コード例 #1
0
 def test_verify_created_vulns_with_host_and_service_verification(
         self, session, test_client):
     workspace = WorkspaceFactory.create()
     command = EmptyCommandFactory.create(workspace=workspace)
     host = HostFactory.create(workspace=workspace)
     service = ServiceFactory.create(workspace=workspace)
     vuln = VulnerabilityFactory.create(severity='critical',
                                        workspace=workspace,
                                        host=host,
                                        service=None)
     vuln_med = VulnerabilityFactory.create(severity='medium',
                                            workspace=workspace,
                                            service=service,
                                            host=None)
     session.flush()
     CommandObjectFactory.create(command=command,
                                 object_type='host',
                                 object_id=host.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='service',
                                 object_id=service.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_med.id,
                                 workspace=workspace)
     session.commit()
     res = test_client.get(
         self.url(workspace=command.workspace) + 'activity_feed/')
     assert res.status_code == 200
     assert res.json == [{
         u'_id':
         command.id,
         u'command':
         command.command,
         u'import_source':
         u'shell',
         u'tool':
         command.tool,
         u'user':
         command.user,
         u'date':
         time.mktime(command.start_date.timetuple()) * 1000,
         u'params':
         command.params,
         u'hosts_count':
         1,
         u'services_count':
         1,
         u'vulnerabilities_count':
         2,
         u'criticalIssue':
         1
     }]
コード例 #2
0
    def test_activity_feed(self, session, test_client):
        command = self.factory.create()
        another_command = EmptyCommandFactory.create(workspace=command.workspace)
        vuln = session.query(Vulnerability).get(command.command_objects[0].object_id)
        session.flush()
        CommandObjectFactory.create(
            command=another_command,
            object_type='vulnerability',
            object_id=vuln.id,
            workspace=command.workspace
        )
        CommandObjectFactory.create(
            command=another_command,
            object_type='host',
            object_id=vuln.host.id,
            workspace=command.workspace
        )
        session.commit()

        res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed'))
        assert res.status_code == 200

        assert list(filter(lambda stats: stats['_id'] == command.id, res.json)) == [
            {'_id': command.id,
             'command': command.command,
             'import_source': 'shell',
             'user': command.user,
             'date': time.mktime(command.start_date.timetuple()) * 1000,
             'params': command.params,
             'tool': command.tool,
             'hosts_count': 1,
             'services_count': 0,
             'vulnerabilities_count': 1,
             'criticalIssue': 0}]

        assert list(filter(lambda stats: stats['_id'] == another_command.id,
                           res.json)) == [{
            '_id': another_command.id,
            'command': another_command.command,
            'import_source': 'shell',
            'tool': another_command.tool,
            'user': another_command.user,
            'date': time.mktime(
                another_command.start_date.timetuple()) * 1000,
            'params': another_command.params,
            'hosts_count': 0,
            'services_count': 0,
            'vulnerabilities_count': 0,
            'criticalIssue': 0}]
コード例 #3
0
ファイル: test_api_hosts.py プロジェクト: funnyDog896/faraday
    def test_create_host_cant_assign_command_from_another_workspace(self, test_client, session):
        command = EmptyCommandFactory.create()
        new_workspace = WorkspaceFactory.create()
        session.commit()
        assert len(command.command_objects) == 0
        url = self.url(workspace=new_workspace) + '?' + urlencode({'command_id': command.id})

        res = test_client.post(url, data={
            "ip": "127.0.0.1",
            "description": "aaaaa",
        })

        assert res.status_code == 400
        assert res.json == {u'message': u'Command not found.'}
        assert len(command.command_objects) == 0
コード例 #4
0
ファイル: test_api_hosts.py プロジェクト: funnyDog896/faraday
    def test_create_host_from_command(self, test_client, session):
        command = EmptyCommandFactory.create()
        session.commit()
        assert len(command.command_objects) == 0
        url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id})

        res = test_client.post(url, data={
            "ip": "127.0.0.1",
            "description": "aaaaa",
        })

