Beispiel #1
0
    def test_vulndb_id_get_from_name(self):
        # Since there is no vulndb_id set, the name wins:
        i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
                 'plugin_name')

        # lazy calculation
        self.assertIsNone(i._vulndb)

        expected_references = [Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 46)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(), [u'web', u'sql', u'blind',
                                        u'injection', u'database'])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()),
                         [u'https://cwe.mitre.org/data/definitions/89.html'])
        self.assertEqual(i.get_cwe_ids(), [u'89'])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(list(i.get_owasp_top_10_references()),
                         [(u'2013', 1,
                           'https://www.owasp.org/index.php/Top_10_2013-A1')])
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)
Beispiel #2
0
    def test_to_json(self):
        i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
                 'plugin_name')

        i['test'] = 'foo'
        i.add_to_highlight('abc', 'def')

        jd = i.to_json()
        json_string = json.dumps(jd)
        jd = json.loads(json_string)

        self.assertEqual(jd['name'], i.get_name())
        self.assertEqual(jd['url'], str(i.get_url()))
        self.assertEqual(jd['var'], i.get_token_name())
        self.assertEqual(jd['response_ids'], i.get_id())
        self.assertEqual(jd['vulndb_id'], i.get_vulndb_id())
        self.assertEqual(jd['desc'], i.get_desc(with_id=False))
        self.assertEqual(jd['long_description'], i.get_long_description())
        self.assertEqual(jd['fix_guidance'], i.get_fix_guidance())
        self.assertEqual(jd['fix_effort'], i.get_fix_effort())
        self.assertEqual(jd['tags'], i.get_tags())
        self.assertEqual(jd['wasc_ids'], i.get_wasc_ids())
        self.assertEqual(jd['wasc_urls'], list(i.get_wasc_urls()))
        self.assertEqual(jd['cwe_urls'], list(i.get_cwe_urls()))
        self.assertEqual(jd['references'], BLIND_SQLI_REFS)
        self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
        self.assertEqual(jd['plugin_name'], i.get_plugin_name())
        self.assertEqual(jd['severity'], i.get_severity())
        self.assertEqual(jd['attributes'], i.copy())
        self.assertEqual(jd['highlight'], list(i.get_to_highlight()))
Beispiel #3
0
    def test_to_json(self):
        i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
                 'plugin_name')

        i['test'] = 'foo'
        i.add_to_highlight('abc', 'def')

        jd = i.to_json()
        json_string = json.dumps(jd)
        jd = json.loads(json_string)

        self.assertEqual(jd['name'], i.get_name())
        self.assertEqual(jd['url'], str(i.get_url()))
        self.assertEqual(jd['var'], i.get_token_name())
        self.assertEqual(jd['response_ids'], i.get_id())
        self.assertEqual(jd['vulndb_id'], i.get_vulndb_id())
        self.assertEqual(jd['desc'], i.get_desc(with_id=False))
        self.assertEqual(jd['long_description'], i.get_long_description())
        self.assertEqual(jd['fix_guidance'], i.get_fix_guidance())
        self.assertEqual(jd['fix_effort'], i.get_fix_effort())
        self.assertEqual(jd['tags'], i.get_tags())
        self.assertEqual(jd['wasc_ids'], i.get_wasc_ids())
        self.assertEqual(jd['wasc_urls'], list(i.get_wasc_urls()))
        self.assertEqual(jd['cwe_urls'], list(i.get_cwe_urls()))
        self.assertEqual(jd['references'], BLIND_SQLI_REFS)
        self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
        self.assertEqual(jd['plugin_name'], i.get_plugin_name())
        self.assertEqual(jd['severity'], i.get_severity())
        self.assertEqual(jd['attributes'], i.copy())
        self.assertEqual(jd['highlight'], list(i.get_to_highlight()))
Beispiel #4
0
    def test_vulndb_id_set(self):
        # The vulndb_id overrides the 'Blind SQL injection vulnerability' name
        i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
                 'plugin_name', vulndb_id=17)

        # lazy calculation
        self.assertIsNone(i._vulndb)

        url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
        title = 'OWASP'
        expected_references = [Reference(url, title)]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 17)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(), ['web', 'file', 'inclusion', 'error',
                                        'injection'])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()),
                         ['https://cwe.mitre.org/data/definitions/98.html'])
        self.assertEqual(i.get_cwe_ids(), [u'98'])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(list(i.get_owasp_top_10_references()),
                         [(u'2013', 1,
                           'https://www.owasp.org/index.php/Top_10_2013-A1')])
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)
Beispiel #5
0
    def test_vulndb_id_get_from_name(self):
        # Since there is no vulndb_id set, the name wins:
        i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
                 'plugin_name')

