def register_issue(self, defect_type, severity, confidence, description, failed_strings=None): """Adds an issue to the test's list of issues Creates a :class:`syntribos.issue.Issue` object, with given function parameters as instance variables, registers the Issue as a failure, and associates the test's metadata to it, including the :class:`syntribos.tests.fuzz.base_fuzz.ImpactedParameter` object that encapsulates the details of the fuzz test. :param defect_type: The type of vulnerability that Syntribos believes it has found. This may be something like 500 error or DoS, regardless of what the Test Type is. :param severity: "Low", "Medium", or "High", depending on the defect :param description: Description of the defect :param confidence: The confidence in the validity of the defect :returns: new issue object with metadata associated :rtype: :class:`syntribos.issue.Issue` """ issue = syntribos.Issue(defect_type=defect_type, severity=severity, confidence=confidence, description=description) issue.request = self.test_req issue.response = self.test_resp issue.template_path = self.template_path issue.test_type = self.test_name url_components = urlparse(self.prepared_init_req.url) issue.target = url_components.netloc issue.path = url_components.path issue.init_signals = self.init_signals issue.test_signals = self.test_signals issue.diff_signals = self.diff_signals issue.failed_strings = failed_strings if failed_strings else [] if 'content-type' in self.init_req.headers: issue.content_type = self.init_req.headers['content-type'] else: issue.content_type = None issue.impacted_parameter = ImpactedParameter( method=issue.request.method, location=self.parameter_location, name=self.param_path, value=self.fuzz_string) self.failures.append(issue) return issue
def register_issue(self, defect_type, severity, confidence, description): """Adds an issue to the test's list of issues Creates a :class:`syntribos.issue.Issue` object, with given function parameters as instances variables, and registers the issue as a failure and associates the test's metadata to it. :param defect_type: The type of vulnerability that Syntribos believes it has found. This may be something like 500 error or DoS, regardless tof whathe Test Type is. :param severity: "Low", "Medium", or "High", depending on the defect :param description: Description of the defect :param confidence: The confidence of the defect :returns: new issue object with metadata associated :rtype: Issue """ issue = syntribos.Issue(defect_type=defect_type, severity=severity, confidence=confidence, description=description) # Still associating request and response objects with issue in event of # debug log issue.request = self.test_req issue.response = self.test_resp issue.test_type = self.test_name url_components = urlparse(self.init_resp.url) issue.target = url_components.netloc issue.path = url_components.path issue.init_signals = self.init_signals issue.test_signals = self.test_signals issue.diff_signals = self.diff_signals self.failures.append(issue) return issue