def api_auth(meta):
"""Check if API Key Matches."""
if 'HTTP_X_MOBSF_API_KEY' in meta:
return bool(api_key() == meta['HTTP_X_MOBSF_API_KEY'])
elif 'HTTP_AUTHORIZATION' in meta:
return bool(api_key() == meta['HTTP_AUTHORIZATION'])
return False
def api_docs(request):
"""
API Docs Route
"""
context = {'title': 'REST API Docs', 'api_key': api_key()}
template = "general/apidocs.html"
return render(request, template, context)
def run(request):
"""Source Tree - Java/Smali view."""
try:
logger.info('Listing Source files')
match = re.match('^[0-9a-f]{32}$', request.GET['md5'])
if not match:
return print_n_send_error_response(request, 'Scan hash not found')
md5 = request.GET['md5']
typ = request.GET['type']
base = Path(settings.UPLD_DIR) / md5
if typ == 'smali':
src = base / 'smali_source'
else:
try:
src = find_java_source_folder(base)[0]
except StopIteration:
return print_n_send_error_response(
request, 'Invalid Directory Structure')
tree_index = tree_index_maker(src, len(src.as_posix()))
context = {
'subfiles': tree_index,
'title': f'{typ.capitalize()} Source',
'hash': md5,
'source_type': typ,
'version': settings.MOBSF_VER,
'api_key': api_key(),
}
template = 'static_analysis/source_tree.html'
return render(request, template, context)
except Exception:
logger.exception('Getting Source Files')
return print_n_send_error_response(request,
'Error Getting Source Files')
def api_docs(request):
"""Api Docs Route."""
context = {
'title': 'REST API Docs',
'api_key': api_key(),
'version': settings.MOBSF_VER,
}
template = 'general/apidocs.html'
return render(request, template, context)
def api_test():
"""View for Handling REST API Test."""
logger.info('\nRunning REST API Unit test')
auth = api_key()
try:
uploaded = []
logger.info('Running Test on Upload API')
http_client = Client()
apk_dir = os.path.join(settings.BASE_DIR, 'StaticAnalyzer/test_files/')
for filename in os.listdir(apk_dir):
fpath = os.path.join(apk_dir, filename)
if (platform.system() not in ['Darwin', 'Linux']
and fpath.endswith('.ipa')):
continue
with open(fpath, 'rb') as filp:
response = http_client.post('/api/v1/upload', {'file': filp},
HTTP_AUTHORIZATION=auth)
obj = json.loads(response.content.decode('utf-8'))
if response.status_code == 200 and 'hash' in obj:
logger.info('[OK] Upload OK: %s', filename)
uploaded.append(obj)
else:
logger.error('Performing Upload %s', filename)
return True
logger.info('[OK] Completed Upload API test')
logger.info('Running Static Analysis API Test')
for upl in uploaded:
resp = http_client.post('/api/v1/scan',
upl,
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
logger.info('[OK] Static Analysis Complete: %s',
upl['file_name'])
else:
logger.error('Performing Static Analysis: %s',
upl['file_name'])
return True
logger.info('[OK] Static Analysis API test completed')
# Scan List API test
logger.info('Running Scan List API tests')
resp = http_client.get('/api/v1/scans', HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
logger.info('Scan List API Test 1 success')
else:
logger.error('Scan List API Test 1')
return True
resp = http_client.get('/api/v1/scans?page=1&page_size=10',
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
logger.info('Scan List API Test 2 success')
else:
logger.error('Scan List API Test 2')
return True
logger.info('[OK] Scan List API tests completed')
# PDF Tests
logger.info('Running PDF Generation API Test')
if platform.system() in ['Darwin', 'Linux']:
pdfs = [
{
'hash': '3a552566097a8de588b8184b059b0158',
'scan_type': 'apk'
},
{
'hash': '6c23c2970551be15f32bbab0b5db0c71',
'scan_type': 'ipa'
},
{
'hash': '52c50ae824e329ba8b5b7a0f523efffe',
'scan_type': 'andzip'
},
{
'hash': '57bb5be0ea44a755ada4a93885c3825e',
'scan_type': 'ioszip'