        # lazy calculation
        self.assertIsNone(i._vulndb)

        expected_references = [
            Reference(d['url'], d['title']) for d in BLIND_SQLI_REFS
        ]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 46)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(),
                         [u'web', u'sql', u'blind', u'injection', u'database'])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()),
                         [u'https://cwe.mitre.org/data/definitions/89.html'])
        self.assertEqual(i.get_cwe_ids(), [u'89'])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(
            list(i.get_owasp_top_10_references()),
            [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)
Beispiel #6
0
    def test_vulndb_id_set(self):
        # The vulndb_id overrides the 'Blind SQL injection vulnerability' name
        i = Info('Blind SQL injection vulnerability',
                 MockInfo.LONG_DESC,
                 1,
                 'plugin_name',
                 vulndb_id=17)

        # lazy calculation
        self.assertIsNone(i._vulndb)

        url = 'https://www.owasp.org/index.php/PHP_File_Inclusion'
        title = 'OWASP'
        expected_references = [Reference(url, title)]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 17)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(),
                         ['web', 'file', 'inclusion', 'error', 'injection'])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()),
                         ['https://cwe.mitre.org/data/definitions/98.html'])
        self.assertEqual(i.get_cwe_ids(), [u'98'])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(
            list(i.get_owasp_top_10_references()),
            [(u'2013', 1, 'https://www.owasp.org/index.php/Top_10_2013-A1')])
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)
Beispiel #7
0
    def test_to_json(self):
        i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")

        i["test"] = "foo"
        i.add_to_highlight("abc", "def")

        jd = i.to_json()
        json_string = json.dumps(jd)
        jd = json.loads(json_string)

        self.assertEqual(jd["name"], i.get_name())
        self.assertEqual(jd["url"], str(i.get_url()))
        self.assertEqual(jd["var"], i.get_token_name())
        self.assertEqual(jd["response_ids"], i.get_id())
        self.assertEqual(jd["vulndb_id"], i.get_vulndb_id())
        self.assertEqual(jd["desc"], i.get_desc(with_id=False))
        self.assertEqual(jd["long_description"], i.get_long_description())
        self.assertEqual(jd["fix_guidance"], i.get_fix_guidance())
        self.assertEqual(jd["fix_effort"], i.get_fix_effort())
        self.assertEqual(jd["tags"], i.get_tags())
        self.assertEqual(jd["wasc_ids"], i.get_wasc_ids())
        self.assertEqual(jd["wasc_urls"], list(i.get_wasc_urls()))
        self.assertEqual(jd["cwe_urls"], list(i.get_cwe_urls()))
        self.assertEqual(jd["references"], BLIND_SQLI_REFS)
        self.assertEqual(jd["owasp_top_10_references"], BLIND_SQLI_TOP10_REFS)
        self.assertEqual(jd["plugin_name"], i.get_plugin_name())
        self.assertEqual(jd["severity"], i.get_severity())
        self.assertEqual(jd["attributes"], i.copy())
        self.assertEqual(jd["highlight"], list(i.get_to_highlight()))
Beispiel #8
0
    def test_vulndb_id_get_from_name(self):
        # Since there is no vulndb_id set, the name wins:
        i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")

        # lazy calculation
        self.assertIsNone(i._vulndb)

        expected_references = [Reference(d["url"], d["title"]) for d in BLIND_SQLI_REFS]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 46)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(), [u"web", u"sql", u"blind", u"injection", u"database"])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()), [u"https://cwe.mitre.org/data/definitions/89.html"])
        self.assertEqual(i.get_cwe_ids(), [u"89"])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(
            list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
        )
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)
Beispiel #9
0
    def test_vulndb_id_set(self):
        # The vulndb_id overrides the 'Blind SQL injection vulnerability' name
        i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name", vulndb_id=17)

        # lazy calculation
        self.assertIsNone(i._vulndb)

        url = "https://www.owasp.org/index.php/PHP_File_Inclusion"
        title = "OWASP"
        expected_references = [Reference(url, title)]

        self.assertTrue(i.has_db_details())
        self.assertEqual(i.get_vulndb_id(), 17)
        self.assertIsInstance(i.get_long_description(), basestring)
        self.assertIsInstance(i.get_fix_guidance(), basestring)
        self.assertEqual(i.get_fix_effort(), 50)
        self.assertEqual(i.get_tags(), ["web", "file", "inclusion", "error", "injection"])
        self.assertEqual(i.get_wasc_ids(), [])
        self.assertEqual(list(i.get_wasc_urls()), [])
        self.assertEqual(list(i.get_cwe_urls()), ["https://cwe.mitre.org/data/definitions/98.html"])
        self.assertEqual(i.get_cwe_ids(), [u"98"])
        self.assertEqual(i.get_references(), expected_references)
        self.assertEqual(
            list(i.get_owasp_top_10_references()), [(u"2013", 1, "https://www.owasp.org/index.php/Top_10_2013-A1")]
        )
        self.assertIsInstance(i.get_vuln_info_from_db(), DBVuln)

        # lazy calculation success
        self.assertIsNotNone(i._vulndb)