def setup(self, testfile):
product_type = Product_Type(critical_product=True, key_product=False)
product_type.save()
test_type = Test_Type(static_tool=True, dynamic_tool=False)
test_type.save()
product = Product(prod_type=product_type)
product.save()
engagement = Engagement(
product=product, target_start=timezone.now(), target_end=timezone.now()
)
engagement.save()
parser = AWSScout2Parser()
findings = parser.get_findings(
testfile,
Test(
engagement=engagement,
test_type=test_type,
target_start=timezone.now(),
target_end=timezone.now(),
),
)
testfile.close()
return findings
class TestViewEndpointMetaData(TestCase):
def setUp(self):
self.p = Product()
self.p.Name = 'Test Product'
self.p.Description = 'Product for Testing Endpoint functionality'
self.p.save()
self.e = Endpoint()
self.e.product = self.p
self.e.host = '127.0.0.1'
self.e.save()
self.util = EndpointMetaDataTestUtil()
self.util.save_custom_field(self.e, 'TestField', 'TestValue')
def test_view_endpoint_without_metadata_has_no_additional_info(self):
self.util.delete_custom_field(self.e, 'TestField')
get_request = self.util.create_get_request(self.util.create_user(True),
'endpoint/1')
v = views.view_endpoint(get_request, 1)
self.assertNotContains(v, 'Additional Information')
def test_view_endpoint_with_metadata_has_additional_info(self):
get_request = self.util.create_get_request(self.util.create_user(True),
'endpoint/1')
v = views.view_endpoint(get_request, 1)
self.assertContains(v, "Additional Information")
self.assertContains(v, 'TestField')
self.assertContains(v, 'TestValue')
class TestViewEndpointMetaData(TestCase):
def setUp(self):
self.p = Product()
self.p.Name = 'Test Product'
self.p.Description = 'Product for Testing Endpoint functionality'
self.p.save()
self.e = Endpoint()
self.e.product = self.p
self.e.host = '127.0.0.1'
self.e.save()
self.util = EndpointMetaDataTestUtil()
self.util.save_custom_field(self.e, 'TestField', 'TestValue')
def test_view_endpoint_without_metadata_has_no_additional_info(self):
self.util.delete_custom_field(self.e, 'TestField')
get_request = self.util.create_get_request(self.util.create_user(True), 'endpoint/1')
v = views.view_endpoint(get_request, 1)
self.assertNotContains(v, 'Additional Information')
def test_view_endpoint_with_metadata_has_additional_info(self):
get_request = self.util.create_get_request(self.util.create_user(True), 'endpoint/1')
v = views.view_endpoint(get_request, 1)
self.assertContains(v, "Additional Information")
self.assertContains(v, 'TestField')
self.assertContains(v, 'TestValue')
def setup(self, testfile):
file = MockFileObject(testfile)
product_type = Product_Type(critical_product=True, key_product=False)
product_type.save()
test_type = Test_Type(static_tool=True, dynamic_tool=False)
test_type.save()
product = Product(prod_type=product_type)
product.save()
engagement = Engagement(
product=product, target_start=timezone.now(), target_end=timezone.now()
)
engagement.save()
parser = ScoutSuiteParser()
return parser.get_findings(
file,
Test(
engagement=engagement,
test_type=test_type,
target_start=timezone.now(),
target_end=timezone.now(),
),
)
def setUp(self):
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Endpoint functionality'
p.save()
e = Endpoint()
e.product = p
e.host = '127.0.0.1'
e.save()
def setUp(self):
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Endpoint functionality'
p.save()
e = Endpoint()
e.product = p
e.host = '127.0.0.1'
e.save()
def create_product(self,
name,
*args,
description='dummy description',
prod_type=None,
**kwargs):
if not prod_type:
prod_type = Product_Type.objects.first()
product = Product(name=name,
description=description,
prod_type=prod_type)
product.save()
def setUp(self):
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Endpoint functionality'
p.save()
e = Endpoint()
e.product = p
e.host = '127.0.0.1'
e.save()
call_command('loaddata', 'dojo/fixtures/system_settings', verbosity=0)
def setUp(self):
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Endpoint functionality'
p.save()
e = Endpoint()
e.product = p
e.host = '127.0.0.1'
e.save()
EndpointMetaDataTestUtil.save_custom_field(e, 'TestField', 'TestValue')
EndpointMetaDataTestUtil.save_custom_field(p, 'TestProductField', 'TestProductValue')
def setUp(self):
