Ejemplo n.º 1
0
 def test_uppercase_hash(self):
     """Test that an url with uppercase hash is returned without the hash."""
     url = URL(
         "https://test2.app.example.org:1234/main.58064CB8D36474BD79F9.js")
     expected_url = URL(
         "https://test2.app.example.org:1234/main.hashremoved.js")
     self.assertEqual(expected_url, hashless(url))
Ejemplo n.º 2
0
 def test_hash(self):
     """Test that an url with hash is returned without the hash."""
     url = URL(
         "https://test1.app.example.org:1234/main.58064cb8d36474bd79f9.js")
     expected_url = URL(
         "https://test1.app.example.org:1234/main.hashremoved.js")
     self.assertEqual(expected_url, hashless(url))
Ejemplo n.º 3
0
 async def _parse_source_responses(
         self, responses: SourceResponses) -> SourceMeasurement:
     entities: Dict[str, Entity] = {}
     tag_re = re.compile(r"<[^>]*>")
     risks = cast(List[str], self._parameter("risks"))
     for alert in await self.__alerts(responses, risks):
         ids = [
             alert.findtext(id_tag, default="")
             for id_tag in ("alert", "pluginid", "cweid", "wascid",
                            "sourceid")
         ]
         name = alert.findtext("name", default="")
         description = tag_re.sub("", alert.findtext("desc", default=""))
         risk = alert.findtext("riskdesc", default="")
         for alert_instance in alert.findall("./instances/instance"):
             method = alert_instance.findtext("method", default="")
             uri = self.__stable(
                 hashless(URL(alert_instance.findtext("uri", default=""))))
             key = md5_hash(f"{':'.join(ids)}:{method}:{uri}")
             entities[key] = Entity(
                 key=key,
                 old_key=md5_hash(f"{':'.join(ids[1:])}:{method}:{uri}"),
                 name=name,
                 description=description,
                 uri=uri,
                 location=f"{method} {uri}",
                 risk=risk)
     return SourceMeasurement(entities=list(entities.values()))
Ejemplo n.º 4
0
 def __alert_instance_entity(self, ids, entity_kwargs, alert_instance) -> Entity:
     """Create an alert instance entity."""
     method = alert_instance.findtext("method", default="")
     uri = self.__stable_url(hashless(URL(alert_instance.findtext("uri", default=""))))
     key = md5_hash(f"{':'.join(ids)}:{method}:{uri}")
     old_key = md5_hash(f"{':'.join(ids[1:])}:{method}:{uri}")
     location = f"{method} {uri}"
     return Entity(key=key, old_key=old_key, uri=uri, location=location, **entity_kwargs)
Ejemplo n.º 5
0
 def test_hash_in_host(self):
     """Test that an url with a host name that matches the hash regular expression is returned unchanged."""
     expected_url = url = URL(
         "https://test.app58064cb8d36474bd79f9.example.org:1234/main.js")
     self.assertEqual(expected_url, hashless(url))
Ejemplo n.º 6
0
 def test_no_hash(self):
     """Test that an url without hash is returned unchanged."""
     expected_url = url = URL("https://www.google.com/")
     self.assertEqual(expected_url, hashless(url))