def test_external_id_is_converted_to_local(self):
ip = IPAddressFactory(address="192.168.128.10")
vulnerability_1 = VulnerabilityFactory()
vulnerability_2 = VulnerabilityFactory()
data = self._dict2QueryDict({
'last_scan_date':
'2015-01-01T00:00:00',
'scan_status':
'ok',
'next_scan_date':
'2016-01-01T00:00:00',
'details_url':
'https://example.com/scan-deatils',
'rescan_url':
'https://example.com/rescan-url',
'host_ip':
ip.address,
'vulnerabilities':
vulnerability_1.id,
'external_vulnerabilities':
vulnerability_2.external_vulnerability_id, # noqa
})
scan_serializer = SaveSecurityScanSerializer(context={'request': None})
deserialized = scan_serializer.to_internal_value(data)
self.assertEqual(
deserialized['vulnerabilities'],
[vulnerability_1, vulnerability_2],
)
def test_duplicates_works_when_used_in_series_value(self):
SecurityScanFactory(
base_object=DataCenterAssetFactory().baseobject_ptr,
vulnerabilities=[
VulnerabilityFactory(
patch_deadline=datetime.datetime.strptime(
'2015-01-01', '%Y-%m-%d'
)
),
]
)
SecurityScanFactory(
base_object=DataCenterAssetFactory().baseobject_ptr,
vulnerabilities=[
VulnerabilityFactory(
patch_deadline=datetime.datetime.strptime(
'2016-01-01', '%Y-%m-%d'
)
),
VulnerabilityFactory(
patch_deadline=datetime.datetime.strptime(
'2016-02-02', '%Y-%m-%d'
)
),
VulnerabilityFactory(
patch_deadline=datetime.datetime.strptime(
'2016-03-03', '%Y-%m-%d'
)
),
]
)
graph = GraphFactory(
aggregate_type=AggregateType.aggregate_count.id,
params={
'filters': {
'patch_deadline__gte': '2010-01-01',
'securityscan__base_object__isnull': False,
},
'series': 'securityscan|distinct',
'labels': 'patch_deadline|year',
}
)
graph.model = ContentType.objects.get_for_model(Vulnerability)
graph.save()
qs = graph.build_queryset()
self.assertEqual(qs.all()[0]['series'], 1)
self.assertEqual(qs.all()[1]['series'], 1)
def test_listing_show_correct_vuls_count_when_scan_has_different_vuls(
self):
scan = SecurityScanFactory(
base_object=self.asset.baseobject_ptr,
vulnerabilities=[
VulnerabilityFactory(patch_deadline=tomorrow()),
VulnerabilityFactory(patch_deadline=yesterday()),
VulnerabilityFactory(patch_deadline=yesterday()),
],
)
self.assertTrue(scan.vulnerabilities.exists())
result = self.client.get(
reverse('admin:data_center_dchost_changelist'), )
self.assertContains(result, "Vulnerable")
def test_ratio_aggregation(self):
service_env = ServiceEnvironmentFactory(service__name='sample-service')
vulnerability = VulnerabilityFactory(
patch_deadline=datetime.date(2015, 1, 1)
)
for is_patched in [True, False]:
for _ in range(3):
dca = DataCenterAssetFactory(service_env=service_env)
if is_patched:
ss = SecurityScanFactory(vulnerabilities=[])
else:
ss = SecurityScanFactory(vulnerabilities=[vulnerability])
dca.securityscan = ss
ss.save()
dca.save()
graph = GraphFactory(
aggregate_type=AggregateType.aggregate_ratio.id,
params={
'series': ['securityscan__is_patched', 'id'],
'labels': 'service_env__service__name',
'filters': {
'series__gt': 0,
}
}
)
qs = graph.build_queryset()
self.assertEqual(qs.get(), {
'series': 50,
'service_env__service__name': 'sample-service'
})
def test_create_scan_sets_is_patched_false_when_vulnerabilities(self):
ip = IPAddressFactory(address="192.168.128.10")
vulnerability = VulnerabilityFactory(patch_deadline=datetime.now() -
timedelta(days=10))
data = {
'last_scan_date': '2015-01-01T00:00:00',
'scan_status': ScanStatus.ok.name,
'next_scan_date': '2016-01-01T00:00:00',
'details_url': 'https://example.com/scan-deatils',
'rescan_url': 'https://example.com/rescan-url',
'host_ip': ip.address,
'vulnerabilities': [
vulnerability.id,
],
}
url = reverse('securityscan-list')
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(
SecurityScan.objects.get(pk=response.data['id']).is_patched,
False,
)
def test_create_security_scan(self):
ip = IPAddressFactory(address="192.168.128.10")
vulnerability = VulnerabilityFactory()
data = {
'last_scan_date': '2015-01-01T00:00:00',
'scan_status': ScanStatus.ok.name,
'next_scan_date': '2016-01-01T00:00:00',
'details_url': 'https://example.com/scan-deatils',
