def test_run_fails(self, test_client, session,csrf_token):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
session.commit()
agent = AgentFactory.create(
workspaces=[workspace, other_workspace]
)
executor = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param1": True
},
"executor": executor.name
},
}
res = test_client.post(
self.url(agent) + 'run/',
json=payload
)
assert res.status_code == 404
def test_create_agent_valid_token(self, faraday_server_config, test_client,
session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
session.commit()
secret = pyotp.random_base32()
faraday_server_config.agent_registration_secret = secret
faraday_server_config.agent_token_expiration = 60
logout(test_client, [302])
initial_agent_count = len(session.query(Agent).all())
raw_data = get_raw_agent(name='new_agent',
token=pyotp.TOTP(secret, interval=60).now(),
workspaces=[workspace, other_workspace])
res = test_client.post('/v3/agent_registration', data=raw_data)
assert res.status_code == 201, (res.json, raw_data)
assert len(session.query(Agent).all()) == initial_agent_count + 1
assert workspace.name in res.json['workspaces']
assert other_workspace.name in res.json['workspaces']
assert len(res.json['workspaces']) == 2
workspaces = Agent.query.get(res.json['id']).workspaces
assert len(workspaces) == 2
assert workspace in workspaces
assert other_workspace in workspaces
def test_create_agent_valid_token(self, faraday_server_config, test_client,
session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
session.commit()
faraday_server_config.agent_token = 'sarasa'
logout(test_client, [302])
initial_agent_count = len(session.query(Agent).all())
raw_data = get_raw_agent(
name='new_agent',
token='sarasa',
workspaces=[workspace, other_workspace]
)
# /v2/agent_registration/
res = test_client.post(self.check_url('/v2/agent_registration/'), data=raw_data)
assert res.status_code == 201, (res.json, raw_data)
assert len(session.query(Agent).all()) == initial_agent_count + 1
assert workspace.name in res.json['workspaces']
assert other_workspace.name in res.json['workspaces']
assert len(res.json['workspaces']) == 2
workspaces = Agent.query.get(res.json['id']).workspaces
assert len(workspaces) == 2
assert workspace in workspaces
assert other_workspace in workspaces
def test_bulk_delete_hosts_from_another_workspace(self, test_client, session):
workspace_1 = WorkspaceFactory.create(name='workspace_1')
host_of_ws_1 = HostFactory.create(workspace=workspace_1)
workspace_2 = WorkspaceFactory.create(name='workspace_2')
host_of_ws_2 = HostFactory.create(workspace=workspace_2)
session.commit()
# Try to delete workspace_2's host from workspace_1
request_data = {'hosts_ids': [host_of_ws_2.id]}
url = f'/v2/ws/{workspace_1.name}/hosts/bulk_delete/'
delete_response = test_client.delete(url, data=request_data)
assert delete_response.json['deleted_hosts'] == 0
def test_update_severity_by_creator(self, api, session, test_client):
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace)
user = UserFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace,
tool='Nessus',
severity='low',
host=host,
creator=user,
service=None)
session.add(workspace)
session.add(vuln)
session.add(host)
session.commit()
vuln_id = vuln.id
assert vuln.severity == 'low'
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CHANGE_SEVERITY_INSIDE_HOST',
'model': 'Vulnerability',
'object':
f'creator={user.username}', # Without --old param Searcher deletes all duplicated objects
'conditions': ['tool=Nessus'],
'actions': ["--UPDATE:severity=info"]
}]
searcher.process(rules)
vuln = session.query(Vulnerability).get(vuln_id)
assert vuln.severity == 'informational'
def test_update_severity_by_values_with_space_2(self, api, session,
test_client):
workspace = WorkspaceFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace,
name='Cross-domain Referer leakage',
severity='low',
service=None)
session.add(workspace)
session.add(vuln)
session.commit()
vuln_id = vuln.id
assert vuln.severity == 'low'
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CHANGE_SEVERITY',
'model': 'Vulnerability',
'object':
"name=Cross-domain%Referer%leakage", # Without --old param Searcher deletes all duplicated objects
'conditions': ['name=Cross-domain%Referer%leakage'],
'actions': ["--UPDATE:severity=info"]
}]
searcher.process(rules)
vuln = session.query(Vulnerability).get(vuln_id)
assert vuln.severity == 'informational'
def test_searcher_update_rules(self, api, session, test_client):
workspace = WorkspaceFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low')
session.add(workspace)
session.add(vuln)
session.commit()
assert vuln.severity == 'low'
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CHANGE_SEVERITY',
