def test_external_id_is_converted_to_local(self): ip = IPAddressFactory(address="192.168.128.10") vulnerability_1 = VulnerabilityFactory() vulnerability_2 = VulnerabilityFactory() data = self._dict2QueryDict({ 'last_scan_date': '2015-01-01T00:00:00', 'scan_status': 'ok', 'next_scan_date': '2016-01-01T00:00:00', 'details_url': 'https://example.com/scan-deatils', 'rescan_url': 'https://example.com/rescan-url', 'host_ip': ip.address, 'vulnerabilities': vulnerability_1.id, 'external_vulnerabilities': vulnerability_2.external_vulnerability_id, # noqa }) scan_serializer = SaveSecurityScanSerializer(context={'request': None}) deserialized = scan_serializer.to_internal_value(data) self.assertEqual( deserialized['vulnerabilities'], [vulnerability_1, vulnerability_2], )
def test_duplicates_works_when_used_in_series_value(self): SecurityScanFactory( base_object=DataCenterAssetFactory().baseobject_ptr, vulnerabilities=[ VulnerabilityFactory( patch_deadline=datetime.datetime.strptime( '2015-01-01', '%Y-%m-%d' ) ), ] ) SecurityScanFactory( base_object=DataCenterAssetFactory().baseobject_ptr, vulnerabilities=[ VulnerabilityFactory( patch_deadline=datetime.datetime.strptime( '2016-01-01', '%Y-%m-%d' ) ), VulnerabilityFactory( patch_deadline=datetime.datetime.strptime( '2016-02-02', '%Y-%m-%d' ) ), VulnerabilityFactory( patch_deadline=datetime.datetime.strptime( '2016-03-03', '%Y-%m-%d' ) ), ] ) graph = GraphFactory( aggregate_type=AggregateType.aggregate_count.id, params={ 'filters': { 'patch_deadline__gte': '2010-01-01', 'securityscan__base_object__isnull': False, }, 'series': 'securityscan|distinct', 'labels': 'patch_deadline|year', } ) graph.model = ContentType.objects.get_for_model(Vulnerability) graph.save() qs = graph.build_queryset() self.assertEqual(qs.all()[0]['series'], 1) self.assertEqual(qs.all()[1]['series'], 1)
def test_listing_show_correct_vuls_count_when_scan_has_different_vuls( self): scan = SecurityScanFactory( base_object=self.asset.baseobject_ptr, vulnerabilities=[ VulnerabilityFactory(patch_deadline=tomorrow()), VulnerabilityFactory(patch_deadline=yesterday()), VulnerabilityFactory(patch_deadline=yesterday()), ], ) self.assertTrue(scan.vulnerabilities.exists()) result = self.client.get( reverse('admin:data_center_dchost_changelist'), ) self.assertContains(result, "Vulnerable")
def test_ratio_aggregation(self): service_env = ServiceEnvironmentFactory(service__name='sample-service') vulnerability = VulnerabilityFactory( patch_deadline=datetime.date(2015, 1, 1) ) for is_patched in [True, False]: for _ in range(3): dca = DataCenterAssetFactory(service_env=service_env) if is_patched: ss = SecurityScanFactory(vulnerabilities=[]) else: ss = SecurityScanFactory(vulnerabilities=[vulnerability]) dca.securityscan = ss ss.save() dca.save() graph = GraphFactory( aggregate_type=AggregateType.aggregate_ratio.id, params={ 'series': ['securityscan__is_patched', 'id'], 'labels': 'service_env__service__name', 'filters': { 'series__gt': 0, } } ) qs = graph.build_queryset() self.assertEqual(qs.get(), { 'series': 50, 'service_env__service__name': 'sample-service' })
def test_create_scan_sets_is_patched_false_when_vulnerabilities(self): ip = IPAddressFactory(address="192.168.128.10") vulnerability = VulnerabilityFactory(patch_deadline=datetime.now() - timedelta(days=10)) data = { 'last_scan_date': '2015-01-01T00:00:00', 'scan_status': ScanStatus.ok.name, 'next_scan_date': '2016-01-01T00:00:00', 'details_url': 'https://example.com/scan-deatils', 'rescan_url': 'https://example.com/rescan-url', 'host_ip': ip.address, 'vulnerabilities': [ vulnerability.id, ], } url = reverse('securityscan-list') response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual( SecurityScan.objects.get(pk=response.data['id']).is_patched, False, )
