def test_get_findings(self, mock_foo):
mock_foo.return_value = self.findings
cobalt_api_importer = CobaltApiImporter()
my_findings = cobalt_api_importer.get_findings(self.test_2)
mock_foo.assert_called_with('SERVICE_KEY_1')
self.assertEqual(my_findings, self.findings)
def test_prepare_client_one_test_configuration(self):
cobalt_api_importer = CobaltApiImporter()
cobalt_api, api_scan_configuration = cobalt_api_importer.prepare_client(
self.test_2)
self.assertEqual(api_scan_configuration, self.api_scan_configuration_2)
self.assertEqual(cobalt_api.api_token, 'API_KEY')
self.assertEqual(cobalt_api.org_token, 'EXTRAS')
def test_prepare_client_no_configuration(self, mock_foo):
mock_foo.filter.return_value = mock_foo
mock_foo.count.return_value = 0
with self.assertRaisesRegex(
Exception,
'There are no API Scan Configurations for this Product.'):
cobalt_api_importer = CobaltApiImporter()
cobalt_api_importer.prepare_client(self.test)
mock_foo.filter.assert_called_with(product=self.product)
def test_prepare_client_more_than_one_configuration(self, mock_foo):
mock_foo.filter.return_value = mock_foo
mock_foo.count.return_value = 2
with self.assertRaisesRegex(
Exception,
'More than one Product API Scan Configuration has been configured, but none of them has been chosen.'
):
cobalt_api_importer = CobaltApiImporter()
cobalt_api_importer.prepare_client(self.test)
mock_foo.filter.assert_called_with(product=self.product)
def test_prepare_client_one_product_configuration(self, mock_foo):
mock_foo.filter.return_value = mock_foo
mock_foo.count.return_value = 1
mock_foo.first.return_value = self.api_scan_configuration
cobalt_api_importer = CobaltApiImporter()
cobalt_api, api_scan_configuration = cobalt_api_importer.prepare_client(
self.test)
mock_foo.filter.assert_called_with(product=self.product)
self.assertEqual(api_scan_configuration, self.api_scan_configuration)
self.assertEqual(cobalt_api.api_token, 'API_KEY')
self.assertEqual(cobalt_api.org_token, 'EXTRAS')
def test_prepare_client_do_not_match(self):
product_3 = Product()
engagement_3 = Engagement()
engagement_3.product = product_3
test_3 = Test()
test_3.engagement = engagement_3
api_scan_configuration_3 = Product_API_Scan_Configuration()
api_scan_configuration_3.product = self.product
test_3.api_scan_configuration = api_scan_configuration_3
with self.assertRaisesRegex(
Exception,
'API Scan Configuration for Cobalt.io and Product do not match.'
):
cobalt_api_importer = CobaltApiImporter()
cobalt_api_importer.prepare_client(test_3)
def get_findings(self, file, test):
if file is None:
data = CobaltApiImporter().get_findings(test)
else:
data = json.load(file)
findings = []
for entry in data["data"]:
resource = entry["resource"]
links = entry["links"]
if not self.include_finding(resource):
continue
cobalt_state = resource["state"]
cobalt_severity = resource["severity"]
cobalt_log = resource["log"]
title = resource["title"]
date = self.get_created_date(cobalt_log)
description = "\n".join([
resource["description"],
"",
"Cobalt.io details:",
f"- Impact: {resource['impact']}",
f"- Likelihood: {resource['likelihood']}",
"",
"Cobalt.io link:",
links["ui"]["url"],
])
mitigation = resource["suggested_fix"]
steps_to_reproduce = resource["proof_of_concept"]
endpoints = resource["affected_targets"]
last_status_update = self.get_latest_update_date(cobalt_log)
unique_id_from_tool = resource["id"]
finding = Finding(
test=test,
title=textwrap.shorten(title, width=511, placeholder="..."),
date=date,
severity=self.convert_severity(cobalt_severity),
description=description,
mitigation=mitigation,
steps_to_reproduce=steps_to_reproduce,
active=self.is_active(cobalt_state),
verified=self.is_verified(cobalt_state),
false_p=self.is_false_p(cobalt_state),
duplicate=self.is_duplicate(cobalt_state),
out_of_scope=self.is_out_of_scope(cobalt_state),
risk_accepted=self.is_risk_accepted(cobalt_state),
is_mitigated=self.is_mitigated(cobalt_state),
last_status_update=last_status_update,
static_finding=False,
dynamic_finding=True,
unique_id_from_tool=unique_id_from_tool)
finding.unsaved_endpoints = self.convert_endpoints(endpoints)
findings.append(finding)
return findings