def fromDict(self, dict): self.id = dict["_id"] self.name = dict["name"] owned = True if dict["owned"].upper() == "TRUE" else False self.setOwned(owned) parent_id = dict["parent"] self.owner = dict["owner"] self._status = dict["status"] self._version = dict["version"] self.description = dict["description"] for u, p in dict["credentials"]: self.credentials.append((u, p)) for note in dict["notes"]: n = ModelObjectNote("") self.setParent(self) n.fromDict(note) self.addNote(n) for vuln in dict["vulnerabilities"]: v = ModelObjectVuln("") self.setParent(self) v.fromDict(vuln) self.addVuln(v) return True
def testDelVulnFromService(self): """ This test case creates a host within the Model Controller context adds an interface to it then adds service then a Vuln, then removes the Vuln""" # When host = test_utils.create_host(self) interface = test_utils.create_interface(self, host) service = test_utils.create_service(self, host, interface) vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='high') self.model_controller.addVulnToServiceSYNC(host.getID(), service.getID(), vuln) added_host = self.model_controller.getHost(host.getName()) added_interface = added_host.getInterface(interface.getID()) added_service = added_interface.getService(service.getID()) vulns = added_service.getVulns() self.assertIn(vuln, vulns, 'Vuln not added') # Then self.model_controller.delVulnFromServiceSYNC(host.getID(), service.getID(), vuln.getID()) added_host = self.model_controller.getHost(host.getName()) added_interface = added_host.getInterface(interface.getID()) added_service = added_interface.getService(service.getID()) vulns = added_service.getVulns() self.assertNotIn(vuln, vulns, 'Vuln not removed')
def testStandarizeUpdatedSeverity(self): vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='informational') self.assertEquals(vuln.severity, 'info', 'Vulnerability severity not transformed correctly') vuln.updateAttributes(severity='3') self.assertEquals(vuln.severity, 'high', 'Vulnerability severity not transformed correctly')
def testEditVulnSyncGetsMapperDispatchedASYNC(self): vuln = ModelObjectVuln("coquito") params = ('new_name', 'new_desc', 'high', "ref1") self.genericEdit(vuln, params, controller.ModelController.editVulnASYNC, process_pending=True) self.assertEquals(vuln.getName(), 'new_name', "Name not updated") self.assertEquals(vuln.getDescription(), 'new_desc', "Description not updated") self.assertEquals(vuln.getSeverity(), 'high', "Severity not updated")
def testEditVulnSyncGetsMapperDispatchedSYNC(self): vuln = ModelObjectVuln("coquito") params = ('new_name', 'new_desc', 'high', "ref1") self.genericEdit(vuln, params, controller.ModelController.editVulnSYNC) self.assertEquals(vuln.getName(), 'new_name', "Name not updated") self.assertEquals(vuln.getDescription(), 'new_desc', "Description not updated") self.assertEquals(vuln.getSeverity(), 'high', "Severity not updated")
def testAddNoteToVulnGetsMapperDispatchSave(self): vuln = ModelObjectVuln('a vuln') note = ModelObjectNote("a_note") mappersManager = self.createMapperMock() objectMapper = mock() when(mappersManager).getMapper(note).thenReturn(objectMapper) when(objectMapper).saveObject(note).thenReturn(True) model_controller = controller.ModelController(mock(), mappersManager) model_controller.addNoteToServiceSYNC(None, vuln.getID(), note) verify(mappersManager).getMapper(note) verify(objectMapper).saveObject(note)
def testAddNoteToVulnGetsMapperDispatchSave(self): vuln = ModelObjectVuln('a vuln') note = ModelObjectNote("a_note") mappersManager = self.createMapperMock() objectMapper = mock() when(mappersManager).getMapper( note.class_signature).thenReturn(objectMapper) when(objectMapper).save(note).thenReturn(True) model_controller = controller.ModelController(mock(), mappersManager) model_controller.addNoteToServiceSYNC(None, vuln.getID(), note) verify(mappersManager).getMapper(note.class_signature) verify(objectMapper).save(note)
