def test_build_alive_test_opt(self):
w = DummyDaemon()
alive_test_out = [
"1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes",
"1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no",
"1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes",
]
target_options_dict = {'alive_test': '2'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_alive_test_opt_as_prefs(target_options_dict)
self.assertEqual(ret, alive_test_out)
# alive test was supplied via sepertae xml element
w = DummyDaemon()
alive_test_out = [
"1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes",
"1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no",
"1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes",
]
target_options_dict = {'alive_test_methods': '1', 'icmp': '1'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_alive_test_opt_as_prefs(target_options_dict)
self.assertEqual(ret, alive_test_out)
def test_build_alive_test_opt_empty(self):
w = DummyDaemon()
target_options_dict = {'alive_test': '0'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_alive_test_opt_as_prefs(target_options_dict)
self.assertEqual(ret, {})
# alive test was supplied via separate xml element
w = DummyDaemon()
target_options_dict = {'alive_test_methods': '1', 'icmp': '0'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_alive_test_opt_as_prefs(target_options_dict)
self.assertEqual(ret, {})
def test_set_alive_pinghost(self, mock_kb):
w = DummyDaemon()
alive_test_out = [
"1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes",
"1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no",
"1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes",
]
t_opt = {'alive_test': 2}
w.scan_collection.get_target_options = MagicMock(return_value=t_opt)
ov_setting = {'some_setiting': 1}
Openvas.get_settings = Mock()
Openvas.get_settings.reprepare_mock()
Openvas.get_settings.return_value = ov_setting
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p._openvas_scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_alive_test_option_for_openvas()
p.kbdb.add_scan_preferences.assert_called_with(
p._openvas_scan_id,
alive_test_out,
)
def test_snmp_unknown_auth_alg_credentials(self, mock_kb):
dummy = DummyDaemon()
creds = {
'snmp': {
'type': 'snmp',
'username': '******',
'password': '******',
'community': 'some comunity',
'auth_algorithm': 'sha2',
},
}
dummy.scan_collection.get_credentials = MagicMock(return_value=creds)
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, None
)
p_handler.scan_id = '456-789'
p_handler.kbdb.add_scan_preferences = MagicMock()
ret = p_handler.prepare_credentials_for_openvas()
errors = p_handler.get_error_messages()
self.assertFalse(ret)
self.assertIn(
"Unknown authentication algorithm: "
+ "sha2"
+ ". Use 'md5' or 'sha1'.",
errors,
)
def test_prepare_alive_test_not_supplied_as_enum(self, mock_kb):
w = DummyDaemon()
alive_test_out = {
"1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping": "no",
"1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping": "no",
"1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping": "no",
"1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping": "yes",
"1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP": "no",
"1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)": "yes",
}
t_opt = {'alive_test_methods': '1', 'icmp': '1'}
w.scan_collection.get_target_options = MagicMock(return_value=t_opt)
ov_setting = {'some_setting': 1}
with patch.object(Openvas, 'get_settings', return_value=ov_setting):
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p._nvts_params = {}
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_alive_test_option_for_openvas()
self.assertEqual(p._nvts_params, alive_test_out)
def test_missing_type_for_ssh_credentials(self, mock_kb):
dummy = DummyDaemon()
creds = {
'ssh': {
'port': '22',
'username': '******',
'password': '******',
},
}
dummy.scan_collection.get_credentials = MagicMock(return_value=creds)
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, None
)
p_handler.scan_id = '456-789'
p_handler.kbdb.add_scan_preferences = MagicMock()
ret = p_handler.prepare_credentials_for_openvas()
errors = p_handler.get_error_messages()
self.assertFalse(ret)
self.assertIn(
"Missing Credential Type for SSH."
