def test_run_fails(self, test_client, session,csrf_token): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) session.commit() agent = AgentFactory.create( workspaces=[workspace, other_workspace] ) executor = ExecutorFactory.create(agent=agent) session.add(executor) session.commit() payload = { 'csrf_token': csrf_token, 'executorData': { "args": { "param1": True }, "executor": executor.name }, } res = test_client.post( self.url(agent) + 'run/', json=payload ) assert res.status_code == 404
def test_create_agent_valid_token(self, faraday_server_config, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) session.commit() secret = pyotp.random_base32() faraday_server_config.agent_registration_secret = secret faraday_server_config.agent_token_expiration = 60 logout(test_client, [302]) initial_agent_count = len(session.query(Agent).all()) raw_data = get_raw_agent(name='new_agent', token=pyotp.TOTP(secret, interval=60).now(), workspaces=[workspace, other_workspace]) res = test_client.post('/v3/agent_registration', data=raw_data) assert res.status_code == 201, (res.json, raw_data) assert len(session.query(Agent).all()) == initial_agent_count + 1 assert workspace.name in res.json['workspaces'] assert other_workspace.name in res.json['workspaces'] assert len(res.json['workspaces']) == 2 workspaces = Agent.query.get(res.json['id']).workspaces assert len(workspaces) == 2 assert workspace in workspaces assert other_workspace in workspaces
def test_create_agent_valid_token(self, faraday_server_config, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) session.commit() faraday_server_config.agent_token = 'sarasa' logout(test_client, [302]) initial_agent_count = len(session.query(Agent).all()) raw_data = get_raw_agent( name='new_agent', token='sarasa', workspaces=[workspace, other_workspace] ) # /v2/agent_registration/ res = test_client.post(self.check_url('/v2/agent_registration/'), data=raw_data) assert res.status_code == 201, (res.json, raw_data) assert len(session.query(Agent).all()) == initial_agent_count + 1 assert workspace.name in res.json['workspaces'] assert other_workspace.name in res.json['workspaces'] assert len(res.json['workspaces']) == 2 workspaces = Agent.query.get(res.json['id']).workspaces assert len(workspaces) == 2 assert workspace in workspaces assert other_workspace in workspaces
def test_bulk_delete_hosts_from_another_workspace(self, test_client, session): workspace_1 = WorkspaceFactory.create(name='workspace_1') host_of_ws_1 = HostFactory.create(workspace=workspace_1) workspace_2 = WorkspaceFactory.create(name='workspace_2') host_of_ws_2 = HostFactory.create(workspace=workspace_2) session.commit() # Try to delete workspace_2's host from workspace_1 request_data = {'hosts_ids': [host_of_ws_2.id]} url = f'/v2/ws/{workspace_1.name}/hosts/bulk_delete/' delete_response = test_client.delete(url, data=request_data) assert delete_response.json['deleted_hosts'] == 0
def test_update_severity_by_creator(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) user = UserFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, tool='Nessus', severity='low', host=host, creator=user, service=None) session.add(workspace) session.add(vuln) session.add(host) session.commit() vuln_id = vuln.id assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY_INSIDE_HOST', 'model': 'Vulnerability', 'object': f'creator={user.username}', # Without --old param Searcher deletes all duplicated objects 'conditions': ['tool=Nessus'], 'actions': ["--UPDATE:severity=info"] }] searcher.process(rules) vuln = session.query(Vulnerability).get(vuln_id) assert vuln.severity == 'informational'
def test_update_severity_by_values_with_space_2(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, name='Cross-domain Referer leakage', severity='low', service=None) session.add(workspace) session.add(vuln) session.commit() vuln_id = vuln.id assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY', 'model': 'Vulnerability', 'object': "name=Cross-domain%Referer%leakage", # Without --old param Searcher deletes all duplicated objects 'conditions': ['name=Cross-domain%Referer%leakage'], 'actions': ["--UPDATE:severity=info"] }] searcher.process(rules) vuln = session.query(Vulnerability).get(vuln_id) assert vuln.severity == 'informational'
def test_searcher_update_rules(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--UPDATE:severity=med"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.severity == 'medium' check_command(vuln, session)
def test_apply_template_by_id(self, api, session, test_client): workspace = WorkspaceFactory.create() template = VulnerabilityTemplateFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=False) session.add(workspace) session.add(vuln) session.add(template) session.commit() template_name = template.name template_id = template.id searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'APPLY_TEMPLATE', 'model': 'Vulnerability', 'object': "severity=low", 'actions': [f"--UPDATE:template={template_id}"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.name == template_name
def test_severity_info_med_2(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityWebFactory.create(workspace=workspace, severity='informational') session.add(workspace) session.add(vuln) session.commit() assert vuln.severity == 'informational' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CONFIRM_VULN', 'model': 'Vulnerability', 'object': "severity=info", 'actions': ["--UPDATE:severity=med"] }] searcher.process(rules) vulns_count = session.query(VulnerabilityWeb).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(VulnerabilityWeb).filter_by( workspace=workspace).first() assert vuln.severity == 'medium'