def testAddVulnToInterface(self): serv = Service('cuca') vuln = ModelObjectVuln('vuln') serv.addChild(vuln) self.assertIn(vuln, serv.childs.values(), 'Vuln not in childs') self.assertIn(vuln, serv.getVulns(), 'Vuln not accessible')
def fromDict(self, dict): self.id = dict["id"] self.name = dict["name"] owned = True if dict["owned"].upper() == "TRUE" else False self.setOwned(owned) parent_id = dict["parent"] self.owner = dict["owner"] self._protocol = dict["protocol"] self._status = dict["status"] self._version = dict["version"] self.description = dict["description"] for port in dict["ports"]: self.addPort(int(port)) for interface in dict["interfaces"]: inter = Interface() inter.id = interface self.addInterface(inter) for application in dict["applications"]: app = HostApplication("") app.id = application self.addApplication(app) for cred in dict["creds"]: c = ModelObjectCred("") self.setParent(self) c.fromDict(cred) self.addCred(c) for note in dict["notes"]: n = ModelObjectNote("") self.setParent(self) n.fromDict(note) self.addNote(n) for vuln in dict["vulnerabilities"]: v = ModelObjectVuln("") self.setParent(self) v.fromDict(vuln) self.addVuln(v) return True
def fromDict(self, dict): dict.setdefault("") self.id = dict["_id"] self.name = dict["name"] owned = True if dict.get("owned", "").upper() == "TRUE" else False self.setOwned(owned) parent_id = dict["parent"] self.owner = dict["owner"] self.operating_system = dict["os"] self._default_gateway = dict["default_gateway"].split(",") self.description = dict["description"] self._metadata = Metadata("").fromDict(dict["metadata"]) self.categories = [] for category in dict["categories"]: self.categories.append(category) interfaces = dict["interfaces"] for id, interface in interfaces.items(): ints = Interface() ints.setParent(self) ints.fromDict(interface) self.addInterface(ints) applications = dict["applications"] for id, application in applications.items(): app = HostApplication("") app.setParent(self) app.fromDict(application) self.addApplication(app) for note in dict["notes"]: n = ModelObjectNote("") self.setParent(self) n.fromDict(note) self.addNote(n) for vuln in dict["vulnerabilities"]: v = ModelObjectVuln("") self.setParent(self) v.fromDict(vuln) self.addVuln(v) return True
def fromDict(self, dict): dict.setdefault("") self.id = dict["_id"] self.name = dict["name"] owned = True if dict.get("owned", "").upper() == "TRUE" else False self.setOwned(owned) parent_id = dict["parent"] self.owner = dict["owner"] self.operating_system = dict["os"] self._default_gateway = dict["default_gateway"].split(",") self.description = dict["description"] self._metadata = Metadata("").fromDict(dict["metadata"] ) self.categories = [] for category in dict["categories"]: self.categories.append(category) interfaces = dict["interfaces"] for id, interface in interfaces.items(): ints = Interface() ints.setParent(self) ints.fromDict(interface) self.addInterface(ints) applications = dict["applications"] for id, application in applications.items(): app = HostApplication("") app.setParent(self) app.fromDict(application) self.addApplication(app) for note in dict["notes"]: n = ModelObjectNote("") self.setParent(self) n.fromDict(note) self.addNote(n) for vuln in dict["vulnerabilities"]: v = ModelObjectVuln("") self.setParent(self) v.fromDict(vuln) self.addVuln(v) return True
def testDelVulnFromServiceASYNC(self): service = Service('coco') vuln = ModelObjectVuln("int_mock0") service.addChild(vuln) self.genericDelTest(service, vuln, controller.ModelController.delVulnFromServiceASYNC, process_pending=True)
