Exemple #1
0
 def test_ptp_parse_mock_parser(self):
     my_ptp = PTP()
     my_ptp.parser = MockParser()
     vulns = my_ptp.parse()
     self.assertEqual(vulns, [])
     self.assertEqual(my_ptp.tool_name, 'mock')
     self.assertEqual(my_ptp.metadata, {})
Exemple #2
0
def run():
    try:
        reports = REPORTS.iteritems()
    except AttributeError:  # Python3
        reports = REPORTS.items()

    for plugin, outputs in reports:
        print('\t> %s' % plugin)
        for output in outputs:
            ptp = PTP('metasploit')
            print('\t\ttest parse():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(
                        os.getcwd(),
                        'tests/metasploit/',
                        plugin),
                    filename=output,
                    plugin=plugin)
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                assert ptp.get_highest_ranking() == outputs[output]
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
Exemple #3
0
 def test_ptp_parse_mock_parser(self):
     my_ptp = PTP()
     my_ptp.parser = MockParser()
     vulns = my_ptp.parse()
     self.assertEqual(vulns, [])
     self.assertEqual(my_ptp.tool_name, 'mock')
     self.assertEqual(my_ptp.metadata, {})
Exemple #4
0
 def test_ptp_highest_ranking_info_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{
         'ranking': constants.UNKNOWN
     }, {
         'ranking': constants.INFO
     }]
     self.assertTrue(my_ptp.highest_ranking == constants.INFO)
Exemple #5
0
 def test_ptp_get_highest_ranking_low_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{
         'ranking': constants.UNKNOWN
     }, {
         'ranking': constants.INFO
     }, {
         'ranking': constants.LOW
     }]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.LOW)
Exemple #6
0
 def test_ptp_no_light_parsing(self):
     my_ptp = PTP()
     my_ptp.parser = MockParserLight
     report = my_ptp.parse(light=False)
     assert_that(1, equal_to(len(report)))
     vuln = report[0]
     # In heavy parsing mode, there is a finding with UNKNOWN ranking that will contain all the transactions that
     # could not be assigned to other vuln when parsing the report
     self.assertTrue('ranking' in vuln and vuln['ranking'] == constants.UNKNOWN)
     self.assertTrue('transactions' in vuln and len(vuln['transactions']))
Exemple #7
0
def run():
    ptp = PTP('robots')
    print('\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/robots/reports'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/robots/reports'))
        assert ptp.parser.__tool__ == 'robots'
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == INFO
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #8
0
 def test_ptp_no_light_parsing(self):
     my_ptp = PTP()
     my_ptp.parser = MockParserLight
     report = my_ptp.parse(light=False)
     assert_that(1, equal_to(len(report)))
     vuln = report[0]
     # In heavy parsing mode, there is a finding with UNKNOWN ranking that will contain all the transactions that
     # could not be assigned to other vuln when parsing the report
     self.assertTrue('ranking' in vuln
                     and vuln['ranking'] == constants.UNKNOWN)
     self.assertTrue('transactions' in vuln and len(vuln['transactions']))
Exemple #9
0
 def test_ptp_highest_ranking_medium_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{
         'ranking': constants.UNKNOWN
     }, {
         'ranking': constants.INFO
     }, {
         'ranking': constants.LOW
     }, {
         'ranking': constants.MEDIUM
     }]
     self.assertTrue(my_ptp.highest_ranking == constants.MEDIUM)
Exemple #10
0
 def test_ptp_no_cumulative_parsing(self):
     my_ptp = PTP(cumulative=False)
     my_ptp.parser = MockParserInfo()  # Tool 1, first run
     report = my_ptp.parse()
     assert_that(1, equal_to(len(report)))
     assert_that(report, has_item({'ranking': constants.INFO}))
     assert_that(report, is_not(has_item({'ranking': constants.HIGH})))
     my_ptp.parser = MockParserHigh()  # Tool 2, second run
     report = my_ptp.parse()
     assert_that(1, equal_to(len(report)))
     assert_that(report, has_item({'ranking': constants.HIGH}))
     assert_that(report, is_not(has_item({'ranking': constants.INFO})))
Exemple #11
0
 def test_ptp_init_supported_tools(self):
     tool_names = [
         'arachni', 'skipfish', 'w3af', 'wapiti', 'metasploit', 'dirbuster',
         'nmap', 'owasp-cm-008', 'robots', 'burpsuite', 'hoppy'
     ]
     for tool_name in tool_names:
         self.assertTrue(PTP(tool_name=tool_name).tool_name == tool_name)
Exemple #12
0
def run():
    ptp = PTP('robots')
    print('\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/robots/reports'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/robots/reports'))
        assert ptp.parser.__tool__ == 'robots'
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == INFO
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #13
0
    def rank_plugin(output, pathname):
        """Rank the current plugin results using PTP.

