def test_npm_audit_parser_many_vuln_npm7(self):
with self.assertRaises(ValueError) as context:
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln_npm7.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertTrue("npm7 with auditReportVersion 2 or higher not yet supported" in str(context.exception))
self.assertEqual(findings, None)
def test_npm_audit_parser_with_one_criticle_vuln_has_one_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/one_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))
self.assertEqual("growl", findings[0].component_name)
self.assertEqual("1.9.2", findings[0].component_version)
def test_npm_audit_parser_empty_with_error(self):
with self.assertRaises(ValueError) as context:
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/empty_with_error.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertTrue("npm audit report contains errors:" in str(context.exception))
self.assertTrue("ENOAUDIT" in str(context.exception))
def test_npm_audit_parser_with_many_vuln_has_many_findings(self):
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/many_vuln.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(5, len(findings))
for find in findings:
if find.cve == "CVE-2017-16138":
self.assertEqual(find.file_path, "censored_by_npm_audit>send>mime")
elif find.cve == "CVE-2017-16119":
self.assertEqual(find.file_path, "express>fresh")
def test_npm_audit_parser_with_many_vuln_has_many_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/many_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(5, len(findings))
for find in findings:
if find.cve == 'CVE-2017-16138':
self.assertEqual(find.file_path,
'censored_by_npm_audit>send>mime')
elif find.cve == 'CVE-2017-16119':
self.assertEqual(find.file_path, 'express>fresh')
def test_npm_audit_parser_many_vuln_npm7(self):
with self.assertRaises(ValueError) as context:
testfile = open("dojo/unittests/scans/npm_audit_sample/many_vuln_npm7.json")
parser = NpmAuditParser(testfile, Test())
testfile.close()
self.assertTrue('npm7 with auditReportVersion 2 or higher not yet supported' in str(context.exception))
self.assertEqual(parser.items, None)
def test_npm_audit_parser_empty_with_error(self):
with self.assertRaises(ValueError) as context:
testfile = open("dojo/unittests/scans/npm_audit_sample/empty_with_error.json")
parser = NpmAuditParser(testfile, Test())
testfile.close()
self.assertTrue('npm audit report contains errors:' in str(context.exception))
self.assertTrue('ENOAUDIT' in str(context.exception))
def import_parser_factory(file, test, active, verified, scan_type=None):
if scan_type is None:
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Burp Enterprise Scan":
parser = BurpEnterpriseHtmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Clair Scan":
parser = ClairParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nikto Scan":
parser = NiktoXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Checkmarx Scan detailed":
parser = CheckmarxXMLParser(file, test, 'detailed')
elif scan_type == "Contrast Scan":
parser = ContrastCSVParser(file, test)
elif scan_type == "Crashtest Security JSON File":
parser = CrashtestSecurityJsonParser(file, test)
elif scan_type == "Crashtest Security XML File":
parser = CrashtestSecurityXmlParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ESLint Scan":
parser = ESLintParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Dependency Track Finding Packaging Format (FPF) Export':
parser = DependencyTrackParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'NPM Audit Scan':
parser = NpmAuditParser(file, test)
elif scan_type == 'PHP Symfony Security Check':
parser = PhpSymfonySecurityCheckParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test, active, verified)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Infrastructure Scan (WebGUI XML)':
parser = QualysInfraScanParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
elif scan_type == 'Trufflehog Scan':
parser = TruffleHogJSONParser(file, test)
elif scan_type == 'Clair Klar Scan':
parser = ClairKlarParser(file, test)
elif scan_type == 'Gosec Scanner':
parser = GosecScannerParser(file, test)
elif scan_type == 'Trustwave Scan (CSV)':
parser = TrustwaveUploadCsvParser(file, test)
