def test_build_alive_test_opt(self): w = DummyDaemon() alive_test_out = [ "1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no", "1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes", "1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no", "1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes", ] target_options_dict = {'alive_test': '2'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_alive_test_opt_as_prefs(target_options_dict) self.assertEqual(ret, alive_test_out) # alive test was supplied via sepertae xml element w = DummyDaemon() alive_test_out = [ "1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no", "1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes", "1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no", "1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes", ] target_options_dict = {'alive_test_methods': '1', 'icmp': '1'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_alive_test_opt_as_prefs(target_options_dict) self.assertEqual(ret, alive_test_out)
def test_build_alive_test_opt_empty(self): w = DummyDaemon() target_options_dict = {'alive_test': '0'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_alive_test_opt_as_prefs(target_options_dict) self.assertEqual(ret, {}) # alive test was supplied via separate xml element w = DummyDaemon() target_options_dict = {'alive_test_methods': '1', 'icmp': '0'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_alive_test_opt_as_prefs(target_options_dict) self.assertEqual(ret, {})
def test_set_alive_pinghost(self, mock_kb): w = DummyDaemon() alive_test_out = [ "1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no", "1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes", "1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no", "1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes", ] t_opt = {'alive_test': 2} w.scan_collection.get_target_options = MagicMock(return_value=t_opt) ov_setting = {'some_setiting': 1} Openvas.get_settings = Mock() Openvas.get_settings.reprepare_mock() Openvas.get_settings.return_value = ov_setting p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p._openvas_scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_alive_test_option_for_openvas() p.kbdb.add_scan_preferences.assert_called_with( p._openvas_scan_id, alive_test_out, )
def test_snmp_unknown_auth_alg_credentials(self, mock_kb): dummy = DummyDaemon() creds = { 'snmp': { 'type': 'snmp', 'username': '******', 'password': '******', 'community': 'some comunity', 'auth_algorithm': 'sha2', }, } dummy.scan_collection.get_credentials = MagicMock(return_value=creds) p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, None ) p_handler.scan_id = '456-789' p_handler.kbdb.add_scan_preferences = MagicMock() ret = p_handler.prepare_credentials_for_openvas() errors = p_handler.get_error_messages() self.assertFalse(ret) self.assertIn( "Unknown authentication algorithm: " + "sha2" + ". Use 'md5' or 'sha1'.", errors, )
def test_prepare_alive_test_not_supplied_as_enum(self, mock_kb): w = DummyDaemon() alive_test_out = { "1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping": "no", "1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping": "no", "1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping": "no", "1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping": "yes", "1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP": "no", "1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)": "yes", } t_opt = {'alive_test_methods': '1', 'icmp': '1'} w.scan_collection.get_target_options = MagicMock(return_value=t_opt) ov_setting = {'some_setting': 1} with patch.object(Openvas, 'get_settings', return_value=ov_setting): p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p._nvts_params = {} p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_alive_test_option_for_openvas() self.assertEqual(p._nvts_params, alive_test_out)
