def test_create_service(session, host):
data = bc.ServiceSchema(strict=True).load(service_data).data
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = Service.query.filter(Service.workspace == host.workspace).one()
assert service.name == 'http'
assert service.port == 80
def test_create_service_with_invalid_vulns(session, host):
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
del vuln_data_['name']
service_data_['vulnerabilities'] = [1, 2, 3]
with pytest.raises(ValidationError):
data = bc.ServiceSchema(strict=True).load(service_data_).data
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 0
assert count(Vulnerability, host.workspace) == 0
def test_create_existing_service(session, service):
session.add(service)
session.commit()
data = {
"name": service.name,
"port": service.port,
"protocol": service.protocol,
}
data = bc.ServiceSchema(strict=True).load(data).data
bc._create_service(service.workspace, service.host, data)
assert count(Service, service.host.workspace) == 1
def test_create_service_with_vuln(session, host):
service_data_ = service_data.copy()
service_data_['vulnerabilities'] = [vuln_data]
data = bc.ServiceSchema(strict=True).load(service_data_).data
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Vulnerability, service.workspace) == 1
vuln = Vulnerability.query.filter(
Vulnerability.workspace == service.workspace).one()
assert vuln.name == 'sql injection'
assert vuln.service == service
def test_create_service_with_cred(session, host):
service_data_ = service_data.copy()
service_data_['credentials'] = [credential_data]
data = bc.ServiceSchema(strict=True).load(service_data_).data
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Credential, service.workspace) == 1
cred = Credential.query.filter(
Credential.workspace == service.workspace).one()
assert cred.service == service
assert cred.name == 'test credential'
assert cred.username == 'admin'
assert cred.password == '12345'
def test_create_service_with_vulnweb(session, host):
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_.update(vuln_web_data)
service_data_['vulnerabilities'] = [vuln_data_]
data = bc.ServiceSchema(strict=True).load(service_data_).data
bc._create_service(host.workspace, host, data)
assert count(Service, host.workspace) == 1
service = host.workspace.services[0]
assert count(Vulnerability, service.workspace) == 0
assert count(VulnerabilityWeb, service.workspace) == 1
vuln = VulnerabilityWeb.query.filter(
Vulnerability.workspace == service.workspace).one()
assert vuln.name == 'sql injection'
assert vuln.service == service
assert vuln.method == 'POST'
assert vuln.website == 'https://faradaysec.com'
assert vuln.status_code == 200