def test_delete_objects_preserve_history(self, session, test_client):
command = EmptyCommandFactory(command='test',
tool='test',
workspace=self.workspace)
host = HostFactory.create(workspace=self.workspace)
session.add(host)
session.commit()
CommandObjectFactory.create(command=command,
object_type='host',
object_id=host.id,
workspace=self.workspace)
session.commit()
res = test_client.get(u'/v2/ws/{0}/hosts/{1}/'.format(
host.workspace.name, host.id))
assert res.status_code == 200
res = test_client.delete(u'/v2/ws/{0}/hosts/{1}/'.format(
host.workspace.name, host.id))
assert res.status_code == 204
res = test_client.get(
self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
command_history = list(
filter(lambda hist: hist['_id'] == command.id, res.json))
assert len(command_history)
command_history = command_history[0]
assert command_history['hosts_count'] == 1
assert command_history['tool'] == 'test'
def test_verify_created_vulns_with_host_and_service_verification(
self, session, test_client):
workspace = WorkspaceFactory.create()
command = EmptyCommandFactory.create(workspace=workspace)
host = HostFactory.create(workspace=workspace)
service = ServiceFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='critical',
workspace=workspace,
host=host,
service=None)
vuln_med = VulnerabilityFactory.create(severity='medium',
workspace=workspace,
service=service,
host=None)
session.flush()
CommandObjectFactory.create(command=command,
object_type='host',
object_id=host.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='service',
object_id=service.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace)
session.commit()
res = test_client.get(
self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
assert res.json == [{
u'_id':
command.id,
u'command':
command.command,
u'import_source':
u'shell',
u'tool':
command.tool,
u'user':
command.user,
u'date':
time.mktime(command.start_date.timetuple()) * 1000,
u'params':
command.params,
u'hosts_count':
1,
u'services_count':
1,
u'vulnerabilities_count':
2,
u'criticalIssue':
1
}]
def test_activity_feed(self, session, test_client):
command = self.factory.create()
another_command = EmptyCommandFactory.create(workspace=command.workspace)
vuln = session.query(Vulnerability).get(command.command_objects[0].object_id)
session.flush()
CommandObjectFactory.create(
command=another_command,
object_type='vulnerability',
object_id=vuln.id,
workspace=command.workspace
)
CommandObjectFactory.create(
command=another_command,
object_type='host',
object_id=vuln.host.id,
workspace=command.workspace
)
session.commit()
res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed'))
assert res.status_code == 200
assert list(filter(lambda stats: stats['_id'] == command.id, res.json)) == [
{'_id': command.id,
'command': command.command,
'import_source': 'shell',
'user': command.user,
'date': time.mktime(command.start_date.timetuple()) * 1000,
'params': command.params,
'tool': command.tool,
'hosts_count': 1,
'services_count': 0,
'vulnerabilities_count': 1,
'criticalIssue': 0}]
assert list(filter(lambda stats: stats['_id'] == another_command.id,
res.json)) == [{
'_id': another_command.id,
'command': another_command.command,
'import_source': 'shell',
'tool': another_command.tool,
'user': another_command.user,
'date': time.mktime(
another_command.start_date.timetuple()) * 1000,
'params': another_command.params,
'hosts_count': 0,
'services_count': 0,
'vulnerabilities_count': 0,
'criticalIssue': 0}]
def test_create_host_cant_assign_command_from_another_workspace(self, test_client, session):
command = EmptyCommandFactory.create()
new_workspace = WorkspaceFactory.create()
session.commit()
assert len(command.command_objects) == 0
url = self.url(workspace=new_workspace) + '?' + urlencode({'command_id': command.id})
res = test_client.post(url, data={
"ip": "127.0.0.1",
"description": "aaaaa",
})
assert res.status_code == 400
assert res.json == {u'message': u'Command not found.'}
assert len(command.command_objects) == 0
def test_create_host_from_command(self, test_client, session):
command = EmptyCommandFactory.create()
session.commit()
assert len(command.command_objects) == 0
url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id})
res = test_client.post(url, data={
"ip": "127.0.0.1",
"description": "aaaaa",
})
assert res.status_code == 201
assert len(command.command_objects) == 1
cmd_obj = command.command_objects[0]
assert cmd_obj.object_type == 'host'
assert cmd_obj.object_id == res.json['id']
def test_verify_created_critical_vulns_is_correctly_showing_sum_values(self, session, test_client):
workspace = WorkspaceFactory.create()
command = EmptyCommandFactory.create(workspace=workspace)
host = HostFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None)
vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None)
session.flush()
CommandObjectFactory.create(
command=command,
object_type='host',
object_id=host.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace
)
CommandObjectFactory.create(
command=command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace
)
session.commit()
res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed'))
assert res.status_code == 200
assert res.json == [
{'_id': command.id,
'command': command.command,
'import_source': 'shell',
'tool': command.tool,
'user': command.user,
'date': time.mktime(command.start_date.timetuple()) * 1000,
'params': command.params,
'hosts_count': 1,
'services_count': 0,
'vulnerabilities_count': 2,
'criticalIssue': 1}
]
def test_create_service_from_command(self, test_client, session):
host = HostFactory.create(workspace=self.workspace)
command = EmptyCommandFactory.create(workspace=self.workspace)
session.commit()
assert len(command.command_objects) == 0
url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id})
raw_data = {
"name": "SSH",
"description": "SSH service",
"owned": False,
"ports": [22],
"protocol": "tcp",
"status": "open",
"parent": host.id
}
res = test_client.post(url, data=raw_data)
assert res.status_code == 201
assert len(command.command_objects) == 1
cmd_obj = command.command_objects[0]
assert cmd_obj.object_type == 'service'
assert cmd_obj.object_id == res.json['id']
def test_multiple_commands_executed_with_same_objects_found(
self, session, test_client):
"""
This text verifies that multiple command does not affect activity feed counters.
