Esempi in Python per HostFactory

Esempio n. 1

def test_child_parent_verification_event_succeeds(session, workspace):
    """
        Asserts that no exception will be raised when workspace are the same.
    """
    host = HostFactory.build(workspace=workspace)
    ServiceFactory.build(host=host, workspace=workspace)
    session.commit()

Esempio n. 2

File: test_api_credentials.py Progetto: infobyte/faraday

 def test_update_with_parent_of_other_workspace(
         self, parent_type, parent_factory, test_client, session,
         second_workspace, credential_factory):
     parent = parent_factory.create(workspace=second_workspace)
     if parent_type == 'Host':
         credential = credential_factory.create(
             host=HostFactory.create(workspace=self.workspace),
             service=None,
             workspace=self.workspace)
     else:
         credential = credential_factory.create(
             host=None,
             service=ServiceFactory.create(workspace=self.workspace),
             workspace=self.workspace)
     session.commit()
     assert parent.workspace_id != self.workspace.id
     data = {
         "username": "******",
         "password": "******",
         "name": "test",
         "parent_type": parent_type,
         "parent": parent.id
     }
     res = test_client.put(self.url(credential), data=data)
     assert res.status_code == 400
     assert 'Parent id not found' in res.data

Esempio n. 3

File: test_api_hosts.py Progetto: PortSwigger/faraday_old

    def test_update_host(self, test_client, session):
        host = HostFactory.create()
        session.commit()
        raw_data = {
            "metadata":
                        {
                            "update_time":1510688312.431,
                            "update_user":"******",
                            "update_action":0,
                            "creator":"",
                            "create_time":1510673388000,
                            "update_controller_action":"",
                            "owner":"leonardo",
                            "command_id": None},
            "name":"10.31.112.21",
            "ip":"10.31.112.21",
            "_rev":"",
            "description":"",
            "default_gateway": None,
            "owned": False,
            "services":12,
            "hostnames":[],
            "vulns":43,
            "owner":"leonardo",
            "credentials":0,
            "_id": 4000,
            "os":"Microsoft Windows Server 2008 R2 Standard Service Pack 1",
            "id": 4000,
            "icon":"windows"}

        res = test_client.put(self.url(host, workspace=host.workspace), data=raw_data)
        assert res.status_code == 200
        updated_host = Host.query.filter_by(id=host.id).first()
        assert res.json == {
            u'_id': host.id,
            u'type': u'Host',
            u'_rev': u'',
            u'credentials': 0,
            u'default_gateway': '',
            u'description': u'',
            u'hostnames': [],
            u'id': host.id,
            u'ip': u'10.31.112.21',
            u'mac': '',
            u'metadata': {
                u'command_id': None,
                u'create_time': pytz.UTC.localize(updated_host.create_date).isoformat(),
                u'creator': u'',
                u'owner': host.creator.username,
                u'update_action': 0,
                u'update_controller_action': u'',
                u'update_time': pytz.UTC.localize(updated_host.update_date).isoformat(),
                u'update_user': None},
            u'name': u'10.31.112.21',
            u'os': u'Microsoft Windows Server 2008 R2 Standard Service Pack 1',
            u'owned': False,
            u'owner': host.creator.username,
            u'services': 0,
            u'service_summaries': [],
            u'vulns': 0}

Esempio n. 4

File: test_api_commands.py Progetto: PortSwigger/faraday_old

    def test_delete_objects_preserve_history(self, session, test_client):

        command = EmptyCommandFactory(command='test', tool='test', workspace=self.workspace)
        host = HostFactory.create(workspace=self.workspace)
        session.add(host)
        session.commit()
        CommandObjectFactory.create(
            command=command,
            object_type='host',
            object_id=host.id,
            workspace=self.workspace
        )
        session.commit()

        res = test_client.get(u'/v2/ws/{0}/hosts/{1}/'.format(host.workspace.name, host.id))
        assert res.status_code == 200

        res = test_client.delete(u'/v2/ws/{0}/hosts/{1}/'.format(host.workspace.name, host.id))
        assert res.status_code == 204

        res = test_client.get(self.url(workspace=command.workspace) + 'activity_feed/')
        assert res.status_code == 200
        command_history = filter(lambda hist: hist['_id'] == command.id, res.json)
        assert len(command_history)
        command_history = command_history[0]
        assert command_history['hosts_count'] == 1
        assert command_history['tool'] == 'test'

