def generate_vulns(self):
docs = []
for i in range(100):
docs.append(
create_vulnerability(create_asset(F'10.10.10.{i}', save=False),
self.cve,
save=False).to_dict())
for i in range(100):
vuln = create_vulnerability(create_asset(F'10.10.10.{i}',
save=False),
self.cve,
save=False)
vuln.tags.append(VulnerabilityStatus.FIXED)
docs.append(vuln.to_dict())
for i in range(100):
asset = create_asset(F'10.10.10.{i}', save=False)
asset.tags = [AssetStatus.DELETED]
vuln = create_vulnerability(asset, self.cve, save=False)
docs.append(vuln.to_dict())
bulk(get_connection(),
docs,
refresh=True,
index=VulnerabilityDocument.Index.name)
def test_call_without_tenant(self):
asset = create_asset()
cve = create_cve()
vuln = create_vulnerability(asset, cve)
create_vulnerability(asset, cve, index='test.tenant.vulnerability')
token = Token.objects.create(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
resp = self.client.get(F'{self.URL}?ip_address={asset.ip_address}')
self.assertEqual(resp.status_code, 200)
resp = resp.json()
self.assertEqual(len(resp), 1)
self.assertEqual(resp[0]['port'], vuln.port)
self.assertEqual(resp[0]['svc_name'], vuln.svc_name)
self.assertEqual(resp[0]['protocol'], vuln.protocol)
self.assertEqual(resp[0]['description'], vuln.description)
self.assertEqual(resp[0]['environmental_score_v2'],
vuln.environmental_score_v2)
self.assertEqual(resp[0]['environmental_score_vector_v2'],
vuln.environmental_score_vector_v2)
self.assertEqual(resp[0]['environmental_score_v3'],
vuln.environmental_score_v3)
self.assertEqual(resp[0]['environmental_score_vector_v3'],
vuln.environmental_score_vector_v3)
self.assertEqual(resp[0]['tags'], vuln.tags)
self.assertEqual(resp[0]['source'], vuln.source)
self.assertEqual(resp[0]['cve'], vuln.cve.id)
self.assertEqual(resp[0]['summary'], vuln.cve.summary)
self.assertEqual(resp[0]['base_score_v2'], vuln.cve.base_score_v2)
self.assertEqual(resp[0]['base_score_v3'], vuln.cve.base_score_v3)
def test_cve_updated(self):
self.asset_2 = create_asset('10.10.10.11')
self.cve_2 = create_cve('CVE-2017-0003')
create_vulnerability(self.asset, self.cve)
create_vulnerability(self.asset, self.cve_2)
create_vulnerability(self.asset_2, self.cve)
create_vulnerability(self.asset_2, self.cve_2)
self.assertEqual(Search().index(VulnerabilityDocument.Index.name).count(), 4)
self.cve.access_vector_v2 = metrics.AccessVectorV2.LOCAL
self.cve.save()
thread_pool_executor.wait_for_all()
self.assertEqual(Search().index(VulnerabilityDocument.Index.name).count(), 4)
result_1 = VulnerabilityDocument.search().filter('term', cve__id=self.cve.id).execute()
self.assertEqual(len(result_1.hits), 2)
self.assertEqual(result_1.hits[0].cve.access_vector_v2, self.cve.access_vector_v2)
self.assertEqual(result_1.hits[1].cve.access_vector_v2, self.cve.access_vector_v2)
result_2 = VulnerabilityDocument.search().filter('term', cve__id=self.cve_2.id).execute()
self.assertEqual(len(result_2.hits), 2)
self.assertEqual(result_2.hits[0].cve.access_vector_v2, self.cve_2.access_vector_v2)
self.assertEqual(result_2.hits[1].cve.access_vector_v2, self.cve_2.access_vector_v2)
def test_asset_updated(self):
self.asset_2 = create_asset('10.10.10.11')
create_vulnerability(self.asset, self.cve)
create_vulnerability(self.asset_2, self.cve)
self.cve_2 = create_cve('CVE-2017-0003')
create_vulnerability(self.asset, self.cve_2)
create_vulnerability(self.asset_2, self.cve_2)
self.assertEqual(Search().index(VulnerabilityDocument.Index.name).count(), 4)
self.asset.confidentiality_requirement = AssetImpact.HIGH
self.asset.integrity_requirement = AssetImpact.HIGH
self.asset.save()
thread_pool_executor.wait_for_all()
self.assertEqual(Search().index(VulnerabilityDocument.Index.name).count(), 4)
result_1 = VulnerabilityDocument.search().filter(
'term', asset__ip_address=self.asset.ip_address).execute()
self.assertEqual(len(result_1.hits), 2)
self.assertEqual(result_1.hits[0].asset.confidentiality_requirement, self.asset.confidentiality_requirement)
self.assertEqual(result_1.hits[0].asset.integrity_requirement, self.asset.integrity_requirement)
self.assertEqual(result_1.hits[1].asset.confidentiality_requirement, self.asset.confidentiality_requirement)
self.assertEqual(result_1.hits[1].asset.integrity_requirement, self.asset.integrity_requirement)
result_2 = VulnerabilityDocument.search().filter(
'term', asset__ip_address=self.asset_2.ip_address).execute()
self.assertEqual(len(result_2.hits), 2)
self.assertEqual(result_2.hits[0].asset.confidentiality_requirement, self.asset_2.confidentiality_requirement)
self.assertEqual(result_2.hits[0].asset.integrity_requirement, self.asset_2.integrity_requirement)
self.assertEqual(result_2.hits[1].asset.confidentiality_requirement, self.asset_2.confidentiality_requirement)
self.assertEqual(result_2.hits[1].asset.integrity_requirement, self.asset_2.integrity_requirement)
def test_call(self):
vuln = create_vulnerability(create_asset(), create_cve())
task = Task.objects.create(task_id=15, document_id=vuln.meta.id)
process_task_log({
'operation': 'create',
'objectType': 'case_task_log',
'object': {
'message': 'fixed',
'case_task': {
'id': task.task_id
}
}
})
process_task_log({
'operation': 'create',
'objectType': 'case_task_log',
'object': {
'message': 'fixed',
'case_task': {
'id': task.task_id
}
}
})
vulns = VulnerabilityDocument.search().filter('match',
id=vuln.id).execute()
self.assertEqual(len(vulns.hits), 1)
self.assertEqual(vulns.hits[0].tags, ['test', 'FIXED'])
def generate_assets():
docs = []
for i in range(1000):
docs.append(create_asset(F'10.10.10.{i}', save=False).to_dict())
bulk(get_connection(),
docs,
refresh=True,
index=AssetDocument.Index.name)
def test_call_not_existing_tenant(self):
asset = create_asset()
cve = create_cve()
create_vulnerability(asset, cve)
token = Token.objects.create(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
resp = self.client.get(F'{self.URL}?ip_address={asset.ip_address}&tenant=aaaaa')
self.assertEqual(resp.status_code, 404)
def test_call_tenant(self):
asset = create_asset()
cve = create_cve()
create_vulnerability(asset, cve, index='test.tenant.vulnerability')
token = Token.objects.create(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
resp = self.client.get(F'{self.URL}?ip_address={asset.ip_address}&tenant=Tenant')
self.assertEqual(resp.status_code, 200)
resp = resp.json()
self.assertEqual(len(resp), 1)
def setUp(self):
super().setUp()
self.cve = create_cve()
self.asset = create_asset()
def setUp(self):
self.cve = create_cve(save=False)
self.asset = create_asset(save=False)