def test_parse_file_with_various_cwes(self): testfile = open("unittests/scans/gitlab_sast/gl-sast-report-cwe.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertTrue(len(findings) == 3) self.assertEqual(79, findings[0].cwe) self.assertEqual(89, findings[1].cwe) self.assertEqual(None, findings[2].cwe)
def test_parse_file_issue4336(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report_issue4344.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual("[None severity] Potential XSS vulnerability", finding.title)
def test_parse_file_with_one_vuln_has_one_finding(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(1, len(findings)) finding = findings[0] self.assertEqual("Password in URL", finding.title) self.assertEqual("Critical", finding.severity)
def test_parse_file_with_various_confidences(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-confidence.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertTrue(len(findings) == 8) i = 0 for item in findings: self.assertTrue(item.cwe is None or isinstance(item.cwe, int)) self.assertEqual(item.get_scanner_confidence_text(), get_confidence_defectdojo(i)) i = i + 1
def test_with_scan(self): testfile = open( "unittests/scans/gitlab_sast/gl-sast-report-confidence.json") parser = GitlabSastParser() tests = parser.get_tests(None, testfile) self.assertEqual(1, len(tests)) test = tests[0] self.assertEqual("njsscan", test.name) self.assertEqual("njsscan", test.type) self.assertEqual("0.1.9", test.version) findings = test.findings self.assertEqual(8, len(findings))
def test_without_scan(self): testfile = open( "unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json") parser = GitlabSastParser() tests = parser.get_tests(None, testfile) self.assertEqual(1, len(tests)) test = tests[0] self.assertIsNone(test.name) self.assertIsNone(test.type) self.assertIsNone(test.version) findings = test.findings self.assertEqual(1, len(findings))
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertTrue(3, len(findings)) finding = findings[0] self.assertEqual("Password in URL", finding.title) self.assertEqual("Critical", finding.severity) finding = findings[1] self.assertEqual("Password in URL", finding.title) self.assertEqual("Critical", finding.severity) finding = findings[2] self.assertEqual("PKCS8 key", finding.title) self.assertEqual("Critical", finding.severity)
def test_import_scan_without_test_scan_type(self): # GitLabSastParser implements get_tests but report has no scanner name scan = open(get_unit_tests_path() + "/scans/gitlab_sast/gl-sast-report-1-vuln.json") scan_type = GitlabSastParser().get_scan_types()[0] user, _ = User.objects.get_or_create(username="******") user_reporter, _ = User.objects.get_or_create(username="******") product_type, _ = Product_Type.objects.get_or_create(name="test2") product, _ = Product.objects.get_or_create( name="TestDojoDefaultImporter2", prod_type=product_type, ) engagement, _ = Engagement.objects.get_or_create( name="Test Create Engagement2", product=product, target_start=timezone.now(), target_end=timezone.now(), ) importer = Importer() scan_date = None environment, _ = Development_Environment.objects.get_or_create(name="Development") test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment, active=True, verified=True, tags=None, minimum_severity=None, user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None, commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None) self.assertEqual("GitLab SAST Report", test.test_type.name) self.assertEqual(1, len_new_findings) self.assertEqual(0, len_closed_findings)
def test_parse_file_with_various_confidences(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-confidence.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertTrue(len(findings) == 8) for item in findings: self.assertTrue(item.cwe is None or isinstance(item.cwe, int)) finding = findings[3] self.assertEqual("Tentative", finding.get_scanner_confidence_text()) finding = findings[4] self.assertEqual("Tentative", finding.get_scanner_confidence_text()) finding = findings[5] self.assertEqual("Firm", finding.get_scanner_confidence_text()) finding = findings[6] self.assertEqual("Firm", finding.get_scanner_confidence_text()) finding = findings[7] self.assertEqual("Certain", finding.get_scanner_confidence_text())
def test_parse_file_with_no_vuln_has_no_findings(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-0-vuln.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertEqual(0, len(findings))
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): testfile = open( "dojo/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json") parser = GitlabSastParser() findings = parser.get_findings(testfile, Test()) self.assertTrue(len(findings) > 2)