'rescan_url': 'https://example.com/rescan-url',
'host_ip': ip.address,
'vulnerabilities': [
vulnerability.id,
],
}
url = reverse('securityscan-list')
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
security_scan = SecurityScan.objects.get(pk=response.data['id'])
self.assertEqual(security_scan.last_scan_date.isoformat(),
data['last_scan_date'])
self.assertEqual(security_scan.scan_status, ScanStatus.ok)
self.assertEqual(security_scan.next_scan_date.isoformat(),
data['next_scan_date'])
self.assertEqual(security_scan.details_url, data['details_url'])
self.assertEqual(security_scan.rescan_url, data['rescan_url'])
self.assertEqual(security_scan.base_object, ip.base_object)
self.assertEqual(security_scan.vulnerabilities.count(), 1)
self.assertEqual(security_scan.vulnerabilities.get(), vulnerability)
def test_listing_show_fail_when_scan_succeed_and_got_exceeded_vulnerability(
self):
scan = SecurityScanFactory(
base_object=self.asset.baseobject_ptr,
vulnerabilities=[VulnerabilityFactory(patch_deadline=yesterday())],
)
self.assertTrue(scan.vulnerabilities.exists())
result = self.client.get(
reverse('admin:data_center_dchost_changelist'), )
self.assertContains(result, "Vulnerable")
def test_listing_show_ok_when_scan_succeed_and_vulnerability_before_deadline(
self):
SecurityScanFactory(
base_object=self.asset.baseobject_ptr,
vulnerabilities=[VulnerabilityFactory(patch_deadline=tomorrow())],
)
result = self.client.get(
reverse('admin:data_center_dchost_changelist'), )
self.assertContains(result, "Host clean")
def setUp(self):
self.login_as_user()
self.asset_no_vuls = DataCenterAssetFullFactory(
rack__name='Rack #1',
rack__server_room__name='SR1',
rack__server_room__data_center__name='DC1',
)
self.scan_no_vuls = SecurityScanFactory(
base_object=self.asset_no_vuls.baseobject_ptr,
vulnerabilities=[],
)
self.today = datetime.now()
self.yesterday = self.today + timedelta(days=-1)
self.tomorrow = self.today + timedelta(days=1)
self.asset_with_today_vul = DataCenterAssetFullFactory(
rack__name='Rack #1',
rack__server_room__name='SR1',
rack__server_room__data_center__name='DC1',
)
self.scan_with_vuls2 = SecurityScanFactory(
base_object=self.asset_with_today_vul.baseobject_ptr,
vulnerabilities=[
VulnerabilityFactory(patch_deadline=self.today, )
])
self.asset_vuls2 = DataCenterAssetFullFactory(
rack__name='Rack #1',
rack__server_room__name='SR1',
rack__server_room__data_center__name='DC1',
)
self.scan_with_vuls2 = SecurityScanFactory(
base_object=self.asset_vuls2.baseobject_ptr,
vulnerabilities=[
VulnerabilityFactory(patch_deadline=self.today +
timedelta(days=30))
])
def test_error_raised_when_unknown_external_id(self):
ip = IPAddressFactory(address="192.168.128.10")
vulnerability = VulnerabilityFactory()
data = self._dict2QueryDict({
'last_scan_date': '2015-01-01T00:00:00',
'scan_status': 'ok',
'next_scan_date': '2016-01-01T00:00:00',
'details_url': 'https://example.com/scan-deatils',
'rescan_url': 'https://example.com/rescan-url',
'host_ip': ip.address,
'vulnerabilities': vulnerability.id,
'external_vulnerabilities': '12345678',
})
scan_serializer = SaveSecurityScanSerializer(context={'request': None})
with self.assertRaises(serializers.ValidationError):
scan_serializer.to_internal_value(data)
def setUp(self):
super().setUp()
ip = IPAddressFactory(address="192.168.128.10")
self.vulnerability = VulnerabilityFactory()
self.data = {
'last_scan_date':
'2015-01-01T00:00:00',
'scan_status':
ScanStatus.ok.name,
'next_scan_date':
'2016-01-01T00:00:00',
'host_ip':
ip.address,
'external_vulnerabilities':
[self.vulnerability.external_vulnerability_id],
}
def test_patch_security_scan(self):
ip = IPAddressFactory(address="192.168.128.66")
url = reverse('securityscan-detail', args=(self.security_scan.id, ))
vulnerability = VulnerabilityFactory()
data = {
'last_scan_date':
(datetime.now() +
timedelta(days=10)).replace(microsecond=0).isoformat(),
'scan_status':
ScanStatus.error.name,
'next_scan_date':
(datetime.now() +
timedelta(days=15)).replace(microsecond=0).isoformat(),