+ " Use 'up' for Username + Password"
+ " or 'usk' for Username + SSH Key.",
errors,
)
def test_snmp_no_priv_alg_but_pw_credentials(self, mock_kb):
dummy = DummyDaemon()
creds = {
'snmp': {
'type': 'snmp',
'username': '******',
'password': '******',
'community': 'some comunity',
'auth_algorithm': 'sha1',
'privacy_password': '******',
},
}
dummy.scan_collection.get_credentials = MagicMock(return_value=creds)
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, None
)
p_handler.scan_id = '456-789'
p_handler.kbdb.add_scan_preferences = MagicMock()
ret = p_handler.prepare_credentials_for_openvas()
errors = p_handler.get_error_messages()
self.assertFalse(ret)
self.assertIn(
"When no privacy algorithm is used, the privacy"
+ " password also has to be empty.",
errors,
)
def test_set_bad_service_credentials(self, mock_kb):
dummy = DummyDaemon()
# bad cred type shh instead of ssh
creds = {
'shh': {
'type': 'up',
'port': '22',
'username': '******',
'password': '******',
},
}
dummy.scan_collection.get_credentials = MagicMock(return_value=creds)
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, None
)
p_handler.scan_id = '456-789'
p_handler.kbdb.add_scan_preferences = MagicMock()
ret = p_handler.prepare_credentials_for_openvas()
errors = p_handler.get_error_messages()
self.assertFalse(ret)
self.assertIn("Unknown service type for credential: shh", errors)
def test_build_credentials_ssh_up(self):
dummy = DummyDaemon()
cred_out = [
'auth_port_ssh|||22',
'1.3.6.1.4.1.25623.1.0.103591:1:entry:SSH login name:|||username',
'1.3.6.1.4.1.25623.1.0.103591:3:'
'password:SSH password (unsafe!):|||pass',
'1.3.6.1.4.1.25623.1.0.103591:7:entry:SSH privilege login name:|||',
'1.3.6.1.4.1.25623.1.0.103591:8:'
'password:SSH privilege password:|||',
]
cred_dict = {
'ssh': {
'type': 'up',
'port': '22',
'username': '******',
'password': '******',
}
}
p_handler = PreferenceHandler(
'1234-1234', None, dummy.scan_collection, None
)
ret = p_handler.build_credentials_as_prefs(cred_dict)
self.assertCountEqual(ret, cred_out)
def test_set_alive_pinghost(self, mock_kb):
w = DummyDaemon()
alive_test_out = [
"1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no",
"1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes",
"1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no",
"1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes",
]
t_opt = {'alive_test': 2}
w.scan_collection.get_target_options = MagicMock(return_value=t_opt)
ov_setting = {'some_setting': 1}
with patch.object(Openvas, 'get_settings', return_value=ov_setting):
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection,
None)
p._nvts_params = {}
p._openvas_scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_alive_test_option_for_openvas()
for key, value in p._nvts_params.items():
self.assertTrue(
"{0}|||{1}".format(key, value) in alive_test_out)
def test_set_scan_params(self, mock_kb):
dummy = DummyDaemon()
ospd_param_dict = {
'drop_privileges': {
'type': 'boolean',
'name': 'drop_privileges',
'default': 0,
'mandatory': 1,
'description': '',
},
}
opt = {'drop_privileges': 1}
dummy.scan_collection.get_options = MagicMock(return_value=opt)
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, None
)
p_handler.scan_id = '456-789'
p_handler.kbdb.add_scan_preferences = MagicMock()
p_handler.prepare_scan_params_for_openvas(ospd_param_dict)
p_handler.kbdb.add_scan_preferences.assert_called_with(
p_handler.scan_id, ['drop_privileges|||yes']
)
def test_set_scan_params(self, mock_kb):
w = DummyDaemon()
OSPD_PARAMS_MOCK = {
'drop_privileges': {
'type': 'boolean',
'name': 'drop_privileges',
'default': 0,
'mandatory': 1,
'description': '',
},
}
opt = {'drop_privileges': 1}
w.scan_collection.get_options = MagicMock(return_value=opt)
