public async Task Evaluate_NonCompliantPackage_CreatesErrorResult(Package nonCompliantPackage)
        {
            // Arrange
            var subscription  = new MicrosoftTeamSubscription();
            var policyHandler = new RequirePackageMetadataCompliancePolicy();

            var nugetUser = new User("NuGet");
            var newPackageRegistration = new PackageRegistration {
                Id = "NewPackageId", Owners = new List <User> {
                    nugetUser
                }
            };

            var context = CreateTestContext(
                true,
                subscription.Policies,
                nonCompliantPackage,
                packageRegistrationAlreadyExists: false,
                sourceAccount: nugetUser,
                targetAccount: nugetUser);

            // Act
            var result = await policyHandler.EvaluateAsync(context);

            // Assert
            Assert.False(result.Success);
            Assert.Null(newPackageRegistration.Owners.SingleOrDefault(u => u.Username == MicrosoftTeamSubscription.MicrosoftUsername));
            Assert.False(newPackageRegistration.IsVerified);
        }
        public async Task Evaluate_CompliantPackage_AddsRequiredCoOwner()
        {
            // Arrange
            var subscription  = new MicrosoftTeamSubscription();
            var policyHandler = new RequirePackageMetadataCompliancePolicy();

            var nugetUser = new User("NuGet");
            var newPackageRegistration = new PackageRegistration {
                Id = "NewPackageId", Owners = new List <User> {
                    nugetUser
                }
            };
            var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);

            var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>();

            packageOwnershipManagementService.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false)).Returns(Task.CompletedTask);

            var context = CreateTestContext(
                true,
                subscription.Policies,
                newMicrosoftCompliantPackage,
                packageRegistrationAlreadyExists: false,
                packageOwnershipManagementService: packageOwnershipManagementService.Object,
                sourceAccount: nugetUser,
                targetAccount: nugetUser);

            // Act
            var result = await policyHandler.EvaluateAsync(context);

            // Assert
            Assert.True(result.Success);
            packageOwnershipManagementService.Verify(s => s.AddPackageOwnerAsync(newPackageRegistration, Fakes.RequiredCoOwner, false), Times.Once);
        }
        public SecurityPolicyService(
            IEntitiesContext entitiesContext,
            IAuditingService auditing,
            IDiagnosticsService diagnostics,
            IAppConfiguration configuration,
            Lazy <IUserService> userService,
            Lazy <IPackageOwnershipManagementService> packageOwnershipManagementService,
            ITelemetryService telemetryService,
            MicrosoftTeamSubscription microsoftTeamSubscription = null)
        {
            EntitiesContext = entitiesContext ?? throw new ArgumentNullException(nameof(entitiesContext));
            Auditing        = auditing ?? throw new ArgumentNullException(nameof(auditing));

            if (diagnostics == null)
            {
                throw new ArgumentNullException(nameof(diagnostics));
            }

            Diagnostics                        = diagnostics.SafeGetSource(nameof(SecurityPolicyService));
            Configuration                      = configuration ?? throw new ArgumentNullException(nameof(configuration));
            DefaultSubscription                = new DefaultSubscription();
            MicrosoftTeamSubscription          = microsoftTeamSubscription;
            _packageOwnershipManagementService = packageOwnershipManagementService ?? throw new ArgumentNullException(nameof(packageOwnershipManagementService));
            _userService                       = userService ?? throw new ArgumentNullException(nameof(userService));
            _telemetryService                  = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
        }
Пример #4
0
        public async Task Evaluate_SilentlySucceedsWhenRequiredCoOwnerDoesNotExist()
        {
            // Arrange
            var subscription  = new MicrosoftTeamSubscription();
            var policyHandler = new RequirePackageMetadataCompliancePolicy();
            var fakes         = new Fakes();
            var context       = CreateTestContext(false, subscription.Policies, fakes.NewPackageVersion, packageRegistrationAlreadyExists: false);

            // Act
            var result = await policyHandler.EvaluateAsync(context);