'details_url':
self.security_scan.details_url + '-new',
'rescan_url':
self.security_scan.rescan_url + '-new',
'host_ip':
ip.address,
'vulnerabilities': [
vulnerability.id,
],
}
response = self.client.patch(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.security_scan.refresh_from_db()
self.assertEqual(self.security_scan.last_scan_date.isoformat(),
data['last_scan_date'])
self.assertEqual(self.security_scan.scan_status, ScanStatus.error)
self.assertEqual(self.security_scan.next_scan_date.isoformat(),
data['next_scan_date'])
self.assertEqual(self.security_scan.details_url, data['details_url'])
self.assertEqual(self.security_scan.rescan_url, data['rescan_url'])
self.assertEqual(self.security_scan.base_object, ip.base_object)
self.assertEqual(self.security_scan.vulnerabilities.count(), 1)
self.assertEqual(
self.security_scan.vulnerabilities.get(),
vulnerability,
)
def test_posting_scan_replace_old_one_when_scan_already_exists(self):
ip = IPAddressFactory(address="192.168.128.66")
scan = SecurityScanFactory(base_object=ip.base_object)
data = {
'last_scan_date':
(datetime.now() +
timedelta(days=10)).replace(microsecond=0).isoformat(),
'scan_status':
ScanStatus.ok.name,
'next_scan_date':
(datetime.now() +
timedelta(days=15)).replace(microsecond=0).isoformat(),
'details_url':
"http://example.com",
'rescan_url':
"http://example.com",
'host_ip':
ip.address,
'vulnerabilities': [
VulnerabilityFactory().id,
],
}
self.assertEqual(
SecurityScan.objects.get(base_object=ip.base_object.id).id,
scan.id,
)
response = self.client.post(reverse('securityscan-list'),
data,
format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertNotEqual(
SecurityScan.objects.get(base_object=ip.base_object.id).id,
scan.id,
)
def setUp(self):
super().setUp()
self.vulnerability = VulnerabilityFactory()
class VulnerabilityAPITests(RalphAPITestCase):
def setUp(self):
super().setUp()
self.vulnerability = VulnerabilityFactory()
def test_get_vulnerability_list(self):
url = reverse('vulnerability-list')
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], Vulnerability.objects.count())
def test_get_vulnerability_details(self):
url = reverse('vulnerability-detail', args=(self.vulnerability.id, ))
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['name'], self.vulnerability.name)
self.assertEqual(
response.data['patch_deadline'],
self.vulnerability.patch_deadline.replace(
microsecond=0).isoformat(),
)
self.assertEqual(response.data['risk'], Risk.low.name)
self.assertEqual(
response.data['external_vulnerability_id'],
self.vulnerability.external_vulnerability_id,
)
def test_create_vulnerability(self):
url = reverse('vulnerability-list')
data = {
'name':
"vulnerability name",
'display_name':
"name",
'patch_deadline':
(datetime.now() +
timedelta(days=10)).replace(microsecond=0).isoformat(),
'risk':
Risk.low.name,
'external_vulnerability_id':
100,
}
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
vulnerability = Vulnerability.objects.get(pk=response.data['id'])
self.assertEqual(vulnerability.name, data['name'])
self.assertEqual(
vulnerability.patch_deadline.isoformat(),
data['patch_deadline'],
)
self.assertEqual(vulnerability.risk, Risk.low)
self.assertEqual(vulnerability.external_vulnerability_id,
data['external_vulnerability_id'])
def test_patch_vulnerability(self):
url = reverse('vulnerability-detail', args=(self.vulnerability.id, ))
data = {
'name':
self.vulnerability.name + ' new',
'patch_deadline':
(self.vulnerability.patch_deadline +
timedelta(days=3)).replace(microsecond=0).isoformat(),
'risk':
Risk.high.name,
'external_vulnerability_id':
self.vulnerability.external_vulnerability_id + 10 # noqa
}
response = self.client.patch(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.vulnerability.refresh_from_db()
self.assertEqual(self.vulnerability.name, data['name'])
self.assertEqual(self.vulnerability.patch_deadline.isoformat(),
data['patch_deadline'])
self.assertEqual(self.vulnerability.risk, Risk.high)
self.assertEqual(self.vulnerability.external_vulnerability_id,
data['external_vulnerability_id'])