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_scan_params_for_openvas(OSPD_PARAMS_MOCK)
p.kbdb.add_scan_preferences.assert_called_with(
p.scan_id, ['drop_privileges|||yes']
)
def test_set_ports_invalid(self, mock_kb):
w = DummyDaemon()
w.scan_collection.get_ports = MagicMock(return_value='2,-9,4')
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
self.assertFalse(p.prepare_ports_for_openvas())
def test_build_alive_test_opt_empty(self):
w = DummyDaemon()
target_options_dict = {'alive_test': '0'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_alive_test_opt_as_prefs(target_options_dict)
self.assertEqual(ret, [])
def test_prepare_nvt_prefs_no_prefs(self, mock_kb):
w = DummyDaemon()
p = PreferenceHandler('456-789', mock_kb, w.scan_collection, None)
p._nvts_params = {}
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_nvt_preferences()
p.kbdb.add_scan_preferences.assert_not_called()
def test_build_credentials(self):
w = DummyDaemon()
cred_out = [
'1.3.6.1.4.1.25623.1.0.105058:1:entry:ESXi login name:|||username',
'1.3.6.1.4.1.25623.1.0.105058:2:password:ESXi login password:|||pass',
'auth_port_ssh|||22',
'1.3.6.1.4.1.25623.1.0.103591:1:entry:SSH login name:|||username',
'1.3.6.1.4.1.25623.1.0.103591:2:password:SSH key passphrase:|||pass',
'1.3.6.1.4.1.25623.1.0.103591:4:file:SSH private key:|||',
'1.3.6.1.4.1.25623.1.0.90023:1:entry:SMB login:|||username',
'1.3.6.1.4.1.25623.1.0.90023:2:password]:SMB password :|||pass',
'1.3.6.1.4.1.25623.1.0.105076:1:password:SNMP Community:some comunity',
'1.3.6.1.4.1.25623.1.0.105076:2:entry:SNMPv3 Username:username',
'1.3.6.1.4.1.25623.1.0.105076:3:password:SNMPv3 Password:pass',
'1.3.6.1.4.1.25623.1.0.105076:4:radio:SNMPv3 Authentication Algorithm:some auth algo',
'1.3.6.1.4.1.25623.1.0.105076:5:password:SNMPv3 Privacy Password:privacy pass',
'1.3.6.1.4.1.25623.1.0.105076:6:radio:SNMPv3 Privacy Algorithm:privacy algo',
]
cred_dict = {
'ssh': {
'type': 'ssh',
'port': '22',
'username': '******',
'password': '******',
},
'smb': {
'type': 'smb',
'username': '******',
'password': '******'
},
'esxi': {
'type': 'esxi',
'username': '******',
'password': '******',
},
'snmp': {
'type': 'snmp',
'username': '******',
'password': '******',
'community': 'some comunity',
'auth_algorithm': 'some auth algo',
'privacy_password': '******',
'privacy_algorithm': 'privacy algo',
},
}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
ret = p.build_credentials_as_prefs(cred_dict)
self.assertEqual(len(ret), len(cred_out))
self.assertIn('auth_port_ssh|||22', cred_out)
self.assertIn(
'1.3.6.1.4.1.25623.1.0.90023:1:entry:SMB login:|||username',
cred_out,
)
def test_build_alive_test_opt_fail_1(self):
w = DummyDaemon()
logging.Logger.debug = Mock()
target_options_dict = {'alive_test': 'a'}
p = PreferenceHandler('1234-1234', None, w.scan_collection, None)
target_options = p.build_alive_test_opt_as_prefs(target_options_dict)
assert_called_once(logging.Logger.debug)
self.assertEqual(len(target_options), 0)
def test_set_main_kbindex(self, mock_kb):
w = DummyDaemon()
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.kbdb.add_scan_preferences = Mock()
p.kbdb.index = 2
p.prepare_main_kbindex_for_openvas()
p.kbdb.add_scan_preferences.assert_called_with(
p.scan_id, ['ov_maindbid|||2'],
)
def test_prepare_nvt_prefs_no_prefs(self, mock_kb):
dummy = DummyDaemon()
p_handler = PreferenceHandler(
'456-789', mock_kb, dummy.scan_collection, None
)
p_handler._nvts_params = {} # pylint: disable = protected-access
p_handler.kbdb.add_scan_preferences = MagicMock()
p_handler.prepare_nvt_preferences()
p_handler.kbdb.add_scan_preferences.assert_not_called()
def test_set_plugins_false(self, mock_kb):
w = DummyDaemon()
w.scan_collection.get_vts = Mock()
