def test_is_vulnerable_with_spaces(self):
data = {"analytics": {"ssl": True}, "messages": [{
"payload": {"templateurl": ' http://www.example.com '}
}]}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert(messages[0]) == '---- ISSUE: A "templateurl" in ["messages"]["payload"] doesn\\\'t use SSL; \' http://www.example.com \' does not match \'^https://(.*)$\''
def test_setting_present_but_not_string(self):
data = {"analytics": {"ssl": True}, "remotes": {"messages": False}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: The ["remotes"]["messages"] URL doesn\\\'t use SSL; False is not of type \'string\''
def test_setting_present_but_false(self):
data = {"analytics": {"ssl": True}, "mediaHeartbeat": {"ssl": False}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: The ["mediaHeartbeat"]["ssl"] setting is missing or false - SSL is not being used; True was expected'
def test_different_parent(self):
data = {"othersection": {"ssl": True}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: Schema for checking security settings of the Adobe Mobile SDK configuration files; \'analytics\' is a required property'
def test_parent_present_setting_absent(self):
data = {"analytics": {"ssl": True}, "mediaHeartbeat": {}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: The MediaHeartbeat Schema requires the SSL setting; \'ssl\' is a required property'
def test_array(self):
data = {"analytics": [{"ssl": True}, {"ssl": False}]}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: The Analytics Schema requires the SSL setting; [{\'ssl\': True}, {\'ssl\': False}] is not of type \'object\''
def test_not_vulnerable_multiple(self):
data = {"analytics": {"ssl": True}, "messages": [
{"payload": {"templateurl": 'https://www1.example.com'}},
{"payload": {"templateurl": 'https://www2.example.com'}}
]}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
def test_empty(self):
data = {}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: Schema for checking security settings of the Adobe Mobile SDK configuration files; \'analytics\' is a required property'
def test_array(self):
data = {"analytics": {"ssl": True}, "remotes": [
{"messages": 'http://www.example.com'},
{"messages1": 'http://www.example.com'}
]}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert(messages[0]) == '---- ISSUE: The Remotes Schema; [{\'messages\': \'http://www.example.com\'}, {\'messages1\': \'http://www.example.com\'}] is not of type \'object\''
def test_valid_file(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('assets/ADBMobileConfig.json', '{"test1": true, "test2": "str"}')
data = AdobeMobileSdkPlugin.parse_data(zip_file, 'assets/ADBMobileConfig.json')
assert bool(data) is not False
assert len(data) == 2
assert data['test1'] is True
assert data['test2'] == 'str'
def test_valid_three_files(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('ADBMobileConfig.json', '')
zip_file.writestr('test/ADBMobileConfig.doc', '')
zip_file.writestr('test/ADBMobileConfig.json/test3.md', '')
paths = AdobeMobileSdkPlugin.get_paths(zip_file)
assert len(paths) == 2
assert paths[0] == 'ADBMobileConfig.json'
assert paths[1] == 'test/ADBMobileConfig.json'
def test_setting_present_but_not_boolean(self):
data = {"analytics": {"ssl": "foobar"}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 2
assert (
messages[0]
) == '---- ISSUE: The [\"analytics\"][\"ssl\"] setting is missing or false - SSL is not being used; \'foobar\' is not of type \'boolean\''
assert (
messages[1]
) == '---- ISSUE: The ["analytics"]["ssl"] setting is missing or false - SSL is not being used; True was expected'
def test_empty_element(self):
data = {"analytics": {"ssl": True}, "mediaHeartbeat": {"ssl": ""}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 2
assert (
messages[0]
) == '---- ISSUE: The ["mediaHeartbeat"]["ssl"] setting is missing or false - SSL is not being used; \'\' is not of type \'boolean\''
assert (
messages[1]
