def setUp(self) -> None:
super().setUp()
with open(get_fixture_location(__file__, 'host_response.json')) as f:
self.hosts = [json.loads(f.read())]
with open(get_fixture_location(__file__, 'users_response.json')) as f:
self.users = json.loads(f.read())
self.config_id = Config.objects.first().id
def not_updated_cve(self):
with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
NotificationCache.clear()
with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
self.assertEqual(NotificationCache.get(), [])
def setUp(self):
super().setUp()
self.config = Config.objects.first()
self.internal_xml = open(get_fixture_location(__file__,
'internal.xml'))
self.internal_targets_xml = open(
get_fixture_location(__file__, 'internal_targets.xml'))
self.uut = NessusReportParser(self.config)
self.addr1 = "192.168.1.1/32"
self.addr2 = "192.168.1.1"
self.addr3 = "10.0.0.1/30"
self.addr4 = "192.168.2.1-192.168.2.5"
def test_get_targets_gmp_9(self):
with open(get_fixture_location(__file__, "report_gmp_9.xml"),
'r') as xml:
target_xml = get_root_element(
get_fixture_location(__file__, "target_gmp_9.xml"))
with patch.object(self.uut,
"_get_target_definition",
return_value=target_xml) as target_def:
target = self.uut.get_targets(xml)
self.assertEqual(target, IPSet(IPNetwork("192.168.0.0/24")))
target_def.assert_called_once_with(
"71ffd436-52da-48c4-a39d-0ac28080c876")
def setUp(self):
super().setUp()
with open(get_fixture_location(__file__,
'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
thread_pool_executor.wait_for_all()
def test_parse(self):
with open(get_fixture_location(__file__, 'report_omp_7.xml'),
'r') as file:
parser = GmpParserOMP7(self.config)
vulns, scanned_hosts = parser.parse(file, "report_omp_7.xml")
self.assertEquals(len(scanned_hosts), 7)
self.assertEquals(scanned_hosts[0].last_scan_date,
'2020-04-08T21:04:47Z')
self.assertEquals(
set([
'10.10.10.31', '10.10.10.30', '10.10.10.32', '10.10.10.21',
'10.10.10.20', '10.10.10.7', '10.10.10.23'
]), set(x.ip_address for x in scanned_hosts))
self.assertEquals(len(vulns), 17)
vuln = vulns['c2649538-c269-3902-9361-de3e3558a449']
self.assertEquals(vuln.cve.base_score_v2, 5.0)
self.assertEquals(vuln.cve.access_vector_v2,
AccessVectorV2.NETWORK)
self.assertEquals(vuln.cve.access_complexity_v2,
AccessComplexityV2.LOW)
self.assertEquals(vuln.cve.authentication_v2,
AuthenticationV2.NONE)
self.assertEquals(vuln.cve.confidentiality_impact_v2,
ImpactV2.PARTIAL)
self.assertEquals(vuln.cve.integrity_impact_v2, ImpactV2.NONE)
self.assertEquals(vuln.cve.availability_impact_v2, ImpactV2.NONE)
self.assertEquals(vuln.port, '135')
self.assertEquals(vuln.protocol, 'tcp')
self.assertEquals(vuln.scan_date, '2020-04-08T21:06:33Z')
self.assertEquals(
vuln.name, 'DCE/RPC and MSRPC Services Enumeration Reporting')
self.assertEquals(vuln.solution,
'Filter incoming traffic to this ports.')
