def test_create_service(session, host): data = bc.BulkServiceSchema().load(service_data) bc._create_service(host.workspace, host, data) assert count(Service, host.workspace) == 1 service = Service.query.filter(Service.workspace == host.workspace).one() assert service.name == 'http' assert service.port == 80
def test_create_service_with_invalid_vulns(session, host): service_data_ = service_data.copy() vuln_data_ = vuln_data.copy() del vuln_data_['name'] service_data_['vulnerabilities'] = [1, 2, 3] with pytest.raises(ValidationError): data = bc.BulkServiceSchema().load(service_data_) bc._create_service(host.workspace, host, data) assert count(Service, host.workspace) == 0 assert count(Vulnerability, host.workspace) == 0
def test_create_existing_service(session, service): session.add(service) session.commit() data = { "name": service.name, "port": service.port, "protocol": service.protocol, } data = bc.BulkServiceSchema().load(data) bc._create_service(service.workspace, service.host, data) assert count(Service, service.host.workspace) == 1
def test_create_service_with_vuln(session, host): service_data_ = service_data.copy() service_data_['vulnerabilities'] = [vuln_data] data = bc.BulkServiceSchema().load(service_data_) bc._create_service(host.workspace, host, data) assert count(Service, host.workspace) == 1 service = host.workspace.services[0] assert count(Vulnerability, service.workspace) == 1 vuln = Vulnerability.query.filter( Vulnerability.workspace == service.workspace).one() assert vuln.name == 'sql injection' assert vuln.service == service
def test_create_service_with_cred(session, host): service_data_ = service_data.copy() service_data_['credentials'] = [credential_data] data = bc.BulkServiceSchema().load(service_data_) bc._create_service(host.workspace, host, data) assert count(Service, host.workspace) == 1 service = host.workspace.services[0] assert count(Credential, service.workspace) == 1 cred = Credential.query.filter( Credential.workspace == service.workspace).one() assert cred.service == service assert cred.name == 'test credential' assert cred.username == 'admin' assert cred.password == '12345'
def test_create_service_with_vulnweb(session, host): service_data_ = service_data.copy() vuln_data_ = vuln_data.copy() vuln_data_.update(vuln_web_data) service_data_['vulnerabilities'] = [vuln_data_] data = bc.BulkServiceSchema().load(service_data_) bc._create_service(host.workspace, host, data) assert count(Service, host.workspace) == 1 service = host.workspace.services[0] assert count(Vulnerability, service.workspace) == 0 assert count(VulnerabilityWeb, service.workspace) == 1 vuln = VulnerabilityWeb.query.filter( Vulnerability.workspace == service.workspace).one() assert vuln.name == 'sql injection' assert vuln.service == service assert vuln.method == 'POST' assert vuln.website == 'https://faradaysec.com' assert vuln.status_code == 200
def test_bulk_create_update_service(session, service): session.add(service) session.commit() new_service_version = f"{service.name}_changed" new_service_name = f"{service.name}_changed" new_service_description = f"{service.description}_changed" new_service_owned = not service.owned data = { "version": new_service_version, "name": new_service_name, "description": new_service_description, "port": service.port, "protocol": service.protocol, "owned": new_service_owned, } data = bc.BulkServiceSchema().load(data) bc._create_service(service.workspace, service.host, data) assert count(Service, service.host.workspace) == 1 assert service.version == new_service_version assert service.name == new_service_name assert service.description == new_service_description assert service.owned == new_service_owned