},
{
'hash': '8179b557433835827a70510584f3143e',
'scan_type': 'appx'
},
]
else:
pdfs = [
{
'hash': '3a552566097a8de588b8184b059b0158',
'scan_type': 'apk'
},
{
'hash': '52c50ae824e329ba8b5b7a0f523efffe',
'scan_type': 'andzip'
},
{
'hash': '57bb5be0ea44a755ada4a93885c3825e',
'scan_type': 'ioszip'
},
{
'hash': '8179b557433835827a70510584f3143e',
'scan_type': 'appx'
},
]
for pdf in pdfs:
resp = http_client.post('/api/v1/download_pdf',
pdf,
HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200
and resp._headers['content-type'][1] == 'application/pdf'):
logger.info('[OK] PDF Report Generated: %s', pdf['hash'])
else:
logger.error('Generating PDF: %s', pdf['hash'])
logger.info(resp.content)
return True
logger.info('[OK] PDF Generation API test completed')
logger.info('Running JSON Report API test')
# JSON Report
ctype = 'application/json; charset=utf-8'
for jsn in pdfs:
resp = http_client.post('/api/v1/report_json',
jsn,
HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200
and resp._headers['content-type'][1] == ctype):
logger.info('[OK] JSON Report Generated: %s', jsn['hash'])
else:
logger.error('Generating JSON Response: %s', jsn['hash'])
return True
logger.info('[OK] JSON Report API test completed')
logger.info('Running View Source API test')
# View Source tests
files = [{
'file': 'opensecurity/helloworld/MainActivity.java',
'type': 'apk',
'hash': '3a552566097a8de588b8184b059b0158'
}, {
'file': 'opensecurity/webviewignoressl/MainActivity.java',
'type': 'studio',
'hash': '52c50ae824e329ba8b5b7a0f523efffe'
}, {
'file': 'DamnVulnerableIOSApp/AppDelegate.m',
'type': 'ios',
'hash': '57bb5be0ea44a755ada4a93885c3825e'
}]
if platform.system() in ['Darwin', 'Linux']:
files.append({
'file': 'helloworld.app/Info.plist',
'type': 'ipa',
'hash': '6c23c2970551be15f32bbab0b5db0c71'
})
for sfile in files:
resp = http_client.post('/api/v1/view_source',
sfile,
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode('utf-8'))
if dat['title']:
logger.info('[OK] Reading - %s', sfile['file'])
else:
logger.error('Reading - %s', sfile['file'])
return True
else:
logger.error('Reading - %s', sfile['file'])
return True
logger.info('[OK] View Source API test completed')
logger.info('Running Delete Scan API Results test')
# Deleting Scan Results
if platform.system() in ['Darwin', 'Linux']:
scan_md5s = [
'3a552566097a8de588b8184b059b0158',
'6c23c2970551be15f32bbab0b5db0c71',
'52c50ae824e329ba8b5b7a0f523efffe',
'57bb5be0ea44a755ada4a93885c3825e',
'8179b557433835827a70510584f3143e',
]
else:
scan_md5s = [
'3a552566097a8de588b8184b059b0158',
'52c50ae824e329ba8b5b7a0f523efffe',
'57bb5be0ea44a755ada4a93885c3825e',
'8179b557433835827a70510584f3143e',
]
for md5 in scan_md5s:
resp = http_client.post('/api/v1/delete_scan', {'hash': md5},
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode('utf-8'))
if dat['deleted'] == 'yes':
logger.info('[OK] Deleted Scan: %s', md5)
else:
logger.error('Deleting Scan: %s', md5)
return True
else:
logger.error('Deleting Scan: %s', md5)
return True
logger.info('Delete Scan Results API test completed')
except Exception:
logger.exception('Completing REST API Unit Test')
return False
def api_test():
"""View for Handling REST API Test"""
print("\n[INFO] Running REST API Unit test")
auth = api_key()
failed = False
err_msg = '%s'
if platform.system() != "Windows":
err_msg = '\033[91m \033[1m %s \033[0m'
try:
uploaded = []
print("[INFO] Running Test on Upload API")
http_client = Client()
apk_dir = os.path.join(settings.BASE_DIR, "StaticAnalyzer/test_files/")
for filename in os.listdir(apk_dir):
fpath = os.path.join(apk_dir, filename)
if (platform.system() not in ['Darwin', 'Linux'] and
fpath.endswith(".ipa")):
continue
with open(fpath, "rb") as filp:
