From e27e92c3c5e1556acd17c3477419a4ce13e116d2 Mon Sep 17 00:00:00 2001 From: Robin5605 Date: Sat, 5 Oct 2024 20:44:59 -0500 Subject: [PATCH] Remove all email related features --- src/mainframe/endpoints/report.py | 60 ++++-------- src/mainframe/models/schemas.py | 10 -- tests/test_report.py | 152 +++++++++--------------------- 3 files changed, 64 insertions(+), 158 deletions(-) diff --git a/src/mainframe/endpoints/report.py b/src/mainframe/endpoints/report.py index 22d5cbe2..f324aefc 100644 --- a/src/mainframe/endpoints/report.py +++ b/src/mainframe/endpoints/report.py @@ -14,7 +14,6 @@ from mainframe.json_web_token import AuthenticationData from mainframe.models.orm import Scan from mainframe.models.schemas import ( - EmailReport, Error, ObservationKind, ObservationReport, @@ -121,20 +120,17 @@ def _validate_additional_information(body: ReportPackageBody, scan: Scan): log = logger.bind(package={"name": body.name, "version": body.version}) if body.additional_information is None: - if len(scan.rules) == 0 or body.use_email is False: - if len(scan.rules) == 0: - detail = ( - f"additional_information is a required field as package " - f"`{body.name}@{body.version}` has no matched rules in the database" - ) - else: - detail = "additional_information is required when using Observation API" - - error = HTTPException(400, detail=detail) - log.error( - "Missing additional_information field", error_message=detail, tag="missing_additional_information" + if len(scan.rules) == 0: + detail = ( + f"additional_information is a required field as package " + f"`{body.name}@{body.version}` has no matched rules in the database" ) - raise error + else: + detail = "additional_information is required when using Observation API" + + error = HTTPException(400, detail=detail) + log.error("Missing additional_information field", error_message=detail, tag="missing_additional_information") + raise error def _validate_pypi(name: str, version: str, http_client: httpx.Client): @@ -163,9 +159,6 @@ def report_package( """ Report a package to PyPI. - The optional `use_email` field can be used to send reports by email. This - defaults to `False`. - There are some restrictions on what packages can be reported. They must: - exist in the database - exist on PyPI @@ -208,30 +201,18 @@ def report_package( rules_matched: list[str] = [rule.name for rule in scan.rules] - if body.use_email is True: - report = EmailReport( - name=body.name, - version=body.version, - rules_matched=rules_matched, - recipient=body.recipient, - inspector_url=inspector_url, - additional_information=body.additional_information, - ) + # We previously checked this condition, but the typechecker isn't smart + # enough to figure that out + assert body.additional_information is not None - httpx_client.post(f"{mainframe_settings.reporter_url}/report/email", json=jsonable_encoder(report)) - else: - # We previously checked this condition, but the typechecker isn't smart - # enough to figure that out - assert body.additional_information is not None - - report = ObservationReport( - kind=ObservationKind.Malware, - summary=body.additional_information, - inspector_url=inspector_url, - extra=dict(yara_rules=rules_matched), - ) + report = ObservationReport( + kind=ObservationKind.Malware, + summary=body.additional_information, + inspector_url=inspector_url, + extra=dict(yara_rules=rules_matched), + ) - httpx_client.post(f"{mainframe_settings.reporter_url}/report/{name}", json=jsonable_encoder(report)) + httpx_client.post(f"{mainframe_settings.reporter_url}/report/{name}", json=jsonable_encoder(report)) with session.begin(): scan.reported_by = auth.subject @@ -247,7 +228,6 @@ def report_package( "inspector_url": inspector_url, "additional_information": body.additional_information, "rules_matched": rules_matched, - "use_email": body.use_email, }, reported_by=auth.subject, ) diff --git a/src/mainframe/models/schemas.py b/src/mainframe/models/schemas.py index cad4d420..7804ab2c 100644 --- a/src/mainframe/models/schemas.py +++ b/src/mainframe/models/schemas.py @@ -95,16 +95,6 @@ class ReportPackageBody(PackageSpecifier): recipient: Optional[str] inspector_url: Optional[str] additional_information: Optional[str] - use_email: bool = False - - -class EmailReport(PackageSpecifier): - """Model for a report using email""" - - rules_matched: list[str] - recipient: Optional[str] = None - inspector_url: Optional[str] - additional_information: Optional[str] # Taken from diff --git a/tests/test_report.py b/tests/test_report.py index fde95f05..76635bda 