def _check_vectors(vectors):
"""
Checks vector files are present and files exist. MissingComponentException is thrown if a file does not exist.
:param vectors: list of vector files
"""
# check vectors
if not vectors:
raise MissingComponentException("Vector files are required")
# check each exists
for name in vectors:
if not os.path.isfile(name):
raise MissingComponentException(
"Vector file '{}' not found".format(name))
def _parse_yaml(config_file):
"""
Checks the file exists and reads YAML configs. MissingComponentException is thrown if file does not exist.
:param config_file: file name
:return: ini args
"""
# check file exists
if not os.path.isfile(config_file):
raise MissingComponentException(
"Configuration file '{}' not found".format(config_file))
# read ini configs
logger.info("Loading configs.")
reader = YamlReader(config_file)
yaml_args = reader.parse()
return yaml_args
def report(self, filename, start_time, end_time):
"""
Saves results to a given file in JSON format.
:param filename: file name
:param start_time: start datetime
:param end_time: end datetime
"""
# calculate times
times = {
'start': str(start_time),
'end': str(end_time),
'duration': str(end_time - start_time)
}
# list auditors
auditors = [{
'key': a.key,
'name': a.name,
'description': a.description
} for a in self._auditors]
# list checks
checks = [{
'key': c.key,
'name': c.name,
'description': c.description
} for c in self._checks]
# generate output
output = {
'times': times,
'configs': self._configs,
'auditors': auditors,
'checks': checks,
'vectors': self._vectors,
'results': self._results
}
try:
# dump to file
with open(filename, 'w') as f:
json.dump({"report": output}, f, indent=1)
except OSError as e:
raise MissingComponentException("{} '{}'".format(
e.strerror, e.filename))
def test_main_negative(mocker):
# missing vector file
args = []
test = ava.scanner.main(args)
assert test == 2
# vector file not exists
args = ["test.json"]
mocker.patch("os.path.isfile", return_value=False)
test = ava.scanner.main(args)
assert test == 2
# config reader missing component
args = ["-c", "config.yml", "test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.scanner._parse_yaml",
side_effect=MissingComponentException("Missing config file"))
test = ava.scanner.main(args)
assert test == 2
# config reader invalid format
args = ["-c", "config.yml", "test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch(
"ava.scanner._parse_yaml",
side_effect=InvalidFormatException("Invalid config file format"))
test = ava.scanner.main(args)
assert test == 2
# config reader unknown key
args = ["-c", "config.yml", "test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.scanner._parse_yaml",
side_effect=UnknownKeyException("Unknown config file key"))
test = ava.scanner.main(args)
assert test == 2
# config generate invalid value
args = ["test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.common.config.generate",
side_effect=InvalidValueException("Config invalid value"))
test = ava.scanner.main(args)
assert test == 2
# config generate unknown key
args = ["test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.common.config.generate",
side_effect=UnknownKeyException("Config unknown key"))
test = ava.scanner.main(args)
assert test == 2
# run scanner missing component
args = ["test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.common.config.generate")
mocker.patch(
"ava.scanner._run_scanner",
side_effect=MissingComponentException("Run missing component"))
test = ava.scanner.main(args)
assert test == 2
# run scanner invalid format
args = ["test.json"]
mocker.patch("os.path.isfile", return_value=True)
mocker.patch("ava.common.config.generate")
mocker.patch("ava.scanner._run_scanner",
side_effect=InvalidFormatException("Invalid JSON format"))
test = ava.scanner.main(args)
assert test == 2
def _run_scanner(configs):
"""
Loads vectors, checks, and auditors. Then runs audits and prints results. Results can be saved to a report.
:param configs: AVA configs
"""
results = []
# read vectors
logger.info("Loading vectors.")
reader = HarReader(configs['hars'])
vectors = reader.parse(configs)
# reduce duplicates
if configs['reduce']:
logger.debug("Reducing vectors.")
vectors = _reduce_vectors(vectors)
# check vectors
if not vectors:
raise MissingComponentException("Vector list is empty")
# load and instantiate checks
logger.info("Loading scanner.")
checks = _load_checks(configs)
# if no checks, default to active checks
if not checks:
logger.debug("No checks loaded. Loading all active checks.")
actives = utility.get_package_classes('actives')
checks += [clazz() for clazz in actives]
# load and instantiate auditors
logger.debug("Loading auditors.")
auditors = utility.get_package_classes('auditors', configs['auditors'])
auditors = [auditor(configs, checks, vectors) for auditor in auditors]
# start time
start_time = datetime.now(timezone.utc)
# run checks
logger.debug("Running auditors and checks.")
for auditor in auditors:
issues = auditor.run()
results.extend(issues)
# end time
end_time = datetime.now(timezone.utc)
# print metrics
elapsed = str(end_time - start_time).partition('.')[0]
logger.info("Found %d %s in %s.", len(results),
'issue' if len(results) == 1 else 'issues', elapsed)
# save report
if configs['report']:
logger.info("Saving report.")
reporter = JsonReporter(results, configs, auditors, checks, vectors)
reporter.report(configs['report'], start_time, end_time)
# print summary
if configs['summary']:
print('')
reporter = TableReporter(results, auditors, checks)
reporter.report()