def test_update_gone_discovered_assets(self): asset = AssetDocument.get_or_create('10.0.0.1') AssetDocument.get_or_create('10.0.0.2') self.assertEqual(2, Search().index(AssetDocument.Index.name).count()) discovered_assets = AssetDocument.get_assets_with_tag( tag=AssetStatus.DISCOVERED, config=AssetConfigMock()) targets = netaddr.IPSet() targets.add("10.0.0.0/8") scanned_hosts = [asset] AssetDocument.update_gone_discovered_assets( targets=targets, scanned_hosts=scanned_hosts, discovered_assets=discovered_assets, config=AssetConfigMock()) new_assets = Search().index(AssetDocument.Index.name).execute() self.assertEqual(2, len(new_assets.hits)) for a in map(lambda new_asset: new_asset.to_dict(), new_assets.hits): if a["id"] == "10.0.0.1": self.assertEqual(a["tags"], ["DISCOVERED"]) elif a["id"] == "10.0.0.2": self.assertCountEqual(a["tags"], ["DELETED", "DISCOVERED"])
def parse(self, report) -> [Dict, Dict]: for r in report.findall('.//results/result'): if float(r.find('nvt//cvss_base').text) > 0: ip_address = r.find('./host').text self.__scanned_host.append(ip_address) asset = AssetDocument.get_or_create(ip_address, self._config) tags = self.parse_tags(r.find('./nvt/tags').text) for cve in r.find('./nvt//cve').text.split(','): port = r.find('./port').text.split('/')[0] protocol = r.find('./port').text.split('/')[1] oid = r.find('./nvt').attrib.get('oid') cve = self.get_cve(cve, oid, tags) if port == 'general': port = None protocol = None uid = self._vuln_id(ip_address, port, oid) self.__parsed[uid] = VulnerabilityDocument( id=uid, port=port, protocol=protocol, description=r.find('./description').text, solution=tags['solution'], cve=cve, asset=asset, source='OpenVas' ) return self.__parsed, self.__scanned_host
def test_update_discovered_asset(self): asset = AssetDocument.get_or_create('10.0.0.1') self.assertEqual(asset.tags, [AssetStatus.DISCOVERED]) self.assertEqual(1, Search().index(AssetDocument.Index.name).count()) asset = AssetDocument(ip_address='10.0.0.1', os='Windows', id=1, confidentiality_requirement='NOT_DEFINED', integrity_requirement='NOT_DEFINED', availability_requirement='NOT_DEFINED', hostname='hostname_1') AssetDocument.create_or_update({asset.id: asset}, AssetConfigMock()) thread_pool_executor.wait_for_all() self.assertEqual(1, Search().index(AssetDocument.Index.name).count()) result = AssetDocument.search().filter( 'term', ip_address='10.0.0.1').execute() uut = result.hits[0] self.assertEqual(uut.os, 'Windows') self.assertEqual(uut.ip_address, '10.0.0.1') self.assertEqual(uut.hostname, 'hostname_1') self.assertEqual(uut.tags, [])
def test_update_discovered_asset(self): asset_tenant_1 = self.create_asset(self.config_tenant_1.name) discovered_asset = AssetDocument.get_or_create( asset_tenant_1.ip_address) cve = create_cve() create_vulnerability(discovered_asset, cve) self.assertEqual(1, Search().index(AssetDocument.Index.name).count()) AssetDocument.create_or_update({asset_tenant_1.id: asset_tenant_1}) thread_pool_executor.wait_for_all() self.assertEqual(1, Search().index(AssetDocument.Index.name).count()) self.assertEqual( 1, Search().index(VulnerabilityDocument.Index.name).count()) result = VulnerabilityDocument.search().filter( 'term', cve__id='CVE-2017-0002').execute() self.assertEqual(result.hits[0].asset.id, asset_tenant_1.id) self.assertEqual(result.hits[0].asset.ip_address, asset_tenant_1.ip_address) self.assertEqual(result.hits[0].asset.confidentiality_requirement, asset_tenant_1.confidentiality_requirement) self.assertEqual(result.hits[0].asset.availability_requirement, asset_tenant_1.availability_requirement)
def test_get_or_create_call_create_new_asset(self): asset_1 = self.create_asset(asset_id=1, ip_address='10.0.0.1', hostname='hostname_1') self.create_asset(asset_id=2, ip_address='10.0.0.2', hostname='hostname_2') self.assertEqual(2, Search().index(AssetDocument.Index.name).count()) AssetDocument.create_or_update({asset_1.id: asset_1}, AssetConfigMock()) thread_pool_executor.wait_for_all() asset_3 = AssetDocument.get_or_create('10.0.0.2') self.assertEqual(3, Search().index(AssetDocument.Index.name).count()) result = AssetDocument.search().filter( Q('match', tags=AssetStatus.DISCOVERED)).execute() self.assertEqual(1, len(result.hits)) self.assertEqual(result.hits[0].ip_address, asset_3.ip_address) self.assertEqual(result.hits[0].id, asset_3.ip_address)
def test_get_or_create_call_get_existing_asset(self): asset_1 = self.create_asset(asset_id=1, ip_address='10.0.0.1', hostname='hostname_1') self.create_asset(asset_id=2, ip_address='10.0.0.2', hostname='hostname_2') self.assertEqual(2, Search().index(AssetDocument.Index.name).count()) AssetDocument.create_or_update({asset_1.id: asset_1}, AssetConfigMock()) asset_3 = AssetDocument.get_or_create('10.0.0.1') self.assertEqual(2, Search().index(AssetDocument.Index.name).count()) self.assertEqual(asset_3.ip_address, asset_1.ip_address) self.assertEqual(asset_3.hostname, asset_1.hostname) self.assertEqual(asset_3.id, asset_1.id) self.assertEqual(asset_3.confidentiality_requirement, asset_1.confidentiality_requirement) self.assertEqual(asset_3.integrity_requirement, asset_1.integrity_requirement) self.assertEqual(asset_3.availability_requirement, asset_1.availability_requirement)
def get_asset(self, ip_address): return AssetDocument.get_or_create(ip_address, self._config)
def create(item: RestrictedElement, config) -> AssetDocument: ip_address = item.find(".//tag[@name='host-ip']").text return AssetDocument.get_or_create(ip_address, config)