Esempio n. 5

File: test_api_services.py Progetto: x0james/faraday

 def test_update_cant_change_id(self, test_client, session):
     service = self.factory()
     host = HostFactory.create()
     session.commit()
     raw_data = self._raw_put_data(service.id)
     res = test_client.put(self.url(service, workspace=service.workspace), data=raw_data)
     assert res.status_code == 200
     assert res.json['id'] == service.id

Esempio n. 6

File: test_workspace.py Progetto: PortSwigger/faraday_old

def populate_workspace(workspace):
    host = HostFactory.create(workspace=workspace)
    service = ServiceFactory.create(workspace=workspace, host=host)
    code = SourceCodeFactory.create(workspace=workspace)

    # Create non confirmed vulnerabilities

    # Create standard vulns
    VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[0],
                                      workspace=workspace,
                                      host=host,
                                      service=None,
                                      confirmed=False)
    VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[1],
                                      workspace=workspace,
                                      service=service,
                                      host=None,
                                      confirmed=False)

    # Create web vulns
    VulnerabilityWebFactory.create_batch(NC_WEB_VULN_COUNT,
                                         workspace=workspace,
                                         service=service,
                                         confirmed=False)

    # Create source code vulns
    VulnerabilityCodeFactory.create_batch(NC_SOURCE_CODE_VULN_COUNT,
                                          workspace=workspace,
                                          source_code=code,
                                          confirmed=False)

    # Create confirmed vulnerabilities

    # Create standard vulns
    VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[0],
                                      workspace=workspace,
                                      host=host,
                                      service=None,
                                      confirmed=True)
    VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[1],
                                      workspace=workspace,
                                      service=service,
                                      host=None,
                                      confirmed=True)

    # Create web vulns
    VulnerabilityWebFactory.create_batch(C_WEB_VULN_COUNT,
                                         workspace=workspace,
                                         service=service,
                                         confirmed=True)

    # Create source code vulns
    VulnerabilityCodeFactory.create_batch(C_SOURCE_CODE_VULN_COUNT,
                                          workspace=workspace,
                                          source_code=code,
                                          confirmed=True)

    db.session.commit()

Esempio n. 7

File: test_api_services.py Progetto: x0james/faraday

 def test_update_cant_change_parent(self, test_client, session):
     service = self.factory()
     host = HostFactory.create()
     session.commit()
     raw_data = self._raw_put_data(service.id, parent=host.id)
     res = test_client.put(self.url(service, workspace=service.workspace), data=raw_data)
     assert res.status_code == 400
     assert 'Can\'t change service parent.' in res.data
     updated_service = Service.query.filter_by(id=service.id).first()
     assert updated_service.name == service.name