        Returns the ranking value.

        """

        def extract_metasploit_modules(cmd):
            """Extract the metasploit modules contained in the plugin output.

            Returns the list of (module name, output file) found, an empty list
            otherwise.

            """
            return [
                (
                    output['output'].get('ModifiedCommand', '').split(' ')[3],
                    os.path.basename(output['output'].get('RelativeFilePath', ''))
                )
                for output in cmd
                if ('output' in output and 'metasploit' in output['output'].get('ModifiedCommand', ''))]

        msf_modules = None
        if output:
            msf_modules = extract_metasploit_modules(output)
        owtf_rank = -1  # Default ranking value set to Unknown.
        try:
            parser = PTP()
            if msf_modules:
                for module in msf_modules:
                    # filename - Path to output file.
                    # plugin - Metasploit module name.
                    parser.parse(pathname=pathname, filename=module[1], plugin=module[0], light=True)
                    owtf_rank = max(owtf_rank, parser.highest_ranking)
            else:
                parser.parse(pathname=pathname, light=True)
                owtf_rank = parser.highest_ranking
        except PTPError:  # Not supported tool or report not found.
            pass
        except Exception as e:
            logging.error('Unexpected exception when running PTP: %s' % e)
        if owtf_rank == UNKNOWN:  # Ugly truth... PTP gives 0 for unranked but OWTF uses -1 instead...
            owtf_rank = -1
        return owtf_rank
Exemple #14
0
 def test_ptp_no_cumulative_parsing(self):
     my_ptp = PTP(cumulative=False)
     my_ptp.parser = MockParserInfo()  # Tool 1, first run
     report = my_ptp.parse()
     assert_that(1, equal_to(len(report)))
     assert_that(report, has_item({'ranking': constants.INFO}))
     assert_that(report, is_not(has_item({'ranking': constants.HIGH})))
     my_ptp.parser = MockParserHigh()  # Tool 2, second run
     report = my_ptp.parse()
     assert_that(1, equal_to(len(report)))
     assert_that(report, has_item({'ranking': constants.HIGH}))
     assert_that(report, is_not(has_item({'ranking': constants.INFO})))
Exemple #15
0
def run():
    try:
        reports = REPORTS.iteritems()
    except AttributeError:  # Python3
        reports = REPORTS.items()

    for report, ranking in reports:
        ptp = PTP('dirbuster')
        print('\ttest parse():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(),
                                            'tests/dirbuster/1.0'),
                      filename=report)
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        ptp = PTP()
        print('\ttest is_mine():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(),
                                            'tests/dirbuster/1.0'),
                      filename=report)
            assert ptp.parser.__tool__ == 'dirbuster'
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        print('\ttest get_highest_ranking():', end=' ')
        res = 'OK'
        try:
            assert ptp.get_highest_ranking() == ranking
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
Exemple #16
0
    def rank_plugin(output, pathname):
        """Rank the current plugin results using PTP.

        Returns the ranking value.

        """
        def extract_metasploit_modules(cmd):
            """Extract the metasploit modules contained in the plugin output.

            Returns the list of (module name, output file) found, an empty list
            otherwise.

