def getPayloadByID(id, env):
"""
:param id: payload id
:return: if id exists - returns RXSSPayloadEntity that is described by that id in the DB
"""
with sqlite3.connect(config.get('VulnServiceDB', env)) as db:
cursor = db.cursor()
cursor.execute("""SELECT * from RXSS_Payloads where id = '%s'""" % id)
item = cursor.fetchone()
if (item is None):
raise Exception("No such payload with id %s" % id)
return RXSSPayloadEntity(item[0], item[1], item[2])
def getRXSSPayloads(env, size=10, page=0):
"""
:param size: page size, default 10
:param page: page number, default 0
:return: a list of RXSSPayloadEntities items from RXSS_Payloads DB from page #page of size size
"""
with sqlite3.connect(config.get('VulnServiceDB', env)) as db:
cursor = db.cursor()
cursor.execute(
"""SELECT * from RXSS_Payloads ORDER BY id ASC LIMIT %d OFFSET %d""" % (size, page * size))
payload_list = []
for payload in cursor.fetchall():
rxss_payload = RXSSPayloadEntity(payload[0], payload[1], payload[2])
payload_list.append(rxss_payload)
return payload_list
def setUpClass(cls):
cls.__vulnsCRUD = VulnerabilitiesCRUD
cls.__table_name = "test_vulns" + str(datetime.now()).replace(
'-', '').replace(' ', '').replace(':', '').replace('.', '')
cls.test = "test"
cls.__vulnsCRUD.createTable(cls.__table_name, cls.test)
cls.RXSSCrud = RXSSCrud
cls.RXSSCrud.dropTable(cls.test)
cls.RXSSCrud.createTable(cls.test)
cls.vulnDescriptor = VulnerabilityDescriptionCRUD
cls.vulnDescriptor.dropTable(cls.test)
cls.vulnDescriptor.createTable(cls.test)
cls.br = mechanize.Browser()
cls.br.addheaders = [(
'User-agent',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/534.34 (KHTML, like Gecko) Chrome/53.0.2785.113 Safari/534.34'
)]
cls.cj = mechanize.CookieJar()
cls.br.set_cookiejar(cls.cj)
cls.br.open("http://localhost/bwapp/login.php")
cls.br.select_form(nr=0)
cls.br.form['login'] = '******'
cls.br.form['password'] = '******'
cls.br.submit()
cls.scanType = 'RXSS'
cookie_value_string = []
for cookie in cls.cj:
cookie_dict = {
"name": cookie.name,
"value": cookie.value,
"domain": cookie.domain,
"path": cookie.path
}
cookie_value_string.append(cookie_dict)
cls.session_entity = SessionEntity('Cookie', cookie_value_string)
cls.rxss1 = RXSSPayloadEntity(
payload="<script>console.log(123)</script>",
expectedResult="<script>console.log(123)</script>")
cls.rxss1ID = cls.RXSSCrud.createPayload(cls.rxss1, cls.test).getID()
cls.vulnUtils = VulnerabilityUtils(cls.__table_name, cls.scanType)
cls.rxssAlgorithm = MainWindow(db_type='test',
table_name=cls.__table_name)
def test_update_wrong_id(self):
with self.assertRaises(Exception) as cm:
self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID + self.rxss1ID, 'a'), self.env)
def test_update(self):
self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID, 'testUpdate'), self.env)
self.assertEqual('testUpdate', self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload())
def setUp(self):
self.rxss1 = RXSSPayloadEntity(payload='abcTest', expectedResult='a')
self.rxss2 = RXSSPayloadEntity(payload='defTest', expectedResult='b')
self.rxss1ID = self.__RXSSCRUD.createPayload(self.rxss1, self.env).getID()
self.rxss2ID = self.__RXSSCRUD.createPayload(self.rxss2, self.env).getID()
class TestRXSSCRUD(unittest.TestCase):
@classmethod
def setUpClass(cls):
cls.env = "prod"
cls.__RXSSCRUD = RXSSCrud
try:
cls.__RXSSCRUD.dropTable(cls.env)
except:
pass
cls.__RXSSCRUD.createTable(cls.env)
cls.__vulnDescriptor = VulnerabilityDescriptionCRUD
@classmethod
def tearDownClass(cls):
cls.__RXSSCRUD = None
cls.__vulnDescriptor = None
def setUp(self):
self.rxss1 = RXSSPayloadEntity(payload='abcTest', expectedResult='a')
self.rxss2 = RXSSPayloadEntity(payload='defTest', expectedResult='b')
self.rxss1ID = self.__RXSSCRUD.createPayload(self.rxss1, self.env).getID()
self.rxss2ID = self.__RXSSCRUD.createPayload(self.rxss2, self.env).getID()
def tearDown(self):
self.__RXSSCRUD.deleteAllDataFromTable(self.env)
self.__vulnDescriptor.deleteAllDataFromTable(self.env)
def test_create_payload(self):
self.assertEqual(self.rxss1.getExpectedResult(), self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 0)[0].getExpectedResult())
self.assertEqual(self.rxss2.getExpectedResult(), self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 1)[0].getExpectedResult())
def test_wrong_create_payload(self):
self.assertNotEqual('abdTest', self.__RXSSCRUD.getRXSSPayloads(self.env, 1, 0)[0].getPayload())
def test_get_payloads_pagination(self):
self.assertEqual(len(self.__RXSSCRUD.getRXSSPayloads(self.env, 2, 0)), 2)
def test_read_by_id(self):
self.assertEqual(self.rxss1.getPayload(), self.__RXSSCRUD.getPayloadByID(self.rxss1ID, self.env).getPayload())
self.assertEqual(self.rxss2.getPayload(), self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload())
def test_wrong_read_by_id(self):
with self.assertRaises(Exception):
self.__RXSSCRUD.getPayloadByID(self.rxss2ID + self.rxss1ID, self.env)
def test_create_correct_number_of_payloads(self):
self.assertEqual(2, len(self.__RXSSCRUD.getRXSSPayloads(self.env)))
def test_update(self):
self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID, 'testUpdate'), self.env)
self.assertEqual('testUpdate', self.__RXSSCRUD.getPayloadByID(self.rxss2ID, self.env).getPayload())
def test_update_wrong_id(self):
with self.assertRaises(Exception) as cm:
self.__RXSSCRUD.updatePayload(RXSSPayloadEntity(self.rxss2ID + self.rxss1ID, 'a'), self.env)
def test_delete_by_id(self):
self.__RXSSCRUD.deletePayloadByID(self.rxss1ID, self.env)
self.assertEqual(1, len(self.__RXSSCRUD.getRXSSPayloads(self.env)))
def test_delete_all_data_from_table(self):
self.__RXSSCRUD.deleteAllDataFromTable(self.env)
self.assertEqual(0, len(self.__RXSSCRUD.getRXSSPayloads(self.env)))
def doCleanups(self):
pass
def suite(self):
pass