self.assertEquals(vuln.scan_file_url, "report_omp_7.xml")
def test_call(self, get_file):
file = open(get_fixture_location(__file__, 'cwec_v2.12.xml'))
get_file.return_value = file
update_cwe()
get_file.assert_called_once_with('https://cwe.mitre.org/data/xml/cwec_v2.12.xml.zip')
self.assertEqual(models.Cwe.objects.count(), 2)
def test_parse_called_for_vurtual_servers(self):
with open(get_fixture_location(__file__,
'virtual_host_response.json')) as f:
self.hosts = [json.loads(f.read())]
result = self.uut.parse(self.hosts)
self.assert_fields(result)
self.assertEqual(result[self.asset_id].business_owner, [{}])
self.assertEqual(result[self.asset_id].technical_owner, [{}])
def test_call(self, get_file):
file = open(get_fixture_location(__file__, 'cwec_v2.12.xml'))
get_file.return_value = file
update_cwe()
get_file.assert_called_once_with(
'https://cwe.mitre.org/data/xml/cwec_v2.12.xml.zip')
self.assertEqual(Search().index(CweDocument.Index.name).count(), 2)
def test_call(self, get_file):
file = open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json'))
get_file.return_value = file
update_cve(2017)
get_file.assert_called_once_with(
'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.gz')
self.assertEqual(Search().index(CveDocument.Index.name).count(), 2)
def test_parse(self):
with open(get_fixture_location(__file__, 'report_gmp_9.xml'),
'r') as file:
parser = GMP9Parser(self.config)
vulns, scanned_hosts = parser.parse(file, "report_gmp_9.xml")
self.assertEquals(scanned_hosts[0].last_scan_date,
'2020-11-03T21:47:56Z')
self.assertEquals(len(scanned_hosts), 34)
self.assertEquals(
set([
'192.168.0.103', '192.168.0.40', '192.168.0.7',
'192.168.0.37', '192.168.0.39', '192.168.0.51',
'192.168.0.102', '192.168.0.32', '192.168.0.27',
'192.168.0.45', '192.168.0.28', '192.168.0.31',
'192.168.0.49', '192.168.0.36', '192.168.0.46',
'192.168.0.35', '192.168.0.101', '192.168.0.9',
'192.168.0.13', '192.168.0.5', '192.168.0.42',
'192.168.0.25', '192.168.0.6', '192.168.0.2',
'192.168.0.10', '192.168.0.14', '192.168.0.3',
'192.168.0.15', '192.168.0.30', '192.168.0.38',
'192.168.0.8', '192.168.0.23', '192.168.0.50',
'192.168.0.26'
]), set([x.ip_address for x in scanned_hosts]))
self.assertEquals(len(vulns), 155)
vuln = vulns['798d53cb-4479-3010-b6ed-7bcf2e816880']
self.assertEquals(vuln.cve.id,
'NOCVE-1.3.6.1.4.1.25623.1.0.900600')
self.assertEquals(vuln.cve.base_score_v2, 6.4)
self.assertEquals(vuln.cve.access_vector_v2,
AccessVectorV2.NETWORK)
self.assertEquals(vuln.cve.access_complexity_v2,
AccessComplexityV2.LOW)
self.assertEquals(vuln.cve.authentication_v2,
AuthenticationV2.NONE)
self.assertEquals(vuln.cve.confidentiality_impact_v2,
ImpactV2.PARTIAL)
self.assertEquals(vuln.cve.integrity_impact_v2, ImpactV2.PARTIAL)
self.assertEquals(vuln.cve.availability_impact_v2, ImpactV2.NONE)
self.assertEquals(vuln.port, '21')
self.assertEquals(vuln.protocol, 'tcp')
self.assertEquals(vuln.scan_date, '2020-11-03T21:43:10Z')
self.assertEquals(vuln.name, 'Anonymous FTP Login Reporting')
self.assertEquals(
vuln.solution,
'If you do not want to share files, you should disable\n anonymous logins.'
)
self.assertEquals(vuln.scan_file_url, "report_gmp_9.xml")
vuln = vulns['e25a7c6d-471a-3097-9701-58663d84d98e']
self.assertEquals(vuln.cve.id, 'CVE-2003-1567')
self.assertEquals(vuln.port, '80')
self.assertEquals(vuln.protocol, 'tcp')
self.assertEquals(vuln.scan_date, '2020-11-03T21:50:18Z')
self.assertEquals(vuln.name,
'HTTP Debugging Methods (TRACE/TRACK) Enabled')
self.assertEquals(vuln.scan_file_url, "report_gmp_9.xml")
def test_should_not_update(self):
self.assertEqual(Search().index(CveDocument.Index.name).count(), 2)
with open(get_fixture_location(__file__,
'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
thread_pool_executor.wait_for_all()
self.assertEqual(Search().index(CveDocument.Index.name).count(), 2)
def test_get_targets(self):
xml = get_root_element(
get_fixture_location(__file__, "report_with_target.xml"))
target_xml = get_root_element(
get_fixture_location(__file__, "target.xml"))
target2_xml = get_root_element(
get_fixture_location(__file__, "target2.xml"))
target3_xml = get_root_element(
get_fixture_location(__file__, "target3.xml"))