def testDelVulnFromHostASYNC(self): host = Host('coco') vuln = ModelObjectVuln("int_mock0") host.addChild(vuln) self.genericDelTest(host, vuln, controller.ModelController.delVulnFromHostASYNC, process_pending=True)
def testChangeVulnDescriptionUsingUpdateAttributesMethod(self): """ Until we have a single attribute to store the vuln's descrption we need to make sure we're always accessing the valid one (_desc) """ vuln = ModelObjectVuln( name='VulnTest', desc='TestDescription', severity='info') self.assertEquals(vuln._desc, 'TestDescription', 'Vulnerability desc should be the given during creation') vuln.updateAttributes(desc="new description") self.assertEquals(vuln.getDescription(), 'new description', 'Vulnerability desc wasn\'t updated correctly') self.assertEquals(vuln._desc, 'new description', 'Vulnerability desc wasn\'t updated correctly')
def fromDict(self, dict): self.id = dict["_id"] self.name = dict["name"] owned = True if dict["owned"].upper() == "TRUE" else False self.setOwned(owned) parent_id = dict["parent"] self.owner = dict["owner"] self.mac = dict["mac"] self.network_segment = dict["network_segment"] self.description = dict["description"] for hostname in dict["hostnames"]: self.addHostname(hostname) self.ipv4.update(dict["ipv4"]) self.ipv6.update(dict["ipv6"]) self.amount_ports_opened = dict["ports"]["opened"] self.amount_ports_closed = dict["ports"]["closed"] self.amount_ports_filtered = dict["ports"]["filtered"] for srv in dict["services"]: service = Service("") service.setParent(self) service.fromDict(srv) self.addService(service) for note in dict["notes"]: n = ModelObjectNote("") self.setParent(self) n.fromDict(note) self.addNote(n) for vuln in dict["vulnerabilities"]: v = ModelObjectVuln("") self.setParent(self) v.fromDict(vuln) self.addVuln(v) return True
def testHostWithMultipleChildTypes(self): host = Host('coco') inter = Interface('cuca') vuln = ModelObjectVuln('vuln') host.addChild(inter) host.addChild(vuln) self.assertEquals(len(host.getVulns()), 1, "Vulns added is not 1") self.assertIn(vuln, host.getVulns(), "Vuln not accessible") self.assertEquals(len(host.getAllInterfaces()), 1, "Interfaces added is not 1")
def testChangeVulnDescriptionUsingUpdateAttributesMethod(self): """ Until we have a single attribute to store the vuln's descrption we need to make sure we're always accessing the valid one (_desc) """ vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='info') self.assertEquals( vuln._desc, 'TestDescription', 'Vulnerability desc should be the given during creation') vuln.updateAttributes(desc="new description") self.assertEquals(vuln.getDescription(), 'new description', 'Vulnerability desc wasn\'t updated correctly') self.assertEquals(vuln._desc, 'new description', 'Vulnerability desc wasn\'t updated correctly')
def testDeleteVulnFromHost(self): """ Creates a Host adds a Vuln then removes """ host1 = test_utils.create_host(self, "coquito") vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='high') self.model_controller.addVulnToHostSYNC(host1.getID(), vuln) hosts_ids = [h.getID() for h in self.model_controller.getAllHosts()] self.assertIn(host1.getID(), hosts_ids, "Host not in controller") self.model_controller.delVulnFromHostSYNC(host1.getID(), vuln.getID()) added_host = self.model_controller.getHost(host1.getName()) self.assertNotIn(vuln, added_host.getVulns(), 'Vuln not removed')
def testServiceWithMultipleChildTypes(self): serv = Service('cuca') vuln = ModelObjectVuln('vuln') note = ModelObjectNote('nota') serv.addChild(note) serv.addChild(vuln) self.assertEquals(len(serv.getVulns()), 1, "Vulns added is not 1") self.assertIn(vuln, serv.getVulns(), "Vuln not accessible") self.assertEquals(len(serv.getNotes()), 1, "Notes added is not 1") self.assertIn(note, serv.getNotes(), "Note not accessible")
