Centralize malicious

src/mainframe/constants.py

@@ -33,6 +33,8 @@ class Mainframe(EnvConfig):
 
     job_timeout: int = 60 * 2
 
+    score_threshold: int = 5
+
 
 mainframe_settings = Mainframe()  # pyright: ignore
 

src/mainframe/endpoints/scans.py

@@ -0,0 +1,55 @@
+import datetime as dt
+from typing import Annotated
+
+from fastapi import APIRouter, Depends
+from sqlalchemy import select
+from sqlalchemy.orm import Session, selectinload
+
+from mainframe.constants import mainframe_settings
+from mainframe.database import get_db
+from mainframe.dependencies import validate_token
+from mainframe.models.orm import Scan
+from mainframe.models.schemas import (
+    GetScansResponse,
+    MaliciousPackage,
+    PackageSpecifier,
+)
+
+router = APIRouter(tags=["scans"])
+
+
+@router.get("/scans", dependencies=[Depends(validate_token)])
+def get_scans(session: Annotated[Session, Depends(get_db)], since: int) -> GetScansResponse:
+    scalars = session.scalars(
+        select(Scan)
+        .where(Scan.finished_at >= dt.datetime.fromtimestamp(since, tz=dt.timezone.utc))
+        .options(selectinload(Scan.rules))
+    )
+
+    all_scans = scalars.all()
+
+    malicious_packages: list[MaliciousPackage] = []
+    for scan in all_scans:
+        if scan.score is None:
+            continue
+
+        if scan.score < mainframe_settings.score_threshold:
+            continue
+
+        if scan.inspector_url is None:
+            continue
+
+        malicious_package = MaliciousPackage(
+            name=scan.name,
+            version=scan.version,
+            score=scan.score,
+            inspector_url=scan.inspector_url,
+            rules=[rule.name for rule in scan.rules],
+        )
+
+        malicious_packages.append(malicious_package)
+
+    return GetScansResponse(
+        all_scans=[PackageSpecifier(name=scan.name, version=scan.version) for scan in all_scans],
+        malicious_packages=malicious_packages,
+    )

src/mainframe/models/schemas.py

@@ -84,3 +84,20 @@ class StatsResponse(BaseModel):
     ingested: int
     average_scan_time: float
     failed: int
+
+
+class MaliciousPackage(BaseModel):
+    """A malicious package"""
+
+    name: str
+    version: str
+    score: int
+    inspector_url: str
+    rules: list[str]
+
+
+class GetScansResponse(BaseModel):
+    """Get summary of packages scanned"""
+
+    all_scans: list[PackageSpecifier]
+    malicious_packages: list[MaliciousPackage]

tests/test_scans.py

@@ -0,0 +1,49 @@
+import datetime
+import random
+import string
+
+from fastapi.testclient import TestClient
+
+from mainframe.constants import mainframe_settings
+
+
+def _gen_random_string() -> str:
+    """Generate a random string"""
+
+    return "".join(random.choices(string.printable, k=10))
+
+
+def test_get_scans(client: TestClient):
+    since = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp())
+
+    res = client.post("/jobs", params=dict(batch=2))
+    jobs = res.json()
+
+    if len(jobs) == 0:
+        payload = [
+            dict(name=_gen_random_string(), version=_gen_random_string()),
+            dict(name=_gen_random_string(), version=_gen_random_string()),
+        ]
+        client.post("/batch/package", json=payload)
+
+        res = client.post("/jobs", params=dict(batch=2))
+        jobs = res.json()
+
+    for job in jobs:
+        payload = dict(
+            name=job["name"],
+            version=job["version"],
+            commit=_gen_random_string(),
+            score=mainframe_settings.score_threshold + random.randint(0, 20),
+            inspector_url=_gen_random_string(),
+            rules_matched=[_gen_random_string() for _ in range(random.randint(0, 5))],
+        )
+
+        client.put("/package", json=payload)
+
+    res = client.get("/scans", params=dict(since=since))
+    scans = res.json()
+
+    jobs = [dict(name=j["name"], version=j["version"]) for j in jobs]
+    assert [dict(name=p["name"], version=p["version"]) for p in scans["all_scans"]] == jobs
+    assert [dict(name=p["name"], version=p["version"]) for p in scans["malicious_packages"]] == jobs