Merge pull request #4336 from Osmose/pyup-api-key

Fix bug 1437223: Add config for Pyup API key.
mozilla-services · Feb 13, 2018 · 9030ee1 · 9030ee1
2 parents 47671ec + 9f30ec0
commit 9030ee1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/socorro/cron/jobs/monitoring.py b/socorro/cron/jobs/monitoring.py
@@ -51,6 +51,8 @@ class DependencySecurityCheckCronApp(BaseCronApp):
         Path to the nsp binary for checking Node dependencies.
     crontabber.class-DependencySecurityCheckCronApp.safety_path
         Path to the PyUp Safety binary for checking Python dependencies.
+    crontabber.class-DependencySecurityCheckCronApp.safety_api_key
+        Optional API key to pass to Safety.
     crontabber.class-DependencySecurityCheckCronApp.package_json_path
         Path to the package.json file to run nsp against.
     secrets.sentry.dsn
@@ -74,6 +76,10 @@ class DependencySecurityCheckCronApp(BaseCronApp):
         'safety_path',
         doc='Path to the PyUp safety binary',
     )
+    required_config.add_option(
+        'safety_api_key',
+        doc='API key for Safety to use latest Pyup vulnerability database',
+    )
     required_config.add_option(
         'package_json_path',
         doc='Path to the package.json file to run nsp against',
@@ -128,12 +134,11 @@ def get_python_vulnerabilities(self):
         """
         # Safety checks what's installed in the current virtualenv, so no need
         # for any paths.
-        process = Popen(
-            [self.config.safety_path, 'check', '--json'],
-            stdin=PIPE,
-            stdout=PIPE,
-            stderr=PIPE,
-        )
+        cmd = [self.config.safety_path, 'check', '--json']
+        if self.config.get('safety_api_key'):
+            cmd += ['--key', self.config.safety_api_key]
+
+        process = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
         output, error_output = process.communicate()
 
         if process.returncode == 0:

diff --git a/socorro/unittest/cron/jobs/test_monitoring.py b/socorro/unittest/cron/jobs/test_monitoring.py
@@ -55,6 +55,20 @@ def test_get_python_vulnerabilities_none(self, mock_popen, app_config):
         assert app.get_python_vulnerabilities() == []
         assert popen.call_args[0][0] == [app_config['safety_path'], 'check', '--json']
 
+    def test_get_python_vulnerabilities_with_key(self, mock_popen, app_config):
+        app_config['safety_api_key'] = 'fake-api-key'
+        app = self.get_app(app_config)
+        popen = mock_popen(0)
+
+        assert app.get_python_vulnerabilities() == []
+        assert popen.call_args[0][0] == [
+            app_config['safety_path'],
+            'check',
+            '--json',
+            '--key',
+            'fake-api-key',
+        ]
+
     def test_get_python_vulnerabilities_failure(self, mock_popen, app_config):
         """Handle failures like being unable to connect to the network.