def test_get_all_archived_scoring_sessions(self):
self.login_user('admin', 'admin')
result = self.app.get('/archives')
expected_result = self.data['archived_sessions']
convert_all_datetime_to_timestamp(expected_result)
assert result.status_code == 200
assert json.loads(result.data) == expected_result
def test_get_current_scoring_session(self):
self.login_user('admin', 'admin')
rest_result = self.app.get('/scoring')
expected_result = self.data['session'][0]
convert_all_datetime_to_timestamp(expected_result, ['start_time', 'end_time'])
assert rest_result.status_code == 200
print rest_result.data
assert json.loads(rest_result.data) == self.data['session'][0]
def get_scoring_session():
data = g.db.get_current_scoring_session()
if len(data) == 0:
return Response(status=404)
convert_all_datetime_to_timestamp(data, ["start_time", "end_time"])
js = json.dumps(data[0], default=json_util.default)
resp = Response(js, status=200, mimetype="application/json")
return resp
def get_specific_archived_scoring_session(session_id):
data = g.db.get_specific_archived_scoring_session(session_id)
if len(data) == 0:
return Response(status=404)
convert_all_datetime_to_timestamp(data)
js = json.dumps(data[0], default=json_util.default)
resp = Response(js, status=200, mimetype='application/json')
return resp
def get_specific_attack_check_for_team(team_id, check_id):
data = g.db.get_specific_attacker_check(check_id, team_id)
if len(data) == 0:
return Response(status=404)
convert_all_datetime_to_timestamp(data, ['timestamp'])
js = json.dumps(data, default=json_util.default)
resp = Response(js, status=200, mimetype='application/json')
return resp
def test_get_specific_archived_scoring_session(self):
self.login_user('admin', 'admin')
result = self.app.get('/archives/first_session')
assert result.status_code == 200
result_data = [obj for obj in self.data['archived_sessions'] if obj['id'] == 'first_session'][0]
del result_data['id']
convert_all_datetime_to_timestamp(result_data)
json_result = json.loads(result.data)
assert json_result == result_data
def test_get_all_completed_checks(self):
self.login_user("admin", "admin")
rest_result = self.app.get("/teams/checks")
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [obj for obj in self.data["completed_checks"]]
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i in expected_result:
convert_all_datetime_to_timestamp(i, ["timestamp", "time_to_check"])
assert json_result == expected_result
def test_get_all_attack_checks(self):
self.login_user('admin', 'admin')
rest_result = self.app.get('/checks/attacks')
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [obj for obj in self.data['active_checks'] if obj['type'] == 'attacker']
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i in expected_result:
del i['type']
convert_all_datetime_to_timestamp(i, ['timestamp', 'time_to_check'])
assert json_result == expected_result
def test_get_specific_attack_check_for_specific_team(self):
self.login_user('admin', 'admin')
rest_result = self.app.get('/checks/attacks/MySecurityHole/teams/1')
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [obj for obj in self.data['active_checks'] if obj['type'] == 'attacker' and obj['team_id'] == '1' and obj['id'] == 'MySecurityHole']
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i in expected_result:
del i['team_id'], i['type'], i['id']
convert_all_datetime_to_timestamp(i, ['timestamp', 'time_to_check'])
assert json_result == expected_result
def test_get_specific_inject_check_for_specific_team(self):
self.login_user('admin', 'admin')
rest_result = self.app.get('/teams/1/checks/injects/RemovedFiles')
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [obj for obj in self.data['completed_checks'] if obj['team_id'] == '1' and obj['type'] == 'inject' and obj['id'] == 'RemovedFiles']
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i in expected_result:
del i['team_id'], i['type'], i['id']
convert_all_datetime_to_timestamp(i, ['timestamp', 'time_to_check'])
assert json_result == expected_result
def test_create_manual_check_for_team_exists(self):
self.login_user('admin', 'admin')
query_data = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '1'][0]
del query_data['team_id'], query_data['type']
convert_all_datetime_to_timestamp(query_data, ['timestamp'])
result_data = {
"type": "Exists",
"reason": "A manual check with the id 'BoardPresentation' for team '1' already exists"
}
post = self.app.post('/checks/manual/teams/1', data=json.dumps(query_data), follow_redirects=True)
print post.status_code, post.data
assert post.status_code == 403
assert json.loads(post.data) == result_data
def test_get_specific_manual_check_for_specific_team(self):
self.login_user('admin', 'admin')
rest_result = self.app.get('/checks/manual/BoardPresentation/teams/1')
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '1' and obj['id'] == 'BoardPresentation']
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i, j in zip(expected_result, json_result):
del i['team_id'], i['type'], i['id']
convert_all_datetime_to_timestamp(i, ['timestamp', 'time_to_check'])
show_difference_between_dicts(i, j)
assert json_result == expected_result
def test_create_archived_scoring_session(self):
self.login_user('admin', 'admin')
query_data = {
"id": "second_session"
}
result_data = [obj for obj in self.data['archived_sessions'] if obj['id'] == 'first_session'][0]
del result_data['id']
convert_all_datetime_to_timestamp(result_data)
post = self.app.post('/archives', data=json.dumps(query_data), follow_redirects=True)
assert post.status_code == 201
assert post.headers['Location'] == 'http://localhost/archives/second_session'
result = self.app.get('/archives/second_session')
assert result.status_code == 200
assert json.loads(result.data) == result_data
def test_get_all_manual_checks_for_specific_team(self):
self.login_user("admin", "admin")
rest_result = self.app.get("/teams/1/checks/manual")
print rest_result.status_code, rest_result.data
assert rest_result.status_code == 200
expected_result = [
obj for obj in self.data["completed_checks"] if obj["team_id"] == "1" and obj["type"] == "manual"
]
json_result = json.loads(rest_result.data)
assert len(json_result) == len(expected_result)
for i in expected_result:
del i["team_id"], i["type"]
convert_all_datetime_to_timestamp(i, ["timestamp", "time_to_check"])
assert json_result == expected_result
def test_create_archived_scoring_session_missing_param(self):
self.login_user('admin', 'admin')
query_data = {}
post_data = {
"type": "IllegalParameter",
"reason": "Required parameter 'id' is not specified."
}
result_data = self.data['archived_sessions']
for i in result_data:
convert_all_datetime_to_timestamp(i)
post = self.app.post('/archives', data=json.dumps(query_data), follow_redirects=True)
assert post.status_code == 403
assert json.loads(post.data) == post_data
result = self.app.get('/archives')
assert result.status_code == 200
assert json.loads(result.data) == result_data
def get_all_attack_checks_for_team(team_id):
data = g.db.get_all_attacker_checks_for_team(team_id)
convert_all_datetime_to_timestamp(data, ['timestamp', 'time_to_check'])
js = json.dumps(data, default=json_util.default)
resp = Response(js, status=200, mimetype='application/json')
return resp
def get_all_archived_scoring_sessions():
data = g.db.get_all_archived_scoring_sessions()
convert_all_datetime_to_timestamp(data)
js = json.dumps(data, default=json_util.default)
resp = Response(js, status=200, mimetype='application/json')
return resp
def get_all_inject_checks():
data = g.db.get_all_inject_checks()
convert_all_datetime_to_timestamp(data, ['time_to_check'])
js = json.dumps(data, default=json_util.default)
resp = Response(js, status=200, mimetype='application/json')
return resp