def test_cobalt_api_parser_with_invalid_finding(self):
     testfile = open(
         "dojo/unittests/scans/cobalt_api/cobalt_api_one_vul_invalid.json")
     parser = CobaltApiParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     for finding in findings:
         for endpoint in finding.unsaved_endpoints:
             endpoint.clean()
     self.assertEqual(1, len(findings))
     finding = findings[0]
     self.assertEqual("SQL Injection", finding.title)
     self.assertEqual("2021-01-01", finding.date)
     self.assertEqual("Low", finding.severity)
     self.assertIn("A SQL injection attack...", finding.description)
     self.assertEqual("Ensure this...", finding.mitigation)
     self.assertEqual("Do this than that...", finding.steps_to_reproduce)
     self.assertEqual("2021-01-02", finding.last_status_update)
     self.assertEqual("vu_5wXY6bq", finding.unique_id_from_tool)
     self.assertFalse(finding.active)
     self.assertTrue(finding.verified)
     self.assertTrue(finding.false_p)
     self.assertFalse(finding.duplicate)
     self.assertFalse(finding.out_of_scope)
     self.assertFalse(finding.risk_accepted)
     self.assertFalse(finding.is_mitigated)
     self.assertFalse(finding.static_finding)
     self.assertTrue(finding.dynamic_finding)
 def test_cobalt_api_parser_with_no_vuln_has_no_findings(self):
     testfile = open(
         "dojo/unittests/scans/cobalt_api/cobalt_api_zero_vul.json")
     parser = CobaltApiParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(0, len(findings))
 def test_cobalt_api_parser_with_carried_over_finding(self):
     testfile = open(
         "dojo/unittests/scans/cobalt_api/cobalt_api_one_vul_carried_over.json"
     )
     parser = CobaltApiParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     for finding in findings:
         for endpoint in finding.unsaved_endpoints:
             endpoint.clean()
     self.assertEqual(1, len(findings))
     finding = findings[0]
     self.assertEqual("Missing firewall", finding.title)
     self.assertEqual("2021-06-03", finding.date)
     self.assertEqual("Low", finding.severity)
     self.assertIn("A firewall is...", finding.description)
     self.assertEqual("Be sure to...", finding.mitigation)
     self.assertEqual("Try this...", finding.steps_to_reproduce)
     self.assertEqual("2021-06-05", finding.last_status_update)
     self.assertEqual("vu_5wXY6bq", finding.unique_id_from_tool)
     self.assertTrue(finding.active)
     self.assertTrue(finding.verified)
     self.assertFalse(finding.false_p)
     self.assertFalse(finding.duplicate)
     self.assertFalse(finding.out_of_scope)
     self.assertFalse(finding.risk_accepted)
     self.assertFalse(finding.is_mitigated)
     self.assertFalse(finding.static_finding)
     self.assertTrue(finding.dynamic_finding)
예제 #4
0
 def test_cobalt_api_parser_with_many_vuln_has_many_findings(self):
     testfile = open("unittests/scans/cobalt_api/cobalt_api_many_vul.json")
     parser = CobaltApiParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     for finding in findings:
         for endpoint in finding.unsaved_endpoints:
             endpoint.clean()
     self.assertEqual(3, len(findings))
    def test_cobalt_api_parser_with_api(self, mock):
        with open('dojo/unittests/scans/cobalt_api/cobalt_api_many_vul.json'
                  ) as api_findings_file:
            api_findings = json.load(api_findings_file)
        mock.return_value = api_findings

        test_type = Test_Type()
        test_type.name = 'test_type'
        test = Test()
        test.test_type = test_type

        parser = CobaltApiParser()
        findings = parser.get_findings(None, test)

        mock.assert_called_with(test)
        self.assertEqual(3, len(findings))
        self.assertEqual(findings[0].title, 'SQL Injection')
        self.assertEqual(findings[1].title, 'Cross Site Scripting')
        self.assertEqual(findings[2].title, 'Missing firewall')