with patch.object(self.uut,
"_get_target_definition",
return_value=target_xml) as target_def:
target = self.uut.get_targets(xml)
self.assertEqual(target, IPSet(IPNetwork("192.168.1.0/24")))
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
with patch.object(self.uut,
"_get_target_definition",
return_value=target2_xml) as target_def:
ip_set = IPSet(IPRange(start="192.168.1.1", end="192.168.1.200"))
target = self.uut.get_targets(xml)
self.assertEqual(target, ip_set)
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
with patch.object(self.uut,
"_get_target_definition",
return_value=target3_xml) as target_def:
ip_set = IPSet()
ip_set.add(IPAddress("10.31.2.30"))
ip_set.add(IPAddress("10.31.2.23"))
ip_set.add(IPAddress("10.31.2.7"))
ip_set.add(IPAddress("10.31.2.31"))
ip_set.add(IPAddress("10.31.2.11"))
ip_set.add(IPAddress("10.31.2.21"))
ip_set.add(IPRange(start="10.31.2.34", end="10.31.2.35"))
ip_set.add(IPAddress("10.31.2.20"))
ip_set.add(IPAddress("10.31.2.32"))
target = self.uut.get_targets(xml)
self.assertEqual(target, ip_set)
target_def.assert_called_once_with(
"e39cf6fa-1932-42c5-89d4-b66f469c615b")
def test_call(self, get_file):
file = open(get_fixture_location(__file__, 'official-cpe-dictionary_v2.2.xml'))
get_file.return_value = file
update_cpe()
get_file.assert_called_once_with(
'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.zip'
)
self.assertEqual(models.Cpe.objects.count(), 1)
def test_call(self, get_file):
file = open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json'))
get_file.return_value = file
update_cve(2017)
get_file.assert_called_once_with(
'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.gz'
)
self.assertEqual(models.Cve.objects.count(), 2)
def test_update(self):
cve = models.Cve.objects.get(id='CVE-2017-0008')
cve.last_modified_date = None
cve.save()
cache.clear()
factory = CveFactory()
with open(get_fixture_location(__file__, 'nvdcve-1.0-2017.json')) as handle:
factory.process(handle)
self.assertEqual([('CVE-2017-0008', False)], NotificationCache.get())
self.assertEqual(factory.updated, 1)
def test_call_get_host_by_id(self, request_mock):
with open(get_fixture_location(__file__, 'host_response.json')) as f:
j = f.read()
api_response = json.loads(j)
api_response_json = json.dumps(json.loads(j))
self.uut.get_token = Mock(
return_value='79ee13720dbf474399dde532daad558aaeb131c3')
request_mock.request.return_value = ResponseMock(
json.dumps(api_response), 200)
result = self.uut.get_host_data_by_id(62)
self.assertEqual(result, api_response_json)
def test_call_get_all_assets(self, request_mock):
self.uut.get_token = Mock(
return_value='79ee13720dbf474399dde532daad558aaeb131c3')
with open(get_fixture_location(__file__,
'all_hosts_response.json')) as f:
j = f.read()
api_response = j
request_mock.request.return_value = ResponseMock(api_response, 200)
result = self.uut.get_all_assets()
self.assertIs(type(result), list)
self.assertIs(type(result[0]), dict)
self.assertEqual(len(result), 1)
def test_update(self):
cve = CveDocument.search().filter('term',
id='CVE-2017-0002').execute().hits[0]
cve.last_modified_date = None
cve.save(refresh=True)
with open(get_fixture_location(__file__,
'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
thread_pool_executor.wait_for_all()
self.assertEqual(
CveDocument.search().filter('term', id='CVE-2017-0002').count(), 1)
new_cve = CveDocument.search().filter(
'term', id='CVE-2017-0002').execute().hits[0]
self.assertTrue(cve.last_modified_date != new_cve.last_modified_date)
def test_parse(self):
xml = ET.parse(get_fixture_location(__file__, 'report.xml'))
parser = GmpParser(self.config)
vulns, scanned_hosts = parser.parse(xml)
self.assertEquals([
'10.10.10.21', '10.10.10.21', '10.10.10.23', '10.10.10.23',
'10.10.10.30', '10.10.10.7', '10.10.10.20', '10.10.10.30',
'10.10.10.31', '10.10.10.32', '10.10.10.7', '10.10.10.20',
'10.10.10.23', '10.10.10.30', '10.10.10.31', '10.10.10.32',
'10.10.10.7'
], scanned_hosts)
self.assertEquals(len(vulns), 17)
vuln = vulns['d133b95a-04cc-324b-95d0-fb329f4a811f']
self.assertEquals(vuln.port, '135')
self.assertEquals(vuln.protocol, 'tcp')
self.assertEquals(vuln.solution,
'Filter incoming traffic to this ports.')