            // Assert
            Assert.Equal(SecurityPolicyResult.SuccessResult, result);
        }
Пример #5
0
        private TestSecurityPolicyService CreateSecurityPolicyService()
        {
            var auditing = new Mock <IAuditingService>();

            auditing.Setup(s => s.SaveAuditRecordAsync(It.IsAny <AuditRecord>())).Returns(Task.CompletedTask).Verifiable();

            var subscription = new MicrosoftTeamSubscription();

            var service = new TestSecurityPolicyService(
                mockAuditing: auditing,
                userSubscriptions: new[] { subscription },
                organizationSubscriptions: new[] { subscription });

            return(service);
        }
        public async Task Evaluate_DoesNotCommitChangesToEntityContext()
        {
            // Arrange
            var subscription  = new MicrosoftTeamSubscription();
            var policyHandler = new RequirePackageMetadataCompliancePolicy();

            var nugetUser = new User("NuGet");
            var newPackageRegistration = new PackageRegistration {
                Id = "NewPackageId", Owners = new List <User> {
                    nugetUser
                }
            };
            var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);

            var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>(MockBehavior.Strict);

            packageOwnershipManagementService
            .Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false /* commitChanges: false */))
            .Returns(Task.CompletedTask)
            .Verifiable();

            var userService = new Mock <IUserService>(MockBehavior.Strict);

            userService
            .Setup(m => m.FindByUsername(MicrosoftTeamSubscription.MicrosoftUsername, It.IsAny <bool>()))
            .Returns(Fakes.RequiredCoOwner)
            .Verifiable();

            var telemetryService = new Mock <ITelemetryService>().Object;

            var context = new PackageSecurityPolicyEvaluationContext(
                userService.Object,
                packageOwnershipManagementService.Object,
                telemetryService,
                subscription.Policies,
                newMicrosoftCompliantPackage,
                sourceAccount: nugetUser,
                targetAccount: nugetUser,
                httpContext: It.IsAny <HttpContextBase>());

            // Act
            var result = await policyHandler.EvaluateAsync(context);

            // Assert
            packageOwnershipManagementService.VerifyAll();
            userService.VerifyAll();
        }
        public async Task Evaluate_CompliantPackage_CreatesWarningResultWhenPrefixReservationForNewIdIsMissing()
        {
            // Arrange
            var subscription  = new MicrosoftTeamSubscription();
            var policyHandler = new RequirePackageMetadataCompliancePolicy();

            var nugetUser = new User("NuGet");
            var newPackageRegistration = new PackageRegistration {
                Id = "NewPackageId", Owners = new List <User> {
                    nugetUser
                }
            };
            var newMicrosoftCompliantPackage = Fakes.CreateCompliantPackage("1.0", newPackageRegistration);

            var packageOwnershipManagementService = new Mock <IPackageOwnershipManagementService>();

            packageOwnershipManagementService.Setup(m => m.AddPackageOwnerAsync(newPackageRegistration, It.IsAny <User>(), false)).Returns(Task.CompletedTask);

            var context = CreateTestContext(
                true,
                subscription.Policies,
                newMicrosoftCompliantPackage,
                packageRegistrationAlreadyExists: false,
                packageOwnershipManagementService: packageOwnershipManagementService.Object,
                sourceAccount: nugetUser,
                targetAccount: nugetUser);

            // Act
            var result = await policyHandler.EvaluateAsync(context);

            // Assert
            Assert.True(result.Success);
            Assert.Null(result.ErrorMessage);
            Assert.True(result.HasWarnings);
            Assert.NotEmpty(result.WarningMessages);
            Assert.Contains(Strings.SecurityPolicy_RequirePackagePrefixReserved, result.WarningMessages);
            Assert.False(newPackageRegistration.IsVerified);
            packageOwnershipManagementService.Verify(s => s.AddPackageOwnerAsync(newPackageRegistration, Fakes.RequiredCoOwner, false), Times.Once);
        }