def test_missing_type_for_ssh_credentials(self, mock_kb): dummy = DummyDaemon() creds = { 'ssh': { 'port': '22', 'username': '******', 'password': '******', }, } dummy.scan_collection.get_credentials = MagicMock(return_value=creds) p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, None ) p_handler.scan_id = '456-789' p_handler.kbdb.add_scan_preferences = MagicMock() ret = p_handler.prepare_credentials_for_openvas() errors = p_handler.get_error_messages() self.assertFalse(ret) self.assertIn( "Missing Credential Type for SSH." + " Use 'up' for Username + Password" + " or 'usk' for Username + SSH Key.", errors, )
def test_snmp_no_priv_alg_but_pw_credentials(self, mock_kb): dummy = DummyDaemon() creds = { 'snmp': { 'type': 'snmp', 'username': '******', 'password': '******', 'community': 'some comunity', 'auth_algorithm': 'sha1', 'privacy_password': '******', }, } dummy.scan_collection.get_credentials = MagicMock(return_value=creds) p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, None ) p_handler.scan_id = '456-789' p_handler.kbdb.add_scan_preferences = MagicMock() ret = p_handler.prepare_credentials_for_openvas() errors = p_handler.get_error_messages() self.assertFalse(ret) self.assertIn( "When no privacy algorithm is used, the privacy" + " password also has to be empty.", errors, )
def test_set_bad_service_credentials(self, mock_kb): dummy = DummyDaemon() # bad cred type shh instead of ssh creds = { 'shh': { 'type': 'up', 'port': '22', 'username': '******', 'password': '******', }, } dummy.scan_collection.get_credentials = MagicMock(return_value=creds) p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, None ) p_handler.scan_id = '456-789' p_handler.kbdb.add_scan_preferences = MagicMock() ret = p_handler.prepare_credentials_for_openvas() errors = p_handler.get_error_messages() self.assertFalse(ret) self.assertIn("Unknown service type for credential: shh", errors)
def test_build_credentials_ssh_up(self): dummy = DummyDaemon() cred_out = [ 'auth_port_ssh|||22', '1.3.6.1.4.1.25623.1.0.103591:1:entry:SSH login name:|||username', '1.3.6.1.4.1.25623.1.0.103591:3:' 'password:SSH password (unsafe!):|||pass', '1.3.6.1.4.1.25623.1.0.103591:7:entry:SSH privilege login name:|||', '1.3.6.1.4.1.25623.1.0.103591:8:' 'password:SSH privilege password:|||', ] cred_dict = { 'ssh': { 'type': 'up', 'port': '22', 'username': '******', 'password': '******', } } p_handler = PreferenceHandler( '1234-1234', None, dummy.scan_collection, None ) ret = p_handler.build_credentials_as_prefs(cred_dict) self.assertCountEqual(ret, cred_out)
def test_set_alive_pinghost(self, mock_kb): w = DummyDaemon() alive_test_out = [ "1.3.6.1.4.1.25623.1.0.100315:1:checkbox:Do a TCP ping|||no", "1.3.6.1.4.1.25623.1.0.100315:2:checkbox:TCP ping tries also TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:7:checkbox:TCP ping tries only TCP-SYN ping|||no", "1.3.6.1.4.1.25623.1.0.100315:3:checkbox:Do an ICMP ping|||yes", "1.3.6.1.4.1.25623.1.0.100315:4:checkbox:Use ARP|||no", "1.3.6.1.4.1.25623.1.0.100315:5:checkbox:Mark unrechable Hosts as dead (not scanning)|||yes", ] t_opt = {'alive_test': 2} w.scan_collection.get_target_options = MagicMock(return_value=t_opt) ov_setting = {'some_setting': 1} with patch.object(Openvas, 'get_settings', return_value=ov_setting): p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p._nvts_params = {} p._openvas_scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_alive_test_option_for_openvas() for key, value in p._nvts_params.items(): self.assertTrue( "{0}|||{1}".format(key, value) in alive_test_out)
def test_set_scan_params(self, mock_kb): dummy = DummyDaemon() ospd_param_dict = { 'drop_privileges': { 'type': 'boolean', 'name': 'drop_privileges', 'default': 0, 'mandatory': 1, 'description': '', }, } opt = {'drop_privileges': 1} dummy.scan_collection.get_options = MagicMock(return_value=opt) p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, None ) p_handler.scan_id = '456-789' p_handler.kbdb.add_scan_preferences = MagicMock() p_handler.prepare_scan_params_for_openvas(ospd_param_dict) p_handler.kbdb.add_scan_preferences.assert_called_with( p_handler.scan_id, ['drop_privileges|||yes'] )
