def test_get_findings(self, mock_foo): mock_foo.return_value = self.findings cobalt_api_importer = CobaltApiImporter() my_findings = cobalt_api_importer.get_findings(self.test_2) mock_foo.assert_called_with('SERVICE_KEY_1') self.assertEqual(my_findings, self.findings)
def test_prepare_client_one_test_configuration(self): cobalt_api_importer = CobaltApiImporter() cobalt_api, api_scan_configuration = cobalt_api_importer.prepare_client( self.test_2) self.assertEqual(api_scan_configuration, self.api_scan_configuration_2) self.assertEqual(cobalt_api.api_token, 'API_KEY') self.assertEqual(cobalt_api.org_token, 'EXTRAS')
def test_prepare_client_no_configuration(self, mock_foo): mock_foo.filter.return_value = mock_foo mock_foo.count.return_value = 0 with self.assertRaisesRegex( Exception, 'There are no API Scan Configurations for this Product.'): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(self.test) mock_foo.filter.assert_called_with(product=self.product)
def test_prepare_client_more_than_one_configuration(self, mock_foo): mock_foo.filter.return_value = mock_foo mock_foo.count.return_value = 2 with self.assertRaisesRegex( Exception, 'More than one Product API Scan Configuration has been configured, but none of them has been chosen.' ): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(self.test) mock_foo.filter.assert_called_with(product=self.product)
def test_prepare_client_one_product_configuration(self, mock_foo): mock_foo.filter.return_value = mock_foo mock_foo.count.return_value = 1 mock_foo.first.return_value = self.api_scan_configuration cobalt_api_importer = CobaltApiImporter() cobalt_api, api_scan_configuration = cobalt_api_importer.prepare_client( self.test) mock_foo.filter.assert_called_with(product=self.product) self.assertEqual(api_scan_configuration, self.api_scan_configuration) self.assertEqual(cobalt_api.api_token, 'API_KEY') self.assertEqual(cobalt_api.org_token, 'EXTRAS')
def test_prepare_client_do_not_match(self): product_3 = Product() engagement_3 = Engagement() engagement_3.product = product_3 test_3 = Test() test_3.engagement = engagement_3 api_scan_configuration_3 = Product_API_Scan_Configuration() api_scan_configuration_3.product = self.product test_3.api_scan_configuration = api_scan_configuration_3 with self.assertRaisesRegex( Exception, 'API Scan Configuration for Cobalt.io and Product do not match.' ): cobalt_api_importer = CobaltApiImporter() cobalt_api_importer.prepare_client(test_3)
def get_findings(self, file, test): if file is None: data = CobaltApiImporter().get_findings(test) else: data = json.load(file) findings = [] for entry in data["data"]: resource = entry["resource"] links = entry["links"] if not self.include_finding(resource): continue cobalt_state = resource["state"] cobalt_severity = resource["severity"] cobalt_log = resource["log"] title = resource["title"] date = self.get_created_date(cobalt_log) description = "\n".join([ resource["description"], "", "Cobalt.io details:", f"- Impact: {resource['impact']}", f"- Likelihood: {resource['likelihood']}", "", "Cobalt.io link:", links["ui"]["url"], ]) mitigation = resource["suggested_fix"] steps_to_reproduce = resource["proof_of_concept"] endpoints = resource["affected_targets"] last_status_update = self.get_latest_update_date(cobalt_log) unique_id_from_tool = resource["id"] finding = Finding( test=test, title=textwrap.shorten(title, width=511, placeholder="..."), date=date, severity=self.convert_severity(cobalt_severity), description=description, mitigation=mitigation, steps_to_reproduce=steps_to_reproduce, active=self.is_active(cobalt_state), verified=self.is_verified(cobalt_state), false_p=self.is_false_p(cobalt_state), duplicate=self.is_duplicate(cobalt_state), out_of_scope=self.is_out_of_scope(cobalt_state), risk_accepted=self.is_risk_accepted(cobalt_state), is_mitigated=self.is_mitigated(cobalt_state), last_status_update=last_status_update, static_finding=False, dynamic_finding=True, unique_id_from_tool=unique_id_from_tool) finding.unsaved_endpoints = self.convert_endpoints(endpoints) findings.append(finding) return findings