def test_create_security_scan(self): ip = IPAddressFactory(address="192.168.128.10") vulnerability = VulnerabilityFactory() data = { 'last_scan_date': '2015-01-01T00:00:00', 'scan_status': ScanStatus.ok.name, 'next_scan_date': '2016-01-01T00:00:00', 'details_url': 'https://example.com/scan-deatils', 'rescan_url': 'https://example.com/rescan-url', 'host_ip': ip.address, 'vulnerabilities': [ vulnerability.id, ], } url = reverse('securityscan-list') response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) security_scan = SecurityScan.objects.get(pk=response.data['id']) self.assertEqual(security_scan.last_scan_date.isoformat(), data['last_scan_date']) self.assertEqual(security_scan.scan_status, ScanStatus.ok) self.assertEqual(security_scan.next_scan_date.isoformat(), data['next_scan_date']) self.assertEqual(security_scan.details_url, data['details_url']) self.assertEqual(security_scan.rescan_url, data['rescan_url']) self.assertEqual(security_scan.base_object, ip.base_object) self.assertEqual(security_scan.vulnerabilities.count(), 1) self.assertEqual(security_scan.vulnerabilities.get(), vulnerability)
def test_listing_show_fail_when_scan_succeed_and_got_exceeded_vulnerability( self): scan = SecurityScanFactory( base_object=self.asset.baseobject_ptr, vulnerabilities=[VulnerabilityFactory(patch_deadline=yesterday())], ) self.assertTrue(scan.vulnerabilities.exists()) result = self.client.get( reverse('admin:data_center_dchost_changelist'), ) self.assertContains(result, "Vulnerable")
def test_listing_show_ok_when_scan_succeed_and_vulnerability_before_deadline( self): SecurityScanFactory( base_object=self.asset.baseobject_ptr, vulnerabilities=[VulnerabilityFactory(patch_deadline=tomorrow())], ) result = self.client.get( reverse('admin:data_center_dchost_changelist'), ) self.assertContains(result, "Host clean")
def setUp(self): self.login_as_user() self.asset_no_vuls = DataCenterAssetFullFactory( rack__name='Rack #1', rack__server_room__name='SR1', rack__server_room__data_center__name='DC1', ) self.scan_no_vuls = SecurityScanFactory( base_object=self.asset_no_vuls.baseobject_ptr, vulnerabilities=[], ) self.today = datetime.now() self.yesterday = self.today + timedelta(days=-1) self.tomorrow = self.today + timedelta(days=1) self.asset_with_today_vul = DataCenterAssetFullFactory( rack__name='Rack #1', rack__server_room__name='SR1', rack__server_room__data_center__name='DC1', ) self.scan_with_vuls2 = SecurityScanFactory( base_object=self.asset_with_today_vul.baseobject_ptr, vulnerabilities=[ VulnerabilityFactory(patch_deadline=self.today, ) ]) self.asset_vuls2 = DataCenterAssetFullFactory( rack__name='Rack #1', rack__server_room__name='SR1', rack__server_room__data_center__name='DC1', ) self.scan_with_vuls2 = SecurityScanFactory( base_object=self.asset_vuls2.baseobject_ptr, vulnerabilities=[ VulnerabilityFactory(patch_deadline=self.today + timedelta(days=30)) ])
def test_error_raised_when_unknown_external_id(self): ip = IPAddressFactory(address="192.168.128.10") vulnerability = VulnerabilityFactory() data = self._dict2QueryDict({ 'last_scan_date': '2015-01-01T00:00:00', 'scan_status': 'ok', 'next_scan_date': '2016-01-01T00:00:00', 'details_url': 'https://example.com/scan-deatils', 'rescan_url': 'https://example.com/rescan-url', 'host_ip': ip.address, 'vulnerabilities': vulnerability.id, 'external_vulnerabilities': '12345678', }) scan_serializer = SaveSecurityScanSerializer(context={'request': None}) with self.assertRaises(serializers.ValidationError): scan_serializer.to_internal_value(data)
def setUp(self): super().setUp() ip = IPAddressFactory(address="192.168.128.10") self.vulnerability = VulnerabilityFactory() self.data = { 'last_scan_date': '2015-01-01T00:00:00', 'scan_status': ScanStatus.ok.name, 'next_scan_date': '2016-01-01T00:00:00', 'host_ip': ip.address, 'external_vulnerabilities': [self.vulnerability.external_vulnerability_id], }