Esempio n. 8

File: test_api_commands.py Progetto: PortSwigger/faraday_old

 def test_verify_created_vulns_with_host_and_service_verification(self, session, test_client):
     workspace = WorkspaceFactory.create()
     command = EmptyCommandFactory.create(workspace=workspace)
     host = HostFactory.create(workspace=workspace)
     service = ServiceFactory.create(workspace=workspace)
     vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None)
     vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None)
     session.flush()
     CommandObjectFactory.create(
         command=command,
         object_type='host',
         object_id=host.id,
         workspace=workspace
     )
     CommandObjectFactory.create(
         command=command,
         object_type='vulnerability',
         object_id=vuln.id,
         workspace=workspace
     )
     CommandObjectFactory.create(
         command=command,
         object_type='service',
         object_id=service.id,
         workspace=workspace
     )
     CommandObjectFactory.create(
         command=command,
         object_type='vulnerability',
         object_id=vuln_med.id,
         workspace=workspace
     )
     session.commit()
     res = test_client.get(self.url(workspace=command.workspace) + 'activity_feed/')
     assert res.status_code == 200
     assert res.json == [{
         u'_id': command.id,
         u'command': command.command,
         u'import_source': u'shell',
         u'tool': command.tool,
         u'user': command.user,
         u'date': time.mktime(command.start_date.timetuple()) * 1000,
         u'params': command.params,
         u'hosts_count': 1,
         u'services_count': 1,
         u'vulnerabilities_count': 2,
         u'criticalIssue': 1}
     ]

Esempio n. 9

File: test_workspace.py Progetto: perplext/faraday

def populate_workspace(workspace):
    host = HostFactory.create(workspace=workspace)
    service = ServiceFactory.create(workspace=workspace, host=host)
    code = SourceCodeFactory.create(workspace=workspace)

    # Create non confirmed vulnerabilities

    # Create standard vulns
    VulnerabilityFactory.create_batch(
        NC_STANDARD_VULN_COUNT[0], workspace=workspace, host=host,
        service=None, confirmed=False)
    VulnerabilityFactory.create_batch(
        NC_STANDARD_VULN_COUNT[1], workspace=workspace, service=service,
        host=None, confirmed=False)

    # Create web vulns
    VulnerabilityWebFactory.create_batch(
        NC_WEB_VULN_COUNT, workspace=workspace, service=service,
        confirmed=False)

    # Create source code vulns
    VulnerabilityCodeFactory.create_batch(
        NC_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code,
        confirmed=False)

    # Create confirmed vulnerabilities

    # Create standard vulns
    VulnerabilityFactory.create_batch(
        C_STANDARD_VULN_COUNT[0], workspace=workspace, host=host, service=None,
        confirmed=True)
    VulnerabilityFactory.create_batch(
        C_STANDARD_VULN_COUNT[1], workspace=workspace, service=service,
        host=None, confirmed=True)

    # Create web vulns
    VulnerabilityWebFactory.create_batch(
        C_WEB_VULN_COUNT, workspace=workspace, service=service, confirmed=True)

    # Create source code vulns
    VulnerabilityCodeFactory.create_batch(
        C_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code,
        confirmed=True)

    db.session.commit()

Esempio n. 10

File: test_api_hosts.py Progetto: PortSwigger/faraday_old

    def test_update_hostname(self, session, test_client):
        host = HostFactory.create()
        session.add(host)
        session.commit()
        data = {
            "description":"",
            "default_gateway":"",
            "ip":"127.0.0.1",
            "owned":False,
            "name":"127.0.0.1",
            "mac":"",
            "hostnames":["dasdas"],
            "owner":"faraday",
            "os":"Unknown",
        }

        res = test_client.put('v2/ws/{0}/hosts/{1}/'.format(host.workspace.name, host.id), data=data)
        assert res.status_code == 200

        assert session.query(Hostname).filter_by(host=host).count() == 1
        assert session.query(Hostname).all()[0].name == 'dasdas'

Esempio n. 11

File: test_api_services.py Progetto: x0james/faraday

    def test_create_service_from_command(self, test_client, session):
        host = HostFactory.create(workspace=self.workspace)
        command = EmptyCommandFactory.create(workspace=self.workspace)
        session.commit()
        assert len(command.command_objects) == 0
        url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id})
        raw_data = {
            "name": "SSH",
            "description": "SSH service",
            "owned": False,
            "ports": [22],
            "protocol": "tcp",
            "status": "open",
            "parent": host.id
        }
        res = test_client.post(url, data=raw_data)

        assert res.status_code == 201
        assert len(command.command_objects) == 1
        cmd_obj = command.command_objects[0]
        assert cmd_obj.object_type == 'service'
        assert cmd_obj.object_id == res.json['id']