response = http_client.post(
'/api/v1/upload', {'file': filp}, HTTP_AUTHORIZATION=auth)
obj = json.loads(response.content.decode("utf-8"))
if response.status_code == 200 and "hash" in obj:
print("[OK] Upload OK: " + filename)
uploaded.append(obj)
else:
print(err_msg % "[ERROR] Performing Upload" + filename)
failed = True
print("[OK] Completed Upload API test")
print("[INFO] Running Static Analysis API Test")
for upl in uploaded:
resp = http_client.post(
'/api/v1/scan', upl, HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
print("[OK] Static Analysis Complete: " + upl["file_name"])
else:
print(err_msg %
"[ERROR] Performing Static Analysis: " + upl["file_name"])
failed = True
print("[OK] Static Analysis API test completed")
print("[INFO] Running PDF Generation API Test")
if platform.system() in ['Darwin', 'Linux']:
pdfs = [
{"hash": "3a552566097a8de588b8184b059b0158", "scan_type": "apk"},
{"hash": "6c23c2970551be15f32bbab0b5db0c71", "scan_type": "ipa"},
{"hash": "52c50ae824e329ba8b5b7a0f523efffe", "scan_type": "andzip"},
{"hash": "57bb5be0ea44a755ada4a93885c3825e", "scan_type": "ioszip"},
{"hash": "8179b557433835827a70510584f3143e", "scan_type": "appx"},
]
else:
pdfs = [
{"hash": "3a552566097a8de588b8184b059b0158", "scan_type": "apk"},
{"hash": "52c50ae824e329ba8b5b7a0f523efffe", "scan_type": "andzip"},
{"hash": "57bb5be0ea44a755ada4a93885c3825e", "scan_type": "ioszip"},
{"hash": "8179b557433835827a70510584f3143e", "scan_type": "appx"},
]
for pdf in pdfs:
resp = http_client.post(
'/api/v1/download_pdf', pdf, HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200 and
resp._headers['content-type'][1] == "application/pdf"
):
print("[OK] PDF Report Generated: " + pdf["hash"])
else:
print(err_msg % "[ERROR] Generating PDF: " + pdf["hash"])
print(resp.content)
failed = True
print("[OK] PDF Generation API test completed")
print("[INFO] Running JSON Report API test")
# JSON Report
for pdf in pdfs:
resp = http_client.post(
'/api/v1/report_json', pdf, HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200 and
resp._headers[
'content-type'][1] == "application/json; charset=utf-8"
):
print("[OK] JSON Report Generated: " + pdf["hash"])
else:
print(err_msg %
"[ERROR] Generating JSON Response: " + pdf["hash"])
failed = True
print("[OK] JSON Report API test completed")
print("[INFO] Running View Source API test")
# View Source tests
files = [{"file": "opensecurity/helloworld/MainActivity.java", "type": "apk", "hash": "3a552566097a8de588b8184b059b0158"},
{"file": "helloworld.app/Info.plist", "type": "ipa", "hash": "6c23c2970551be15f32bbab0b5db0c71"},
{"file": "opensecurity/webviewignoressl/MainActivity.java", "type": "studio", "hash": "52c50ae824e329ba8b5b7a0f523efffe"},
{"file": "DamnVulnerableIOSApp/AppDelegate.m", "type": "ios", "hash": "57bb5be0ea44a755ada4a93885c3825e"}]
for sfile in files:
resp = http_client.post(
'/api/v1/view_source', sfile, HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode("utf-8"))
if dat["title"]:
print("[OK] Reading - ", sfile)
else:
print(err_msg % "[ERROR] Reading - " + sfile)
failed = True
else:
print(err_msg % "[ERROR] Reading - " + sfile)
failed = True
print("[OK] View Source API test completed")
print("[INFO] Running Delete Scan API Results test")
# Deleting Scan Results
if platform.system() in ['Darwin', 'Linux']:
scan_md5s = ["3a552566097a8de588b8184b059b0158", "6c23c2970551be15f32bbab0b5db0c71",
"52c50ae824e329ba8b5b7a0f523efffe", "57bb5be0ea44a755ada4a93885c3825e",
"8179b557433835827a70510584f3143e"
]
else:
scan_md5s = ["3a552566097a8de588b8184b059b0158", "52c50ae824e329ba8b5b7a0f523efffe",
"57bb5be0ea44a755ada4a93885c3825e", "8179b557433835827a70510584f3143e"
]
for md5 in scan_md5s:
resp = http_client.post(
'/api/v1/delete_scan', {'hash': md5}, HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode("utf-8"))
if dat["deleted"] == "yes":
print("[OK] Deleted Scan: " + md5)
else:
print(err_msg % "[ERROR] Deleting Scan: " + md5)
failed = True
else:
print(err_msg % "[ERROR] Deleting Scan: " + md5)
failed = True
print("[INFO] Delete Scan Results API test completed")
except:
PrintException("[ERROR] Completing REST API Unit Test")
return failed
def api_test():
"""View for Handling REST API Test"""
logger.info("\n[INFO] Running REST API Unit test")
auth = api_key()
failed = False
err_msg = '%s'
if platform.system() != "Windows":
err_msg = '\033[91m \033[1m %s \033[0m'
try:
uploaded = []
logger.info("[INFO] Running Test on Upload API")
http_client = Client()
apk_dir = os.path.join(settings.BASE_DIR, "StaticAnalyzer/test_files/")
for filename in os.listdir(apk_dir):
fpath = os.path.join(apk_dir, filename)
if (platform.system() not in ['Darwin', 'Linux']
and fpath.endswith(".ipa")):
continue
with open(fpath, "rb") as filp:
response = http_client.post('/api/v1/upload', {'file': filp},
HTTP_AUTHORIZATION=auth)
obj = json.loads(response.content.decode("utf-8"))
if response.status_code == 200 and "hash" in obj:
logger.info("[OK] Upload OK: " + filename)
uploaded.append(obj)
else:
logger.error(err_msg % " Performing Upload" + filename)
failed = True
logger.info("[OK] Completed Upload API test")
logger.info("[INFO] Running Static Analysis API Test")
for upl in uploaded:
resp = http_client.post('/api/v1/scan',
upl,
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
logger.info("[OK] Static Analysis Complete: " +
upl["file_name"])
else:
logger.error(err_msg % " Performing Static Analysis: " +
upl["file_name"])
failed = True
logger.info("[OK] Static Analysis API test completed")
logger.info("[INFO] Running PDF Generation API Test")
if platform.system() in ['Darwin', 'Linux']:
pdfs = [
{
"hash": "3a552566097a8de588b8184b059b0158",
"scan_type": "apk"
},
{
"hash": "6c23c2970551be15f32bbab0b5db0c71",
"scan_type": "ipa"
},
{
"hash": "52c50ae824e329ba8b5b7a0f523efffe",
"scan_type": "andzip"
},
{
"hash": "57bb5be0ea44a755ada4a93885c3825e",
"scan_type": "ioszip"
},
{
"hash": "8179b557433835827a70510584f3143e",
"scan_type": "appx"
},
]
else:
pdfs = [
{
"hash": "3a552566097a8de588b8184b059b0158",
"scan_type": "apk"
},
{
"hash": "52c50ae824e329ba8b5b7a0f523efffe",
"scan_type": "andzip"
},
{
"hash": "57bb5be0ea44a755ada4a93885c3825e",
"scan_type": "ioszip"
},
{
"hash": "8179b557433835827a70510584f3143e",
"scan_type": "appx"
},
]
for pdf in pdfs:
resp = http_client.post('/api/v1/download_pdf',
pdf,
HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200
and resp._headers['content-type'][1] == "application/pdf"):
logger.info("[OK] PDF Report Generated: " + pdf["hash"])
else:
logger.error(err_msg % " Generating PDF: " + pdf["hash"])
logger.info(resp.content)
failed = True
logger.info("[OK] PDF Generation API test completed")
logger.info("Running JSON Report API test")
# JSON Report
for pdf in pdfs:
resp = http_client.post('/api/v1/report_json',
pdf,
HTTP_AUTHORIZATION=auth)
if (resp.status_code
== 200) and (resp._headers['content-type'][1]
== "application/json; charset=utf-8"):
logger.info("[OK] JSON Report Generated: " + pdf["hash"])
else:
logger.error("{} Generating JSON Response: {}".format(
err_msg, pdf["hash"]))
failed = True
logger.info("[OK] JSON Report API test completed")
logger.info("[INFO] Running View Source API test")
# View Source tests
files = [{
"file": "opensecurity/helloworld/MainActivity.java",
"type": "apk",
"hash": "3a552566097a8de588b8184b059b0158"
}, {
"file": "helloworld.app/Info.plist",
"type": "ipa",
"hash": "6c23c2970551be15f32bbab0b5db0c71"