def test_confirm_vuln(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=False) session.add(workspace) session.add(vuln) session.commit() assert vuln.confirmed is False searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CONFIRM_VULN', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--UPDATE:confirmed=True"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.confirmed is True
def test_bulk_delete_hosts_without_hosts_ids(self, test_client): ws = WorkspaceFactory.create(name="abc") request_data = {'hosts_ids': []} delete_response = test_client.delete(f'/v2/ws/{ws.name}/hosts/bulk_delete/', data=request_data) assert delete_response.status_code == 400
def test_update_custom_field(self, api, session, test_client): workspace = WorkspaceFactory.create() custom_field = CustomFieldsSchemaFactory.create( table_name='vulnerability', field_name='cfield', field_type='str', field_order=1, field_display_name='CField', ) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=True) vuln.custom_fields = {'cfield': 'test'} session.add(workspace) session.add(custom_field) session.add(vuln) session.commit() assert vuln.confirmed is True searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_CUSTOM_FIELD', 'model': 'Vulnerability', 'object': "severity=low", 'conditions': ['confirmed=True'], 'actions': ["--UPDATE:cfield=CUSTOM_FIELD_UPDATED"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by(workspace=workspace).first() assert vuln.custom_fields['cfield'] == 'CUSTOM_FIELD_UPDATED' check_command(vuln, session)
def test_add_ref_to_duplicated_vuln(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln', host=host, service=None) duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln 2', host=host, service=None) session.add(workspace) session.add(vuln) session.add(duplicated_vuln) session.add(host) session.commit() first_vuln_id = vuln.id searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'ADD_REFS_DUPLICATED_VULNS', 'model': 'Vulnerability', 'fields': ['name'], 'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects 'conditions': ['severity=low'], 'actions': ["--UPDATE:refs=REF_TEST"] }] vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vuln1 = session.query(Vulnerability).get(first_vuln_id) assert len(vuln1.references) > 0 assert list(vuln1.references)[0] == 'REF_TEST'
def test_mail_notification(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() mail_notification = MailNotification( '*****@*****.**', 'testpass', 'smtp.gmail.com', 587 ) _api = api(workspace, test_client, session) searcher = Searcher(_api, mail_notification=mail_notification) rules = [{ 'id': 'SEND_MAIL', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--ALERT:[email protected]"] }] searcher.process(rules) assert searcher.mail_notification == mail_notification
def test_remove_duplicated_by_name(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln', host=host, service=None) duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln 2', host=host, service=None) session.add(workspace) session.add(vuln) session.add(duplicated_vuln) session.add(host) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'REMOVE_DUPLICATED_VULNS', 'model': 'Vulnerability', 'fields': ['name'], 'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects 'actions': ["--DELETE:"] }] vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 1
def test_update_host_with_all_fields(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace, os='Unix', ip="10.25.86.39", owned=False, description='HDesc', mac='MAC') session.add(workspace) session.add(host) session.commit() assert host.owned is False assert host.os == 'Unix' assert host.ip == "10.25.86.39" assert host.description == 'HDesc' assert host.mac == 'MAC' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'UPDATE_HOST', 'model': 'Host', 'object': "ip=10.25.86.39 owned=False os=Unix", 'actions': ["--UPDATE:description=HDescUp", "--UPDATE:mac=MAC2"] }] searcher.process(rules) host = session.query(Host).filter_by(workspace=workspace).first() assert host.description == 'HDescUp' assert host.mac == 'MAC2'
def test_load_itime(self, test_client, session): ws = WorkspaceFactory.create(name="abc") command = CommandFactory.create(workspace=ws) session.add(ws) session.add(command) session.commit() # Timestamp of 14/12/2018 itime = 1544745600.0 data = { 'command': command.command, 'tool': command.tool, 'itime': itime } res = test_client.put( '/v2/ws/{ws_name}/activities/{id}/'.format(ws_name=ws.name, id=command.id), data=data, ) # Changing res.json['itime'] to timestamp format of itime res_itime = res.json['itime'] / 1000 assert res.status_code == 200 assert res_itime == itime
def test_get_workspaced_other_fails(self, test_client, session): other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[other_workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 404
def test_delete_vulns_with_dynamic_values(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln1 = VulnerabilityFactory.create(workspace=workspace, name="TEST1") vuln2 = VulnerabilityFactory.create(workspace=workspace, name="TEST2") session.add(workspace) session.add(vuln1) session.add(vuln2) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'DELETE_VULN_{{name}}', 'model': 'Vulnerability', 'object': "regex=^{{name}}", 'actions': ["--DELETE:"], 'values': [{ 'name': 'TEST1' }, { 'name': 'TEST2' }] }] vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 0
def test_update_agent_add_a_inexistent_workspace(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() raw_agent = self.create_raw_agent( workspaces=[workspace, other_workspace]) raw_agent["workspaces"] = ["donotexist"] res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 404 workspaces = Agent.query.get(agent.id).workspaces assert len(workspaces) == 1 assert workspace in workspaces
