def test_child_parent_verification_event_succeeds(session, workspace):
"""
Asserts that no exception will be raised when workspace are the same.
"""
host = HostFactory.build(workspace=workspace)
ServiceFactory.build(host=host, workspace=workspace)
session.commit()
def test_cannot_create_comment_of_another_workspace_object(self, test_client, session, second_workspace):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=second_workspace), data=raw_comment)
assert res.status_code == 400
assert res.json == {u'message': u"Can't comment object of another workspace"}
def test_update_with_parent_of_other_workspace(
self, parent_type, parent_factory, test_client, session,
second_workspace, credential_factory):
parent = parent_factory.create(workspace=second_workspace)
if parent_type == 'Host':
credential = credential_factory.create(
host=HostFactory.create(workspace=self.workspace),
service=None,
workspace=self.workspace)
else:
credential = credential_factory.create(
host=None,
service=ServiceFactory.create(workspace=self.workspace),
workspace=self.workspace)
session.commit()
assert parent.workspace_id != self.workspace.id
data = {
"username": "******",
"password": "******",
"name": "test",
"parent_type": parent_type,
"parent": parent.id
}
res = test_client.put(self.url(credential), data=data)
assert res.status_code == 400
assert 'Parent id not found' in res.data
def test_cannot_create_comment__with_invalid_object_type(self, test_client, session):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
raw_comment = self._create_raw_comment('workspace', service.id)
res = test_client.post(self.url(), data=raw_comment)
assert res.status_code == 400
assert res.json == {u'messages': {u'object_type': [u'Not a valid choice.']}}
def test_get_credentials_for_a_service_backwards_compatibility(self, session, test_client):
service = ServiceFactory.create()
credential = self.factory.create(service=service, host=None, workspace=service.workspace)
session.commit()
res = test_client.get(self.url(workspace=credential.workspace) + '?service={0}'.format(credential.service.id))
assert res.status_code == 200
assert map(lambda cred: cred['value']['parent'],res.json['rows']) == [credential.service.id]
assert map(lambda cred: cred['value']['parent_type'], res.json['rows']) == [u'Service']
def test_create_comment_from_plugins(self, test_client, session):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
initial_comment_count = len(session.query(Comment).all())
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=self.workspace), data=raw_comment)
assert res.status_code == 201
assert len(session.query(Comment).all()) == initial_comment_count + 1
def populate_workspace(workspace):
host = HostFactory.create(workspace=workspace)
service = ServiceFactory.create(workspace=workspace, host=host)
code = SourceCodeFactory.create(workspace=workspace)
# Create non confirmed vulnerabilities
# Create standard vulns
VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[0],
workspace=workspace,
host=host,
service=None,
confirmed=False)
VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[1],
workspace=workspace,
service=service,
host=None,
confirmed=False)
# Create web vulns
VulnerabilityWebFactory.create_batch(NC_WEB_VULN_COUNT,
workspace=workspace,
service=service,
confirmed=False)
# Create source code vulns
VulnerabilityCodeFactory.create_batch(NC_SOURCE_CODE_VULN_COUNT,
workspace=workspace,
source_code=code,
confirmed=False)
# Create confirmed vulnerabilities
# Create standard vulns
VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[0],
workspace=workspace,
host=host,
service=None,
confirmed=True)
VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[1],
workspace=workspace,
service=service,
host=None,
confirmed=True)
# Create web vulns
VulnerabilityWebFactory.create_batch(C_WEB_VULN_COUNT,
workspace=workspace,
service=service,
confirmed=True)
# Create source code vulns
VulnerabilityCodeFactory.create_batch(C_SOURCE_CODE_VULN_COUNT,
workspace=workspace,
source_code=code,
confirmed=True)
db.session.commit()
def test_create_comment_from_plugins(self, test_client, session):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
initial_comment_count = len(session.query(Comment).all())
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=self.workspace),
data=raw_comment)
assert res.status_code == 201
assert len(session.query(Comment).all()) == initial_comment_count + 1
def test_cannot_create_comment_of_another_workspace_object(
self, test_client, session, second_workspace):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=second_workspace),
data=raw_comment)
assert res.status_code == 400
assert res.json == {
u'message': u"Can't comment object of another workspace"
}
def test_cannot_create_comment__with_invalid_object_type(
self, test_client, session):
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
raw_comment = self._create_raw_comment('workspace', service.id)
res = test_client.post(self.url(), data=raw_comment)
assert res.status_code == 400
assert res.json == {
u'messages': {
u'object_type': [u'Not a valid choice.']
