def test_create_manual_check_for_team_missing_param(self): self.login_user('admin', 'admin') query_data = { "description": "Teams had to make a network policy", "comments": "They did okay on this, but forgot about video sharing sites.", "inject_number": "109", "score": 25, "timestamp": convert_datetime_to_timestamp(datetime.now()) } post_data = { "type": "IllegalParameter", "reason": "Required parameter 'id' is not specified." } expected_data = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '6'] for i in expected_data: del i['team_id'], i['type'] i['timestamp'] = convert_datetime_to_timestamp(i['timestamp']) post = self.app.post('/checks/manual/teams/6', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 403 assert json.loads(post.data) == post_data result = self.app.get('/checks/manual/teams/6') assert result.status_code == 200 result_data = json.loads(result.data) assert len(result_data) == len(expected_data) for i, j in zip(result_data, expected_data): show_difference_between_dicts(i, j) assert result_data == expected_data
def test_create_inject_check_for_team_missing_param(self): self.login_user('admin', 'admin') query_data = { "description": "Checking if the filesystem was set up on time.", "machine": "Apache", "class_name": "SampleInjectCheck", "inject_number": "66", "time_to_check": convert_datetime_to_timestamp(datetime.now()) } post_data = { "type": "IllegalParameter", "reason": "Required parameter 'id' is not specified." } expected_data = [obj for obj in self.data['active_checks'] if obj['type'] == 'inject'] for i in expected_data: del i['type'] i['time_to_check'] = convert_datetime_to_timestamp(i['time_to_check']) post = self.app.post('/checks/injects', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 403 assert json.loads(post.data) == post_data result = self.app.get('/checks/injects') assert result.status_code == 200 result_data = json.loads(result.data) assert len(result_data) == len(expected_data) assert result_data == expected_data
def get_all_scores_for_teams(): data = g.db.get_scores_for_all_teams() for item in data: item['timestamp'] = convert_datetime_to_timestamp(item['timestamp']) js = json.dumps(data, default=json_util.default) resp = Response(js, status=200, mimetype='application/json') return resp
def test_create_inject_check(self): self.login_user('admin', 'admin') query_data = { "id": "FileSystemSetUp", "description": "Checking if the filesystem was set up on time.", "machine": "Apache", "class_name": "SampleInjectCheck", "inject_number": "66", "time_to_check": convert_datetime_to_timestamp(datetime.now()) } expected_result = [{ "description": "Checking if the filesystem was set up on time.", "machine": "Apache", "class_name": "SampleInjectCheck", "inject_number": "66", "time_to_check": query_data['time_to_check'] }] post = self.app.post('/checks/injects', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 201 assert post.headers['Location'] == 'http://localhost/checks/injects/FileSystemSetUp' result = self.app.get('/checks/injects/FileSystemSetUp') rest_result = json.loads(result.data) show_difference_between_dicts(rest_result[0], expected_result[0]) assert result.status_code == 200 assert rest_result == expected_result
def get_score_for_team(team_id): data = g.db.get_score_for_team(team_id) if len(data) == 0: return Response(status=404) data[0]['timestamp'] = convert_datetime_to_timestamp(data[0]['timestamp']) js = json.dumps(data[0], default=json_util.default) resp = Response(js, status=200, mimetype='application/json') return resp
def test_get_score_for_specific_team(self): self.login_user('admin', 'admin') rest_result = self.app.get('/teams/6/score') assert rest_result.status_code == 200 json_result = json.loads(rest_result.data) expected_result = [obj for obj in self.data['team_scores'] if obj['team_id'] == '6'][0] del expected_result['team_id'] expected_result['timestamp'] = convert_datetime_to_timestamp(expected_result['timestamp']) show_difference_between_dicts(json_result, expected_result) assert json_result == expected_result