        assert res.status_code == 201
        assert len(command.command_objects) == 1
        cmd_obj = command.command_objects[0]
        assert cmd_obj.object_type == 'host'
        assert cmd_obj.object_id == res.json['id']
コード例 #5
0
 def test_verify_created_critical_vulns_is_correctly_showing_sum_values(self, session, test_client):
     workspace = WorkspaceFactory.create()
     command = EmptyCommandFactory.create(workspace=workspace)
     host = HostFactory.create(workspace=workspace)
     vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None)
     vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None)
     session.flush()
     CommandObjectFactory.create(
         command=command,
         object_type='host',
         object_id=host.id,
         workspace=workspace
     )
     CommandObjectFactory.create(
         command=command,
         object_type='vulnerability',
         object_id=vuln.id,
         workspace=workspace
     )
     CommandObjectFactory.create(
         command=command,
         object_type='vulnerability',
         object_id=vuln_med.id,
         workspace=workspace
     )
     session.commit()
     res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed'))
     assert res.status_code == 200
     assert res.json == [
         {'_id': command.id,
          'command': command.command,
          'import_source': 'shell',
          'tool': command.tool,
          'user': command.user,
          'date': time.mktime(command.start_date.timetuple()) * 1000,
          'params': command.params,
          'hosts_count': 1,
          'services_count': 0,
          'vulnerabilities_count': 2,
          'criticalIssue': 1}
     ]
コード例 #6
0
    def test_create_service_from_command(self, test_client, session):
        host = HostFactory.create(workspace=self.workspace)
        command = EmptyCommandFactory.create(workspace=self.workspace)
        session.commit()
        assert len(command.command_objects) == 0
        url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id})
        raw_data = {
            "name": "SSH",
            "description": "SSH service",
            "owned": False,
            "ports": [22],
            "protocol": "tcp",
            "status": "open",
            "parent": host.id
        }
        res = test_client.post(url, data=raw_data)

        assert res.status_code == 201
        assert len(command.command_objects) == 1
        cmd_obj = command.command_objects[0]
        assert cmd_obj.object_type == 'service'
        assert cmd_obj.object_id == res.json['id']
コード例 #7
0
    def test_multiple_commands_executed_with_same_objects_found(
            self, session, test_client):
        """
            This text verifies that multiple command does not affect activity feed counters.
        """
        workspace = WorkspaceFactory.create()
        host = HostFactory.create(workspace=workspace)
        vuln = VulnerabilityFactory.create(severity='low',
                                           workspace=workspace,
                                           host=host,
                                           service=None)
        service = ServiceFactory.create(workspace=workspace)
        commands = []
        in_the_middle_commands = []
        first_command = None
        for index in range(0, 10):

            command = EmptyCommandFactory.create(workspace=workspace)
            commands.append(command)
            if index > 0:
                # in the middle commands should not affect counters (should be at 0)
                in_the_middle_commands.append(command)
            else:
                first_command = command
            session.flush()
            CommandObjectFactory.create(command=command,
                                        object_type='host',
                                        object_id=host.id,
                                        workspace=workspace)
            CommandObjectFactory.create(command=command,
                                        object_type='vulnerability',
                                        object_id=vuln.id,
                                        workspace=workspace)
        # This command will change activity feed counters
        vuln_med = VulnerabilityFactory.create(severity='medium',
                                               workspace=workspace,
                                               service=service,
                                               host=None)
        session.flush()
        last_command = EmptyCommandFactory.create(workspace=workspace)
        CommandObjectFactory.create(command=last_command,
                                    object_type='service',
                                    object_id=service.id,
                                    workspace=workspace)
        CommandObjectFactory.create(command=last_command,
                                    object_type='vulnerability',
                                    object_id=vuln_med.id,
                                    workspace=workspace)
        session.commit()
        res = test_client.get(
            self.url(workspace=command.workspace) + 'activity_feed/')
        assert res.status_code == 200
        raw_first_command = list(
            filter(lambda comm: comm['_id'] == commands[0].id, res.json))

