1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
import gnupg
from git.exc import GitCommandError
from util import GPG_TEST_PASSPHRASE
from glsamaker.glsarepo import GLSARepo
from glsamaker.models.bug import Bug
from glsamaker.models.glsa import GLSA
def validate_commit(repo):
assert (
"[ GLSA 1 ] Foo Bar: Multiple vulnerabilities" in repo.repo.head.commit.summary
)
assert (
"Signed-off-by: GLSAMaker <glsamaker@gentoo.org>"
in repo.repo.head.commit.message
)
# TODO: Need to check the file was actually created, and verify
# the commit. Gitpython doesn't support commit verification, and
# doesn't seem to have a way to query diff information for the
# first commit of a repo.
def test_commit(app, gitrepo, gpghome, db):
repo = GLSARepo(gitrepo, GPG_TEST_PASSPHRASE, gpghome)
glsa = GLSA()
with app.app_context():
glsa.glsa_id = 1
glsa.title = "Foo Bar: Multiple vulnerabilities"
repo.commit(glsa)
validate_commit(repo)
def test_commit_without_subkey(app, gitrepo, gpghome, db):
gpg = gnupg.GPG(gnupghome=gpghome)
repo = GLSARepo(gitrepo, GPG_TEST_PASSPHRASE, gpghome)
glsa = GLSA()
with app.app_context():
glsa.glsa_id = 1
glsa.title = "Foo Bar: Multiple vulnerabilities"
repo.commit(glsa)
validate_commit(repo)
def test_commit_with_subkey(app, gitrepo, gpghome, db):
gpg = gnupg.GPG(gnupghome=gpghome)
subkey_fprint = list(gpg.list_keys()[0]["subkey_info"].keys())[0]
repo = GLSARepo(gitrepo, GPG_TEST_PASSPHRASE, gpghome, signing_key=subkey_fprint)
glsa = GLSA()
with app.app_context():
glsa.glsa_id = 1
glsa.title = "Foo Bar: Multiple vulnerabilities"
repo.commit(glsa)
validate_commit(repo)
def test_commit_failure(app, gitrepo, gpghome, db):
repo = GLSARepo(gitrepo, GPG_TEST_PASSPHRASE, gpghome, signing_key="doesn't exist")
glsa = GLSA()
with app.app_context():
glsa.glsa_id = 1
glsa.title = "Foo Bar: Multiple vulnerabilities"
try:
repo.commit(glsa)
except GitCommandError:
assert len(repo.repo.untracked_files) == 0
assert not repo.repo.is_dirty()
else:
# The git command should've failed since signing_key is
# garbage
assert False
def test_commit_bugs(app, db, gitrepo, gpghome):
repo = GLSARepo(gitrepo, GPG_TEST_PASSPHRASE, gpghome)
glsa = GLSA()
with app.app_context():
glsa.glsa_id = 1
glsa.title = "Foo Bar: Multiple vulnerabilities"
glsa.bugs = [Bug("654321"), Bug("123456")]
db.session.merge(glsa)
repo.commit(glsa)
expected = """[ GLSA 1 ] Foo Bar: Multiple vulnerabilities
Bug: https://bugs.gentoo.org/123456
Bug: https://bugs.gentoo.org/654321
Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
"""
assert expected == repo.repo.head.commit.message
|