def test_burp_one_finding(self):
with open(
path.join(
path.dirname(__file__),
"../scans/burp_graphql/one_finding.json")) as test_file:
parser = BurpGraphQLParser()
findings = parser.get_findings(test_file, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(1, len(findings))
self.assertEqual("Finding", findings[0].title)
self.assertEqual(79, findings[0].cwe)
self.assertIn("description 1", findings[0].description)
self.assertIn("remediation 1", findings[0].mitigation)
self.assertIn("issue description 1", findings[0].impact)
self.assertIn("issue remediation 1", findings[0].mitigation)
self.assertEquals('High', findings[0].severity)
self.assertEqual(1, len(findings[0].unsaved_endpoints))
self.assertEqual('www.test.com',
findings[0].unsaved_endpoints[0].host)
self.assertEqual('path', findings[0].unsaved_endpoints[0].path)
self.assertEqual('https',
findings[0].unsaved_endpoints[0].protocol)
self.assertEqual(1, len(findings[0].unsaved_req_resp))
self.assertEqual('request data 1/request data 2/request data 3/',
findings[0].unsaved_req_resp[0]['req'])
self.assertIn('ref 1', findings[0].references)
self.assertIn('CWE-79', findings[0].references)
def test_burp_no_findings(self):
with open(
path.join(
path.dirname(__file__),
"../scans/burp_graphql/no_findings.json")) as test_file:
parser = BurpGraphQLParser()
findings = parser.get_findings(test_file, Test())
self.assertEqual(0, len(findings))
def test_burp_null_title(self):
with open(
path.join(
path.dirname(__file__),
"../scans/burp_graphql/null_title.json")) as test_file:
with self.assertRaises(ValueError):
parser = BurpGraphQLParser()
findings = parser.get_findings(test_file, Test())
def test_burp_null_data(self):
with open(
path.join(
path.dirname(__file__),
"../scans/burp_graphql/null_data.json")) as test_file:
parser = BurpGraphQLParser()
findings = parser.get_findings(test_file, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(1, len(findings))
self.assertEqual("Finding", findings[0].title)
def test_burp_two_findings(self):
with open(
path.join(
path.dirname(__file__),
"../scans/burp_graphql/two_findings.json")) as test_file:
parser = BurpGraphQLParser()
findings = parser.get_findings(test_file, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(2, len(findings))
self.assertEqual("Finding 1", findings[0].title)
self.assertEqual("Finding 2", findings[1].title)
self.assertEqual(2, len(findings[1].unsaved_endpoints))
self.assertEqual(4, len(findings[1].unsaved_req_resp))
self.assertIn("description 2", findings[1].description)
self.assertIn("description 3", findings[1].description)