'model': 'Vulnerability',
'object': "severity=low",
'actions': ["--UPDATE:severity=med"]
}]
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(
workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(Vulnerability).filter_by(
workspace=workspace).first()
assert vuln.severity == 'medium'
check_command(vuln, session)
def test_apply_template_by_id(self, api, session, test_client):
workspace = WorkspaceFactory.create()
template = VulnerabilityTemplateFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace,
severity='low',
confirmed=False)
session.add(workspace)
session.add(vuln)
session.add(template)
session.commit()
template_name = template.name
template_id = template.id
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'APPLY_TEMPLATE',
'model': 'Vulnerability',
'object': "severity=low",
'actions': [f"--UPDATE:template={template_id}"]
}]
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(
workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(Vulnerability).filter_by(
workspace=workspace).first()
assert vuln.name == template_name
def test_severity_info_med_2(self, api, session, test_client):
workspace = WorkspaceFactory.create()
vuln = VulnerabilityWebFactory.create(workspace=workspace,
severity='informational')
session.add(workspace)
session.add(vuln)
session.commit()
assert vuln.severity == 'informational'
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CONFIRM_VULN',
'model': 'Vulnerability',
'object': "severity=info",
'actions': ["--UPDATE:severity=med"]
}]
searcher.process(rules)
vulns_count = session.query(VulnerabilityWeb).filter_by(
workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(VulnerabilityWeb).filter_by(
workspace=workspace).first()
assert vuln.severity == 'medium'
def test_confirm_vuln(self, api, session, test_client):
workspace = WorkspaceFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace,
severity='low',
confirmed=False)
session.add(workspace)
session.add(vuln)
session.commit()
assert vuln.confirmed is False
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CONFIRM_VULN',
'model': 'Vulnerability',
'object': "severity=low",
'actions': ["--UPDATE:confirmed=True"]
}]
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(
workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(Vulnerability).filter_by(
workspace=workspace).first()
assert vuln.confirmed is True
def test_bulk_delete_hosts_without_hosts_ids(self, test_client):
ws = WorkspaceFactory.create(name="abc")
request_data = {'hosts_ids': []}
delete_response = test_client.delete(f'/v2/ws/{ws.name}/hosts/bulk_delete/', data=request_data)
assert delete_response.status_code == 400
def test_update_custom_field(self, api, session, test_client):
workspace = WorkspaceFactory.create()
custom_field = CustomFieldsSchemaFactory.create(
table_name='vulnerability',
field_name='cfield',
field_type='str',
field_order=1,
field_display_name='CField',
)
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=True)
vuln.custom_fields = {'cfield': 'test'}
session.add(workspace)
session.add(custom_field)
session.add(vuln)
session.commit()
assert vuln.confirmed is True
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CHANGE_CUSTOM_FIELD',
'model': 'Vulnerability',
'object': "severity=low",
'conditions': ['confirmed=True'],
'actions': ["--UPDATE:cfield=CUSTOM_FIELD_UPDATED"]
}]
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(Vulnerability).filter_by(workspace=workspace).first()
assert vuln.custom_fields['cfield'] == 'CUSTOM_FIELD_UPDATED'
check_command(vuln, session)
def test_add_ref_to_duplicated_vuln(self, api, session, test_client):
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low',
name='Duplicated Vuln',
host=host, service=None)
duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low',
name='Duplicated Vuln 2',
host=host, service=None)
session.add(workspace)
session.add(vuln)
session.add(duplicated_vuln)
session.add(host)
session.commit()
first_vuln_id = vuln.id
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'ADD_REFS_DUPLICATED_VULNS',
'model': 'Vulnerability',
'fields': ['name'],
'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects
'conditions': ['severity=low'],
'actions': ["--UPDATE:refs=REF_TEST"]
}]
vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count()
assert vulns_count == 2
searcher.process(rules)
vuln1 = session.query(Vulnerability).get(first_vuln_id)
assert len(vuln1.references) > 0
assert list(vuln1.references)[0] == 'REF_TEST'
def test_mail_notification(self, api, session, test_client):
workspace = WorkspaceFactory.create()
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low')
session.add(workspace)
session.add(vuln)
session.commit()
mail_notification = MailNotification(
'*****@*****.**',
'testpass',
'smtp.gmail.com',