100644 --- a/tests/test_report.py +++ b/tests/test_report.py @@ -26,60 +26,31 @@ from mainframe.json_web_token import AuthenticationData from mainframe.models.orm import DownloadURL, Rule, Scan, Status from mainframe.models.schemas import ( - EmailReport, ObservationKind, ObservationReport, ReportPackageBody, ) -@pytest.mark.parametrize( - "body,url,expected", - [ - ( - ReportPackageBody( - name="c", - version="1.0.0", - recipient=None, - inspector_url=None, - additional_information="this package is bad", - use_email=True, - ), - "/report/email", - EmailReport( - name="c", - version="1.0.0", - rules_matched=["rule 1", "rule 2"], - inspector_url="test inspector url", - additional_information="this package is bad", - ), - ), - ( - ReportPackageBody( - name="c", - version="1.0.0", - recipient=None, - inspector_url=None, - additional_information="this package is bad", - ), - "/report/c", - ObservationReport( - kind=ObservationKind.Malware, - summary="this package is bad", - inspector_url="test inspector url", - extra=dict(yara_rules=["rule 1", "rule 2"]), - ), - ), - ], -) def test_report( sm: sessionmaker[Session], db_session: Session, auth: AuthenticationData, - body: ReportPackageBody, - url: str, - expected: EmailReport | ObservationReport, ): + body = ReportPackageBody( + name="c", + version="1.0.0", + recipient=None, + inspector_url=None, + additional_information="this package is bad", + ) + + report = ObservationReport( + kind=ObservationKind.Malware, + summary="this package is bad", + inspector_url="test inspector url", + extra=dict(yara_rules=["rule 1", "rule 2"]), + ) scan = Scan( name="c", version="1.0.0", @@ -107,7 +78,7 @@ def test_report( report_package(body, sm(), auth, mock_httpx_client) - mock_httpx_client.post.assert_called_once_with(url, json=jsonable_encoder(expected)) + mock_httpx_client.post.assert_called_once_with("/report/c", json=jsonable_encoder(report)) with sm() as sess, sess.begin(): s = sess.scalar(select(Scan).where(Scan.name == "c").where(Scan.version == "1.0.0")) @@ -177,70 +148,35 @@ def test_report_inspector_url(body_url: Optional[str], scan_url: Optional[str]): assert "test url" == _validate_inspector_url("a", "1.0.0", body_url, scan_url) -@pytest.mark.parametrize( - ("body", "scan"), - [ - ( # No additional information, and no rules with email - ReportPackageBody( - name="c", - version="1.0.0", - recipient=None, - inspector_url="inspector url override", - additional_information=None, - use_email=True, - ), - Scan( - name="c", - version="1.0.0", - status=Status.FINISHED, - score=0, - inspector_url=None, - rules=[], - download_urls=[], - queued_at=datetime.now() - timedelta(seconds=60), - queued_by="remmy", - pending_at=datetime.now() - timedelta(seconds=30), - pending_by="remmy", - finished_at=datetime.now() - timedelta(seconds=10), - finished_by="remmy", - reported_at=None, - reported_by=None, - fail_reason=None, - commit_hash="test commit hash", - ), - ), - ( # No additional information with Observations - ReportPackageBody( - name="c", - version="1.0.0", - recipient=None, - inspector_url="inspector url override", - additional_information=None, - use_email=False, - ), - Scan( - name="c", - version="1.0.0", - status=Status.FINISHED, - score=0, - inspector_url=None, - rules=[Rule(name="ayo")], - download_urls=[], - queued_at=datetime.now() - timedelta(seconds=60), - queued_by="remmy", - pending_at=datetime.now() - timedelta(seconds=30), - pending_by="remmy", - finished_at=datetime.now() - timedelta(seconds=10), - finished_by="remmy", - reported_at=None, - reported_by=None, - fail_reason=None, - commit_hash="test commit hash", - ), - ), - ], -) -def test_report_missing_additional_information(body: ReportPackageBody, scan: Scan): +def test_report_missing_additional_information(): + body = ReportPackageBody( + name="c", + version="1.0.0", + recipient=None, + inspector_url="inspector url override", + additional_information=None, + ) + + scan = Scan( + name="c", + version="1.0.0", + status=Status.FINISHED, + score=0, + inspector_url=None, + rules=[Rule(name="ayo")], + download_urls=[], + queued_at=datetime.now() - timedelta(seconds=60), + queued_by="remmy", + pending_at=datetime.now() - timedelta(seconds=30), + pending_by="remmy", + finished_at=datetime.now() - timedelta(seconds=10), + finished_by="remmy", + reported_at=None, + reported_by=None, + fail_reason=None, + commit_hash="test commit hash", + ) + with pytest.raises(HTTPException) as e: _validate_additional_information(body, scan) assert e.value.status_code == 400