def test_modify_inject_check_invalid_param(self): self.login_user('admin', 'admin') query_data = [deepcopy(obj) for obj in self.data['active_checks'] if obj['type'] == 'inject' and obj['id'] == 'RemovedFiles'][0] del query_data['type'] query_data['time_to_check'] = convert_datetime_to_timestamp(query_data['time_to_check']) query_data['machine'] = 'Redis' query_data['inject_number'] = '57' patch_data = { "type": "IllegalParameter", "reason": "Parameter 'id' is not valid for this interface." } result_data = [obj for obj in self.data['active_checks'] if obj['type'] == 'inject' and obj['id'] == 'RemovedFiles'] for i in result_data: del i['type'], i['id'] i['time_to_check'] = convert_datetime_to_timestamp(i['time_to_check']) patch = self.app.patch('/checks/injects/RemovedFiles', data=json.dumps(query_data)) assert patch.status_code == 403 assert json.loads(patch.data) == patch_data result = self.app.get('/checks/injects/RemovedFiles') assert result.status_code == 200 assert json.loads(result.data) == result_data
def test_modify_inject_check_no_param(self): self.login_user('admin', 'admin') query_data = {} result_data = [obj for obj in self.data['active_checks'] if obj['type'] == 'inject' and obj['id'] == 'RemovedFiles'] for i in result_data: del i['type'], i['id'] i['time_to_check'] = convert_datetime_to_timestamp(i['time_to_check']) patch = self.app.patch('/checks/injects/RemovedFiles', data=json.dumps(query_data)) assert patch.status_code == 204 result = self.app.get('/checks/injects/RemovedFiles') assert result.status_code == 200 assert json.loads(result.data) == result_data
def test_modify_manual_check_for_team_no_param(self): self.login_user('admin', 'admin') query_data = {} result_data = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '1' and obj['id'] == 'BoardPresentation'] for i in result_data: del i['team_id'], i['type'], i['id'] i['timestamp'] = convert_datetime_to_timestamp(i['timestamp']) patch = self.app.patch('/checks/manual/BoardPresentation/teams/1', data=json.dumps(query_data)) assert patch.status_code == 204 result = self.app.get('/checks/manual/BoardPresentation/teams/1') assert result.status_code == 200 assert json.loads(result.data) == result_data
def test_get_scores_for_all_teams(self): self.login_user('admin', 'admin') rest_result = self.app.get('/teams/scores') assert rest_result.status_code == 200 expected_result = [obj for obj in self.data['team_scores']] print rest_result.data json_result = json.loads(rest_result.data) assert len(json_result) == len(expected_result) for i in range(0, len(json_result)): expected_result[i]['timestamp'] = convert_datetime_to_timestamp(expected_result[i]['timestamp']) show_difference_between_dicts(json_result[i], expected_result[i]) assert json_result == expected_result
def test_modify_inject_check(self): self.login_user('admin', 'admin') query_data = [obj for obj in self.data['active_checks'] if obj['type'] == 'inject' and obj['id'] == 'RemovedFiles'][0] del query_data['type'], query_data['id'] query_data['time_to_check'] = convert_datetime_to_timestamp(query_data['time_to_check']) query_data['machine'] = 'Redis' query_data['inject_number'] = '57' result_data = [query_data] patch = self.app.patch('/checks/injects/RemovedFiles', data=json.dumps(query_data)) assert patch.status_code == 204 result = self.app.get('/checks/injects/RemovedFiles') assert result.status_code == 200 assert json.loads(result.data) == result_data
def test_create_inject_check_exists(self): self.login_user('admin', 'admin') query_data = [obj for obj in self.data['active_checks'] if obj['type'] == 'inject'][0] del query_data['type'] query_data['time_to_check'] = convert_datetime_to_timestamp(query_data['time_to_check']) result_data = { "type": "Exists", "reason": "A inject check with the id '{}' already exists".format(query_data['id']) } post = self.app.post('/checks/injects', data=json.dumps(query_data), follow_redirects=True) print post.status_code, post.data assert post.status_code == 403 assert json.loads(post.data) == result_data