587
)
_api = api(workspace, test_client, session)
searcher = Searcher(_api, mail_notification=mail_notification)
rules = [{
'id': 'SEND_MAIL',
'model': 'Vulnerability',
'object': "severity=low",
'actions': ["--ALERT:[email protected]"]
}]
searcher.process(rules)
assert searcher.mail_notification == mail_notification
def test_remove_duplicated_by_name(self, api, session, test_client):
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low',
name='Duplicated Vuln',
host=host, service=None)
duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low',
name='Duplicated Vuln 2',
host=host, service=None)
session.add(workspace)
session.add(vuln)
session.add(duplicated_vuln)
session.add(host)
session.commit()
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'REMOVE_DUPLICATED_VULNS',
'model': 'Vulnerability',
'fields': ['name'],
'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects
'actions': ["--DELETE:"]
}]
vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count()
assert vulns_count == 2
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count()
assert vulns_count == 1
def test_update_host_with_all_fields(self, api, session, test_client):
workspace = WorkspaceFactory.create()
host = HostFactory.create(workspace=workspace,
os='Unix',
ip="10.25.86.39",
owned=False,
description='HDesc',
mac='MAC')
session.add(workspace)
session.add(host)
session.commit()
assert host.owned is False
assert host.os == 'Unix'
assert host.ip == "10.25.86.39"
assert host.description == 'HDesc'
assert host.mac == 'MAC'
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id':
'UPDATE_HOST',
'model':
'Host',
'object':
"ip=10.25.86.39 owned=False os=Unix",
'actions': ["--UPDATE:description=HDescUp", "--UPDATE:mac=MAC2"]
}]
searcher.process(rules)
host = session.query(Host).filter_by(workspace=workspace).first()
assert host.description == 'HDescUp'
assert host.mac == 'MAC2'
def test_load_itime(self, test_client, session):
ws = WorkspaceFactory.create(name="abc")
command = CommandFactory.create(workspace=ws)
session.add(ws)
session.add(command)
session.commit()
# Timestamp of 14/12/2018
itime = 1544745600.0
data = {
'command': command.command,
'tool': command.tool,
'itime': itime
}
res = test_client.put(
'/v2/ws/{ws_name}/activities/{id}/'.format(ws_name=ws.name,
id=command.id),
data=data,
)
# Changing res.json['itime'] to timestamp format of itime
res_itime = res.json['itime'] / 1000
assert res.status_code == 200
assert res_itime == itime
def test_get_workspaced_other_fails(self, test_client, session):
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[other_workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 404
def test_delete_vulns_with_dynamic_values(self, api, session, test_client):
workspace = WorkspaceFactory.create()
vuln1 = VulnerabilityFactory.create(workspace=workspace, name="TEST1")
vuln2 = VulnerabilityFactory.create(workspace=workspace, name="TEST2")
session.add(workspace)
session.add(vuln1)
session.add(vuln2)
session.commit()
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'DELETE_VULN_{{name}}',
'model': 'Vulnerability',
'object': "regex=^{{name}}",
'actions': ["--DELETE:"],
'values': [{
'name': 'TEST1'
}, {
'name': 'TEST2'
}]
}]
vulns_count = session.query(Vulnerability).filter_by(
workspace=workspace).count()
assert vulns_count == 2
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(
workspace=workspace).count()
assert vulns_count == 0
def test_update_agent_add_a_inexistent_workspace(self, test_client,
session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
raw_agent = self.create_raw_agent(
workspaces=[workspace, other_workspace])
raw_agent["workspaces"] = ["donotexist"]
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 404
workspaces = Agent.query.get(agent.id).workspaces
assert len(workspaces) == 1
assert workspace in workspaces
def test_verify_created_vulns_with_host_and_service_verification(
self, session, test_client):
workspace = WorkspaceFactory.create()
command = EmptyCommandFactory.create(workspace=workspace)
host = HostFactory.create(workspace=workspace)
service = ServiceFactory.create(workspace=workspace)
vuln = VulnerabilityFactory.create(severity='critical',
workspace=workspace,
host=host,
service=None)
vuln_med = VulnerabilityFactory.create(severity='medium',
workspace=workspace,
service=service,
host=None)
session.flush()
CommandObjectFactory.create(command=command,
object_type='host',
object_id=host.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='service',
object_id=service.id,
workspace=workspace)
CommandObjectFactory.create(command=command,
object_type='vulnerability',
object_id=vuln_med.id,
workspace=workspace)
session.commit()
res = test_client.get(
self.url(workspace=command.workspace) + 'activity_feed/')
