def test_false_positive_detection(self):
# Test whether false positives in database are identified properly
issue = {'scenario_id': '1',
'timestamp': datetime.datetime.utcnow(),
'test_runner_host': 'localhost',
'url': 'url',
'severity': 'severity',
'issuetype': 'issuetype',
'issuename': 'issuename',
'issuedetail': 'issuedetail',
'confidence': 'confidence',
'host': 'host',
'port': 'port',
'protocol': 'protocol',
'messages': 'messagejson'}
# First add one false positive and try checking against it
dbtools.add_false_positive(self.context, issue)
self.assertEqual(dbtools.known_false_positive(self.context,
issue),
True, "Duplicate false positive not detected")
# Change one of the differentiating fields, and test, and
# add the tested one to the database.
issue['scenario_id'] = '2' # Non-duplicate
self.assertEqual(dbtools.known_false_positive(self.context,
issue),
False, "Not a duplicate: scenario_id different")
dbtools.add_false_positive(self.context, issue)
# Repeat for all the differentiating fields
issue['url'] = 'another url'
self.assertEqual(dbtools.known_false_positive(self.context,
issue),
False, "Not a duplicate: url different")
dbtools.add_false_positive(self.context, issue)
issue['issuetype'] = 'foo'
self.assertEqual(dbtools.known_false_positive(self.context,
issue),
False, "Not a duplicate: issuetype different")
dbtools.add_false_positive(self.context, issue)
# Finally, test the last one again twice, now it ought to be
# reported back as a duplicate
self.assertEqual(dbtools.known_false_positive(self.context,
issue),
True, "A duplicate case not detected")
def test_false_positive_detection(self):
# Test whether false positives in database are identified properly
issue = {
'scenario_id': '1',
'timestamp': datetime.datetime.utcnow(),
'test_runner_host': 'localhost',
'url': 'url',
'severity': 'severity',
'issuetype': 'issuetype',
'issuename': 'issuename',
'issuedetail': 'issuedetail',
'confidence': 'confidence',
'host': 'host',
'port': 'port',
'protocol': 'protocol',
'messages': 'messagejson'
}
# First add one false positive and try checking against it
dbtools.add_false_positive(self.context, issue)
self.assertEqual(dbtools.known_false_positive(self.context, issue),
True, "Duplicate false positive not detected")
# Change one of the differentiating fields, and test, and
# add the tested one to the database.
issue['scenario_id'] = '2' # Non-duplicate
self.assertEqual(dbtools.known_false_positive(self.context, issue),
False, "Not a duplicate: scenario_id different")
dbtools.add_false_positive(self.context, issue)
# Repeat for all the differentiating fields
issue['url'] = 'another url'
self.assertEqual(dbtools.known_false_positive(self.context, issue),
False, "Not a duplicate: url different")
dbtools.add_false_positive(self.context, issue)
issue['issuetype'] = 'foo'
self.assertEqual(dbtools.known_false_positive(self.context, issue),
False, "Not a duplicate: issuetype different")
dbtools.add_false_positive(self.context, issue)
# Finally, test the last one again twice, now it ought to be
# reported back as a duplicate
self.assertEqual(dbtools.known_false_positive(self.context, issue),
True, "A duplicate case not detected")
def step_impl(context):
"""Check whether the findings reported by Burp have already been found earlier"""
scanissues = context.results
# Go through each issue, and add issues that aren't in the database
# into the database. If we've found new issues, assert False.
new_items = 0
for issue in scanissues:
issue['scenario_id'] = context.scenario_id
if scandb.known_false_positive(context, issue) is False:
new_items += 1
scandb.add_false_positive(context, issue)
unprocessed_items = scandb.number_of_new_in_database(context)
if unprocessed_items > 0:
assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (new_items, unprocessed_items)
assert True
def step_impl(context):
"""Check whether the findings reported by Burp have already been found earlier"""
scanissues = context.results
# Go through each issue, and add issues that aren't in the database
# into the database. If we've found new issues, assert False.
new_items = 0
for issue in scanissues:
issue['scenario_id'] = context.scenario_id
if scandb.known_false_positive(context, issue) is False:
new_items += 1
scandb.add_false_positive(context, issue)
unprocessed_items = scandb.number_of_new_in_database(context)
if unprocessed_items > 0:
assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (
new_items, unprocessed_items)
assert True