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Endpoint functionality'
p.save()
e = Endpoint()
e.product = p
e.host = '127.0.0.1'
e.save()
EndpointMetaDataTestUtil.save_custom_field(e, 'TestField', 'TestValue')
EndpointMetaDataTestUtil.save_custom_field(p, 'TestProductField', 'TestProductValue')
call_command('loaddata', 'dojo/fixtures/system_settings', verbosity=0)
def update_product_access(backend, uid, user=None, social=None, *args, **kwargs):
if settings.GITLAB_PROJECT_AUTO_IMPORT is True:
# Get user's product names
user_product_names = [prod.name for prod in get_authorized_products(Permissions.Product_View, user)]
# Get Gitlab access token
soc = user.social_auth.get()
token = soc.extra_data['access_token']
# Get user's projects list on Gitlab
gl = gitlab.Gitlab(settings.SOCIAL_AUTH_GITLAB_API_URL, oauth_token=token)
# Get each project path_with_namespace as future product name
projects = gl.projects.list(membership=True, min_access_level=settings.GITLAB_PROJECT_MIN_ACCESS_LEVEL, all=True)
project_names = [project.path_with_namespace for project in projects]
# Create product_type if necessary
product_type, created = Product_Type.objects.get_or_create(name='Gitlab Import')
# For each project: create a new product or update product's authorized_users
for project in projects:
if project.path_with_namespace not in user_product_names:
try:
# Check if there is a product with the name of the GitLab project
product = Product.objects.get(name=project.path_with_namespace)
except Product.DoesNotExist:
# If not, create a product with that name and the GitLab product type
product = Product(name=project.path_with_namespace, prod_type=product_type)
product.save()
product_member, created = Product_Member.objects.get_or_create(product=product, user=user, defaults={'role': Role.objects.get(id=Roles.Owner)})
# Import tags and/orl URL if necessary
if settings.GITLAB_PROJECT_IMPORT_TAGS:
if hasattr(project, 'topics'):
if len(project.topics) > 0:
product.tags = ",".join(project.topics)
elif hasattr(project, 'tag_list') and len(project.tag_list) > 0:
product.tags = ",".join(project.tag_list)
if settings.GITLAB_PROJECT_IMPORT_URL:
if hasattr(project, 'web_url') and len(project.web_url) > 0:
product.description = "[" + project.web_url + "](" + project.web_url + ")"
if settings.GITLAB_PROJECT_IMPORT_TAGS or settings.GITLAB_PROJECT_IMPORT_URL:
product.save()
# For each product: if user is not project member any more, remove him from product's list of product members
for product_name in user_product_names:
if product_name not in project_names:
product = Product.objects.get(name=product_name)
Product_Member.objects.filter(product=product, user=user).delete()
def create():
settings = System_Settings()
settings.save()
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Apply Template functionality'
p.prod_type = Product_Type.objects.get(id=1)
p.save()
e = Engagement()
e.product = p
e.target_start = timezone.now()
e.target_end = e.target_start + datetime.timedelta(days=5)
e.save()
tt = Test_Type()
tt.name = 'Temporary Test'
tt.save()
t = Test()
t.engagement = e
t.test_type = tt
t.target_start = timezone.now()
t.target_end = t.target_start + datetime.timedelta(days=5)
t.save()
user = FindingTemplateTestUtil.create_user(True)
f = Finding()
f.title = 'Finding for Testing Apply Template functionality'
f.severity = 'High'
f.description = 'Finding for Testing Apply Template Functionality'
f.test = t
f.reporter = user
f.last_reviewed = timezone.now()
f.last_reviewed_by = user
f.save()
def create():
settings = System_Settings()
settings.save()
p = Product()
p.Name = 'Test Product'
p.Description = 'Product for Testing Apply Template functionality'
p.save()
e = Engagement()
e.product = p
e.target_start = timezone.now()
e.target_end = e.target_start + datetime.timedelta(days=5)
e.save()
tt = Test_Type()
tt.name = 'Temporary Test'
tt.save()
t = Test()
t.engagement = e
t.test_type = tt
t.target_start = timezone.now()
t.target_end = t.target_start + datetime.timedelta(days=5)
t.save()
user = FindingTemplateTestUtil.create_user(True)
f = Finding()
f.title = 'Finding for Testing Apply Template functionality'
f.severity = 'High'
f.description = 'Finding for Testing Apply Template Functionality'
f.test = t
f.reporter = user
f.last_reviewed = timezone.now()
f.last_reviewed_by = user
f.save()
