Python MozillaObservatoryParserの例

プログラミング言語: Python

名前空間/パッケージ名: dojo.tools.mozilla_observatory.parser

hotexamples.comのコード掲載数: 7

Python MozillaObservatoryParser - 7件のコード例が見つかりました。すべてオープンソースプロジェクトから抽出されたPythonのdojo.tools.mozilla_observatory.parser.MozillaObservatoryParserの実例で、最も評価が高いものを厳選しています。コード例の評価を行っていただくことで、より質の高いコード例が表示されるようになります。

よく使われるメソッド

表示非表示

MozillaObservatoryParser(7)

get_findings(7)

コード例 #1

ファイルを表示

 def test_parse_file_cli_demo(self):
     """Test from the CLI"""
     testfile = open("unittests/scans/mozilla_observatory/demo.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(12, len(findings))
     for finding in findings:
         if "content-security-policy" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool="content-security-policy"):
                 self.assertTrue(finding.active)
                 self.assertEqual("Content Security Policy (CSP) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Content Security Policy (CSP) header not implemented", finding.description)
                 self.assertEqual("content-security-policy", finding.vuln_id_from_tool)
         elif "cookies" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool="cookies"):
                 self.assertTrue(finding.active)
                 self.assertEqual("Cookies set without using the Secure flag or set over HTTP", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Cookies set without using the Secure flag or set over HTTP", finding.description)
         elif "strict-transport-security" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool="strict-transport-security"):
                 self.assertTrue(finding.active)
                 self.assertEqual("HTTP Strict Transport Security (HSTS) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("HTTP Strict Transport Security (HSTS) header not implemented", finding.description)
         else:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertFalse(finding.active)

コード例 #2

ファイルを表示

ファイル: test_mozilla_observatory_parser.py プロジェクト: leonardobedazup/beda-DefectDojo-1.13.0

    def test_parse_file_with_no_vuln_has_no_findings(self):

        testfile = open(
            "dojo/unittests/scans/mozilla_observatory/mozilla_no_vuln.json")
        parser = MozillaObservatoryParser()
        findings = parser.get_findings(testfile, Test())
        self.assertEqual(0, len(findings))

コード例 #3

ファイルを表示

 def test_parse_file_with_no_vuln_has_no_findings(self):
     testfile = open("unittests/scans/mozilla_observatory/mozilla_no_vuln.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(4, len(findings))
     # test that all findings are not active
     for finding in findings:
         self.assertFalse(finding.active)

コード例 #4

ファイルを表示

 def test_parse_file_cli_nmap_scanme(self):
     """Test from the CLI"""
     testfile = open("unittests/scans/mozilla_observatory/nmap_scanme.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(12, len(findings))
     for finding in findings:
         if "content-security-policy" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Content Security Policy (CSP) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Content Security Policy (CSP) header not implemented", finding.description)
         elif "strict-transport-security" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("HTTP Strict Transport Security (HSTS) header cannot be set, as site contains an invalid certificate chain", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("HTTP Strict Transport Security (HSTS) header cannot be set, as site contains an invalid certificate chain", finding.description)
         elif "x-xss-protection" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("X-XSS-Protection header not implemented", finding.title)
                 self.assertEqual("Low", finding.severity)
                 self.assertIn("X-XSS-Protection header not implemented", finding.description)
         elif "x-frame-options" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("X-Frame-Options (XFO) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("X-Frame-Options (XFO) header not implemented", finding.description)
         elif "x-content-type-options" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("X-Content-Type-Options header not implemented", finding.title)
                 self.assertEqual("Low", finding.severity)
                 self.assertIn("X-Content-Type-Options header not implemented", finding.description)
         elif "subresource-integrity" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src=\"//...\"", finding.title)
                 self.assertEqual("High", finding.severity)
                 self.assertIn("Subresource Integrity (SRI) not implemented", finding.description)
         elif "redirection" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS", finding.title)
                 self.assertEqual("Low", finding.severity)
                 self.assertIn("Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS", finding.description)
         else:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertFalse(finding.active)

コード例 #5

ファイルを表示

 def test_parse_file_cli_mozilla_org(self):
     """Test from the CLI"""
     testfile = open("unittests/scans/mozilla_observatory/mozilla_org.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(12, len(findings))
     for finding in findings:
         if "content-security-policy" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.", finding.description)
         else:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertFalse(finding.active)

コード例 #6

ファイルを表示

 def test_parse_file_cli_juicy(self):
     """Test from the CLI"""
     testfile = open("unittests/scans/mozilla_observatory/juicy.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(12, len(findings))
     for finding in findings:
         if "content-security-policy" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Content Security Policy (CSP) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Content Security Policy (CSP) header not implemented", finding.description)
         elif "strict-transport-security" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("HTTP Strict Transport Security (HSTS) header not implemented", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("HTTP Strict Transport Security (HSTS) header not implemented", finding.description)
         elif "x-xss-protection" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("X-XSS-Protection header not implemented", finding.title)
                 self.assertEqual("Low", finding.severity)
                 self.assertIn("X-XSS-Protection header not implemented", finding.description)
         elif "subresource-integrity" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src=\"//...\"", finding.title)
                 self.assertEqual("High", finding.severity)
                 self.assertIn("Subresource Integrity (SRI) not implemented", finding.description)
         elif "redirection" == finding.vuln_id_from_tool:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertTrue(finding.active)
                 self.assertEqual("Does not redirect to an HTTPS site", finding.title)
                 self.assertEqual("Medium", finding.severity)
                 self.assertIn("Does not redirect to an HTTPS site", finding.description)
         else:
             with self.subTest(vuln_id_from_tool=finding.vuln_id_from_tool):
                 self.assertFalse(finding.active)

コード例 #7

ファイルを表示

 def test_parse_file_with_multiple_vuln_has_multiple_finding(self):
     testfile = open("unittests/scans/mozilla_observatory/mozilla_google_many_vuln.json")
     parser = MozillaObservatoryParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(6, len(findings))