supervisor/tests/resolution/check/test_check_addon_pwned.py

"""Test Check Addon Pwned."""
# pylint: disable=import-error,protected-access
from unittest.mock import AsyncMock, patch

from supervisor.const import AddonState, CoreState
from supervisor.coresys import CoreSys
from supervisor.exceptions import PwnedSecret
from supervisor.resolution.checks.addon_pwned import CheckAddonPwned
from supervisor.resolution.const import IssueType, SuggestionType


class TestAddon:
    """Test Addon."""

    slug = "my_test"
    pwned = set()
    state = AddonState.STARTED
    is_installed = True


async def test_base(coresys: CoreSys):
    """Test check basics."""
    addon_pwned = CheckAddonPwned(coresys)
    assert addon_pwned.slug == "addon_pwned"
    assert addon_pwned.enabled


async def test_check(coresys: CoreSys):
    """Test check."""
    addon_pwned = CheckAddonPwned(coresys)
    coresys.core.state = CoreState.RUNNING

    addon = TestAddon()
    coresys.addons.local[addon.slug] = addon

    assert len(coresys.resolution.issues) == 0

    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
    await addon_pwned.run_check.__wrapped__(addon_pwned)
    assert not coresys.security.verify_secret.called

    addon.pwned.add("123456")
    coresys.security.verify_secret = AsyncMock(return_value=None)
    await addon_pwned.run_check.__wrapped__(addon_pwned)
    assert coresys.security.verify_secret.called

    assert len(coresys.resolution.issues) == 0

    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
    await addon_pwned.run_check.__wrapped__(addon_pwned)
    assert coresys.security.verify_secret.called

    assert len(coresys.resolution.issues) == 1
    assert coresys.resolution.issues[-1].type == IssueType.PWNED
    assert coresys.resolution.issues[-1].reference == addon.slug
    assert coresys.resolution.suggestions[-1].type == SuggestionType.EXECUTE_STOP
    assert coresys.resolution.suggestions[-1].reference == addon.slug


async def test_approve(coresys: CoreSys):
    """Test check."""
    addon_pwned = CheckAddonPwned(coresys)
    coresys.core.state = CoreState.RUNNING

    addon = TestAddon()
    coresys.addons.local[addon.slug] = addon
    addon.pwned.add("123456")

    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
    assert await addon_pwned.approve_check(reference=addon.slug)

    coresys.security.verify_secret = AsyncMock(return_value=None)
    assert not await addon_pwned.approve_check(reference=addon.slug)

    addon.is_installed = False
    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
    assert not await addon_pwned.approve_check(reference=addon.slug)


async def test_with_global_disable(coresys: CoreSys, caplog):
    """Test when pwned is globally disabled."""
    coresys.security.pwned = False
    addon_pwned = CheckAddonPwned(coresys)
    coresys.core.state = CoreState.RUNNING

    addon = TestAddon()
    coresys.addons.local[addon.slug] = addon

    assert len(coresys.resolution.issues) == 0
    coresys.security.verify_secret = AsyncMock(side_effect=PwnedSecret)
    await addon_pwned.run_check.__wrapped__(addon_pwned)
    assert not coresys.security.verify_secret.called
    assert "Skipping addon_pwned, pwned is globally disabled" in caplog.text


async def test_did_run(coresys: CoreSys):
    """Test that the check ran as expected."""
    addon_pwned = CheckAddonPwned(coresys)
    should_run = addon_pwned.states
    should_not_run = [state for state in CoreState if state not in should_run]
    assert len(should_run) != 0
    assert len(should_not_run) != 0

    with patch(
        "supervisor.resolution.checks.addon_pwned.CheckAddonPwned.run_check",
        return_value=None,
    ) as check:
        for state in should_run:
            coresys.core.state = state
            await addon_pwned()
            check.assert_called_once()
            check.reset_mock()

        for state in should_not_run:
            coresys.core.state = state
            await addon_pwned()
            check.assert_not_called()
            check.reset_mock()