Exemple #1
0
    def test_ignore_non_vulnerable(self, mock_client):
        f = io.StringIO()
        with redirect_stdout(f):
            main.main([
                f'{URL}/schema',
                '-t',
                'basic.get_public_listing',
                '-f',
                'test_data/nested',
            ])

        # Non-vulnerable endpoints will be run, but the result of the IDORPlugin
        # will be ignored since the endpoint is marked as non-vulnerable. This
        # is why the result "passes".
        assert '1 passed' in f.getvalue()

        f = io.StringIO()
        with redirect_stdout(f):
            main.main([
                f'{URL}/schema',
                '-t',
                'basic.get_public_listing',
                '-f',
                'test_data/nested',
                '--ignore-non-vulnerable',
            ])

        # On the other hand, excluded endpoints aren't even run. Since we're
        # only specifying one test to run here, we'll get a blank test result.
        assert 'No tests run!' in f.getvalue()
Exemple #2
0
 def test_ignore_exceptions_hides_exceptions(self, mock_client):
     assert not main.main([
         '{}/schema'.format(URL),
         '-t',
         'constant.get_will_throw_error',
         '--ignore-exceptions',
     ])
Exemple #3
0
 def test_success(self, mock_client):
     # TODO: This is more of a smoke test right now. It flags,
     #       because it identifies IDOR, but this also masks other errors.
     #       We should address this again, when we implement whitelist
     #       functionality.
     assert main.main([
         '{}/schema'.format(URL),
         '-f',
         'test_data/nested',
     ])
Exemple #4
0
 def test_ignore_exceptions_still_shows_vulnerabilities(self, mock_client):
     assert main.main([
         '{}/schema'.format(URL),
         '-t',
         'constant.get_will_throw_error',
         '-t',
         'basic.get_private_listing',
         '--ignore-exceptions',
         '-f',
         'test_data/nested',
     ])
Exemple #5
0
 def test_returns_one_if_failure(self):
     assert main.main([URL])