}, {
"file": "opensecurity/webviewignoressl/MainActivity.java",
"type": "studio",
"hash": "52c50ae824e329ba8b5b7a0f523efffe"
}, {
"file": "DamnVulnerableIOSApp/AppDelegate.m",
"type": "ios",
"hash": "57bb5be0ea44a755ada4a93885c3825e"
}]
for sfile in files:
resp = http_client.post('/api/v1/view_source',
sfile,
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode("utf-8"))
if dat["title"]:
logger.info("[OK] Reading - " + sfile["file"])
else:
logger.error(err_msg % " Reading - " + sfile["file"])
failed = True
else:
logger.error(err_msg % " Reading - " + sfile["file"])
failed = True
logger.info("[OK] View Source API test completed")
logger.info("[INFO] Running Delete Scan API Results test")
# Deleting Scan Results
if platform.system() in ['Darwin', 'Linux']:
scan_md5s = [
"3a552566097a8de588b8184b059b0158",
"6c23c2970551be15f32bbab0b5db0c71",
"52c50ae824e329ba8b5b7a0f523efffe",
"57bb5be0ea44a755ada4a93885c3825e",
"8179b557433835827a70510584f3143e"
]
else:
scan_md5s = [
"3a552566097a8de588b8184b059b0158",
"52c50ae824e329ba8b5b7a0f523efffe",
"57bb5be0ea44a755ada4a93885c3825e",
"8179b557433835827a70510584f3143e"
]
for md5 in scan_md5s:
resp = http_client.post('/api/v1/delete_scan', {'hash': md5},
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content.decode("utf-8"))
if dat["deleted"] == "yes":
logger.info("[OK] Deleted Scan: " + md5)
else:
logger.error(err_msg % " Deleting Scan: " + md5)
failed = True
else:
logger.error(err_msg % " Deleting Scan: " + md5)
failed = True
logger.info("[INFO] Delete Scan Results API test completed")
except:
PrintException("[ERROR] Completing REST API Unit Test")
return failed
def api_auth(meta):
"""Check if API Key Matches"""
if "HTTP_AUTHORIZATION" in meta:
return bool(api_key() == meta["HTTP_AUTHORIZATION"])
return False
def api_auth(meta):
"""Check if API Key Matches"""
if "HTTP_AUTHORIZATION" in meta:
return bool(api_key() == meta["HTTP_AUTHORIZATION"])
return False
def api_test():
"""View for Handling REST API Test"""
print "\n[INFO] Running REST API Unit test"
auth = api_key()
failed = False
err_msg = '%s'
if platform.system() != "Windows":
err_msg = '\033[91m \033[1m %s \033[0m'
try:
uploaded = []
print "[INFO] Running Test on Upload API"
http_client = Client()
apk_dir = os.path.join(settings.BASE_DIR, "StaticAnalyzer/test_files/")
for filename in os.listdir(apk_dir):
fpath = os.path.join(apk_dir, filename)
with open(fpath) as filp:
response = http_client.post('/api/v1/upload', {'file': filp},
HTTP_AUTHORIZATION=auth)
obj = json.loads(response.content)
if response.status_code == 200 and "hash" in obj:
print "[OK] Upload OK: " + filename
uploaded.append(obj)
else:
print err_msg % "[ERROR] Performing Upload" + filename
failed = True
print "[OK] Completed Upload API test"
print "[INFO] Running Static Analysis API Test"
for upl in uploaded:
resp = http_client.post('/api/v1/scan',
upl,
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
print "[OK] Static Analysis Complete: " + upl["file_name"]
else:
print err_msg % "[ERROR] Performing Static Analysis: " + upl[
"file_name"]
failed = True
print "[OK] Static Analysis API test completed"
print "[INFO] Running PDF Generation API Test"
pdfs = [
{
"hash": "3a552566097a8de588b8184b059b0158",
"scan_type": "apk"
},
{
"hash": "6c23c2970551be15f32bbab0b5db0c71",
"scan_type": "ipa"
},
{
"hash": "52c50ae824e329ba8b5b7a0f523efffe",
"scan_type": "andzip"
},
{
"hash": "57bb5be0ea44a755ada4a93885c3825e",
"scan_type": "ioszip"
},
{
"hash": "8179b557433835827a70510584f3143e",
"scan_type": "appx"
},
]
for pdf in pdfs:
resp = http_client.post('/api/v1/download_pdf',
pdf,
HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200
