def register_issue(self,
defect_type,
severity,
confidence,
description,
failed_strings=None):
"""Adds an issue to the test's list of issues
Creates a :class:`syntribos.issue.Issue` object, with given function
parameters as instance variables, registers the Issue as a
failure, and associates the test's metadata to it, including the
:class:`syntribos.tests.fuzz.base_fuzz.ImpactedParameter` object that
encapsulates the details of the fuzz test.
:param defect_type: The type of vulnerability that Syntribos believes
it has found. This may be something like 500 error or DoS, regardless
of what the Test Type is.
:param severity: "Low", "Medium", or "High", depending on the defect
:param description: Description of the defect
:param confidence: The confidence in the validity of the defect
:returns: new issue object with metadata associated
:rtype: :class:`syntribos.issue.Issue`
"""
issue = syntribos.Issue(defect_type=defect_type,
severity=severity,
confidence=confidence,
description=description)
issue.request = self.test_req
issue.response = self.test_resp
issue.template_path = self.template_path
issue.test_type = self.test_name
url_components = urlparse(self.prepared_init_req.url)
issue.target = url_components.netloc
issue.path = url_components.path
issue.init_signals = self.init_signals
issue.test_signals = self.test_signals
issue.diff_signals = self.diff_signals
issue.failed_strings = failed_strings if failed_strings else []
if 'content-type' in self.init_req.headers:
issue.content_type = self.init_req.headers['content-type']
else:
issue.content_type = None
issue.impacted_parameter = ImpactedParameter(
method=issue.request.method,
location=self.parameter_location,
name=self.param_path,
value=self.fuzz_string)
self.failures.append(issue)
return issue
def register_issue(self, defect_type, severity, confidence, description):
"""Adds an issue to the test's list of issues
Creates a :class:`syntribos.issue.Issue` object, with given function
parameters as instances variables, and registers the issue as a
failure and associates the test's metadata to it.
:param defect_type: The type of vulnerability that Syntribos believes
it has found. This may be something like 500 error or DoS, regardless
tof whathe Test Type is.
:param severity: "Low", "Medium", or "High", depending on the defect
:param description: Description of the defect
:param confidence: The confidence of the defect
:returns: new issue object with metadata associated
:rtype: Issue
"""
issue = syntribos.Issue(defect_type=defect_type,
severity=severity,
confidence=confidence,
description=description)
# Still associating request and response objects with issue in event of
# debug log
issue.request = self.test_req
issue.response = self.test_resp
issue.test_type = self.test_name
url_components = urlparse(self.init_resp.url)
issue.target = url_components.netloc
issue.path = url_components.path
issue.init_signals = self.init_signals
issue.test_signals = self.test_signals
issue.diff_signals = self.diff_signals
self.failures.append(issue)
return issue