            """
            return [
                (output['output'].get('ModifiedCommand', '').split(' ')[3],
                 os.path.basename(output['output'].get('RelativeFilePath',
                                                       ''))) for output in cmd
                if ('output' in output and 'metasploit' in
                    output['output'].get('ModifiedCommand', ''))
            ]

        msf_modules = None
        if output:
            msf_modules = extract_metasploit_modules(output)
        owtf_rank = -1  # Default ranking value set to Unknown.
        try:
            parser = PTP()
            if msf_modules:
                for module in msf_modules:
                    parser.parse(
                        pathname=pathname,
                        filename=module[1],  # Path to output file.
                        plugin=module[0])  # Metasploit module name.
                    owtf_rank = max(owtf_rank, parser.get_highest_ranking())
            else:
                parser.parse(pathname=pathname)
                owtf_rank = parser.get_highest_ranking()
        except PTPError:  # Not supported tool or report not found.
            pass
        if owtf_rank == UNKNOWN:  # Ugly truth... PTP gives 0 for unranked but OWTF uses -1 instead...
            owtf_rank = -1
        return owtf_rank
Exemple #17
0
    def rank_plugin(output, pathname):
        """Rank the current plugin results using PTP.

            Returns the ranking value.

            """
        def extract_metasploit_modules(cmd):
            """Extract the metasploit modules contained in the plugin output.

                Returns the list of (module name, output file) found, an empty list
                otherwise.

                """
            return [
                (output['output'].get('ModifiedCommand', '').split(' ')[3],
                 os.path.basename(output['output'].get('RelativeFilePath',
                                                       ''))) for output in cmd
                if ('output' in output and 'metasploit' in
                    output['output'].get('ModifiedCommand', ''))
            ]

        msf_modules = None
        if output:  # Try to retrieve metasploit modules that were used.
            msf_modules = extract_metasploit_modules(output)
        owtf_rank = -1  # Default ranking value set to Unknown.
        try:
            parser = PTP()
            if msf_modules:  # PTP needs to know the msf module name.
                for module in msf_modules:
                    parser.parse(
                        pathname=pathname,
                        filename=module[1],  # Path to output file.
                        plugin=module[0])  # Metasploit module name.
                    owtf_rank = max(owtf_rank, parser.get_highest_ranking())
            else:  # Otherwise use the auto-detection mode.
                parser.parse(pathname=pathname)
                owtf_rank = parser.get_highest_ranking()
        except PTPError:  # Not supported tool or report not found.
            pass
        return owtf_rank
Exemple #18
0
        def rank_plugin(output, pathname):
            """Rank the current plugin results using PTP.

            Returns the ranking value.

            """
            def extract_metasploit_modules(cmd):
                """Extract the metasploit modules contained in the plugin output.

                Returns the list of (module name, output file) found, an empty list
                otherwise.

                """
                return [
                    (
                        output['output'].get('ModifiedCommand', '').split(' ')[3],
                        os.path.basename(
                            output['output'].get('RelativeFilePath', ''))
                    )
                    for output in cmd
                    if ('output' in output and
                        'metasploit' in output['output'].get('ModifiedCommand', ''))]

            msf_modules = None
            if output:  # Try to retrieve metasploit modules that were used.
                msf_modules = extract_metasploit_modules(output)
            owtf_rank = -1  # Default ranking value set to Unknown.
            try:
                parser = PTP()
                if msf_modules:  # PTP needs to know the msf module name.
                    for module in msf_modules:
                        parser.parse(
                            pathname=pathname,
                            filename=module[1],  # Path to output file.
                            plugin=module[0])  # Metasploit module name.
                        owtf_rank = max(
                            owtf_rank,
                            parser.get_highest_ranking())
                else:  # Otherwise use the auto-detection mode.
                    parser.parse(pathname=pathname)
                    owtf_rank = parser.get_highest_ranking()
            except PTPError:  # Not supported tool or report not found.
                pass
            return owtf_rank
Exemple #19
0
def run():
    ptp = PTP('nmap')
    print('\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/nmap/6.46'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/nmap/6.46'))
        assert ptp.parser.__tool__ == 'nmap'
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #20
0
def run():
    try:
        reports = REPORTS.iteritems()
    except AttributeError:  # Python3
        reports = REPORTS.items()

