pypi · ewdurbin · Feb 3, 2020 · Jan 31, 2020 · Jan 31, 2020
diff --git a/tests/unit/admin/views/test_verdicts.py b/tests/unit/admin/views/test_verdicts.py
@@ -14,37 +14,200 @@
 
 from random import randint
 
-import pretend
 import pytest
 
 from pyramid.httpexceptions import HTTPBadRequest, HTTPNotFound
 
 from warehouse.admin.views import verdicts as views
+from warehouse.malware.models import VerdictClassification, VerdictConfidence
 
-from ....common.db.malware import MalwareVerdictFactory
+from ....common.db.malware import MalwareCheckFactory, MalwareVerdictFactory
 
 
 class TestListVerdicts:
     def test_none(self, db_request):
-        assert views.get_verdicts(db_request) == {"verdicts": []}
+        assert views.get_verdicts(db_request) == {
+            "verdicts": [],
+            "check_names": set(),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
 
     def test_some(self, db_request):
-        verdicts = [MalwareVerdictFactory.create() for _ in range(10)]
+        check = MalwareCheckFactory.create()
+        verdicts = [MalwareVerdictFactory.create(check=check) for _ in range(10)]
 
-        assert views.get_verdicts(db_request) == {"verdicts": verdicts}
+        assert views.get_verdicts(db_request) == {
+            "verdicts": verdicts,
+            "check_names": set([check.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
 
     def test_some_with_multipage(self, db_request):
-        verdicts = [MalwareVerdictFactory.create() for _ in range(60)]
+        check1 = MalwareCheckFactory.create()
+        check2 = MalwareCheckFactory.create()
+        verdicts = [MalwareVerdictFactory.create(check=check2) for _ in range(60)]
 
         db_request.GET["page"] = "2"
 
-        assert views.get_verdicts(db_request) == {"verdicts": verdicts[25:50]}
+        assert views.get_verdicts(db_request) == {
+            "verdicts": verdicts[25:50],
+            "check_names": set([check1.name, check2.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
+
+    def test_check_name_filter(self, db_request):
+        check1 = MalwareCheckFactory.create()
+        check2 = MalwareCheckFactory.create()
+        check3 = MalwareCheckFactory.create()
+        verdicts1 = [MalwareVerdictFactory.create(check=check1) for _ in range(10)]
+        verdicts2 = [MalwareVerdictFactory.create(check=check2) for _ in range(10)]
+
+        response = {
+            "verdicts": verdicts1,
+            "check_names": set([check1.name, check2.name, check3.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
+
+        db_request.GET["check_name"] = check1.name
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["check_name"] = check2.name
+        response["verdicts"] = verdicts2
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["check_name"] = check3.name
+        response["verdicts"] = []
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["check_name"] = ""
+        response["verdicts"] = verdicts1 + verdicts2
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["check_name"] = "DoesNotExist"
+        with pytest.raises(HTTPBadRequest):
+            views.get_verdicts(db_request) == response
+
+    def test_classification_filter(self, db_request):
+        check1 = MalwareCheckFactory.create()
+        verdicts1 = [
+            MalwareVerdictFactory.create(
+                check=check1, classification=VerdictClassification.Threat
+            )
+            for _ in range(10)
+        ]
+        verdicts2 = [
+            MalwareVerdictFactory.create(
+                check=check1, classification=VerdictClassification.Indeterminate
+            )
+            for _ in range(10)
+        ]
+        verdicts3 = [
+            MalwareVerdictFactory.create(
+                check=check1, classification=VerdictClassification.Benign
+            )
+            for _ in range(5)
+        ]
+
+        db_request.GET["classification"] = "threat"
+        response = {
+            "verdicts": verdicts1,
+            "check_names": set([check1.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["classification"] = "indeterminate"
+        response["verdicts"] = verdicts2
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["classification"] = ""
+        response["verdicts"] = verdicts1 + verdicts2 + verdicts3
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["classification"] = "NotAClassification"
+        with pytest.raises(HTTPBadRequest):
+            views.get_verdicts(db_request)
+
+    def test_confidence_filter(self, db_request):
+        check1 = MalwareCheckFactory.create()
+        verdicts1 = [
+            MalwareVerdictFactory.create(check=check1, confidence=VerdictConfidence.Low)
+            for _ in range(10)
+        ]
+        verdicts2 = [
+            MalwareVerdictFactory.create(
+                check=check1, confidence=VerdictConfidence.Medium
+            )
+            for _ in range(10)
+        ]
+        verdicts3 = [
+            MalwareVerdictFactory.create(
+                check=check1, confidence=VerdictConfidence.High
+            )
+            for _ in range(5)
+        ]
+
+        db_request.GET["confidence"] = "low"
+        response = {
+            "verdicts": verdicts1,
+            "check_names": set([check1.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["confidence"] = "high"
+        response["verdicts"] = verdicts3
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["confidence"] = ""
+        response["verdicts"] = verdicts1 + verdicts2 + verdicts3
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["confidence"] = "NotAConfidence"
+        with pytest.raises(HTTPBadRequest):
+            views.get_verdicts(db_request) == response
+
+    def test_manually_reviewed_filter(self, db_request):
+        check1 = MalwareCheckFactory.create()
+        verdicts1 = [
+            MalwareVerdictFactory.create(check=check1, manually_reviewed=False)
+            for _ in range(10)
+        ]
+        verdicts2 = [
+            MalwareVerdictFactory.create(check=check1, manually_reviewed=True)
+            for _ in range(10)
+        ]
+
+        response = {
+            "verdicts": verdicts1,
+            "check_names": set([check1.name]),
+            "classifications": set(["threat", "indeterminate", "benign"]),
+            "confidences": set(["low", "medium", "high"]),
+        }
+
+        db_request.GET["manually_reviewed"] = "0"
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["manually_reviewed"] = "1"
+        response["verdicts"] = verdicts2
+        assert views.get_verdicts(db_request) == response
+
+        db_request.GET["manually_reviewed"] = "nope"
+
+        with pytest.raises(HTTPBadRequest):
+            views.get_verdicts(db_request)
 