def test_modify_manual_check_for_team(self): self.login_user('admin', 'admin') query_data = { 'comments': "This team deserves some points, so we'll let this slide.", 'score': 10 } result_data = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '1' and obj['id'] == 'BoardPresentation'] result_data[0]['comments'] = query_data['comments'] result_data[0]['score'] = query_data['score'] del result_data[0]['team_id'], result_data[0]['id'], result_data[0]['type'] result_data[0]['timestamp'] = convert_datetime_to_timestamp(result_data[0]['timestamp']) patch = self.app.patch('/checks/manual/BoardPresentation/teams/1', data=json.dumps(query_data)) print patch.status_code, patch.data assert patch.status_code == 204 result = self.app.get('/checks/manual/BoardPresentation/teams/1') assert result.status_code == 200 print result.data print result_data assert json.loads(result.data) == result_data
def test_create_manual_check_for_team_invalid_param(self): self.login_user('admin', 'admin') query_data = { "id": "NetworkPolicy", "description": "Teams had to make a network policy", "comments": "They did okay on this, but forgot about video sharing sites.", "inject_number": "109", "score": 25, "timestamp": convert_datetime_to_timestamp(datetime.now()), "failure": "assured" } post_data = { "type": "IllegalParameter", "reason": "Parameter 'failure' is not valid for this interface." } post = self.app.post('/checks/manual/teams/6', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 403 assert json.loads(post.data) == post_data result = self.app.get('/checks/manual/AnotherSecurityHole/teams/6') print result.status_code, result.data assert result.status_code == 404
def test_modify_manual_check_for_team_invalid_param(self): self.login_user('admin', 'admin') query_data = { 'id': 'BoardPresentation', 'comments': "This team deserves some points, so we'll let this slide.", 'score': 10 } patch_data = { "type": "IllegalParameter", "reason": "Parameter 'id' is not valid for this interface." } result_data = [obj for obj in self.data['completed_checks'] if obj['type'] == 'manual' and obj['team_id'] == '1' and obj['id'] == 'BoardPresentation'] for i in result_data: del i['team_id'], i['type'], i['id'] i['timestamp'] = convert_datetime_to_timestamp(i['timestamp']) patch = self.app.patch('/checks/manual/BoardPresentation/teams/1', data=json.dumps(query_data)) assert patch.status_code == 403 assert json.loads(patch.data) == patch_data result = self.app.get('/checks/manual/BoardPresentation/teams/1') assert result.status_code == 200 assert json.loads(result.data) == result_data
def test_create_inject_check_invalid_param(self): self.login_user('admin', 'admin') query_data = { "id": "FileSystemSetUp", "description": "Checking if the filesystem was set up on time.", "machine": "Apache", "class_name": "SampleInjectCheck", "inject_number": "66", "time_to_check": convert_datetime_to_timestamp(datetime.now()), "failure": "assured" } post_data = { "type": "IllegalParameter", "reason": "Parameter 'failure' is not valid for this interface." } post = self.app.post('/checks/injects', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 403 assert json.loads(post.data) == post_data result = self.app.get('/checks/injects/FileSystemSetUp') print result.status_code, result.data assert result.status_code == 404
def test_create_manual_check_for_team(self): self.login_user('admin', 'admin') query_data = { "id": "NetworkPolicy", "description": "Teams had to make a network policy", "comments": "They did okay on this, but forgot about video sharing sites.", "inject_number": "109", "score": 25, "timestamp": convert_datetime_to_timestamp(datetime.now()) } result_data = [{ "description": "Teams had to make a network policy", "comments": "They did okay on this, but forgot about video sharing sites.", "inject_number": "109", "score": 25, "timestamp": query_data['timestamp'] }] post = self.app.post('/checks/manual/teams/2', data=json.dumps(query_data), follow_redirects=True) assert post.status_code == 201 assert post.headers['Location'] == 'http://localhost/checks/manual/NetworkPolicy/teams/2' result = self.app.get('/checks/manual/NetworkPolicy/teams/2') print result.status_code, result.data assert result.status_code == 200 assert json.loads(result.data) == result_data