Esempio n. 12

def test_child_parent_verification_event_fails(session, workspace,
                                               second_workspace):
    host = HostFactory.build(workspace=workspace)
    ServiceFactory.build(host=host, workspace=second_workspace)
    with pytest.raises(AssertionError):
        session.commit()

Esempio n. 13

File: test_api_commands.py Progetto: PortSwigger/faraday_old

    def test_multiple_commands_executed_with_same_objects_found(self, session, test_client):
        """
            This text verifies that multiple command does not affect activity feed counters.
        """
        workspace = WorkspaceFactory.create()
        host = HostFactory.create(workspace=workspace)
        vuln = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None)
        service = ServiceFactory.create(workspace=workspace)
        commands = []
        in_the_middle_commands = []
        first_command = None
        for index in range(0, 10):

            command = EmptyCommandFactory.create(workspace=workspace)
            commands.append(command)
            if index > 0:
                # in the middle commands should not affect counters (should be at 0)
                in_the_middle_commands.append(command)
            else:
                first_command = command
            session.flush()
            CommandObjectFactory.create(
                command=command,
                object_type='host',
                object_id=host.id,
                workspace=workspace
            )
            CommandObjectFactory.create(
                command=command,
                object_type='vulnerability',
                object_id=vuln.id,
                workspace=workspace
            )
        # This command will change activity feed counters
        vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None)
        session.flush()
        last_command = EmptyCommandFactory.create(workspace=workspace)
        CommandObjectFactory.create(
            command=last_command,
            object_type='service',
            object_id=service.id,
            workspace=workspace
        )
        CommandObjectFactory.create(
            command=last_command,
            object_type='vulnerability',
            object_id=vuln_med.id,
            workspace=workspace
        )
        session.commit()
        res = test_client.get(self.url(workspace=command.workspace) + 'activity_feed/')
        assert res.status_code == 200
        raw_first_command = filter(lambda comm: comm['_id'] == commands[0].id, res.json)

        assert raw_first_command.pop() == {
            u'_id': first_command.id,
            u'command': first_command.command,
            u'import_source': u'shell',
            u'user': first_command.user,
            u'date': time.mktime(first_command.start_date.timetuple()) * 1000,
            u'params': first_command.params,
            u'hosts_count': 1,
            u'services_count': 0,
            u'vulnerabilities_count': 1,
            u'tool': first_command.tool,
            u'criticalIssue': 0
        }

        for in_the_middle_command in in_the_middle_commands:
            raw_in_the_middle_command = filter(lambda comm: comm['_id'] == in_the_middle_command.id, res.json)
            assert raw_in_the_middle_command.pop() == {u'_id': in_the_middle_command.id,
                                       u'command': in_the_middle_command.command,
                                       u'import_source': u'shell',
                                       u'user': in_the_middle_command.user,
                                       u'date': time.mktime(in_the_middle_command.start_date.timetuple()) * 1000,
                                       u'params': in_the_middle_command.params,
                                       u'hosts_count': 0,
                                       u'tool': in_the_middle_command.tool,
                                       u'services_count': 0,
                                       u'vulnerabilities_count': 0,
                                       u'criticalIssue': 0}

        # new command must create new service and vuln
        raw_last_command = filter(lambda comm: comm['_id'] == last_command.id, res.json)
        assert raw_last_command.pop() == {u'_id': last_command.id,
                                       u'command': last_command.command,
                                       u'import_source': u'shell',
                                       u'user': last_command.user,
                                       u'date': time.mktime(last_command.start_date.timetuple()) * 1000,
                                       u'params': last_command.params,
                                       u'hosts_count': 0,
                                       u'tool': last_command.tool,
                                       u'services_count': 1,
                                       u'vulnerabilities_count': 1,
                                       u'criticalIssue': 0}