Ejemplo n.º 1
0
def test_create_service(session, host):
    data = bc.BulkServiceSchema().load(service_data)
    bc._create_service(host.workspace, host, data)
    assert count(Service, host.workspace) == 1
    service = Service.query.filter(Service.workspace == host.workspace).one()
    assert service.name == 'http'
    assert service.port == 80
Ejemplo n.º 2
0
def test_create_service_with_invalid_vulns(session, host):
    service_data_ = service_data.copy()
    vuln_data_ = vuln_data.copy()
    del vuln_data_['name']
    service_data_['vulnerabilities'] = [1, 2, 3]
    with pytest.raises(ValidationError):
        data = bc.BulkServiceSchema().load(service_data_)
        bc._create_service(host.workspace, host, data)
    assert count(Service, host.workspace) == 0
    assert count(Vulnerability, host.workspace) == 0
Ejemplo n.º 3
0
def test_create_existing_service(session, service):
    session.add(service)
    session.commit()
    data = {
        "name": service.name,
        "port": service.port,
        "protocol": service.protocol,
    }
    data = bc.BulkServiceSchema().load(data)
    bc._create_service(service.workspace, service.host, data)
    assert count(Service, service.host.workspace) == 1
Ejemplo n.º 4
0
def test_create_service_with_vuln(session, host):
    service_data_ = service_data.copy()
    service_data_['vulnerabilities'] = [vuln_data]
    data = bc.BulkServiceSchema().load(service_data_)
    bc._create_service(host.workspace, host, data)
    assert count(Service, host.workspace) == 1
    service = host.workspace.services[0]
    assert count(Vulnerability, service.workspace) == 1
    vuln = Vulnerability.query.filter(
        Vulnerability.workspace == service.workspace).one()
    assert vuln.name == 'sql injection'
    assert vuln.service == service
Ejemplo n.º 5
0
def test_create_service_with_cred(session, host):
    service_data_ = service_data.copy()
    service_data_['credentials'] = [credential_data]
    data = bc.BulkServiceSchema().load(service_data_)
    bc._create_service(host.workspace, host, data)
    assert count(Service, host.workspace) == 1
    service = host.workspace.services[0]
    assert count(Credential, service.workspace) == 1
    cred = Credential.query.filter(
        Credential.workspace == service.workspace).one()
    assert cred.service == service
    assert cred.name == 'test credential'
    assert cred.username == 'admin'
    assert cred.password == '12345'
Ejemplo n.º 6
0
def test_create_service_with_vulnweb(session, host):
    service_data_ = service_data.copy()
    vuln_data_ = vuln_data.copy()
    vuln_data_.update(vuln_web_data)
    service_data_['vulnerabilities'] = [vuln_data_]
    data = bc.BulkServiceSchema().load(service_data_)
    bc._create_service(host.workspace, host, data)
    assert count(Service, host.workspace) == 1
    service = host.workspace.services[0]
    assert count(Vulnerability, service.workspace) == 0
    assert count(VulnerabilityWeb, service.workspace) == 1
    vuln = VulnerabilityWeb.query.filter(
        Vulnerability.workspace == service.workspace).one()
    assert vuln.name == 'sql injection'
    assert vuln.service == service
    assert vuln.method == 'POST'
    assert vuln.website == 'https://faradaysec.com'
    assert vuln.status_code == 200
Ejemplo n.º 7
0
def test_bulk_create_update_service(session, service):
    session.add(service)
    session.commit()
    new_service_version = f"{service.name}_changed"
    new_service_name = f"{service.name}_changed"
    new_service_description = f"{service.description}_changed"
    new_service_owned = not service.owned
    data = {
        "version": new_service_version,
        "name": new_service_name,
        "description": new_service_description,
        "port": service.port,
        "protocol": service.protocol,
        "owned": new_service_owned,
    }
    data = bc.BulkServiceSchema().load(data)
    bc._create_service(service.workspace, service.host, data)
    assert count(Service, service.host.workspace) == 1
    assert service.version == new_service_version
    assert service.name == new_service_name
    assert service.description == new_service_description
    assert service.owned == new_service_owned