    for report, ranking in reports:
        ptp = PTP('dirbuster')
        print('\ttest parse():', end=' ')
        res = 'OK'
        try:
            ptp.parse(
                pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'),
                filename=report)
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        ptp = PTP()
        print('\ttest is_mine():', end=' ')
        res = 'OK'
        try:
            ptp.parse(
                pathname=os.path.join(os.getcwd(), 'tests/dirbuster/1.0'),
                filename=report)
            assert ptp.parser.__tool__ == 'dirbuster'
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        print('\ttest get_highest_ranking():', end=' ')
        res = 'OK'
        try:
            assert ptp.get_highest_ranking() == ranking
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
Exemple #21
0
def run():
    print("\ttesting version 2.3.0")
    ptp = PTP('wapiti')
    print('\t\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\t\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0'))
        assert ptp.parser.__tool__ == 'wapiti'
        assert re.match(ptp.parser.__version__, '2.3.0', flags=re.IGNORECASE)
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\t\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == MEDIUM
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)

    print("\ttesting version 2.2.1")
    print('\t\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\t\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1'))
        assert ptp.parser.__tool__ == 'wapiti'
        assert re.match(ptp.parser.__version__, '2.2.1', flags=re.IGNORECASE)
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\t\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        # Haha, Wapiti 2.2.1 detects SQL injections that 2.3.0 doesn't.
        assert ptp.get_highest_ranking() == HIGH
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #22
0
 def test_ptp_get_highest_ranking_info_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{'ranking': constants.UNKNOWN}, {'ranking': constants.INFO}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.INFO)
Exemple #23
0
 def test_ptp_get_highest_ranking_unknown_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{'ranking': constants.UNKNOWN}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
Exemple #24
0
 def test_ptp_get_highest_ranking_vuln_with_no_ranking(self):
     my_ptp = PTP()
     my_ptp.vulns = [{'foo': 'bar'}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
Exemple #25
0
 def test_ptp_get_highest_ranking_unknown_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [{'ranking': constants.UNKNOWN}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
Exemple #26
0
def run():
    print("\ttesting version 2.3.0")
    ptp = PTP('wapiti')
    print('\t\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\t\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.3.0'))
        assert ptp.parser.__tool__ == 'wapiti'
        assert re.match(ptp.parser.__version__, '2.3.0', flags=re.IGNORECASE)
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\t\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == MEDIUM
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)

    print("\ttesting version 2.2.1")
    print('\t\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1'))
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\t\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/wapiti/2.2.1'))
        assert ptp.parser.__tool__ == 'wapiti'
        assert re.match(ptp.parser.__version__, '2.2.1', flags=re.IGNORECASE)
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\t\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        # Haha, Wapiti 2.2.1 detects SQL injections that 2.3.0 doesn't.
        assert ptp.get_highest_ranking() == HIGH
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #27
0
 def test_ptp_get_highest_ranking_medium_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [
         {'ranking': constants.UNKNOWN}, {'ranking': constants.INFO}, {'ranking': constants.LOW},
         {'ranking': constants.MEDIUM}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.MEDIUM)
Exemple #28
0
 def test_ptp_init_parser_tool(self):
     PTP.supported = {'mock': [MockParser]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertTrue(my_ptp.parser is not None)
Exemple #29
0
 def test_ptp_light_parsing(self):
     my_ptp = PTP()
     my_ptp.parser = MockParserLight
     report = my_ptp.parse(light=True)
     assert_that(0, equal_to(
         len(report)))  # In light mode, the mock parser has no findings.
Exemple #30
0
 def test_ptp_init_parser_no_tool(self):
     my_ptp = PTP()
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)
Exemple #31
0
 def test_ptp_light_parsing(self):
     my_ptp = PTP()
     my_ptp.parser = MockParserLight
     report = my_ptp.parse(light=True)
     assert_that(0, equal_to(len(report)))  # In light mode, the mock parser has no findings.
Exemple #32
0
 def test_ptp_init_parser_tool(self):
     PTP.supported = {'mock': [MockParser]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertTrue(my_ptp.parser is not None)
Exemple #33
0
 def test_ptp_highest_ranking_high_vuln(self):
     my_ptp = PTP()
     my_ptp.vulns = [
         {'ranking': constants.UNKNOWN}, {'ranking': constants.INFO}, {'ranking': constants.LOW},
         {'ranking': constants.MEDIUM}, {'ranking': constants.HIGH}]
     self.assertTrue(my_ptp.highest_ranking == constants.HIGH)
Exemple #34
0
def run():
    try:
        versions = TESTFILES.iterkeys()
    except AttributeError:  # Python3
        versions = TESTFILES.keys()

