def getPayloadByID(id, env): """ :param id: payload id :return: if id exists - returns RXSSPayloadEntity that is described by that id in the DB """ with sqlite3.connect(config.get('VulnServiceDB', env)) as db: cursor = db.cursor() cursor.execute("""SELECT * from RXSS_Payloads where id = '%s'""" % id) item = cursor.fetchone() if (item is None): raise Exception("No such payload with id %s" % id) return RXSSPayloadEntity(item[0], item[1], item[2])
def getRXSSPayloads(env, size=10, page=0): """ :param size: page size, default 10 :param page: page number, default 0 :return: a list of RXSSPayloadEntities items from RXSS_Payloads DB from page #page of size size """ with sqlite3.connect(config.get('VulnServiceDB', env)) as db: cursor = db.cursor() cursor.execute( """SELECT * from RXSS_Payloads ORDER BY id ASC LIMIT %d OFFSET %d""" % (size, page * size)) payload_list = [] for payload in cursor.fetchall(): rxss_payload = RXSSPayloadEntity(payload[0], payload[1], payload[2]) payload_list.append(rxss_payload) return payload_list
def setUpClass(cls): cls.__vulnsCRUD = VulnerabilitiesCRUD cls.__table_name = "test_vulns" + str(datetime.now()).replace( '-', '').replace(' ', '').replace(':', '').replace('.', '') cls.test = "test" cls.__vulnsCRUD.createTable(cls.__table_name, cls.test) cls.RXSSCrud = RXSSCrud cls.RXSSCrud.dropTable(cls.test) cls.RXSSCrud.createTable(cls.test) cls.vulnDescriptor = VulnerabilityDescriptionCRUD cls.vulnDescriptor.dropTable(cls.test) cls.vulnDescriptor.createTable(cls.test) cls.br = mechanize.Browser() cls.br.addheaders = [( 'User-agent', 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/534.34 (KHTML, like Gecko) Chrome/53.0.2785.113 Safari/534.34' )] cls.cj = mechanize.CookieJar() cls.br.set_cookiejar(cls.cj) cls.br.open("http://localhost/bwapp/login.php") cls.br.select_form(nr=0) cls.br.form['login'] = '******' cls.br.form['password'] = '******' cls.br.submit() cls.scanType = 'RXSS' cookie_value_string = [] for cookie in cls.cj: cookie_dict = { "name": cookie.name, "value": cookie.value, "domain": cookie.domain, "path": cookie.path } cookie_value_string.append(cookie_dict) cls.session_entity = SessionEntity('Cookie', cookie_value_string) cls.rxss1 = RXSSPayloadEntity( payload="<script>console.log(123)</script>", expectedResult="<script>console.log(123)</script>") cls.rxss1ID = cls.RXSSCrud.createPayload(cls.rxss1, cls.test).getID() cls.vulnUtils = VulnerabilityUtils(cls.__table_name, cls.scanType) cls.rxssAlgorithm = MainWindow(db_type='test', table_name=cls.__table_name)
def test_update_wrong_id(self): with self.assertRaises(Exception) as cm: self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID + self.rxss1ID, 'a'), self.env)
def test_update(self): self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID, 'testUpdate'), self.env) self.assertEqual('testUpdate', self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload())
def setUp(self): self.rxss1 = RXSSPayloadEntity(payload='abcTest', expectedResult='a') self.rxss2 = RXSSPayloadEntity(payload='defTest', expectedResult='b') self.rxss1ID = self.__RXSSCRUD.createPayload(self.rxss1, self.env).getID() self.rxss2ID = self.__RXSSCRUD.createPayload(self.rxss2, self.env).getID()
class TestRXSSCRUD(unittest.TestCase): @classmethod def setUpClass(cls): cls.env = "prod" cls.__RXSSCRUD = RXSSCrud try: cls.__RXSSCRUD.dropTable(cls.env) except: pass cls.__RXSSCRUD.createTable(cls.env) cls.__vulnDescriptor = VulnerabilityDescriptionCRUD @classmethod def tearDownClass(cls): cls.__RXSSCRUD = None cls.__vulnDescriptor = None def setUp(self): self.rxss1 = RXSSPayloadEntity(payload='abcTest', expectedResult='a') self.rxss2 = RXSSPayloadEntity(payload='defTest', expectedResult='b') self.rxss1ID = self.__RXSSCRUD.createPayload(self.rxss1, self.env).getID() self.rxss2ID = self.__RXSSCRUD.createPayload(self.rxss2, self.env).getID() def tearDown(self): self.__RXSSCRUD.deleteAllDataFromTable(self.env) self.__vulnDescriptor.deleteAllDataFromTable(self.env) def test_create_payload(self): self.assertEqual(self.rxss1.getExpectedResult(), self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 0)[0].getExpectedResult()) self.assertEqual(self.rxss2.getExpectedResult(), self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 1)[0].getExpectedResult()) def test_wrong_create_payload(self): self.assertNotEqual('abdTest', self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 0)[0].getPayload()) def test_get_payloads_pagination(self): self.assertEqual(len(self.__RXSSCRUD.getRXSSPayloads(self.env, 2, 0)), 2) def test_read_by_id(self): self.assertEqual(self.rxss1.getPayload(), self.__RXSSCRUD.getPayloadByID(self.rxss1ID, self.env).getPayload()) self.assertEqual(self.rxss2.getPayload(), self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload()) def test_wrong_read_by_id(self): with self.assertRaises(Exception): self.__RXSSCRUD.getPayloadByID(self.rxss2ID + self.rxss1ID, self.env) def test_create_correct_number_of_payloads(self): self.assertEqual(2, len(self.__RXSSCRUD.getRXSSPayloads(self.env))) def test_update(self): self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID, 'testUpdate'), self.env) self.assertEqual('testUpdate', self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload()) def test_update_wrong_id(self): with self.assertRaises(Exception) as cm: self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID + self.rxss1ID, 'a'), self.env) def test_delete_by_id(self): self.__RXSSCRUD.deletePayloadByID(self.rxss1ID, self.env) self.assertEqual(1, len(self.__RXSSCRUD.getRXSSPayloads(self.env))) def test_delete_all_data_from_table(self): self.__RXSSCRUD.deleteAllDataFromTable(self.env) self.assertEqual(0, len(self.__RXSSCRUD.getRXSSPayloads(self.env))) def doCleanups(self): pass def suite(self): pass