def test_verify_created_vulns_with_host_and_service_verification( self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) service = ServiceFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None) session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='service', object_id=service.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) session.commit() res = test_client.get( self.url(workspace=command.workspace) + 'activity_feed/') assert res.status_code == 200 assert res.json == [{ u'_id': command.id, u'command': command.command, u'import_source': u'shell', u'tool': command.tool, u'user': command.user, u'date': time.mktime(command.start_date.timetuple()) * 1000, u'params': command.params, u'hosts_count': 1, u'services_count': 1, u'vulnerabilities_count': 2, u'criticalIssue': 1 }]
def test_get_workspaced(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[self.workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 200 assert 'workspaces' not in res.json
def test_update_agent_delete_a_workspace(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) other_workspace = WorkspaceFactory.create() session.add(other_workspace) agent = AgentFactory.create(workspaces=[workspace, other_workspace], active=True) session.commit() raw_agent = self.create_raw_agent(workspaces=[workspace]) res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 200 assert len(res.json['workspaces']) == 1 assert other_workspace.name not in res.json['workspaces'] assert workspace.name in res.json['workspaces'] workspaces = Agent.query.get(agent.id).workspaces assert len(workspaces) == 1 assert workspaces[0] == workspace
def test_no_file_in_request(self, test_client, session): ws = WorkspaceFactory.create(name="abc") session.add(ws) session.commit() res = test_client.post(f'/v3/ws/{ws.name}/upload_report') assert res.status_code == 400
def test_bulk_delete_hosts_invalid_characters_in_request( self, test_client): ws = WorkspaceFactory.create(name="abc") request_data = {'hosts_ids': [-1, 'test']} delete_response = test_client.delete( '/v2/ws/{0}/hosts/bulk_delete/'.format(ws.name), data=request_data) assert delete_response.json['deleted_hosts'] == 0
def test_get_not_workspaced(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() res = test_client.get(self.url(agent)) assert res.status_code == 200 assert len(res.json['workspaces']) == 1 assert workspace.name in res.json['workspaces'][0]
def test_hosts_ordered_by_vulns_severity(self, session, test_client, service_factory, vulnerability_factory, vulnerability_web_factory): ws = WorkspaceFactory.create() session.add(ws) hosts_list = [] for i in range(0, 10): host = HostFactory.create(workspace=ws) session.add(host) service = service_factory.create(workspace=ws, host=host) session.add(service) hosts_list.append(host) session.commit() severities = ['critical', 'high', 'medium', 'low', 'informational', 'unclassified'] # Vulns counter by severity in host vulns_by_severity = {host.id: [0, 0, 0, 0, 0, 0] for host in hosts_list} for host in hosts_list: # Each host has 10 vulns for i in range(0, 10): vuln_web = choice([True, False]) severity = choice(severities) if vuln_web: vuln = vulnerability_web_factory.create( workspace=ws, service=host.services[0], severity=severity ) else: vuln = vulnerability_factory.create( host=None, service=host.services[0], workspace=host.workspace, severity=severity ) session.add(vuln) # Increase 1 to number of vulns by severity in the host vulns_by_severity[host.id][severities.index(severity)] += 1 session.commit() # Sort vulns_by_severity by number of vulns by severity in every host sorted_hosts = sorted( vulns_by_severity.items(), key=lambda host: [vuln_count for vuln_count in host[1]], reverse=True ) res = test_client.get(self.url(workspace=ws)) assert res.status_code == 200 response_hosts = res.json['rows'] for host in response_hosts: # sorted_hosts and response_hosts have the same order so the index # of host in sorted_host is the same as the # index of host in response_hosts index_in_sorted_host = [host_tuple[0] for host_tuple in sorted_hosts].index(host['id']) index_in_response_hosts = response_hosts.index(host) assert index_in_sorted_host == index_in_response_hosts
def test_delete_agent(self, test_client, session): initial_agent_count = len(session.query(Agent).all()) workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace]) session.commit() assert len(session.query(Agent).all()) == initial_agent_count + 1 res = test_client.delete(self.url(agent.id)) assert res.status_code == 204 assert len(session.query(Agent).all()) == initial_agent_count
def test_update_agent(self, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) agent = AgentFactory.create(workspaces=[workspace], active=True) session.commit() raw_agent = self.create_raw_agent(active=False, workspaces=[workspace]) res = test_client.put(self.url(agent.id), data=raw_agent) assert res.status_code == 200, (res.json, raw_agent) assert not res.json['active'] assert len(res.json['workspaces']) == 1 assert workspace.name in res.json['workspaces'][0]
def test_create_agent_workspaces_not_set(self, faraday_server_config, test_client, session): workspace = WorkspaceFactory.create() session.add(workspace) session.commit() faraday_server_config.agent_token = 'sarasa' logout(test_client, [302]) raw_data = get_raw_agent(name="test agent", token='sarasa') # /v2/agent_registration/ res = test_client.post('/v2/agent_registration/', data=raw_data) assert res.status_code == 400