From 9f30ec032e6bfbeb88dda7b0377bdd41f6591dad Mon Sep 17 00:00:00 2001
From: Michael Kelly <mkelly@mozilla.com>
Date: Tue, 13 Feb 2018 06:39:48 -0800
Subject: [PATCH] Fix bug 1437223: Add config for Pyup API key.

---
 socorro/cron/jobs/monitoring.py               | 17 +++++++++++------
 socorro/unittest/cron/jobs/test_monitoring.py | 14 ++++++++++++++
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/socorro/cron/jobs/monitoring.py b/socorro/cron/jobs/monitoring.py
index 729edcdc77..a6ddef7759 100644
--- a/socorro/cron/jobs/monitoring.py
+++ b/socorro/cron/jobs/monitoring.py
@@ -51,6 +51,8 @@ class DependencySecurityCheckCronApp(BaseCronApp):
         Path to the nsp binary for checking Node dependencies.
     crontabber.class-DependencySecurityCheckCronApp.safety_path
         Path to the PyUp Safety binary for checking Python dependencies.
+    crontabber.class-DependencySecurityCheckCronApp.safety_api_key
+        Optional API key to pass to Safety.
     crontabber.class-DependencySecurityCheckCronApp.package_json_path
         Path to the package.json file to run nsp against.
     secrets.sentry.dsn
@@ -74,6 +76,10 @@ class DependencySecurityCheckCronApp(BaseCronApp):
         'safety_path',
         doc='Path to the PyUp safety binary',
     )
+    required_config.add_option(
+        'safety_api_key',
+        doc='API key for Safety to use latest Pyup vulnerability database',
+    )
     required_config.add_option(
         'package_json_path',
         doc='Path to the package.json file to run nsp against',
@@ -128,12 +134,11 @@ def get_python_vulnerabilities(self):
         """
         # Safety checks what's installed in the current virtualenv, so no need
         # for any paths.
-        process = Popen(
-            [self.config.safety_path, 'check', '--json'],
-            stdin=PIPE,
-            stdout=PIPE,
-            stderr=PIPE,
-        )
+        cmd = [self.config.safety_path, 'check', '--json']
+        if self.config.get('safety_api_key'):
+            cmd += ['--key', self.config.safety_api_key]
+
+        process = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE)
         output, error_output = process.communicate()
 
         if process.returncode == 0:
diff --git a/socorro/unittest/cron/jobs/test_monitoring.py b/socorro/unittest/cron/jobs/test_monitoring.py
index d88cff1d28..6420f3f5b1 100644
--- a/socorro/unittest/cron/jobs/test_monitoring.py
+++ b/socorro/unittest/cron/jobs/test_monitoring.py
@@ -55,6 +55,20 @@ def test_get_python_vulnerabilities_none(self, mock_popen, app_config):
         assert app.get_python_vulnerabilities() == []
         assert popen.call_args[0][0] == [app_config['safety_path'], 'check', '--json']
 
+    def test_get_python_vulnerabilities_with_key(self, mock_popen, app_config):
+        app_config['safety_api_key'] = 'fake-api-key'
+        app = self.get_app(app_config)
+        popen = mock_popen(0)
+
+        assert app.get_python_vulnerabilities() == []
+        assert popen.call_args[0][0] == [
+            app_config['safety_path'],
+            'check',
+            '--json',
+            '--key',
+            'fake-api-key',
+        ]
+
     def test_get_python_vulnerabilities_failure(self, mock_popen, app_config):
         """Handle failures like being unable to connect to the network.