and resp._headers['content-type'][1] == "application/pdf"):
print "[OK] PDF Report Generated: " + pdf["hash"]
else:
print err_msg % "[ERROR] Generating PDF: " + pdf["hash"]
print resp.content
failed = True
print "[OK] PDF Generation API test completed"
print "[INFO] Running Delete Scan API Results test"
# Deleting Scan Results
scan_md5s = [
"3a552566097a8de588b8184b059b0158",
"6c23c2970551be15f32bbab0b5db0c71",
"52c50ae824e329ba8b5b7a0f523efffe",
"57bb5be0ea44a755ada4a93885c3825e",
"8179b557433835827a70510584f3143e"
]
for md5 in scan_md5s:
resp = http_client.post('/api/v1/delete_scan', {'hash': md5},
HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content)
if dat["deleted"] == "yes":
print "[OK] Deleted Scan: " + md5
else:
print err_msg % "[ERROR] Deleting Scan: " + md5
failed = True
else:
print err_msg % "[ERROR] Deleting Scan: " + md5
failed = True
print "[INFO] Delete Scan Results API test completed"
except:
PrintException("[ERROR] Completing REST API Unit Test")
return failed
def api_test():
"""View for Handling REST API Test"""
print "\n[INFO] Running REST API Unit test"
auth = api_key()
failed = False
err_msg = '%s'
if platform.system() != "Windows":
err_msg = '\033[91m \033[1m %s \033[0m'
try:
uploaded = []
print "[INFO] Running Test on Upload API"
http_client = Client()
apk_dir = os.path.join(settings.BASE_DIR, "StaticAnalyzer/test_files/")
for filename in os.listdir(apk_dir):
fpath = os.path.join(apk_dir, filename)
with open(fpath) as filp:
response = http_client.post('/api/v1/upload', {'file': filp}, HTTP_AUTHORIZATION=auth)
obj = json.loads(response.content)
if response.status_code == 200 and "hash" in obj:
print "[OK] Upload OK: " + filename
uploaded.append(obj)
else:
print err_msg % "[ERROR] Performing Upload" + filename
failed = True
print "[OK] Completed Upload API test"
print "[INFO] Running Static Analysis API Test"
for upl in uploaded:
resp = http_client.post('/api/v1/scan', upl, HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
print "[OK] Static Analysis Complete: " + upl["file_name"]
else:
print err_msg % "[ERROR] Performing Static Analysis: " + upl["file_name"]
failed = True
print "[OK] Static Analysis API test completed"
print "[INFO] Running PDF Generation API Test"
pdfs = [
{"hash": "3a552566097a8de588b8184b059b0158", "scan_type": "apk"},
{"hash": "6c23c2970551be15f32bbab0b5db0c71", "scan_type": "ipa"},
{"hash": "52c50ae824e329ba8b5b7a0f523efffe", "scan_type": "andzip"},
{"hash": "57bb5be0ea44a755ada4a93885c3825e", "scan_type": "ioszip"},
{"hash": "8179b557433835827a70510584f3143e", "scan_type": "appx"},
]
for pdf in pdfs:
resp = http_client.post('/api/v1/download_pdf', pdf, HTTP_AUTHORIZATION=auth)
if (resp.status_code == 200 and
resp._headers['content-type'][1] == "application/pdf"
):
print "[OK] PDF Report Generated: " + pdf["hash"]
else:
print err_msg % "[ERROR] Generating PDF: " + pdf["hash"]
print resp.content
failed = True
print "[OK] PDF Generation API test completed"
print "[INFO] Running Delete Scan API Results test"
# Deleting Scan Results
scan_md5s = ["3a552566097a8de588b8184b059b0158", "6c23c2970551be15f32bbab0b5db0c71",
"52c50ae824e329ba8b5b7a0f523efffe", "57bb5be0ea44a755ada4a93885c3825e", "8179b557433835827a70510584f3143e"]
for md5 in scan_md5s:
resp = http_client.post('/api/v1/delete_scan', {'hash': md5}, HTTP_AUTHORIZATION=auth)
if resp.status_code == 200:
dat = json.loads(resp.content)
if dat["deleted"] == "yes":
print "[OK] Deleted Scan: " + md5
else:
print err_msg % "[ERROR] Deleting Scan: " + md5
failed = True
else:
print err_msg % "[ERROR] Deleting Scan: " + md5
failed = True
print "[INFO] Delete Scan Results API test completed"
except:
PrintException("[ERROR] Completing REST API Unit Test")
return failed
