def test_creates_vuln_with_command_object_with_tool(session, service): host_data_ = host_data.copy() service_data_ = service_data.copy() vuln_web_data_ = vuln_data.copy() service_data_['vulnerabilities'] = [vuln_web_data_] host_data_['services'] = [service_data_] command = new_empty_command(service.workspace) bc.bulk_create( service.workspace, command, dict( command=command_data, hosts=[host_data_] ) ) assert count(Vulnerability, service.workspace) == 1 vuln = service.workspace.vulnerabilities[0] assert vuln.tool == vuln_data['tool']
def test_sanitize_request_and_response(session, workspace, host): invalid_request_text = 'GET /exampla.do HTTP/1.0\n \x89\n\x1a SOME_TEXT' invalid_response_text = '<html> \x89\n\x1a SOME_TEXT</html>' sanitized_request_text = 'GET /exampla.do HTTP/1.0\n \n SOME_TEXT' sanitized_response_text = '<html> \n SOME_TEXT</html>' host_data_ = host_data.copy() service_data_ = service_data.copy() vuln_web_data_ = vuln_web_data.copy() vuln_web_data_['name'] = 'test' vuln_web_data_['severity'] = 'low' vuln_web_data_['request'] = invalid_request_text vuln_web_data_['response'] = invalid_response_text service_data_['vulnerabilities'] = [vuln_web_data_] host_data_['services'] = [service_data_] command = new_empty_command(workspace) bc.bulk_create(workspace, command, dict(command=command_data, hosts=[host_data_])) vuln = VulnerabilityWeb.query.filter( VulnerabilityWeb.workspace == workspace).one() assert vuln.request == sanitized_request_text assert vuln.response == sanitized_response_text
def test_create_vuln_with_custom_fields(session, workspace): custom_field_schema = CustomFieldsSchemaFactory( field_name='changes', field_type='list', field_display_name='Changes', table_name='vulnerability' ) session.add(custom_field_schema) session.commit() host_data_ = host_data.copy() vuln_data_ = vuln_data.copy() vuln_data_['custom_fields'] = {'changes': ['1', '2', '3']} host_data_['vulnerabilities'] = [vuln_data_] command = new_empty_command(workspace) bc.bulk_create(workspace, command, dict(hosts=[host_data_], command=command_data.copy())) assert count(Host, workspace) == 1 assert count(Vulnerability, workspace) == 1 assert count(Command, workspace) == 1 for vuln in Vulnerability.query.filter(Vulnerability.workspace == workspace): assert vuln.custom_fields['changes'] == ['1', '2', '3']
def test_create_duplicated_hosts(session, workspace): assert count(Host, workspace) == 0 bc.bulk_create(workspace, None, dict(hosts=[host_data, host_data])) db.session.commit() assert count(Host, workspace) == 1
def test_creates_command_object_on_duplicates(session, command, service, vulnerability_factory, vulnerability_web_factory, credential_factory): vuln_host = vulnerability_factory.create(workspace=service.workspace, host=service.host, service=None) vuln_service = vulnerability_factory.create(workspace=service.workspace, service=service, host=None) vuln_web = vulnerability_web_factory.create(workspace=service.workspace, service=service) host_cred = credential_factory.create(workspace=service.workspace, host=service.host, service=None) session.add(command) session.add(service) session.add(vuln_host) session.add(vuln_service) session.add(vuln_web) session.add(host_cred) session.commit() assert command.workspace == service.workspace assert len(command.workspace.command_objects) == 0 objects_with_command_object = [ ('host', service.host), ('service', service), ('vulnerability', vuln_host), ('vulnerability', vuln_service), ('vulnerability', vuln_web), # ('credential', host_cred), # Commented because unique constraint of credential is not working ] for (table_name, obj) in objects_with_command_object: assert obj.id is not None and command.id is not None db.session.add( CommandObject( object_type=table_name, object_id=obj.id, command=command, created_persistent=True, workspace=command.workspace, )) session.commit() data = { 'hosts': [{ 'ip': service.host.ip, 'description': service.host.description, 'vulnerabilities': [{ 'name': vuln_host.name, 'severity': 'high', 'desc': vuln_host.description, 'type': 'Vulnerability', }], 'credentials': [{ 'name': host_cred.name, 'username': host_cred.username, }], 'services': [{ 'name': service.name, 'protocol': service.protocol, 'port': service.port, 'vulnerabilities': [ { 'name': vuln_service.name, 'severity': 'high', 'desc': vuln_service.description, 'type': 'Vulnerability', }, { 'name': vuln_web.name, 'severity': 'high', 'desc': vuln_web.description, 'type': 'VulnerabilityWeb', 'method': vuln_web.method, 'pname': vuln_web.parameter_name, 'path': vuln_web.path, 'website': vuln_web.website, }, ] }] }] } data['command'] = command_data.copy() command2 = new_empty_command(command.workspace) bc.bulk_create(command.workspace, command2, data) assert count(Command, command.workspace) == 2 new_command = Command.query.filter_by(tool='pytest').one() for (table_name, obj) in objects_with_command_object: assert obj.id is not None and new_command.id is not None CommandObject.query.filter( CommandObject.workspace == command.workspace, CommandObject.command == new_command, CommandObject.object_type == table_name, CommandObject.object_id == obj.id, CommandObject.created_persistent == false(), ).one()
def send_report_request(self, workspace_name, report_json): logger.info("Send Report data to workspace [%s]", workspace_name) from faraday.server.web import app # pylint:disable=import-outside-toplevel with app.app_context(): ws = Workspace.query.filter_by(name=workspace_name).one() bulk_create(ws, report_json, False)
def test_create_duplicated_hosts(session, workspace): assert count(Host, workspace) == 0 command = new_empty_command(workspace) bc.bulk_create(workspace, command, dict(hosts=[host_data, host_data], command=command_data.copy())) db.session.commit() assert count(Host, workspace) == 1