def test_that_a_scan_import_updates_the_test_description(self):
testfile = open("unittests/scans/stackhawk/stackhawk_zero_vul.json")
parser = StackHawkParser()
test = Test()
parser.get_findings(testfile, test)
testfile.close()
self.assertEqual(
test.description,
'View scan details here: ' +
'[https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27]' +
'(https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27)'
)
def test_that_a_scan_with_endpoints_in_differing_statuses_does_not_mark_as_risk_accepted_or_false_positive(self):
testfile = open("unittests/scans/stackhawk/stackhawk_one_vuln_all_endpoints_have_different_status.json")
parser = StackHawkParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.__assertAllEndpointsAreClean(findings)
self.assertEqual(1, len(findings))
self.__assertFindingEquals(
findings[0],
"Cookie Slack Detector",
self.__test_datetime,
"Secured Application",
"Development",
"Low",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027",
"90027",
"3",
False,
False
)
def test_stackhawk_parser_with_one_high_vuln_has_one_findings(self):
testfile = open("unittests/scans/stackhawk/stackhawk_one_vul.json")
parser = StackHawkParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.__assertAllEndpointsAreClean(findings)
self.assertEqual(1, len(findings))
finding = findings[0]
self.__assertFindingEquals(
finding,
"Anti CSRF Tokens Scanner",
self.__test_datetime,
"Secured Application",
"Development",
"High",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012",
"20012",
"10",
False,
False
)
def test_stackhawk_parser_with_many_vuln_has_many_findings_and_removes_duplicates(self):
testfile = open("unittests/scans/stackhawk/stackhawk_many_vul.json")
parser = StackHawkParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.__assertAllEndpointsAreClean(findings)
self.assertEqual(6, len(findings))
self.__assertFindingEquals(
findings[0],
"Cookie Slack Detector",
self.__test_datetime,
"Secured Application",
"Development",
"Low",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/90027",
"90027",
"10",
False,
False
)
self.__assertFindingEquals(
findings[1],
"Proxy Disclosure",
self.__test_datetime,
"Secured Application",
"Development",
"Medium",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40025",
"40025",
"10",
False,
False
)
self.__assertFindingEquals(
findings[2],
"Anti CSRF Tokens Scanner",
self.__test_datetime,
"Secured Application",
"Development",
"High",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/20012",
"20012",
"10",
False,
False
)
self.__assertFindingEquals(
findings[3],
"Cross Site Scripting Weakness (Reflected in JSON Response)",
self.__test_datetime,
"Secured Application",
"Development",
"High",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/40012",
"40012",
"1",
False,
False
)
self.__assertFindingEquals(
findings[4],
"Content Security Policy (CSP) Header Not Set",
self.__test_datetime,
"Secured Application",
"Development",
"Medium",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10038",
"10038",
"12",
False,
False
)
self.__assertFindingEquals(
findings[5],
"Permissions Policy Header Not Set",
self.__test_datetime,
"Secured Application",
"Development",
"Low",
"https://app.stackhawk.com/scans/e2ff5651-7eef-47e9-b743-0c2f7d861e27/finding/10063",
"10063",
"12",
False,
False
)
def test_stackhawk_parser_with_no_vuln_has_no_findings(self):
testfile = open("unittests/scans/stackhawk/stackhawk_zero_vul.json")
parser = StackHawkParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(0, len(findings))
def test_parser_ensures_data_is_for_stackhawk_before_parsing(self):
testfile = open("unittests/scans/stackhawk/oddly_familiar_json_that_isnt_us.json")
parser = StackHawkParser()
with self.assertRaises(ValueError):
parser.get_findings(testfile, Test())
def test_invalid_json_format(self):
testfile = open("unittests/scans/stackhawk/invalid.json")
parser = StackHawkParser()
with self.assertRaises(ValueError):
parser.get_findings(testfile, Test())