def test_set_scan_params(self, mock_kb): w = DummyDaemon() OSPD_PARAMS_MOCK = { 'drop_privileges': { 'type': 'boolean', 'name': 'drop_privileges', 'default': 0, 'mandatory': 1, 'description': '', }, } opt = {'drop_privileges': 1} w.scan_collection.get_options = MagicMock(return_value=opt) p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_scan_params_for_openvas(OSPD_PARAMS_MOCK) p.kbdb.add_scan_preferences.assert_called_with( p.scan_id, ['drop_privileges|||yes'] )
def test_set_ports_invalid(self, mock_kb): w = DummyDaemon() w.scan_collection.get_ports = MagicMock(return_value='2,-9,4') p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() self.assertFalse(p.prepare_ports_for_openvas())
def test_build_alive_test_opt_empty(self): w = DummyDaemon() target_options_dict = {'alive_test': '0'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_alive_test_opt_as_prefs(target_options_dict) self.assertEqual(ret, [])
def test_prepare_nvt_prefs_no_prefs(self, mock_kb): w = DummyDaemon() p = PreferenceHandler('456-789', mock_kb, w.scan_collection, None) p._nvts_params = {} p.kbdb.add_scan_preferences = MagicMock() p.prepare_nvt_preferences() p.kbdb.add_scan_preferences.assert_not_called()
def test_build_credentials(self): w = DummyDaemon() cred_out = [ '1.3.6.1.4.1.25623.1.0.105058:1:entry:ESXi login name:|||username', '1.3.6.1.4.1.25623.1.0.105058:2:password:ESXi login password:|||pass', 'auth_port_ssh|||22', '1.3.6.1.4.1.25623.1.0.103591:1:entry:SSH login name:|||username', '1.3.6.1.4.1.25623.1.0.103591:2:password:SSH key passphrase:|||pass', '1.3.6.1.4.1.25623.1.0.103591:4:file:SSH private key:|||', '1.3.6.1.4.1.25623.1.0.90023:1:entry:SMB login:|||username', '1.3.6.1.4.1.25623.1.0.90023:2:password]:SMB password :|||pass', '1.3.6.1.4.1.25623.1.0.105076:1:password:SNMP Community:some comunity', '1.3.6.1.4.1.25623.1.0.105076:2:entry:SNMPv3 Username:username', '1.3.6.1.4.1.25623.1.0.105076:3:password:SNMPv3 Password:pass', '1.3.6.1.4.1.25623.1.0.105076:4:radio:SNMPv3 Authentication Algorithm:some auth algo', '1.3.6.1.4.1.25623.1.0.105076:5:password:SNMPv3 Privacy Password:privacy pass', '1.3.6.1.4.1.25623.1.0.105076:6:radio:SNMPv3 Privacy Algorithm:privacy algo', ] cred_dict = { 'ssh': { 'type': 'ssh', 'port': '22', 'username': '******', 'password': '******', }, 'smb': { 'type': 'smb', 'username': '******', 'password': '******' }, 'esxi': { 'type': 'esxi', 'username': '******', 'password': '******', }, 'snmp': { 'type': 'snmp', 'username': '******', 'password': '******', 'community': 'some comunity', 'auth_algorithm': 'some auth algo', 'privacy_password': '******', 'privacy_algorithm': 'privacy algo', }, } p = PreferenceHandler('1234-1234', None, w.scan_collection, None) ret = p.build_credentials_as_prefs(cred_dict) self.assertEqual(len(ret), len(cred_out)) self.assertIn('auth_port_ssh|||22', cred_out) self.assertIn( '1.3.6.1.4.1.25623.1.0.90023:1:entry:SMB login:|||username', cred_out, )
def test_build_alive_test_opt_fail_1(self): w = DummyDaemon() logging.Logger.debug = Mock() target_options_dict = {'alive_test': 'a'} p = PreferenceHandler('1234-1234', None, w.scan_collection, None) target_options = p.build_alive_test_opt_as_prefs(target_options_dict) assert_called_once(logging.Logger.debug) self.assertEqual(len(target_options), 0)
def test_set_main_kbindex(self, mock_kb): w = DummyDaemon() p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.kbdb.add_scan_preferences = Mock() p.kbdb.index = 2 p.prepare_main_kbindex_for_openvas() p.kbdb.add_scan_preferences.assert_called_with( p.scan_id, ['ov_maindbid|||2'], )
def test_prepare_nvt_prefs_no_prefs(self, mock_kb): dummy = DummyDaemon() p_handler = PreferenceHandler( '456-789', mock_kb, dummy.scan_collection, None ) p_handler._nvts_params = {} # pylint: disable = protected-access p_handler.kbdb.add_scan_preferences = MagicMock() p_handler.prepare_nvt_preferences() p_handler.kbdb.add_scan_preferences.assert_not_called()