elif scan_type == 'Netsparker Scan':
parser = NetsparkerParser(file, test)
elif scan_type == 'PHP Security Audit v2':
parser = PhpSecurityAuditV2(file, test)
elif scan_type == 'Acunetix Scan':
parser = AcunetixScannerParser(file, test)
elif scan_type == 'Fortify Scan':
parser = FortifyXMLParser(file, test)
elif scan_type == 'SonarQube Scan':
parser = SonarQubeHtmlParser(file, test)
elif scan_type == 'SonarQube Scan detailed':
parser = SonarQubeHtmlParser(file, test, 'detailed')
elif scan_type == SCAN_SONARQUBE_API:
parser = SonarQubeApiImporter(test)
elif scan_type == 'MobSF Scan':
parser = MobSFParser(file, test)
elif scan_type == 'AWS Scout2 Scan':
parser = AWSScout2Parser(file, test)
elif scan_type == 'AWS Prowler Scan':
parser = AWSProwlerParser(file, test)
elif scan_type == 'Brakeman Scan':
parser = BrakemanScanParser(file, test)
elif scan_type == 'SpotBugs Scan':
parser = SpotbugsXMLParser(file, test)
elif scan_type == 'Safety Scan':
parser = SafetyParser(file, test)
elif scan_type == 'DawnScanner Scan':
parser = DawnScannerParser(file, test)
elif scan_type == 'Anchore Engine Scan':
parser = AnchoreEngineScanParser(file, test)
elif scan_type == 'Bundler-Audit Scan':
parser = BundlerAuditParser(file, test)
elif scan_type == 'Twistlock Image Scan':
parser = TwistlockParser(file, test)
elif scan_type == 'IBM AppScan DAST':
parser = IbmAppScanDASTXMLParser(file, test)
elif scan_type == 'Kiuwan Scan':
parser = KiuwanCSVParser(file, test)
elif scan_type == 'Blackduck Hub Scan':
parser = BlackduckHubCSVParser(file, test)
elif scan_type == 'Blackduck Component Risk':
parser = BlackduckHubParser(file, test)
elif scan_type == 'Sonatype Application Scan':
parser = SonatypeJSONParser(file, test)
elif scan_type == 'Openscap Vulnerability Scan':
parser = OpenscapXMLParser(file, test)
elif scan_type == 'Immuniweb Scan':
parser = ImmuniwebXMLParser(file, test)
elif scan_type == 'Wapiti Scan':
parser = WapitiXMLParser(file, test)
elif scan_type == 'Cobalt.io Scan':
parser = CobaltCSVParser(file, test)
elif scan_type == 'Mozilla Observatory Scan':
parser = MozillaObservatoryJSONParser(file, test)
elif scan_type == 'Whitesource Scan':
parser = WhitesourceJSONParser(file, test)
elif scan_type == 'Microfocus Webinspect Scan':
parser = MicrofocusWebinspectXMLParser(file, test)
elif scan_type == 'Wpscan':
parser = WpscanJSONParser(file, test)
elif scan_type == 'Sslscan':
parser = SslscanXMLParser(file, test)
elif scan_type == 'JFrog Xray Scan':
parser = XrayJSONParser(file, test)
elif scan_type == 'Sslyze Scan':
parser = SslyzeXmlParser(file, test)
elif scan_type == 'Testssl Scan':
parser = TestsslCSVParser(file, test)
elif scan_type == 'Hadolint Dockerfile check':
parser = HadolintParser(file, test)
elif scan_type == 'Aqua Scan':
parser = AquaJSONParser(file, test)
elif scan_type == 'HackerOne Cases':
parser = HackerOneJSONParser(file, test)
elif scan_type == 'Xanitizer Scan':
parser = XanitizerXMLParser(file, test)
elif scan_type == 'Trivy Scan':
parser = TrivyParser(file, test)
elif scan_type == 'Outpost24 Scan':
parser = Outpost24Parser(file, test)
elif scan_type == 'DSOP Scan':
parser = DsopParser(file, test)
elif scan_type == 'Anchore Enterprise Policy Check':
parser = AnchoreEnterprisePolicyCheckParser(file, test)
elif scan_type == 'Gitleaks Scan':
parser = GitleaksJSONParser(file, test)
elif scan_type == 'Harbor Vulnerability Scan':
parser = HarborVulnerabilityParser(file, test)
elif scan_type == 'Github Vulnerability Scan':
parser = GithubVulnerabilityParser(file, test)
elif scan_type == 'Choctaw Hog Scan':
parser = ChoctawhogParser(file, test)
elif scan_type == 'GitLab SAST Report':
parser = GitlabSastReportParser(file, test)
elif scan_type == 'Yarn Audit Scan':
parser = YarnAuditParser(file, test)
elif scan_type == 'BugCrowd Scan':
parser = BugCrowdCSVParser(file, test)
elif scan_type == 'HuskyCI Report':
parser = HuskyCIReportParser(file, test)
elif scan_type == 'CCVS Report':
parser = CCVSReportParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def test_npm_audit_parser_without_file_has_no_findings(self):
parser = NpmAuditParser(None, Test())
self.assertEqual(0, len(parser.items))