        assert raw_first_command.pop() == {
            u'_id': first_command.id,
            u'command': first_command.command,
            u'import_source': u'shell',
            u'user': first_command.user,
            u'date': time.mktime(first_command.start_date.timetuple()) * 1000,
            u'params': first_command.params,
            u'hosts_count': 1,
            u'services_count': 0,
            u'vulnerabilities_count': 1,
            u'tool': first_command.tool,
            u'criticalIssue': 0
        }

        for in_the_middle_command in in_the_middle_commands:
            raw_in_the_middle_command = list(
                filter(lambda comm: comm['_id'] == in_the_middle_command.id,
                       res.json))
            assert raw_in_the_middle_command.pop() == {
                u'_id':
                in_the_middle_command.id,
                u'command':
                in_the_middle_command.command,
                u'import_source':
                u'shell',
                u'user':
                in_the_middle_command.user,
                u'date':
                time.mktime(in_the_middle_command.start_date.timetuple()) *
                1000,
                u'params':
                in_the_middle_command.params,
                u'hosts_count':
                0,
                u'tool':
                in_the_middle_command.tool,
                u'services_count':
                0,
                u'vulnerabilities_count':
                0,
                u'criticalIssue':
                0
            }

        # new command must create new service and vuln
        raw_last_command = list(
            filter(lambda comm: comm['_id'] == last_command.id, res.json))
        assert raw_last_command.pop() == {
            u'_id': last_command.id,
            u'command': last_command.command,
            u'import_source': u'shell',
            u'user': last_command.user,
            u'date': time.mktime(last_command.start_date.timetuple()) * 1000,
            u'params': last_command.params,
            u'hosts_count': 0,
            u'tool': last_command.tool,
            u'services_count': 1,
            u'vulnerabilities_count': 1,
            u'criticalIssue': 0
        }
コード例 #8
0
 def test_verify_correct_severities_sum_values(self, session, test_client):
     workspace = WorkspaceFactory.create()
     command = EmptyCommandFactory.create(workspace=workspace)
     host = HostFactory.create(workspace=workspace)
     vuln_critical = VulnerabilityFactory.create(severity='critical',
                                                 workspace=workspace,
                                                 host=host,
                                                 service=None)
     vuln_high = VulnerabilityFactory.create(severity='high',
                                             workspace=workspace,
                                             host=host,
                                             service=None)
     vuln_med = VulnerabilityFactory.create(severity='medium',
                                            workspace=workspace,
                                            host=host,
                                            service=None)
     vuln_med2 = VulnerabilityFactory.create(severity='medium',
                                             workspace=workspace,
                                             host=host,
                                             service=None)
     vuln_low = VulnerabilityFactory.create(severity='low',
                                            workspace=workspace,
                                            host=host,
                                            service=None)
     vuln_info = VulnerabilityFactory.create(severity='informational',
                                             workspace=workspace,
                                             host=host,
                                             service=None)
     vuln_info2 = VulnerabilityFactory.create(severity='informational',
                                              workspace=workspace,
                                              host=host,
                                              service=None)
     vuln_unclassified = VulnerabilityFactory.create(
         severity='unclassified',
         workspace=workspace,
         host=host,
         service=None)
     session.flush()
     CommandObjectFactory.create(command=command,
                                 object_type='host',
                                 object_id=host.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_critical.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_high.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_med.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_med2.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_low.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_info.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_info2.id,
                                 workspace=workspace)
     CommandObjectFactory.create(command=command,
                                 object_type='vulnerability',
                                 object_id=vuln_unclassified.id,
                                 workspace=workspace)
     session.commit()
     res = test_client.get(f'/v2/ws/{command.workspace.name}/activities/')
     assert res.status_code == 200
     assert res.json['activities'][0]['vulnerabilities_count'] == 8
     assert res.json['activities'][0]['criticalIssue'] == 1
     assert res.json['activities'][0]['highIssue'] == 1
     assert res.json['activities'][0]['mediumIssue'] == 2
     assert res.json['activities'][0]['lowIssue'] == 1
     assert res.json['activities'][0]['infoIssue'] == 2
     assert res.json['activities'][0]['unclassifiedIssue'] == 1