def test_call(self):
self.con.download_scan.return_value = open(get_fixture_location(__file__, 'internal.xml'))
update_data(config_pk=self.config_id,
scan_id=1,
scaner_api=self.scanner_api)
self.scanner_api.assert_called_once_with(Config.objects.get(pk=1))
self.con.download_scan.assert_called_once_with(1)
vuln = Vulnerability.objects.filter(asset__ip_address='10.0.2.15').first()
self.assertEqual(vuln.asset.ip_address, '10.0.2.15')
self.assertEqual(vuln.asset.os, 'Linux Kernel 3.10.0-957.5.1.el7.x86_64 on CentOS Linux release 7.6.1810 (Core)')
self.assertEqual(vuln.port.number, 22)
self.assertEqual(vuln.port.svc_name, 'ssh')
self.assertEqual(vuln.port.protocol, 'tcp')
self.assertEqual(vuln.cve.id, 'CVE-2008-5161')
self.assertEqual(vuln.solution, 'Contact the vendor or consult product documentation to disable CBC mode '
'cipher encryption, and enable CTR or GCM cipher mode encryption.')
self.assertFalse(vuln.exploit_available)
def test_call_call_not_update(self):
with open(get_fixture_location(__file__,
'nvdcve-1.0-2017-2.json')) as handle:
CveFactory.process(handle)
thread_pool_executor.wait_for_all()
result = CveDocument.search().filter('term',
id='CVE-2017-0002').execute()
self.assertEqual(len(result.hits), 1)
cve = result.hits[0]
self.assertEqual(cve.id, 'CVE-2017-0002')
self.assertEqual(cve.access_vector_v2, metrics.AccessVectorV2.NETWORK)
self.assertEqual(cve.access_complexity_v2,
metrics.AccessComplexityV2.MEDIUM)
self.assertEqual(cve.authentication_v2, metrics.AuthenticationV2.NONE)
self.assertEqual(cve.confidentiality_impact_v2,
metrics.ImpactV2.PARTIAL)
self.assertEqual(cve.integrity_impact_v2, metrics.ImpactV2.PARTIAL)
self.assertEqual(cve.availability_impact_v2, metrics.ImpactV2.PARTIAL)
def load_data(self):
with open(get_fixture_location(__file__,
'nvdcve-1.0-2017.json')) as handle:
CveFactory.process(handle)
with open(get_fixture_location(__file__, 'via4.json')) as handle:
self.data = handle.read()
def setUp(self):
super().setUp()
with open(get_fixture_location(__file__, 'cwec_v2.12.xml')) as handle:
CWEFactory.process(handle)
thread_pool_executor.wait_for_all()
def setUp(self) -> None:
with open(get_fixture_location(__file__, 'host_response.json')) as f:
self.hosts = json.loads(f.read())
def test_get_reports_ids_call(self):
xml = ET.parse(get_fixture_location(__file__, 'reports_omp_7.xml'))
parser = GmpParserOMP7(self.config)
ids = parser.get_scans_ids(xml)
self.assertEquals(ids, ['0f9ea6ca-→abf5-4139-a772-cb68937cdfbb'])
def test_get_parser_gmp_9_call(self, client):
client().get_version.return_value = ET.parse(
get_fixture_location(__file__, 'gm_9_version.xml'))
parser = self.uut.get_parser()
self.assertIsInstance(parser, GMP9Parser)
self.assertTrue(parser.get_targets)
def test_omp_7_get_parser(self, client):
client().get_version.return_value = ET.parse(
get_fixture_location(__file__, 'omp_7_version.xml'))
parser = self.uut.get_parser()
self.assertIsInstance(parser, GmpParserOMP7)
self.assertTrue(parser.get_targets)
def test_should_not_update(self):
self.assertEqual(Search().index(CweDocument.Index.name).count(), 2)
with open(get_fixture_location(__file__, 'cwec_v2.12.xml')) as handle:
CWEFactory.process(handle)
thread_pool_executor.wait_for_all()
self.assertEqual(Search().index(CweDocument.Index.name).count(), 2)
def test_get_reports_ids_call(self):
xml = ET.parse(get_fixture_location(__file__, 'reports_gmp_9.xml'))
parser = GMP9Parser(self.config)
ids = parser.get_scans_ids(xml)
self.assertEquals(ids, ['b0fd2f9e-50e5-4bb4-8af9-bff540154dcc'])