def testInterfaceWithMultipleChildTypes(self): inter = Interface('coco') serv = Service('cuca') vuln = ModelObjectVuln('vuln') inter.addChild(serv) inter.addChild(vuln) self.assertEquals(len(inter.getVulns()), 1, "Vulns added is not 1") self.assertIn(vuln, inter.getVulns(), "Vuln not accessible") self.assertEquals(len(inter.getAllServices()), 1, "Services added is not 1")
def testStandarizeShortnameVulnSeverity(self): """ Verifies longname severity transformed into 'info, low, high, critical' severity (informational -> info)""" vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='informational') self.assertEquals(vuln.severity, 'info', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='medium') self.assertEquals(vuln.severity, 'med', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='highest') self.assertEquals(vuln.severity, 'high', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='criticalosiuos') self.assertEquals(vuln.severity, 'critical', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='tuvieja') self.assertEquals(vuln.severity, 'unclassified', 'Vulnerability severity not transformed correctly')
def testStandarizeNumericVulnSeverity(self): """ Verifies numeric severity transformed into 'info, low, high, critical' severity""" vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=0) self.assertEquals(vuln.severity, 'info', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=1) self.assertEquals(vuln.severity, 'low', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=2) self.assertEquals(vuln.severity, 'med', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=3) self.assertEquals(vuln.severity, 'high', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=4) self.assertEquals(vuln.severity, 'critical', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=5) self.assertEquals(vuln.severity, 'unclassified', 'Vulnerability severity not transformed correctly') vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity=-1) self.assertEquals(vuln.severity, 'unclassified', 'Vulnerability severity not transformed correctly')
def testAddVulnToHost(self): """ This test case creates a host within the Model Controller context then adds a VULN""" # When h = test_utils.create_host(self) vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='high') self.model_controller.addVulnToHostSYNC(h.getID(), vuln) added_host = self.model_controller.getHost(h.getName()) vulns = added_host.getVulns() #Then self.assertIn(vuln, vulns, 'Vuln not added')
def testAddVulnToInterfaceGetsMapperDispatchSaveSYNC(self): interface = Interface("int0") vuln = ModelObjectVuln("a_vuln") mappersManager = self.createMapperMock() objectMapper = mock() when(mappersManager).getMapper( vuln.class_signature).thenReturn(objectMapper) when(objectMapper).save(vuln).thenReturn(True) model_controller = controller.ModelController(mock(), mappersManager) model_controller.addVulnToInterfaceSYNC(None, interface.getID(), vuln) verify(mappersManager).getMapper(vuln.class_signature) verify(objectMapper).save(vuln)
def testAddVulnToHostGetsMapperDispatchSaveSYNC(self): host = Host("pepito") vuln = ModelObjectVuln("a_vuln") mappersManager = self.createMapperMock() objectMapper = mock() when(mappersManager).getMapper( vuln.class_signature).thenReturn(objectMapper) when(objectMapper).save(vuln).thenReturn(True) model_controller = controller.ModelController(mock(), mappersManager) model_controller.addVulnToHostSYNC(host.getID(), vuln) verify(mappersManager).getMapper(vuln.class_signature) verify(objectMapper).save(vuln)
def testAddVulnToServiceGetsMapperDispatchSaveASYNC(self): service = Service("servi") vuln = ModelObjectVuln("a_vuln") mappersManager = self.createMapperMock() objectMapper = mock() when(mappersManager).getMapper( vuln.class_signature).thenReturn(objectMapper) when(objectMapper).save(vuln).thenReturn(True) model_controller = controller.ModelController(mock(), mappersManager) model_controller.addVulnToServiceASYNC(None, service.getID(), vuln) model_controller.processAllPendingActions() verify(mappersManager).getMapper(vuln.class_signature) verify(objectMapper).save(vuln)
