def test_false_positive_detection(self): # Test whether false positives in database are identified properly issue = {'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson'} # First add one false positive and try checking against it dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "Duplicate false positive not detected") # Change one of the differentiating fields, and test, and # add the tested one to the database. issue['scenario_id'] = '2' # Non-duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: scenario_id different") dbtools.add_false_positive(self.context, issue) # Repeat for all the differentiating fields issue['url'] = 'another url' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: url different") dbtools.add_false_positive(self.context, issue) issue['issuetype'] = 'foo' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: issuetype different") dbtools.add_false_positive(self.context, issue) # Finally, test the last one again twice, now it ought to be # reported back as a duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "A duplicate case not detected")
def test_false_positive_detection(self): # Test whether false positives in database are identified properly issue = { 'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson' } # First add one false positive and try checking against it dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "Duplicate false positive not detected") # Change one of the differentiating fields, and test, and # add the tested one to the database. issue['scenario_id'] = '2' # Non-duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: scenario_id different") dbtools.add_false_positive(self.context, issue) # Repeat for all the differentiating fields issue['url'] = 'another url' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: url different") dbtools.add_false_positive(self.context, issue) issue['issuetype'] = 'foo' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: issuetype different") dbtools.add_false_positive(self.context, issue) # Finally, test the last one again twice, now it ought to be # reported back as a duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "A duplicate case not detected")
def step_impl(context): """Check whether the findings reported by Burp have already been found earlier""" scanissues = context.results # Go through each issue, and add issues that aren't in the database # into the database. If we've found new issues, assert False. new_items = 0 for issue in scanissues: issue['scenario_id'] = context.scenario_id if scandb.known_false_positive(context, issue) is False: new_items += 1 scandb.add_false_positive(context, issue) unprocessed_items = scandb.number_of_new_in_database(context) if unprocessed_items > 0: assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (new_items, unprocessed_items) assert True
def step_impl(context): """Check whether the findings reported by Burp have already been found earlier""" scanissues = context.results # Go through each issue, and add issues that aren't in the database # into the database. If we've found new issues, assert False. new_items = 0 for issue in scanissues: issue['scenario_id'] = context.scenario_id if scandb.known_false_positive(context, issue) is False: new_items += 1 scandb.add_false_positive(context, issue) unprocessed_items = scandb.number_of_new_in_database(context) if unprocessed_items > 0: assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % ( new_items, unprocessed_items) assert True