def test_create_service(session, host):
data = bc.BulkServiceSchema().load(service_data)
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = Service.query.filter(Service.workspace == host.workspace).one()
assert service.name == 'http'
assert service.port == 80
def test_create_service_with_invalid_vulns(session, host):
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
del vuln_data_['name']
service_data_['vulnerabilities'] = [1, 2, 3]
with pytest.raises(ValidationError):
data = bc.BulkServiceSchema().load(service_data_)
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 0
assert count(Vulnerability, host.workspace) == 0
def test_create_existing_service(session, service):
session.add(service)
session.commit()
data = {
"name": service.name,
"port": service.port,
"protocol": service.protocol,
}
data = bc.BulkServiceSchema().load(data)
bc._create_service(service.workspace, service.host, data)
assert count(Service, service.host.workspace) == 1
def test_create_service_with_vuln(session, host):
service_data_ = service_data.copy()
service_data_['vulnerabilities'] = [vuln_data]
data = bc.BulkServiceSchema().load(service_data_)
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Vulnerability, service.workspace) == 1
vuln = Vulnerability.query.filter(
Vulnerability.workspace == service.workspace).one()
assert vuln.name == 'sql injection'
assert vuln.service == service
def test_create_service_with_cred(session, host):
service_data_ = service_data.copy()
service_data_['credentials'] = [credential_data]
data = bc.BulkServiceSchema().load(service_data_)
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Credential, service.workspace) == 1
cred = Credential.query.filter(
Credential.workspace == service.workspace).one()
assert cred.service == service
assert cred.name == 'test credential'
assert cred.username == 'admin'
assert cred.password == '12345'
def test_create_service_with_vulnweb(session, host):
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_.update(vuln_web_data)
service_data_['vulnerabilities'] = [vuln_data_]
data = bc.BulkServiceSchema().load(service_data_)
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Vulnerability, service.workspace) == 0
assert count(VulnerabilityWeb, service.workspace) == 1
vuln = VulnerabilityWeb.query.filter(
Vulnerability.workspace == service.workspace).one()
assert vuln.name == 'sql injection'
assert vuln.service == service
assert vuln.method == 'POST'
assert vuln.website == 'https://faradaysec.com'
assert vuln.status_code == 200
def test_bulk_create_update_service(session, service):
session.add(service)
session.commit()
new_service_version = f"{service.name}_changed"
new_service_name = f"{service.name}_changed"
new_service_description = f"{service.description}_changed"
new_service_owned = not service.owned
data = {
"version": new_service_version,
"name": new_service_name,
"description": new_service_description,
"port": service.port,
"protocol": service.protocol,
"owned": new_service_owned,
}
data = bc.BulkServiceSchema().load(data)
bc._create_service(service.workspace, service.host, data)
assert count(Service, service.host.workspace) == 1
assert service.version == new_service_version
assert service.name == new_service_name
assert service.description == new_service_description
assert service.owned == new_service_owned