|
|
|
|
|
2020-11-04 03:13:12 +01:00
|
|
|
from testutils import ADMIN_CLIENT, TEARDOWN, suppress_urllib3_warning
|
2019-08-13 08:02:00 +02:00
|
|
|
from library.user import User
|
|
|
|
from library.system import System
|
|
|
|
|
|
|
|
|
2020-06-22 04:34:03 +02:00
|
|
|
class TestSysCVEAllowlist(unittest.TestCase):
|
2019-08-13 08:02:00 +02:00
|
|
|
"""
|
|
|
|
Test case:
|
2020-06-22 04:34:03 +02:00
|
|
|
System Level CVE Allowlist
|
2019-08-13 08:02:00 +02:00
|
|
|
Setup:
|
|
|
|
Create user(RA)
|
|
|
|
Test Steps:
|
2020-06-22 04:34:03 +02:00
|
|
|
1. User(RA) reads the system level CVE allowlist and it's empty.
|
|
|
|
2. User(RA) updates the system level CVE allowlist, verify it's failed.
|
2019-08-13 08:02:00 +02:00
|
|
|
3. Update user(RA) to system admin
|
2020-06-22 04:34:03 +02:00
|
|
|
4. User(RA) updates the system level CVE allowlist, verify it's successful.
|
|
|
|
5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
|
|
|
|
6. User(RA) updates the expiration date of system level CVE allowlist.
|
|
|
|
7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
|
2019-08-13 08:02:00 +02:00
|
|
|
Tear Down:
|
2020-06-22 04:34:03 +02:00
|
|
|
1. Clear the system level CVE allowlist.
|
2019-08-13 08:02:00 +02:00
|
|
|
2. Delete User(RA)
|
|
|
|
"""
|
2020-11-04 03:13:12 +01:00
|
|
|
@suppress_urllib3_warning
|
2019-08-13 08:02:00 +02:00
|
|
|
def setUp(self):
|
|
|
|
self.user = User()
|
|
|
|
self.system = System()
|
|
|
|
user_ra_password = "Aa123456"
|
|
|
|
print("Setup: Creating user for test")
|
|
|
|
user_ra_id, user_ra_name = self.user.create_user(user_password=user_ra_password, **ADMIN_CLIENT)
|
|
|
|
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
|
|
|
|
self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
|
|
|
|
username=user_ra_name,
|
|
|
|
password=user_ra_password)
|
|
|
|
self.user_ra_id = int(user_ra_id)
|
|
|
|
|
2020-11-04 03:13:12 +01:00
|
|
|
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
|
|
|
|
def tearDown(self):
|
|
|
|
print("TearDown: Clearing the Allowlist")
|
|
|
|
self.system.set_cve_allowlist(**ADMIN_CLIENT)
|
|
|
|
print("TearDown: Deleting user: %d" % self.user_ra_id)
|
|
|
|
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
|
|
|
|
|
2020-06-22 04:34:03 +02:00
|
|
|
def testSysCVEAllowlist(self):
|
|
|
|
# 1. User(RA) reads the system level CVE allowlist and it's empty.
|
|
|
|
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
|
|
|
|
self.assertEqual(0, len(wl.items), "The initial system level CVE allowlist is not empty: %s" % wl.items)
|
|
|
|
# 2. User(RA) updates the system level CVE allowlist, verify it's failed.
|
2019-08-13 08:02:00 +02:00
|
|
|
cves = ['CVE-2019-12310']
|
2020-06-22 04:34:03 +02:00
|
|
|
self.system.set_cve_allowlist(None, 403, *cves, **self.USER_RA_CLIENT)
|
2019-08-13 08:02:00 +02:00
|
|
|
# 3. Update user(RA) to system admin
|
|
|
|
self.user.update_user_role_as_sysadmin(self.user_ra_id, True, **ADMIN_CLIENT)
|
2020-06-22 04:34:03 +02:00
|
|
|
# 4. User(RA) updates the system level CVE allowlist, verify it's successful.
|
|
|
|
self.system.set_cve_allowlist(None, 200, *cves, **self.USER_RA_CLIENT)
|
|
|
|
# 5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
|
|
|
|
expect_wl = [swagger_client.CVEAllowlistItem(cve_id='CVE-2019-12310')]
|
|
|
|
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
|
2019-08-13 08:02:00 +02:00
|
|
|
self.assertIsNone(wl.expires_at)
|
|
|
|
self.assertEqual(expect_wl, wl.items)
|
2020-06-22 04:34:03 +02:00
|
|
|
# 6. User(RA) updates the expiration date of system level CVE allowlist.
|
2019-08-13 08:02:00 +02:00
|
|
|
exp = int(time.time()) + 3600
|
2020-06-22 04:34:03 +02:00
|
|
|
self.system.set_cve_allowlist(exp, 200, *cves, **self.USER_RA_CLIENT)
|
|
|
|
# 7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
|
|
|
|
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
|
2019-08-13 08:02:00 +02:00
|
|
|
self.assertEqual(exp, wl.expires_at)
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2020-06-22 04:34:03 +02:00
|
|
|
unittest.main()
|