def testDelVulnFromHostASYNC(self): host = Host('coco') vuln = ModelObjectVuln("int_mock0") host.addChild(vuln.getID(), vuln) self.genericDelTest(host, vuln, controller.ModelController.delVulnFromHostASYNC, process_pending=True)
def testDelVulnFromObjectSYNC(self): host = Host('coco') vuln = ModelObjectVuln("int_mock0") host.addChild(vuln) self.genericDelTest(host, vuln, controller.ModelController.delVulnSYNC)
def test_load_workspace_on_fs(self): """ This test case creates a host within the Model Controller context adds an interface to it then adds a VulnWeb""" """ We are going to test this structure: host -> interface1 -> service1 -> vuln_web -> vuln -> note -> service2 -> vuln -> vuln -> vuln -> note -> note -> interface2 -> service3 -> note -> credential -> vuln -> vuln """ workspace = self.wm.createWorkspace(new_random_workspace_name(), workspaceClass=WorkspaceOnFS) #self._couchdb_workspaces.append(workspace.name) self.wm.setActiveWorkspace(workspace) WorkspacePersister.stopThreads() host = create_host(self) interface = create_interface(self, host, ip="127.0.0.1") interface2 = create_interface(self, host, ip="127.0.0.2") service = create_service(self, host, interface, ports=1) service2 = create_service(self, host, interface, ports=2) service3 = create_service(self, host, interface2, ports=3) vulnweb = ModelObjectVulnWeb(name='VulnWebTest', desc='TestDescription', severity='high') self.model_controller.addVulnToServiceSYNC(host.getID(), service.getID(), vulnweb) vuln = ModelObjectVuln(name='VulnTest', desc='TestDescription', severity='high') vuln2 = ModelObjectVuln(name='VulnTest2', desc='TestDescription', severity='high') vuln3 = ModelObjectVuln(name='VulnTest3', desc='TestDescription', severity='high') vuln4 = ModelObjectVuln(name='VulnTest4', desc='TestDescription', severity='high') vuln5 = ModelObjectVuln(name='VulnTest5', desc='TestDescription', severity='high') vuln6 = ModelObjectVuln(name='VulnTest6', desc='TestDescription', severity='high') self.model_controller.addVulnToServiceSYNC(host.getID(), service.getID(), vuln) self.model_controller.addVulnToServiceSYNC(host.getID(), service2.getID(), vuln2) self.model_controller.addVulnToServiceSYNC(host.getID(), service2.getID(), vuln3) self.model_controller.addVulnToHostSYNC(host.getID(), vuln4) self.model_controller.addVulnToServiceSYNC(host.getID(), service3.getID(), vuln5) self.model_controller.addVulnToInterfaceSYNC(host.getID(), interface2.getID(), vuln6) note = ModelObjectNote(name='NoteTest', text='TestDescription') note2 = ModelObjectNote(name='NoteTest2', text='TestDescription') note3 = ModelObjectNote(name='NoteTest3', text='TestDescription') note4 = ModelObjectNote(name='NoteTest4', text='TestDescription') self.model_controller.addNoteToServiceSYNC(host.getID(), service.getID(), note) self.model_controller.addNoteToHostSYNC(host.getID(), note2) self.model_controller.addNoteToHostSYNC(host.getID(), note3) self.model_controller.addNoteToServiceSYNC(host.getID(), service3.getID(), note4) cred = ModelObjectCred(username='******', password='******') self.model_controller.addCredToServiceSYNC(host.getID(), service3.getID(), cred) # First, we test if the structure was correctly created # one host with two interfaces, one vuln and two notes self.assertEquals(len(self.model_controller.getAllHosts()), 1, "Host not created") added_host = self.model_controller.getHost(host.getID()) self.assertEquals(len(added_host.getAllInterfaces()), 2, "Interfaces not added to Host") self.assertEquals(len(added_host.getVulns()), 