-    def test_with_invalid_page(self):
-        request = pretend.stub(params={"page": "not an integer"})
+    def test_with_invalid_page(self, db_request):
+        db_request.GET["page"] = "not an integer"
 
         with pytest.raises(HTTPBadRequest):
-            views.get_verdicts(request)
+            views.get_verdicts(db_request)
 
 
 class TestGetVerdict:

diff --git a/warehouse/admin/templates/admin/base.html b/warehouse/admin/templates/admin/base.html
@@ -131,7 +131,7 @@
           </a>
         </li>
         <li>
-          <a href="{{ request.route_path('admin.verdicts.list') }}">
+          <a href="{{ request.route_path('admin.verdicts.list') }}?classification=threat&manually_reviewed=0">
             <i class="fa fa-gavel"></i> <span>Verdicts</span>
           </a>
         </li>

diff --git a/warehouse/admin/templates/admin/malware/verdicts/index.html b/warehouse/admin/templates/admin/malware/verdicts/index.html
@@ -17,20 +17,61 @@
 
 {% block title %}Malware Verdicts{% endblock %}
 
+{% set check_name = request.params.get("check_name") %}
+{% set classification = request.params.get("classification") %}
+{% set confidence = request.params.get("confidence") %}
+{% set manually_reviewed = request.params.get("manually_reviewed") %}
+
 {% block breadcrumb %}
   <li class="active">Verdicts</li>
 {% endblock %}
 