assert res.status_code == 200
assert res.json == [{
u'_id':
command.id,
u'command':
command.command,
u'import_source':
u'shell',
u'tool':
command.tool,
u'user':
command.user,
u'date':
time.mktime(command.start_date.timetuple()) * 1000,
u'params':
command.params,
u'hosts_count':
1,
u'services_count':
1,
u'vulnerabilities_count':
2,
u'criticalIssue':
1
}]
def test_get_workspaced(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[self.workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 200
assert 'workspaces' not in res.json
def test_update_agent_delete_a_workspace(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[workspace, other_workspace],
active=True)
session.commit()
raw_agent = self.create_raw_agent(workspaces=[workspace])
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 200
assert len(res.json['workspaces']) == 1
assert other_workspace.name not in res.json['workspaces']
assert workspace.name in res.json['workspaces']
workspaces = Agent.query.get(agent.id).workspaces
assert len(workspaces) == 1
assert workspaces[0] == workspace
def test_no_file_in_request(self, test_client, session):
ws = WorkspaceFactory.create(name="abc")
session.add(ws)
session.commit()
res = test_client.post(f'/v3/ws/{ws.name}/upload_report')
assert res.status_code == 400
def test_bulk_delete_hosts_invalid_characters_in_request(
self, test_client):
ws = WorkspaceFactory.create(name="abc")
request_data = {'hosts_ids': [-1, 'test']}
delete_response = test_client.delete(
'/v2/ws/{0}/hosts/bulk_delete/'.format(ws.name), data=request_data)
assert delete_response.json['deleted_hosts'] == 0
def test_get_not_workspaced(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 200
assert len(res.json['workspaces']) == 1
assert workspace.name in res.json['workspaces'][0]
def test_hosts_ordered_by_vulns_severity(self, session, test_client, service_factory,
vulnerability_factory, vulnerability_web_factory):
ws = WorkspaceFactory.create()
session.add(ws)
hosts_list = []
for i in range(0, 10):
host = HostFactory.create(workspace=ws)
session.add(host)
service = service_factory.create(workspace=ws, host=host)
session.add(service)
hosts_list.append(host)
session.commit()
severities = ['critical', 'high', 'medium', 'low', 'informational', 'unclassified']
# Vulns counter by severity in host
vulns_by_severity = {host.id: [0, 0, 0, 0, 0, 0] for host in hosts_list}
for host in hosts_list:
# Each host has 10 vulns
for i in range(0, 10):
vuln_web = choice([True, False])
severity = choice(severities)
if vuln_web:
vuln = vulnerability_web_factory.create(
workspace=ws, service=host.services[0], severity=severity
)
else:
vuln = vulnerability_factory.create(
host=None, service=host.services[0],
workspace=host.workspace, severity=severity
)
session.add(vuln)
# Increase 1 to number of vulns by severity in the host
vulns_by_severity[host.id][severities.index(severity)] += 1
session.commit()
# Sort vulns_by_severity by number of vulns by severity in every host
sorted_hosts = sorted(
vulns_by_severity.items(),
key=lambda host: [vuln_count for vuln_count in host[1]],
reverse=True
)
res = test_client.get(self.url(workspace=ws))
assert res.status_code == 200
response_hosts = res.json['rows']
for host in response_hosts:
# sorted_hosts and response_hosts have the same order so the index
# of host in sorted_host is the same as the
# index of host in response_hosts
index_in_sorted_host = [host_tuple[0] for host_tuple in sorted_hosts].index(host['id'])
index_in_response_hosts = response_hosts.index(host)
assert index_in_sorted_host == index_in_response_hosts
def test_delete_agent(self, test_client, session):
initial_agent_count = len(session.query(Agent).all())
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace])
session.commit()
assert len(session.query(Agent).all()) == initial_agent_count + 1
res = test_client.delete(self.url(agent.id))
assert res.status_code == 204
assert len(session.query(Agent).all()) == initial_agent_count
def test_update_agent(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
raw_agent = self.create_raw_agent(active=False, workspaces=[workspace])
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 200, (res.json, raw_agent)
assert not res.json['active']
assert len(res.json['workspaces']) == 1
assert workspace.name in res.json['workspaces'][0]
def test_create_agent_workspaces_not_set(self, faraday_server_config,
test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
session.commit()
faraday_server_config.agent_token = 'sarasa'
logout(test_client, [302])
raw_data = get_raw_agent(name="test agent", token='sarasa')
# /v2/agent_registration/
res = test_client.post('/v2/agent_registration/', data=raw_data)
assert res.status_code == 400
