Merge branch 'refs/heads/white/dev' into white/staging

Author: Diego Nadares

faraday/server/api/modules/hosts_context.py

@@ -146,7 +146,8 @@ def _generate_filter_query(
                 joinedload(self.model_class.update_user),
                 joinedload(getattr(self.model_class, 'creator')).load_only('username'),
             )
-        filter_query = self._apply_filter_context(filter_query)
+        filter_query = (self._apply_filter_context(filter_query).
+                        filter(Host.workspace.has(active=True)))  # only hosts from active workspaces
         return filter_query
 
     @route('/<host_id>/services')

faraday/server/api/modules/services_context.py

@@ -9,7 +9,8 @@
 from filteralchemy import FilterSet, operators  # pylint:disable=unused-import
 # Local application imports
 from faraday.server.models import (
-    Service
+    Service,
+    db,
 )
 from faraday.server.api.base import (
     FilterMixin,
@@ -21,6 +22,8 @@
     PaginatedMixin
 )
 from faraday.server.api.modules.services import ServiceSchema
+from faraday.server.utils.search import search
+
 services_context_api = Blueprint('services_context_api', __name__)
 
 
@@ -56,5 +59,16 @@ def _envelope_list(self, objects, pagination_metadata=None):
                       if pagination_metadata is not None else len(services))
         }
 
+    def _generate_filter_query(
+            self, filters, severity_count=False, host_vulns=False, only_total_vulns=False, list_view=False
+    ):
+        filter_query = search(db.session,
+                              self.model_class,
+                              filters)
+
+        filter_query = (self._apply_filter_context(filter_query).
+                        filter(Service.workspace.has(active=True)))  # only services from active workspaces
+        return filter_query
+
 
 ServiceContextView.register(services_context_api)

faraday/server/api/modules/vulns.py

@@ -1493,7 +1493,6 @@ def _post_bulk_update(self, ids, extracted_data, workspace_name, **kwargs):
         if 'returning' in kwargs and kwargs['returning']:
             # update host stats
             from faraday.server.tasks import update_host_stats  # pylint:disable=import-outside-toplevel
-            print(kwargs['returning'])
             host_id_list = [data[4] for data in kwargs['returning'] if data[4]]
             service_id_list = [data[5] for data in kwargs['returning'] if data[5]]
             if faraday_server.celery_enabled:

faraday/server/api/modules/vulns_context.py

@@ -412,6 +412,8 @@ def _generate_filter_query(self, vulnerability_class, filters, hostname_filters,
                        filters)
         vulns = self._apply_filter_context(vulns)
 
+        vulns = vulns.filter(vulnerability_class.workspace.has(active=True))
+
         if hosts_os_filter:
             os_value = hosts_os_filter['val']
             vulns = vulns.join(Host).join(Service).filter(Host.os == os_value)

tests/test_api_hosts_context.py

@@ -94,6 +94,24 @@ def test_list_retrieves_all_items_from_all_workspace(self, test_client,
         assert res.status_code == 200
         assert len(res.json['rows']) == HOSTS_COUNT + 1
 
+    @pytest.mark.usefixtures('ignore_nplusone')
+    def test_list_retrieves_all_items_from_only_active_workspace(self, test_client,
+                                                     second_workspace,
+                                                     session,
+                                                     host_factory):
+        host_factory.create(workspace=second_workspace)
+        session.commit()
+        res = test_client.get(f"{self.url()}/filter")
+        assert res.status_code == 200
+        assert len(res.json['rows']) == HOSTS_COUNT + 1
+
+        second_workspace.active = False
+        session.commit()
+
+        res = test_client.get(f"{self.url()}/filter")
+        assert res.status_code == 200
+        assert len(res.json['rows']) == HOSTS_COUNT
+
     def test_retrieve_one_host(self, test_client, database):
         host = self.workspace.hosts[0]
         assert host.id is not None

tests/test_api_services_context.py

@@ -84,6 +84,21 @@ def test_list_retrieves_all_items_from(self, test_client, logged_user):
         assert res.status_code == 200
         assert len(res.json['services']) == OBJECT_COUNT
 
+    @pytest.mark.usefixtures('ignore_nplusone')
+    def test_list_retrieves_items_from_active_workspaces(self, test_client, logged_user, session, second_workspace,
+                                                         service_factory):
+        service_factory.create(workspace=second_workspace)
+        session.commit()
+        res = test_client.get(f"{self.url()}/filter")
+        assert res.status_code == 200
+        assert len(res.json['services']) == OBJECT_COUNT + 1
+
+        second_workspace.active = False
+        session.commit()
+        res = test_client.get(f"{self.url()}/filter")
+        assert res.status_code == 200
+        assert len(res.json['services']) == OBJECT_COUNT
+
     def test_bulk_delete_with_references(self, test_client, session, workspace):
         service_1 = self.factory.create(workspace=workspace)
         service_2 = self.factory.create(workspace=workspace)

tests/test_api_vulnerability_context.py

@@ -327,6 +327,39 @@ def test_hostnames(self, host_with_hostnames, test_client, session,
         assert set(res.json['hostnames']) == {hostname.name for hostname in
                                               host_with_hostnames.hostnames}
 
+    def test_wont_get_vulns_from_inactive_workspace(self, vulnerability_factory, second_workspace, test_client, session):
+        vulns = VulnerabilityWeb.query.all()
+        for vuln in vulns:
+            session.delete(vuln)
+        session.commit()
+
+        vulns = Vulnerability.query.all()
+        for vuln in vulns:
+            session.delete(vuln)
+        session.commit()
+
+        vulns_unconfirmed = vulnerability_factory.create_batch(4, confirmed=False,
+                                                               workspace=self.workspace,
+                                                               status='open',
+                                                               severity='critical')
+
+        vulns_high = vulnerability_factory.create_batch(4,
+                                                        confirmed=True,
+                                                        workspace=second_workspace,
+                                                        status='open',
+                                                        severity='high')
+        session.add_all(vulns_unconfirmed + vulns_high)
+        session.commit()
+
+        response = test_client.get(f'{self.url()}/filter')
+        assert response.status_code == 200
+        assert response.json['count'] == 8
+
+        second_workspace.active = False
+        response = test_client.get(f'{self.url()}/filter')
+        assert response.status_code == 200
+        assert response.json['count'] == 4
+
     def test_histogram_creation(self, vulnerability_factory, second_workspace, test_client, session):
         """
         This one should only check basic vuln properties