def test_patch_security_scan(self): ip = IPAddressFactory(address="192.168.128.66") url = reverse('securityscan-detail', args=(self.security_scan.id, )) vulnerability = VulnerabilityFactory() data = { 'last_scan_date': (datetime.now() + timedelta(days=10)).replace(microsecond=0).isoformat(), 'scan_status': ScanStatus.error.name, 'next_scan_date': (datetime.now() + timedelta(days=15)).replace(microsecond=0).isoformat(), 'details_url': self.security_scan.details_url + '-new', 'rescan_url': self.security_scan.rescan_url + '-new', 'host_ip': ip.address, 'vulnerabilities': [ vulnerability.id, ], } response = self.client.patch(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.security_scan.refresh_from_db() self.assertEqual(self.security_scan.last_scan_date.isoformat(), data['last_scan_date']) self.assertEqual(self.security_scan.scan_status, ScanStatus.error) self.assertEqual(self.security_scan.next_scan_date.isoformat(), data['next_scan_date']) self.assertEqual(self.security_scan.details_url, data['details_url']) self.assertEqual(self.security_scan.rescan_url, data['rescan_url']) self.assertEqual(self.security_scan.base_object, ip.base_object) self.assertEqual(self.security_scan.vulnerabilities.count(), 1) self.assertEqual( self.security_scan.vulnerabilities.get(), vulnerability, )
def test_posting_scan_replace_old_one_when_scan_already_exists(self): ip = IPAddressFactory(address="192.168.128.66") scan = SecurityScanFactory(base_object=ip.base_object) data = { 'last_scan_date': (datetime.now() + timedelta(days=10)).replace(microsecond=0).isoformat(), 'scan_status': ScanStatus.ok.name, 'next_scan_date': (datetime.now() + timedelta(days=15)).replace(microsecond=0).isoformat(), 'details_url': "http://example.com", 'rescan_url': "http://example.com", 'host_ip': ip.address, 'vulnerabilities': [ VulnerabilityFactory().id, ], } self.assertEqual( SecurityScan.objects.get(base_object=ip.base_object.id).id, scan.id, ) response = self.client.post(reverse('securityscan-list'), data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertNotEqual( SecurityScan.objects.get(base_object=ip.base_object.id).id, scan.id, )
def setUp(self): super().setUp() self.vulnerability = VulnerabilityFactory()
class VulnerabilityAPITests(RalphAPITestCase): def setUp(self): super().setUp() self.vulnerability = VulnerabilityFactory() def test_get_vulnerability_list(self): url = reverse('vulnerability-list') response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['count'], Vulnerability.objects.count()) def test_get_vulnerability_details(self): url = reverse('vulnerability-detail', args=(self.vulnerability.id, )) response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['name'], self.vulnerability.name) self.assertEqual( response.data['patch_deadline'], self.vulnerability.patch_deadline.replace( microsecond=0).isoformat(), ) self.assertEqual(response.data['risk'], Risk.low.name) self.assertEqual( response.data['external_vulnerability_id'], self.vulnerability.external_vulnerability_id, ) def test_create_vulnerability(self): url = reverse('vulnerability-list') data = { 'name': "vulnerability name", 'display_name': "name", 'patch_deadline': (datetime.now() + timedelta(days=10)).replace(microsecond=0).isoformat(), 'risk': Risk.low.name, 'external_vulnerability_id': 100, } response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED) vulnerability = Vulnerability.objects.get(pk=response.data['id']) self.assertEqual(vulnerability.name, data['name']) self.assertEqual( vulnerability.patch_deadline.isoformat(), data['patch_deadline'], ) self.assertEqual(vulnerability.risk, Risk.low) self.assertEqual(vulnerability.external_vulnerability_id, data['external_vulnerability_id']) def test_patch_vulnerability(self): url = reverse('vulnerability-detail', args=(self.vulnerability.id, )) data = { 'name': self.vulnerability.name + ' new', 'patch_deadline': (self.vulnerability.patch_deadline + timedelta(days=3)).replace(microsecond=0).isoformat(), 'risk': Risk.high.name, 'external_vulnerability_id': self.vulnerability.external_vulnerability_id + 10 # noqa } response = self.client.patch(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.vulnerability.refresh_from_db() self.assertEqual(self.vulnerability.name, data['name']) self.assertEqual(self.vulnerability.patch_deadline.isoformat(), data['patch_deadline']) self.assertEqual(self.vulnerability.risk, Risk.high) self.assertEqual(self.vulnerability.external_vulnerability_id, data['external_vulnerability_id'])