"""
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='low',
workspace=workspace,
host=host,
service=None)
service = ServiceFactory.create(workspace=workspace)
commands = []
in_the_middle_commands = []
first_command = None
for index in range(0, 10):
command = EmptyCommandFactory.create(workspace=workspace)
commands.append(command)
if index > 0:
# in the middle commands should not affect counters (should be at 0)
in_the_middle_commands.append(command)
else:
first_command = command
session.flush()
CommandObjectFactory.create(command=command,
object_type='host',
object_id=host.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace)
# This command will change activity feed counters
vuln_med = VulnerabilityFactory.create(severity='medium',
workspace=workspace,
service=service,
host=None)
session.flush()
last_command = EmptyCommandFactory.create(workspace=workspace)
CommandObjectFactory.create(command=last_command,
object_type='service',
object_id=service.id,
workspace=workspace)
CommandObjectFactory.create(command=last_command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace)
session.commit()
res = test_client.get(
self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
raw_first_command = list(
filter(lambda comm: comm['_id'] == commands[0].id, res.json))
assert raw_first_command.pop() == {
u'_id': first_command.id,
u'command': first_command.command,
u'import_source': u'shell',
u'user': first_command.user,
u'date': time.mktime(first_command.start_date.timetuple()) * 1000,
u'params': first_command.params,
u'hosts_count': 1,
u'services_count': 0,
u'vulnerabilities_count': 1,
u'tool': first_command.tool,
u'criticalIssue': 0
}
for in_the_middle_command in in_the_middle_commands:
raw_in_the_middle_command = list(
filter(lambda comm: comm['_id'] == in_the_middle_command.id,
res.json))
assert raw_in_the_middle_command.pop() == {
u'_id':
in_the_middle_command.id,
u'command':
in_the_middle_command.command,
u'import_source':
u'shell',
u'user':
in_the_middle_command.user,
u'date':
time.mktime(in_the_middle_command.start_date.timetuple()) *
1000,
u'params':
in_the_middle_command.params,
u'hosts_count':
0,
u'tool':
in_the_middle_command.tool,
u'services_count':
0,
u'vulnerabilities_count':
0,
u'criticalIssue':
0
}
# new command must create new service and vuln
raw_last_command = list(
filter(lambda comm: comm['_id'] == last_command.id, res.json))
assert raw_last_command.pop() == {
u'_id': last_command.id,
u'command': last_command.command,
u'import_source': u'shell',
u'user': last_command.user,
u'date': time.mktime(last_command.start_date.timetuple()) * 1000,
u'params': last_command.params,
u'hosts_count': 0,
u'tool': last_command.tool,
u'services_count': 1,
u'vulnerabilities_count': 1,
u'criticalIssue': 0
}
def test_verify_correct_severities_sum_values(self, session, test_client):
workspace = WorkspaceFactory.create()
command = EmptyCommandFactory.create(workspace=workspace)
host = HostFactory.create(workspace=workspace)
vuln_critical = VulnerabilityFactory.create(severity='critical',
workspace=workspace,
host=host,
service=None)
vuln_high = VulnerabilityFactory.create(severity='high',
workspace=workspace,
host=host,
service=None)
vuln_med = VulnerabilityFactory.create(severity='medium',
workspace=workspace,
host=host,
service=None)
vuln_med2 = VulnerabilityFactory.create(severity='medium',
workspace=workspace,
host=host,
service=None)
vuln_low = VulnerabilityFactory.create(severity='low',
workspace=workspace,
host=host,
service=None)
vuln_info = VulnerabilityFactory.create(severity='informational',
workspace=workspace,
host=host,
service=None)
vuln_info2 = VulnerabilityFactory.create(severity='informational',
workspace=workspace,
host=host,
service=None)
vuln_unclassified = VulnerabilityFactory.create(
severity='unclassified',
workspace=workspace,
host=host,
service=None)
session.flush()
CommandObjectFactory.create(command=command,
object_type='host',
object_id=host.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_critical.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_high.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_med2.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_low.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_info.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_info2.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_unclassified.id,
workspace=workspace)
session.commit()
res = test_client.get(f'/v2/ws/{command.workspace.name}/activities/')
assert res.status_code == 200
assert res.json['activities'][0]['vulnerabilities_count'] == 8
assert res.json['activities'][0]['criticalIssue'] == 1
assert res.json['activities'][0]['highIssue'] == 1
assert res.json['activities'][0]['mediumIssue'] == 2
assert res.json['activities'][0]['lowIssue'] == 1
assert res.json['activities'][0]['infoIssue'] == 2
assert res.json['activities'][0]['unclassifiedIssue'] == 1