def test_npm_audit_parser_with_many_vuln_has_many_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/many_vuln.json")
parser = NpmAuditParser(testfile, Test())
testfile.close()
self.assertEqual(5, len(parser.items))
def test_npm_audit_parser_with_no_vuln_has_no_findings(self):
testfile = open("dojo/unittests/scans/npm_audit_sample/no_vuln.json")
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(0, len(findings))
def import_parser_factory(file, test, active, verified, scan_type=None):
if scan_type is None:
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Clair Scan":
parser = ClairParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nikto Scan":
parser = NiktoXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Contrast Scan":
parser = ContrastCSVParser(file, test)
elif scan_type == "Crashtest Security Scan":
parser = CrashtestSecurityXmlParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'NPM Audit Scan':
parser = NpmAuditParser(file, test)
elif scan_type == 'Symfony Security Check':
parser = PhpSymfonySecurityCheckParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test, active, verified)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
elif scan_type == 'Trufflehog Scan':
parser = TruffleHogJSONParser(file, test)
elif scan_type == 'Clair Klar Scan':
parser = ClairKlarParser(file, test)
elif scan_type == 'Gosec Scanner':
parser = GosecScannerParser(file, test)
elif scan_type == 'Trustwave Scan (CSV)':
parser = TrustwaveUploadCsvParser(file, test)
elif scan_type == 'Netsparker Scan':
parser = NetsparkerParser(file, test)
elif scan_type == 'PHP Security Audit v2':
parser = PhpSecurityAuditV2(file, test)
elif scan_type == 'Acunetix Scan':
parser = AcunetixScannerParser(file, test)
elif scan_type == 'Fortify Scan':
parser = FortifyXMLParser(file, test)
elif scan_type == 'SonarQube Scan':
parser = SonarQubeHtmlParser(file, test)
elif scan_type == 'MobSF Scan':
parser = MobSFParser(file, test)
elif scan_type == 'AWS Scout2 Scan':
parser = AWSScout2Parser(file, test)
elif scan_type == 'AWS Prowler Scan':
parser = AWSProwlerParser(file, test)
elif scan_type == 'Brakeman Scan':
parser = BrakemanScanParser(file, test)
elif scan_type == 'SpotBugs Scan':
parser = SpotbugsXMLParser(file, test)
elif scan_type == 'Safety Scan':
parser = SafetyParser(file, test)
elif scan_type == 'DawnScanner Scan':
parser = DawnScannerParser(file, test)
elif scan_type == 'Anchore Engine Scan':
parser = AnchoreEngineScanParser(file, test)
elif scan_type == 'Bundler-Audit Scan':
parser = BundlerAuditParser(file, test)
elif scan_type == 'Twistlock Image Scan':
parser = TwistlockParser(file, test)
elif scan_type == 'IBM AppScan DAST':
parser = IbmAppScanDASTXMLParser(file, test)
elif scan_type == 'Kiuwan Scan':
parser = KiuwanCSVParser(file, test)
elif scan_type == 'Blackduck Hub Scan':
parser = BlackduckHubCSVParser(file, test)
elif scan_type == 'Sonatype Application Scan':
parser = SonatypeJSONParser(file, test)
elif scan_type == 'Openscap Vulnerability Scan':
parser = OpenscapXMLParser(file, test)
elif scan_type == 'Immuniweb Scan':
parser = ImmuniwebXMLParser(file, test)
elif scan_type == 'Wapiti Scan':
parser = WapitiXMLParser(file, test)
elif scan_type == 'Cobalt.io Scan':
parser = CobaltCSVParser(file, test)
elif scan_type == 'Mozilla Observatory Scan':
parser = MozillaObservatoryJSONParser(file, test)
elif scan_type == 'Whitesource Scan':
parser = WhitesourceJSONParser(file, test)
elif scan_type == 'Microfocus Webinspect Scan':
parser = MicrofocusWebinspectXMLParser(file, test)
elif scan_type == 'Wpscan':
parser = WpscanJSONParser(file, test)
elif scan_type == 'Sslscan':
parser = SslscanXMLParser(file, test)
elif scan_type == 'JFrog Xray Scan':
parser = XrayJSONParser(file, test)
elif scan_type == 'Sslyze Scan':
parser = SslyzeXmlParser(file, test)
elif scan_type == 'Testssl Scan':
parser = TestsslCSVParser(file, test)
elif scan_type == 'Hadolint Dockerfile check':
parser = HadolintParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def test_npm_audit_parser_with_no_vuln_has_no_findings(self):
testfile = open(path.join(path.dirname(__file__), "../scans/npm_audit_sample/no_vuln.json"))
parser = NpmAuditParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(0, len(findings))