def test_set_plugins_false(self, mock_kb): w = DummyDaemon() w.scan_collection.get_vts = Mock() w.scan_collection.get_vts.return_value = {} p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, w.nvti) p.kbdb.add_scan_preferences = Mock() r = p.prepare_plugins_for_openvas() self.assertFalse(r)
def test_set_boreas_alive_test_without_settings(self, mock_kb): w = DummyDaemon() t_opt = {'alive_test': 16} w.scan_collection.get_target_options = MagicMock(return_value=t_opt) ov_setting = {} with patch.object(Openvas, 'get_settings', return_value=ov_setting): p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_boreas_alive_test() p.kbdb.add_scan_preferences.assert_not_called()
def test_set_ports(self, mock_kb): w = DummyDaemon() w.scan_collection.get_ports = MagicMock(return_value='80,443') p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_ports_for_openvas() p.kbdb.add_scan_preferences.assert_called_with( p.scan_id, ['port_range|||80,443'], )
def test_set_credentials_empty(self, mock_kb): w = DummyDaemon() creds = {} w.scan_collection.get_credentials = MagicMock(return_value=creds) p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p._openvas_scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() r = p.prepare_credentials_for_openvas() self.assertTrue(r)
def test_set_target(self, mock_kb): w = DummyDaemon() w.scan_collection.get_host_list = MagicMock(return_value='192.168.0.1') p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_target_for_openvas() p.kbdb.add_scan_preferences.assert_called_with( p.scan_id, ['TARGET|||192.168.0.1'], )
def test_set_plugins_false(self, mock_kb): dummy = DummyDaemon() dummy.scan_collection.get_vts = Mock() dummy.scan_collection.get_vts.return_value = {} p_handler = PreferenceHandler( '1234-1234', mock_kb, dummy.scan_collection, dummy.nvti ) p_handler.kbdb.add_scan_preferences = Mock() ret = p_handler.prepare_plugins_for_openvas() self.assertFalse(ret)
def test_set_host_options_none(self, mock_kb): w = DummyDaemon() exc = '' w.scan_collection.get_exclude_hosts = MagicMock(return_value=exc) p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p._openvas_scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_host_options_for_openvas() p.kbdb.add_scan_preferences.assert_not_called()
def test_process_vts_bad_param_id(self): w = DummyDaemon() vts = { '1.3.6.1.4.1.25623.1.0.100061': {'3': 'new value'}, 'vt_groups': ['family=debian', 'family=general'], } p = PreferenceHandler('1234-1234', None, w.scan_collection, w.nvti) ret = p._process_vts(vts) self.assertFalse(ret[1])
def test_process_vts_not_found(self, mock_kb): w = DummyDaemon() logging.Logger.warning = Mock() vts = { '1.3.6.1.4.1.25623.1.0.100065': {'3': 'new value'}, 'vt_groups': ['family=debian', 'family=general'], } p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, w.nvti) w.nvti.get_nvt_metadata.return_value = None p._process_vts(vts) assert_called_once(logging.Logger.warning)
def test_set_alive_no_invalid_alive_test_no_enum(self, mock_kb): w = DummyDaemon() t_opt = {'alive_test_methods': '1', 'icmp': '-1'} w.scan_collection.get_target_options = MagicMock(return_value=t_opt) ov_setting = {'some_setting': 1} with patch.object(Openvas, 'get_settings', return_value=ov_setting): p = PreferenceHandler('1234-1234', mock_kb, w.scan_collection, None) p.scan_id = '456-789' p.kbdb.add_scan_preferences = MagicMock() p.prepare_alive_test_option_for_openvas() p.kbdb.add_scan_preferences.assert_not_called()
def test_not_append_notus_oids(self): dummy = DummyDaemon() vts = { '1.3.6.1.4.1.25623.1.0.100061': {'1': 'new value'}, 'vt_groups': ['family=debian', 'family=general'], } p_handler = PreferenceHandler( '1234-1234', None, dummy.scan_collection, dummy.nvti, lambda _: True ) re = p_handler._process_vts(vts) # pylint: disable = protected-access self.assertEqual(re[0], []) self.assertEqual(re[1], {})