lp-scanner-team team mailing list archive

["Timothy R. Chavez" <timothy.chavez@xxxxxxxxxxxxx>]

Timothy R. Chavez has proposed merging lp:~timrchavez/lp-scanner/lp-scanner-handle-unauthorized-access-to-grantee-data into lp:lp-scanner.

Requested reviews:
  The Launchpad Security Scanner Dev Team (lp-scanner-team)

For more details, see:
https://code.launchpad.net/~timrchavez/lp-scanner/lp-scanner-handle-unauthorized-access-to-grantee-data/+merge/165678

If the scanning user is not a member of the driver team (or owner) of the project, LP will throw an Unauthorized exception.  We need to handle this exception and report it in the scan log, so we can take the proper action.  This problem was introduced when the scanning user was removed from the all-powerful ~commercial-admins LP team.
-- 
https://code.launchpad.net/~timrchavez/lp-scanner/lp-scanner-handle-unauthorized-access-to-grantee-data/+merge/165678
Your team The Launchpad Security Scanner Dev Team is requested to review the proposed merge of lp:~timrchavez/lp-scanner/lp-scanner-handle-unauthorized-access-to-grantee-data into lp:lp-scanner.

=== modified file 'security-scanner.py'
--- security-scanner.py	2013-05-17 15:54:09 +0000
+++ security-scanner.py	2013-05-24 17:38:23 +0000
@@ -36,6 +36,7 @@
 
 import collections
 import functools
+import lazr
 import optparse
 import os
 from pprint import pprint
@@ -289,23 +290,28 @@
 
             project_team_grantee = False
 
-            for grantee in sharing.getPillarGranteeData(pillar=project):
-                # if the grantee is the project team and has not been
-                # granted permission to private security bugs
-                name = grantee["name"]
-                if (name == project.name + "-team" or
+            try:
+                for grantee in sharing.getPillarGranteeData(pillar=project):
+                    # if the grantee is the project team and has not been
+                    # granted permission to private security bugs
+                    name = grantee["name"]
+                    if (name == project.name + "-team" or
                         name in nonstandard_project_teams):
-                    project_team_grantee = True
-                    permissions = grantee["permissions"]
-                    if (name not in private_security_exceptions
+                        project_team_grantee = True
+                        permissions = grantee["permissions"]
+                        if (name not in private_security_exceptions
                             and (
                                 "PRIVATESECURITY" not in permissions
                                 or permissions["PRIVATESECURITY"] != "ALL")):
-                        project_team_private_security[project] = None
-                    break
+                                project_team_private_security[project] = None
+                        break
 
-            if not project_team_grantee:
-                project_team_private_security[project] = None
+                if not project_team_grantee:
+                    project_team_private_security[project] = None
+            except lazr.restfulclient.errors.Unauthorized:
+                printf("W: Cannot determine bug sharing policies for project "
+                       "'%s' because '%s' is not a member of the driver team "
+                       "for this project " % (project.name, lp.me.name))
 
             # check for rogue mailing lists on the project driver
             if (project.driver and
@@ -541,7 +547,7 @@
             self.mocker.result(projects)
 
         def _setup_project_grantee(
-                self, project, name="Mr Grantee", permissions=[]):
+            self, project, name="grantee", permissions=[], result_bad=False):
             mock_grantee = self.mocker.mock()
             mock_grantee["name"]
             self.mocker.result(name)
@@ -550,8 +556,13 @@
             self.mocker.result(permissions)
             self.mocker.count(0, None)
             self.sharing.getPillarGranteeData(pillar=project)
-            self.mocker.result([mock_grantee, ])
-            self.mocker.count(0, None)
+            if result_bad:
+                self.mocker.throw(
+                    lazr.restfulclient.errors.Unauthorized(
+                        "Unauthorized", 401))
+            else:
+                self.mocker.result([mock_grantee, ])
+                self.mocker.count(0, None)
 
         def test_read_config(self):
             expected_sections = [
@@ -671,6 +682,31 @@
                 "with the project team"
                 in security_report)
 
+        def test_unauthorized_access_to_grantee_data_is_handled(self):
+            """
+            Test that unauthorized access of getPillarGranteeData is handled.
+            """
+            mock_project = self._setup_project(name="project")
+            self._setup_project_group("test-project", [mock_project, ])
+            self._setup_project_grantee(
+                mock_project, name="project-team", permissions=[],
+                result_bad=True)
+            self.lp.me.name
+            self.mocker.result("lexbuilder")
+            self.mocker.count(0, None)
+            self.mocker.replay()
+            outfile = cStringIO.StringIO()
+            security_scanner(self.lp, self.sharing, self.config, outfile)
+            outfile.seek(0)
+            security_report = outfile.read()
+            with open('/tmp/foo', 'w') as f:
+                f.write(str(security_report))
+            self.assertTrue(
+                "W: Cannot determine bug sharing policies for project "
+                "'%s' because '%s' is not a member of the driver team "
+                "for this project " % (mock_project.name, self.lp.me.name)
+                in security_report)
+
         def test_project_with_rogue_mailing_lists_on_driver(self):
             driver = self._setup_driver(
                 name="not-in-allowed-mailing-lists",