    for version in versions:
        print("\ttesting version '%s' (auto)" % version)
        ptp = PTP()
        print('\t\ttest is_mine():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' %
                                            (TESTPATH, version)))
            assert ptp.parser.__tool__ == 'w3af'
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        ptp = PTP('w3af')
        print('\t\ttest parse():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' %
                                            (TESTPATH, version)))
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)

        print("\ttesting version '%s' (manual)" % version)
        try:
            couples = TESTFILES[version].iteritems()
        except AttributeError:  # Python3
            couples = TESTFILES[version].items()
        for testfile, ranking in couples:
            ptp = PTP('w3af')
            print('\t\ttest is_mine():', end=' ')
            res = 'OK'
            try:
                ptp.parse(pathname=os.path.join(os.getcwd(),
                                                '%s/%s' % (TESTPATH, version)),
                          filename=testfile)
                assert ptp.parser.__tool__ == 'w3af'
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
            print('\t\ttest parse():', end=' ')
            res = 'OK'
            try:
                ptp.parse(pathname=os.path.join(os.getcwd(),
                                                '%s/%s' % (TESTPATH, version)),
                          filename=testfile)
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                assert ptp.get_highest_ranking() == ranking
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
Exemple #35
0
 def test_ptp_init_unspecified_tool(self):
     self.assertTrue(PTP().tool_name == '')
Exemple #36
0
 def test_ptp_parse_no_tool(self):
     my_ptp = PTP()
     with self.assertRaises(NotSupportedToolError):
         my_ptp.parse()
Exemple #37
0
 def test_ptp_get_highest_ranking_no_vuln(self):
     self.assertTrue(PTP().get_highest_ranking() == constants.UNKNOWN)
Exemple #38
0
def run():
    try:
        reports = REPORTS.iteritems()
    except AttributeError:  # Python3
        reports = REPORTS.items()

    for test, outputs in reports:
        print('\t> %s (manual)' % test)
        for output in outputs:
            ptp = PTP(test)
            print('\t\ttest parse():', end=' ')
            res = 'OK'
            try:
                ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/owasp/',
                                                test),
                          filename=output)
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                assert ptp.get_highest_ranking() == outputs[output]
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

        print('\t> %s (auto)' % test)
        for output in outputs:
            ptp = PTP()
            print('\t\ttest is_mine():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(os.getcwd(), 'tests/owasp/', test))
                assert ptp.parser.__tool__ == 'owasp-cm-008'
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

            ptp = PTP()
            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                ptp.parse(pathname=os.path.join(os.getcwd(), 'tests/owasp/',
                                                test),
                          first=False)
                assert ptp.get_highest_ranking() == MAX_RANKING
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
Exemple #39
0
def run():
    try:
        versions = TESTFILES.iterkeys()
    except AttributeError:  # Python3
        versions = TESTFILES.keys()

    for version in versions:
        print("\ttesting version '%s' (auto)" % version)
        ptp = PTP()
        print('\t\ttest is_mine():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)))
            assert ptp.parser.__tool__ == 'w3af'
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)
        ptp = PTP('w3af')
        print('\t\ttest parse():', end=' ')
        res = 'OK'
        try:
            ptp.parse(pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)))
        except Exception:
            print(traceback.format_exc())
            res = 'FAIL'
        print(res)

