def test_update_gone_discovered_assets(self):
asset = AssetDocument.get_or_create('10.0.0.1')
AssetDocument.get_or_create('10.0.0.2')
self.assertEqual(2, Search().index(AssetDocument.Index.name).count())
discovered_assets = AssetDocument.get_assets_with_tag(
tag=AssetStatus.DISCOVERED, config=AssetConfigMock())
targets = netaddr.IPSet()
targets.add("10.0.0.0/8")
scanned_hosts = [asset]
AssetDocument.update_gone_discovered_assets(
targets=targets,
scanned_hosts=scanned_hosts,
discovered_assets=discovered_assets,
config=AssetConfigMock())
new_assets = Search().index(AssetDocument.Index.name).execute()
self.assertEqual(2, len(new_assets.hits))
for a in map(lambda new_asset: new_asset.to_dict(), new_assets.hits):
if a["id"] == "10.0.0.1":
self.assertEqual(a["tags"], ["DISCOVERED"])
elif a["id"] == "10.0.0.2":
self.assertCountEqual(a["tags"], ["DELETED", "DISCOVERED"])
def parse(self, report) -> [Dict, Dict]:
for r in report.findall('.//results/result'):
if float(r.find('nvt//cvss_base').text) > 0:
ip_address = r.find('./host').text
self.__scanned_host.append(ip_address)
asset = AssetDocument.get_or_create(ip_address, self._config)
tags = self.parse_tags(r.find('./nvt/tags').text)
for cve in r.find('./nvt//cve').text.split(','):
port = r.find('./port').text.split('/')[0]
protocol = r.find('./port').text.split('/')[1]
oid = r.find('./nvt').attrib.get('oid')
cve = self.get_cve(cve, oid, tags)
if port == 'general':
port = None
protocol = None
uid = self._vuln_id(ip_address, port, oid)
self.__parsed[uid] = VulnerabilityDocument(
id=uid,
port=port,
protocol=protocol,
description=r.find('./description').text,
solution=tags['solution'],
cve=cve,
asset=asset,
source='OpenVas'
)
return self.__parsed, self.__scanned_host
def test_update_discovered_asset(self):
asset = AssetDocument.get_or_create('10.0.0.1')
self.assertEqual(asset.tags, [AssetStatus.DISCOVERED])
self.assertEqual(1, Search().index(AssetDocument.Index.name).count())
asset = AssetDocument(ip_address='10.0.0.1',
os='Windows',
id=1,
confidentiality_requirement='NOT_DEFINED',
integrity_requirement='NOT_DEFINED',
availability_requirement='NOT_DEFINED',
hostname='hostname_1')
AssetDocument.create_or_update({asset.id: asset}, AssetConfigMock())
thread_pool_executor.wait_for_all()
self.assertEqual(1, Search().index(AssetDocument.Index.name).count())
result = AssetDocument.search().filter(
'term', ip_address='10.0.0.1').execute()
uut = result.hits[0]
self.assertEqual(uut.os, 'Windows')
self.assertEqual(uut.ip_address, '10.0.0.1')
self.assertEqual(uut.hostname, 'hostname_1')
self.assertEqual(uut.tags, [])
def test_update_discovered_asset(self):
asset_tenant_1 = self.create_asset(self.config_tenant_1.name)
discovered_asset = AssetDocument.get_or_create(
asset_tenant_1.ip_address)
cve = create_cve()
create_vulnerability(discovered_asset, cve)
self.assertEqual(1, Search().index(AssetDocument.Index.name).count())
AssetDocument.create_or_update({asset_tenant_1.id: asset_tenant_1})
thread_pool_executor.wait_for_all()
self.assertEqual(1, Search().index(AssetDocument.Index.name).count())
self.assertEqual(
1,
Search().index(VulnerabilityDocument.Index.name).count())
result = VulnerabilityDocument.search().filter(
'term', cve__id='CVE-2017-0002').execute()
self.assertEqual(result.hits[0].asset.id, asset_tenant_1.id)
self.assertEqual(result.hits[0].asset.ip_address,
asset_tenant_1.ip_address)
self.assertEqual(result.hits[0].asset.confidentiality_requirement,
asset_tenant_1.confidentiality_requirement)
self.assertEqual(result.hits[0].asset.availability_requirement,
asset_tenant_1.availability_requirement)
def test_get_or_create_call_create_new_asset(self):
asset_1 = self.create_asset(asset_id=1,
ip_address='10.0.0.1',
hostname='hostname_1')
self.create_asset(asset_id=2,
ip_address='10.0.0.2',
hostname='hostname_2')
self.assertEqual(2, Search().index(AssetDocument.Index.name).count())
AssetDocument.create_or_update({asset_1.id: asset_1},
AssetConfigMock())
thread_pool_executor.wait_for_all()
asset_3 = AssetDocument.get_or_create('10.0.0.2')
self.assertEqual(3, Search().index(AssetDocument.Index.name).count())
result = AssetDocument.search().filter(
Q('match', tags=AssetStatus.DISCOVERED)).execute()
self.assertEqual(1, len(result.hits))
self.assertEqual(result.hits[0].ip_address, asset_3.ip_address)
self.assertEqual(result.hits[0].id, asset_3.ip_address)
def test_get_or_create_call_get_existing_asset(self):
asset_1 = self.create_asset(asset_id=1,
ip_address='10.0.0.1',
hostname='hostname_1')
self.create_asset(asset_id=2,
ip_address='10.0.0.2',
hostname='hostname_2')
self.assertEqual(2, Search().index(AssetDocument.Index.name).count())
AssetDocument.create_or_update({asset_1.id: asset_1},
AssetConfigMock())
asset_3 = AssetDocument.get_or_create('10.0.0.1')
self.assertEqual(2, Search().index(AssetDocument.Index.name).count())
self.assertEqual(asset_3.ip_address, asset_1.ip_address)
self.assertEqual(asset_3.hostname, asset_1.hostname)
self.assertEqual(asset_3.id, asset_1.id)
self.assertEqual(asset_3.confidentiality_requirement,
asset_1.confidentiality_requirement)
self.assertEqual(asset_3.integrity_requirement,
asset_1.integrity_requirement)
self.assertEqual(asset_3.availability_requirement,
asset_1.availability_requirement)
def get_asset(self, ip_address):
return AssetDocument.get_or_create(ip_address, self._config)
def create(item: RestrictedElement, config) -> AssetDocument:
ip_address = item.find(".//tag[@name='host-ip']").text
return AssetDocument.get_or_create(ip_address, config)