w.scan_collection.get_vts.return_value = {}
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, w.nvti)
p.kbdb.add_scan_preferences = Mock()
r = p.prepare_plugins_for_openvas()
self.assertFalse(r)
def test_set_boreas_alive_test_without_settings(self, mock_kb):
w = DummyDaemon()
t_opt = {'alive_test': 16}
w.scan_collection.get_target_options = MagicMock(return_value=t_opt)
ov_setting = {}
with patch.object(Openvas, 'get_settings', return_value=ov_setting):
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_boreas_alive_test()
p.kbdb.add_scan_preferences.assert_not_called()
def test_set_ports(self, mock_kb):
w = DummyDaemon()
w.scan_collection.get_ports = MagicMock(return_value='80,443')
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_ports_for_openvas()
p.kbdb.add_scan_preferences.assert_called_with(
p.scan_id, ['port_range|||80,443'],
)
def test_set_credentials_empty(self, mock_kb):
w = DummyDaemon()
creds = {}
w.scan_collection.get_credentials = MagicMock(return_value=creds)
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p._openvas_scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
r = p.prepare_credentials_for_openvas()
self.assertTrue(r)
def test_set_target(self, mock_kb):
w = DummyDaemon()
w.scan_collection.get_host_list = MagicMock(return_value='192.168.0.1')
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_target_for_openvas()
p.kbdb.add_scan_preferences.assert_called_with(
p.scan_id, ['TARGET|||192.168.0.1'],
)
def test_set_plugins_false(self, mock_kb):
dummy = DummyDaemon()
dummy.scan_collection.get_vts = Mock()
dummy.scan_collection.get_vts.return_value = {}
p_handler = PreferenceHandler(
'1234-1234', mock_kb, dummy.scan_collection, dummy.nvti
)
p_handler.kbdb.add_scan_preferences = Mock()
ret = p_handler.prepare_plugins_for_openvas()
self.assertFalse(ret)
def test_set_host_options_none(self, mock_kb):
w = DummyDaemon()
exc = ''
w.scan_collection.get_exclude_hosts = MagicMock(return_value=exc)
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p._openvas_scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_host_options_for_openvas()
p.kbdb.add_scan_preferences.assert_not_called()
def test_process_vts_bad_param_id(self):
w = DummyDaemon()
vts = {
'1.3.6.1.4.1.25623.1.0.100061': {'3': 'new value'},
'vt_groups': ['family=debian', 'family=general'],
}
p = PreferenceHandler('1234-1234', None, w.scan_collection, w.nvti)
ret = p._process_vts(vts)
self.assertFalse(ret[1])
def test_process_vts_not_found(self, mock_kb):
w = DummyDaemon()
logging.Logger.warning = Mock()
vts = {
'1.3.6.1.4.1.25623.1.0.100065': {'3': 'new value'},
'vt_groups': ['family=debian', 'family=general'],
}
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, w.nvti)
w.nvti.get_nvt_metadata.return_value = None
p._process_vts(vts)
assert_called_once(logging.Logger.warning)
def test_set_alive_no_invalid_alive_test_no_enum(self, mock_kb):
w = DummyDaemon()
t_opt = {'alive_test_methods': '1', 'icmp': '-1'}
w.scan_collection.get_target_options = MagicMock(return_value=t_opt)
ov_setting = {'some_setting': 1}
with patch.object(Openvas, 'get_settings', return_value=ov_setting):
p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None)
p.scan_id = '456-789'
p.kbdb.add_scan_preferences = MagicMock()
p.prepare_alive_test_option_for_openvas()
p.kbdb.add_scan_preferences.assert_not_called()
def test_not_append_notus_oids(self):
dummy = DummyDaemon()
vts = {
'1.3.6.1.4.1.25623.1.0.100061': {'1': 'new value'},
'vt_groups': ['family=debian', 'family=general'],
}
p_handler = PreferenceHandler(
'1234-1234', None, dummy.scan_collection, dummy.nvti, lambda _: True
)
re = p_handler._process_vts(vts) # pylint: disable = protected-access
self.assertEqual(re[0], [])
self.assertEqual(re[1], {})
