Exemple #1
0
    def test_false_positive_detection(self):
        # Test whether false positives in database are identified properly
        issue = {'scenario_id': '1',
                 'timestamp': datetime.datetime.utcnow(),
                 'test_runner_host': 'localhost',
                 'url': 'url',
                 'severity': 'severity',
                 'issuetype': 'issuetype',
                 'issuename': 'issuename',
                 'issuedetail': 'issuedetail',
                 'confidence': 'confidence',
                 'host': 'host',
                 'port': 'port',
                 'protocol': 'protocol',
                 'messages': 'messagejson'}

        # First add one false positive and try checking against it
        dbtools.add_false_positive(self.context, issue)

        self.assertEqual(dbtools.known_false_positive(self.context,
                                                      issue),
                         True, "Duplicate false positive not detected")

        # Change one of the differentiating fields, and test, and
        # add the tested one to the database.
        issue['scenario_id'] = '2'  # Non-duplicate
        self.assertEqual(dbtools.known_false_positive(self.context,
                                                      issue),
                         False, "Not a duplicate: scenario_id different")
        dbtools.add_false_positive(self.context, issue)

        # Repeat for all the differentiating fields
        issue['url'] = 'another url'
        self.assertEqual(dbtools.known_false_positive(self.context,
                                                      issue),
                         False, "Not a duplicate: url different")
        dbtools.add_false_positive(self.context, issue)

        issue['issuetype'] = 'foo'
        self.assertEqual(dbtools.known_false_positive(self.context,
                                                      issue),
                         False, "Not a duplicate: issuetype different")
        dbtools.add_false_positive(self.context, issue)

        # Finally, test the last one again twice, now it ought to be
        # reported back as a duplicate
        self.assertEqual(dbtools.known_false_positive(self.context,
                                                      issue),
                         True, "A duplicate case not detected")
Exemple #2
0
    def test_false_positive_detection(self):
        # Test whether false positives in database are identified properly
        issue = {
            'scenario_id': '1',
            'timestamp': datetime.datetime.utcnow(),
            'test_runner_host': 'localhost',
            'url': 'url',
            'severity': 'severity',
            'issuetype': 'issuetype',
            'issuename': 'issuename',
            'issuedetail': 'issuedetail',
            'confidence': 'confidence',
            'host': 'host',
            'port': 'port',
            'protocol': 'protocol',
            'messages': 'messagejson'
        }

        # First add one false positive and try checking against it
        dbtools.add_false_positive(self.context, issue)

        self.assertEqual(dbtools.known_false_positive(self.context, issue),
                         True, "Duplicate false positive not detected")

        # Change one of the differentiating fields, and test, and
        # add the tested one to the database.
        issue['scenario_id'] = '2'  # Non-duplicate
        self.assertEqual(dbtools.known_false_positive(self.context, issue),
                         False, "Not a duplicate: scenario_id different")
        dbtools.add_false_positive(self.context, issue)

        # Repeat for all the differentiating fields
        issue['url'] = 'another url'
        self.assertEqual(dbtools.known_false_positive(self.context, issue),
                         False, "Not a duplicate: url different")
        dbtools.add_false_positive(self.context, issue)

        issue['issuetype'] = 'foo'
        self.assertEqual(dbtools.known_false_positive(self.context, issue),
                         False, "Not a duplicate: issuetype different")
        dbtools.add_false_positive(self.context, issue)

        # Finally, test the last one again twice, now it ought to be
        # reported back as a duplicate
        self.assertEqual(dbtools.known_false_positive(self.context, issue),
                         True, "A duplicate case not detected")
Exemple #3
0
def step_impl(context):
    """Check whether the findings reported by Burp have already been found earlier"""
    scanissues = context.results

    # Go through each issue, and add issues that aren't in the database
    # into the database. If we've found new issues, assert False.

    new_items = 0
    for issue in scanissues:
        issue['scenario_id'] = context.scenario_id
        if scandb.known_false_positive(context, issue) is False:
            new_items += 1
            scandb.add_false_positive(context, issue)

    unprocessed_items = scandb.number_of_new_in_database(context)

    if unprocessed_items > 0:
        assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (new_items, unprocessed_items)
    assert True
Exemple #4
0
def step_impl(context):
    """Check whether the findings reported by Burp have already been found earlier"""
    scanissues = context.results

    # Go through each issue, and add issues that aren't in the database
    # into the database. If we've found new issues, assert False.

    new_items = 0
    for issue in scanissues:
        issue['scenario_id'] = context.scenario_id
        if scandb.known_false_positive(context, issue) is False:
            new_items += 1
            scandb.add_false_positive(context, issue)

    unprocessed_items = scandb.number_of_new_in_database(context)

    if unprocessed_items > 0:
        assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (
            new_items, unprocessed_items)
    assert True