) == '---- ISSUE: The ["mediaHeartbeat"]["ssl"] setting is missing or false - SSL is not being used; True was expected'
def test_different_parent(self):
data = {
"analytics": {
"ssl": True
},
"othersection": {
"messages": 'http://www.example.com'
}
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
def test_not_vulnerable(self):
data = {
"analytics": {
"ssl": True
},
"remotes": {
"messages": 'https://www.example.com'
}
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
def test_empty_element(self):
data = {
"analytics": {
"ssl": True
},
"othersection": {
"analytics.poi": ''
}
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
def test_is_vulnerable_with_spaces(self):
data = {
"analytics": {
"ssl": True
},
"remotes": {
"messages": ' http://www.example.com '
}
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: The ["remotes"]["messages"] URL doesn\\\'t use SSL; \' http://www.example.com \' does not match \'^https://(.*)$\''
def test_empty_element(self):
data = {
"analytics": {
"ssl": True
},
"messages": [{
"payload": {
"templateurl": ''
}
}]
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: A "templateurl" in ["messages"]["payload"] doesn\\\'t use SSL; \'\' does not match \'^https://(.*)$\''
def test_setting_present_but_not_string(self):
data = {
"analytics": {
"ssl": True
},
"messages": [{
"payload": {
"templateurl": False
}
}]
}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 1
assert (
messages[0]
) == '---- ISSUE: A "templateurl" in ["messages"]["payload"] doesn\\\'t use SSL; False is not of type \'string\''
def test_junk_file(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('assets/ADBMobileConfig.json', '<junky junk>')
data = AdobeMobileSdkPlugin.parse_data(zip_file, 'assets/ADBMobileConfig.json')
assert data is None
def test_malformed_file(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('assets/ADBMobileConfig.json', '{"welcome,')
data = AdobeMobileSdkPlugin.parse_data(zip_file, 'assets/ADBMobileConfig.json')
assert data is None
def test_valid_one_file(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('assets/ADBMobileConfig.json', '')
paths = AdobeMobileSdkPlugin.get_paths(zip_file)
assert len(paths) == 1
assert paths[0] == 'assets/ADBMobileConfig.json'
def test_plugin_properties_name_desc(self):
plugin = AdobeMobileSdkPlugin({}, True, False)
assert not plugin.name.startswith('Base')
assert not plugin.desc.startswith('Base')
def test_is_online_testing_supported(self):
plugin = AdobeMobileSdkPlugin({}, is_android=False, is_ios=False, do_online=False)
assert plugin.is_online_testing_supported() is False
plugin = AdobeMobileSdkPlugin({}, is_android=False, is_ios=False, do_online=True)
assert plugin.is_online_testing_supported() is False
def test_empty(self):
zip_file = ZipFile(io.BytesIO(), 'a')
paths = AdobeMobileSdkPlugin.get_paths(zip_file)
assert len(paths) == 0
def test_check_support_is(self):
plugin = AdobeMobileSdkPlugin({}, False, False)
assert plugin.is_os_supported() is False
plugin = AdobeMobileSdkPlugin({}, True, False)
assert plugin.is_os_supported() is True
plugin = AdobeMobileSdkPlugin({}, False, True)
assert plugin.is_os_supported() is True
plugin = AdobeMobileSdkPlugin({}, True, True)
assert plugin.is_os_supported() is True
def test_no_elements(self):
zip_file = ZipFile(io.BytesIO(), 'a')
zip_file.writestr('assets/ADBMobileConfig.json', '{}')
data = AdobeMobileSdkPlugin.parse_data(zip_file, 'assets/ADBMobileConfig.json')
assert len(data) == 0
def test_plugin_properties_name_desc(self):
plugin = AdobeMobileSdkPlugin({}, is_android=True, is_ios=False, do_online=False)
assert not plugin.name.startswith('Base')
assert not plugin.desc.startswith('Base')
def test_parent_present_setting_absent(self):
data = {"analytics": {"ssl": True}, "messages": []}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
def test_valid(self):
data = {"analytics": {"ssl": True}, "mediaHeartbeat": {"ssl": True}}
messages = AdobeMobileSdkPlugin.validate(data)
assert len(messages) == 0