}
}
def test_verify_created_vulns_with_host_and_service_verification(self, session, test_client):
workspace = WorkspaceFactory.create()
command = EmptyCommandFactory.create(workspace=workspace)
host = HostFactory.create(workspace=workspace)
service = ServiceFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None)
vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None)
session.flush()
CommandObjectFactory.create(
command=command,
object_type='host',
object_id=host.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='service',
object_id=service.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace
)
session.commit()
res = test_client.get(self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
assert res.json == [{
u'_id': command.id,
u'command': command.command,
u'import_source': u'shell',
u'tool': command.tool,
u'user': command.user,
u'date': time.mktime(command.start_date.timetuple()) * 1000,
u'params': command.params,
u'hosts_count': 1,
u'services_count': 1,
u'vulnerabilities_count': 2,
u'criticalIssue': 1}
]
def populate_workspace(workspace):
host = HostFactory.create(workspace=workspace)
service = ServiceFactory.create(workspace=workspace, host=host)
code = SourceCodeFactory.create(workspace=workspace)
# Create non confirmed vulnerabilities
# Create standard vulns
VulnerabilityFactory.create_batch(
NC_STANDARD_VULN_COUNT[0], workspace=workspace, host=host,
service=None, confirmed=False)
VulnerabilityFactory.create_batch(
NC_STANDARD_VULN_COUNT[1], workspace=workspace, service=service,
host=None, confirmed=False)
# Create web vulns
VulnerabilityWebFactory.create_batch(
NC_WEB_VULN_COUNT, workspace=workspace, service=service,
confirmed=False)
# Create source code vulns
VulnerabilityCodeFactory.create_batch(
NC_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code,
confirmed=False)
# Create confirmed vulnerabilities
# Create standard vulns
VulnerabilityFactory.create_batch(
C_STANDARD_VULN_COUNT[0], workspace=workspace, host=host, service=None,
confirmed=True)
VulnerabilityFactory.create_batch(
C_STANDARD_VULN_COUNT[1], workspace=workspace, service=service,
host=None, confirmed=True)
# Create web vulns
VulnerabilityWebFactory.create_batch(
C_WEB_VULN_COUNT, workspace=workspace, service=service, confirmed=True)
# Create source code vulns
VulnerabilityCodeFactory.create_batch(
C_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code,
confirmed=True)
db.session.commit()
def test_create_unique_comment_for_plugins(self, session, test_client):
"""
"""
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
initial_comment_count = len(session.query(Comment).all())
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=self.workspace),
data=raw_comment)
assert res.status_code == 201
assert len(session.query(Comment).all()) == initial_comment_count + 1
url = self.url(workspace=self.workspace).strip('/') + '_unique/'
res = test_client.post(url, data=raw_comment)
assert res.status_code == 409
assert 'object' in res.json
assert type(res.json) == dict
def test_create_unique_comment_for_plugins(self, session, test_client):
"""
"""
service = ServiceFactory.create(workspace=self.workspace)
session.commit()
initial_comment_count = len(session.query(Comment).all())
raw_comment = self._create_raw_comment('service', service.id)
res = test_client.post(self.url(workspace=self.workspace),
data=raw_comment)
assert res.status_code == 201
assert len(session.query(Comment).all()) == initial_comment_count + 1
url = self.url(workspace=self.workspace).strip('/') + '_unique/'
res = test_client.post(url, data=raw_comment)
assert res.status_code == 409
assert 'object' in res.json
assert type(res.json) == dict
def test_child_parent_verification_event_fails(session, workspace,
second_workspace):
host = HostFactory.build(workspace=workspace)
ServiceFactory.build(host=host, workspace=second_workspace)
with pytest.raises(AssertionError):
session.commit()
def test_multiple_commands_executed_with_same_objects_found(self, session, test_client):
"""
This text verifies that multiple command does not affect activity feed counters.
"""
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None)
service = ServiceFactory.create(workspace=workspace)
commands = []
in_the_middle_commands = []
first_command = None
for index in range(0, 10):
command = EmptyCommandFactory.create(workspace=workspace)
commands.append(command)
if index > 0:
# in the middle commands should not affect counters (should be at 0)
in_the_middle_commands.append(command)
else:
first_command = command
session.flush()
CommandObjectFactory.create(
command=command,
object_type='host',
object_id=host.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace
)
# This command will change activity feed counters
vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None)
session.flush()
last_command = EmptyCommandFactory.create(workspace=workspace)
CommandObjectFactory.create(
command=last_command,
object_type='service',
object_id=service.id,
workspace=workspace
)
CommandObjectFactory.create(
command=last_command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace
)
session.commit()
res = test_client.get(self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
raw_first_command = filter(lambda comm: comm['_id'] == commands[0].id, res.json)
assert raw_first_command.pop() == {
u'_id': first_command.id,
u'command': first_command.command,
u'import_source': u'shell',
u'user': first_command.user,
u'date': time.mktime(first_command.start_date.timetuple()) * 1000,
u'params': first_command.params,
u'hosts_count': 1,
u'services_count': 0,
u'vulnerabilities_count': 1,
u'tool': first_command.tool,
u'criticalIssue': 0
}
for in_the_middle_command in in_the_middle_commands:
raw_in_the_middle_command = filter(lambda comm: comm['_id'] == in_the_middle_command.id, res.json)
assert raw_in_the_middle_command.pop() == {u'_id': in_the_middle_command.id,
u'command': in_the_middle_command.command,
u'import_source': u'shell',
u'user': in_the_middle_command.user,
u'date': time.mktime(in_the_middle_command.start_date.timetuple()) * 1000,
u'params': in_the_middle_command.params,
u'hosts_count': 0,
u'tool': in_the_middle_command.tool,
u'services_count': 0,
u'vulnerabilities_count': 0,
u'criticalIssue': 0}
# new command must create new service and vuln
raw_last_command = filter(lambda comm: comm['_id'] == last_command.id, res.json)
assert raw_last_command.pop() == {u'_id': last_command.id,
u'command': last_command.command,
u'import_source': u'shell',
u'user': last_command.user,
u'date': time.mktime(last_command.start_date.timetuple()) * 1000,
u'params': last_command.params,
u'hosts_count': 0,
u'tool': last_command.tool,
u'services_count': 1,
u'vulnerabilities_count': 1,
u'criticalIssue': 0}