 {% block content %}
 <div class="box box-primary">
+  <div class="box-header with-border">
+    <form class="form-inline">
+      <div class="form-group">
+        <select class="form-control" name="check_name">
+          <option {{ "selected" if check_name is none else "" }} disabled value="">Check Name</option>
+          {% for c in check_names %}
+          <option {{ "selected" if check_name == c else "" }}>{{c}}</option>
+          {% endfor %}
+        </select>
+      </div>
+      <div class="form-group">
+        <select class="form-control" name="classification">
+          <option  {{ "selected" if classification is none else "" }} disabled value="">Classification</option>
+          {% for c in classifications %}
+          <option {{ "selected" if classification == c else "" }}>{{c}}</option>
+          {% endfor %}
+        </select>
+      </div>
+      <div class="form-group">
+        <select class="form-control" name="confidence">
+          <option {{ "selected" if confidence is none else "" }} disabled value="">Confidence</option>
+          {% for c in confidences %}
+          <option {{ "selected" if confidence == c else "" }}>{{c}}</option>
+          {% endfor %}
+        </select>
+      </div>
+      <div class="form-group">
+        <select class="form-control" name="manually_reviewed">
+          <option {{ "selected" if manually_reviewed is none else "" }} disabled value="">Needs Review?</option>
+          <option {{ "selected" if manually_reviewed == "0" else "" }} value="0">Needs Review</option>
+          <option {{ "selected" if manually_reviewed == "1" else "" }} value="1">Already Reviewed</option>
+        </select>
+      </div>
+      <button type="submit" class="btn btn-primary">Filter</button>
+    </form>
+  </div>
   <div class="box-body table-responsive no-padding">
     <table class="table table-hover">
       <tr>
         <th>Object</th>
         <th>Check</th>
         <th>Classification</th>
         <th>Confidence</th>
-        <th>Detail</th>
+        <th>Review</th>
       </tr>
       {% for verdict in verdicts %}
       <tr>

diff --git a/warehouse/admin/views/verdicts.py b/warehouse/admin/views/verdicts.py
@@ -14,7 +14,12 @@
 from pyramid.httpexceptions import HTTPBadRequest, HTTPNotFound
 from pyramid.view import view_config
 
-from warehouse.malware.models import MalwareVerdict
+from warehouse.malware.models import (
+    MalwareCheck,
+    MalwareVerdict,
+    VerdictClassification,
+    VerdictConfidence,
+)
 from warehouse.utils.paginate import paginate_url_factory
 
 
@@ -26,23 +31,23 @@
     uses_session=True,
 )
 def get_verdicts(request):
-    try:
-        page_num = int(request.params.get("page", 1))
-    except ValueError:
-        raise HTTPBadRequest("'page' must be an integer.") from None
-
-    verdicts_query = request.db.query(MalwareVerdict).order_by(
-        MalwareVerdict.run_date.desc()
+    result = {}
+    result["check_names"] = set(
+        [name for (name,) in request.db.query(MalwareCheck.name)]
     )
+    result["classifications"] = set([c.value for c in VerdictClassification])
+    result["confidences"] = set([c.value for c in VerdictConfidence])
+
+    validate_fields(request, result)
 
-    verdicts = SQLAlchemyORMPage(
-        verdicts_query,
-        page=page_num,
+    result["verdicts"] = SQLAlchemyORMPage(
+        generate_query(request.db, request.params),
+        page=int(request.params.get("page", 1)),
         items_per_page=25,
         url_maker=paginate_url_factory(request),
     )
 
-    return {"verdicts": verdicts}
+    return result
 
 
 @view_config(
@@ -59,3 +64,41 @@ def get_verdict(request):
         return {"verdict": verdict}
 
     raise HTTPNotFound
+
+
+def validate_fields(request, validators):
+    try:
+        int(request.params.get("page", 1))
+    except ValueError:
+        raise HTTPBadRequest("'page' must be an integer.") from None
+
+    validators = {**validators, **{"manually_revieweds": set(["0", "1"])}}
+
+    for key, possible_values in validators.items():
+        # Remove the trailing 's'
+        value = request.params.get(key[:-1])
+        additional_values = set([None, ""])
+        if value not in possible_values | additional_values:
+            raise HTTPBadRequest(
+                "Invalid value for '%s': %s." % (key[:-1], value)
+            ) from None
+
+
+def generate_query(db, params):
+    """
+    Returns an SQLAlchemy query wth request params applied as filters.
+    """
+    query = db.query(MalwareVerdict)
+    if params.get("check_name"):
+        query = query.join(MalwareCheck)
+        query = query.filter(MalwareCheck.name == params["check_name"])
+    if params.get("confidence"):
+        query = query.filter(MalwareVerdict.confidence == params["confidence"])
+    if params.get("classification"):
+        query = query.filter(MalwareVerdict.classification == params["classification"])
+    if params.get("manually_reviewed") is not None:
+        query = query.filter(
+            MalwareVerdict.manually_reviewed == bool(int(params["manually_reviewed"]))
+        )
+
+    return query.order_by(MalwareVerdict.run_date.desc())