        print("\ttesting version '%s' (manual)" % version)
        try:
            couples = TESTFILES[version].iteritems()
        except AttributeError:  # Python3
            couples = TESTFILES[version].items()
        for testfile, ranking in couples:
            ptp = PTP('w3af')
            print('\t\ttest is_mine():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)),
                    filename=testfile)
                assert ptp.parser.__tool__ == 'w3af'
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
            print('\t\ttest parse():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(os.getcwd(), '%s/%s' % (TESTPATH, version)),
                    filename=testfile)
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                assert ptp.get_highest_ranking() == ranking
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
Exemple #40
0
def run():
    ptp = PTP('skipfish')
    print('\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(
                os.getcwd(),
                'tests/skipfish/2.10b/demo.testfire.net')
        )
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(
                os.getcwd(),
                'tests/skipfish/2.10b/demo.testfire.net')
        )
        assert ptp.parser.__tool__ == 'skipfish'
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == HIGH
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP('skipfish')
    print('\ttest parse():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(
                os.getcwd(),
                'tests/skipfish/2.10b/local.xss')
        )
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    ptp = PTP()
    print('\ttest is_mine():', end=' ')
    res = 'OK'
    try:
        ptp.parse(
            pathname=os.path.join(
                os.getcwd(),
                'tests/skipfish/2.10b/local.xss')
        )
        assert ptp.parser.__tool__ == 'skipfish'
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
    print('\ttest get_highest_ranking():', end=' ')
    res = 'OK'
    try:
        assert ptp.get_highest_ranking() == MEDIUM
    except Exception:
        print(traceback.format_exc())
        res = 'FAIL'
    print(res)
Exemple #41
0
 def test_ptp_init_parser_tool_ioerror(self):
     PTP.supported = {'mock': [MockParserIOError]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)
Exemple #42
0
 def test_ptp_init_parser_tool_version_not_supported(self):
     PTP.supported = {'mock': [MockParserVersionNotSupported]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)
Exemple #43
0
 def test_ptp_get_highest_ranking_vuln_with_no_ranking(self):
     my_ptp = PTP()
     my_ptp.vulns = [{'foo': 'bar'}]
     self.assertTrue(my_ptp.get_highest_ranking() == constants.UNKNOWN)
Exemple #44
0
def run():
    try:
        reports = REPORTS.iteritems()
    except AttributeError:  # Python3
        reports = REPORTS.items()

    for test, outputs in reports:
        print('\t> %s (manual)' % test)
        for output in outputs:
            ptp = PTP(test)
            print('\t\ttest parse():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(
                        os.getcwd(),
                        'tests/owasp/',
                        test),
                    filename=output)
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                assert ptp.get_highest_ranking() == outputs[output]
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

        print('\t> %s (auto)' % test)
        for output in outputs:
            ptp = PTP()
            print('\t\ttest is_mine():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(os.getcwd(), 'tests/owasp/', test))
                assert ptp.parser.__tool__ == 'owasp-cm-008'
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)

            ptp = PTP()
            print('\t\ttest get_highest_ranking():', end=' ')
            res = 'OK'
            try:
                ptp.parse(
                    pathname=os.path.join(os.getcwd(), 'tests/owasp/', test),
                    first=False)
                assert ptp.get_highest_ranking() == MAX_RANKING
            except Exception:
                print(traceback.format_exc())
                res = 'FAIL'
            print(res)
Exemple #45
0
 def test_ptp_init_parser_no_tool(self):
     my_ptp = PTP()
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)
Exemple #46
0
 def test_ptp_parse_no_tool(self):
     my_ptp = PTP()
     with self.assertRaises(NotSupportedToolError):
         my_ptp.parse()
Exemple #47
0
 def test_ptp_init_unsupported_tool(self):
     with self.assertRaises(NotSupportedToolError):
         PTP(tool_name=
             'AToolWithANameThatWouldNeverExistAndEvenIfItExistedItWontBeSupported'
             )
Exemple #48
0
 def test_ptp_init_parser_tool_ioerror(self):
     PTP.supported = {'mock': [MockParserIOError]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)
Exemple #49
0
 def test_ptp_init_parser_tool_version_not_supported(self):
     PTP.supported = {'mock': [MockParserVersionNotSupported]}
     my_ptp = PTP(tool_name='mock')
     my_ptp._init_parser()
     self.assertIsNone(my_ptp.parser)