def test_scanner_model_key_files_output_file(self):
self.assertFalse(Scan().key_files_output_file)
scan = Scan(
output_file="/fake/path/scan_django_filter-1.1.0.whl.scan.json")
expected = "/fake/path/key_files_django_filter-1.1.0.whl.scan.json"
self.assertEqual(expected, scan.key_files_output_file)
def test_scanner_model_output_path(self):
scan = Scan()
self.assertFalse(scan.has_output_file)
self.assertIsNone(scan.output_path)
scan = Scan(output_file="non-existing-path")
self.assertFalse(scan.has_output_file)
self.assertIsNone(scan.output_path)
scan = Scan(output_file=self.scan_output_file)
self.assertTrue(scan.has_output_file)
self.assertEqual(self.data_location, scan.output_path)
def test_scanner_model_get_key_files_data(self):
self.assertIsNone(Scan().get_key_files_data())
scan = Scan.objects.create(output_file=self.scan_output_file)
key_files_data = scan.get_key_files_data()
self.assertTrue(key_files_data)
self.assertTrue(key_files_data[0].get("is_top_level"))
def test_scanner_model_has_output_file(self):
self.assertFalse(Scan().has_output_file)
scan = Scan.objects.create(uri="http://a.com/a.zip",
output_file="non-existing-path")
self.assertFalse(scan.has_output_file)
scan.output_file = self.scan_output_file
self.assertTrue(scan.has_output_file)
def test_scanner_model_data(self):
self.assertIsNone(Scan().data)
scan = Scan.objects.create(
uri="http://a.com/a.zip",
output_file=self.scan_output_file,
)
self.assertTrue(scan.data)
headers = scan.data.get("headers")[0]
self.assertEqual("3.1.1", headers["tool_version"])
def test_scanner_model_delete_removes_output_path(self):
scan = Scan()
self.assertTrue(scan.delete())
scan = Scan(output_file="non-existing-path")
self.assertFalse(scan.has_output_file)
with mock.patch("shutil.rmtree") as mock_rmtree:
self.assertTrue(scan.delete())
mock_rmtree.assert_not_called()
scan_output_location_path = Path(tempfile.mkdtemp())
scan_output_file = scan_output_location_path / "scan.json"
shutil.copyfile(self.scan_output_file, scan_output_file)
scan = Scan(output_file=str(scan_output_file))
self.assertTrue(scan.has_output_file)
self.assertTrue(scan.delete())
self.assertFalse(scan_output_file.exists())
self.assertFalse(scan_output_location_path.exists())
def test_scanner_model_get_summary_from_output(self):
self.assertIsNone(Scan().get_summary_from_output())
scan = Scan.objects.create(output_file=self.scan_output_file)
summary_data = scan.get_summary_from_output()
self.assertTrue(summary_data)
summary_reference_location = self.data_location / "summary.json"
# Un-comment to regenerate the reference data
# with summary_reference_location.open('w') as f:
# f.write(json.dumps(summary_data, indent=2))
expected = json.load(summary_reference_location.open())
self.assertEqual(expected, summary_data)
def test_scanner_model_get_license_matches_data(self):
self.assertIsNone(Scan().get_license_matches_data())
scan = Scan.objects.create(output_file=self.scan_output_file)
license_matches_data = scan.get_license_matches_data()
self.assertTrue(license_matches_data)
metadata_path = ("django_filter-1.1.0-py2.py3-none-any.whl-extract/"
"django_filter-1.1.0.dist-info/METADATA")
expected = {
"path": metadata_path,
"matched_text": "License: BSD",
}
self.assertEqual(expected, license_matches_data.get("bsd-new")[1])
expected = {
"path": metadata_path,
"matched_text":
"Classifier: License :: OSI Approved :: BSD License",
}
self.assertEqual(expected, license_matches_data.get("bsd-new")[2])
def run_scan(user, safe_ip_address, subscription_level=0):
'''
Executes the scan task. If this function is called with run_scan.delay(safe_ip_address), then
it will be placed into the Celery queue for asynchronous processing.
IMPORTANT: The caller is responsible for validating / cleaning the arguments passed to this task!
'''
# Initialize the scan variables to pass to the subprocess call
nmap_args = [
'/usr/local/bin/nmap',
'-sT', # TCP Connect scan
'-sV', # get versions
'-T2', # polite scan
'-P0', # use IP protocol ping instead of ICMP
'-oX', # XML output
'-', # output the XML to stdout rather than a real file so we can capture it
'--script',
'smb-check-vulns,vuln,exploit', # run these nse scripts
safe_ip_address
]
try:
scan = Scan()
scan.user = user
scan.start_time = datetime.datetime.now()
scan.state = Scan.PENDING
scan.save()
scan_id = scan.pk
std_out = tempfile.mkstemp() # generates a secure temp file with no race conditions
success = subprocess.check_call(nmap_args, stdout=std_out[0])
if success == 0:
f = open(std_out[1], 'r') # read the file-like back into memory.
xml_results = f.read()
f.close()
si = ScanImporter(xml_results, scan_id, user.id)
si.process()
except Exception as ex:
logging.error('Task failed to initiate\n{0}'.format(ex))