1, "Vuln not created") self.assertEquals(len(added_host.getNotes()), 2, "Notes not created") # one interface with two services, and another one # with a service and a vuln added_interface1 = added_host.getInterface(interface.getID()) added_interface2 = added_host.getInterface(interface2.getID()) self.assertEquals(len(added_interface1.getAllServices()), 2, "Services not created") self.assertEquals(len(added_interface2.getAllServices()), 1, "Service not created") self.assertEquals(len(added_interface2.getVulns()), 1, "Vulns not created") # one service with a note, a vuln and a vuln web added_service1 = added_interface1.getService(service.getID()) self.assertEquals(len(added_service1.getNotes()), 1, "Note not created") self.assertEquals(len(added_service1.getVulns()), 2, "Vulns not created") added_vuln_web = added_service1.getVuln(vulnweb.getID()) self.assertEquals(added_vuln_web.class_signature, "VulnerabilityWeb", "Not a vuln web") # one service with two vulns added_service2 = added_interface1.getService(service2.getID()) self.assertEquals(len(added_service2.getVulns()), 2, "Services not created") # one service with a note, a vuln and a credential added_service3 = added_interface2.getService(service3.getID()) self.assertEquals(len(added_service3.getVulns()), 1, "Vuln not created") self.assertEquals(len(added_service3.getNotes()), 1, "Note not created") self.assertEquals(len(added_service3.getCreds()), 1, "Cred not created") # So, now we reload the worskpace and check everything again print workspace.name workspace.load() # one host with two interfaces, one vuln and two notes self.assertEquals(len(self.model_controller.getAllHosts()), 1, "Host not created") added_host = self.model_controller.getHost(host.getID()) self.assertEquals(len(added_host.getAllInterfaces()), 2, "Interfaces not added to Host") self.assertEquals(len(added_host.getVulns()), 1, "Vuln not created") self.assertEquals(len(added_host.getNotes()), 2, "Notes not created") # one interface with two services, and another one # with a service and a vuln added_interface1 = added_host.getInterface(interface.getID()) added_interface2 = added_host.getInterface(interface2.getID()) self.assertEquals(len(added_interface1.getAllServices()), 2, "Services not created") self.assertEquals(len(added_interface2.getAllServices()), 1, "Service not created") self.assertEquals(len(added_interface2.getVulns()), 1, "Vulns not created") # one service with a note, a vuln and a vuln web added_service1 = added_interface1.getService(service.getID()) self.assertEquals(len(added_service1.getNotes()), 1, "Note not created") self.assertEquals(len(added_service1.getVulns()), 2, "Vulns not created") added_vuln_web = added_service1.getVuln(vulnweb.getID()) self.assertEquals(added_vuln_web.class_signature, "VulnerabilityWeb", "Not a vuln web") # one service with two vulns added_service2 = added_interface1.getService(service2.getID()) self.assertEquals(len(added_service2.getVulns()), 2, "Services not created") # one service with a note, a vuln and a credential added_service3 = added_interface2.getService(service3.getID()) self.assertEquals(len(added_service3.getVulns()), 1, "Vuln not created") self.assertEquals(len(added_service3.getNotes()), 1, "Note not created") self.assertEquals(len(added_service3.getCreds()), 1, "Cred not created")
def testDelVulnFromObjectSYNC(self): host = Host('coco') vuln = ModelObjectVuln("int_mock0") host.addChild(vuln.getID(), vuln) self.genericDelTest(host, vuln, controller.ModelController.delVulnSYNC)
def testDelVulnFromServiceASYNC(self): service = Service('coco') vuln = ModelObjectVuln("int_mock0") service.addChild(vuln.getID(), vuln) self.genericDelTest(service, vuln, controller.ModelController.delVulnFromServiceASYNC, process_pending=True)