def test_create_same_vuln_template_with_custom_fields(
self, session, test_client):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability')
session.add(custom_field_schema)
session.commit()
raw_data = {
"id": 123010,
"cwe": "",
"description": "test2",
"desc": "test2",
"exploitation": "critical",
"name": "test2",
"references": [],
"refs": [],
"resolution": "",
"type": "vulnerability_template",
"customfields": {
"cvss": "value",
}
}
res = test_client.post(self.url(), data=raw_data)
assert res.status_code == 201
assert res.json['customfields'] == {u'cvss': u'value'}
def test_update_vuln_template_with_custom_fields(self, session,
test_client):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability')
template = VulnerabilityTemplateFactory.create()
session.add(custom_field_schema)
session.add(template)
session.commit()
raw_data = {
"cwe": "",
"description": "test2",
"desc": "test2",
"exploitation": "critical",
"name": "test2",
"references": [],
"refs": [],
"resolution": "",
"type": "vulnerability_template",
"customfields": {
"cvss": "updated value",
}
}
res = test_client.put(self.url(template.id), data=raw_data)
assert res.status_code == 200
assert res.json['customfields'] == {u'cvss': u'updated value'}
vuln_template = session.query(VulnerabilityTemplate).filter_by(
id=template.id).first()
assert vuln_template.custom_fields == {u'cvss': u'updated value'}
def test_add_vuln_template_custom_fields_and_some_more_fields(self, session, test_client, csrf_token):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability'
)
session.add(custom_field_schema)
session.commit()
file_contents = b"""name,exploitation,resolution,data,cvss\n
"test",high,"resolution","technical details","5"
"""
data = {
'file': (BytesIO(file_contents), 'vulns.csv'),
'csrf_token': csrf_token
}
headers = {'Content-type': 'multipart/form-data'}
res = test_client.post('/v3/vulnerability_template/bulk_create',
data=data, headers=headers, use_json_data=False)
assert res.status_code == 200
assert len(res.json['vulns_created']) == 1
inserted_template = session.query(VulnerabilityTemplate).filter_by(name='test').first()
assert inserted_template.resolution == 'resolution'
assert inserted_template.severity == 'high'
assert inserted_template.data == 'technical details'
assert 'cvss' in inserted_template.custom_fields
assert inserted_template.custom_fields['cvss'] == '5'
def test_custom_fields_field_name_cant_be_changed(self, session,
test_client):
add_text_field = CustomFieldsSchemaFactory.create(
table_name='vulnerability',
field_name='cvss',
field_type='str',
field_order=1,
field_display_name='CVSS',
)
session.add(add_text_field)
session.commit()
data = {
u'field_name': u'cvss 2',
u'field_type': 'int',
u'talbe_name': 'sarasa',
u'field_display_name': u'CVSS new',
u'field_order': 1
}
res = test_client.put(self.url(add_text_field.id), data=data)
assert res.status_code == 200
custom_field_obj = session.query(CustomFieldsSchema).filter_by(
id=add_text_field.id).first()
assert custom_field_obj.field_name == 'cvss'
assert custom_field_obj.table_name == 'vulnerability'
assert custom_field_obj.field_type == 'str'
assert custom_field_obj.field_display_name == 'CVSS new'
def test_update_custom_field(self, api, session, test_client):
workspace = WorkspaceFactory.create()
custom_field = CustomFieldsSchemaFactory.create(
table_name='vulnerability',
field_name='cfield',
field_type='str',
field_order=1,
field_display_name='CField',
)
vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=True)
vuln.custom_fields = {'cfield': 'test'}
session.add(workspace)
session.add(custom_field)
session.add(vuln)
session.commit()
assert vuln.confirmed is True
searcher = Searcher(api(workspace, test_client, session))
rules = [{
'id': 'CHANGE_CUSTOM_FIELD',
'model': 'Vulnerability',
'object': "severity=low",
'conditions': ['confirmed=True'],
'actions': ["--UPDATE:cfield=CUSTOM_FIELD_UPDATED"]
}]
searcher.process(rules)
vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count()
assert vulns_count == 1
vuln = session.query(Vulnerability).filter_by(workspace=workspace).first()
assert vuln.custom_fields['cfield'] == 'CUSTOM_FIELD_UPDATED'
check_command(vuln, session)
def test_bulk_create_with_custom_fields_list(self, test_client, workspace,
session, logged_user):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='changes',
field_type='list',
field_display_name='Changes',
table_name='vulnerability')
session.add(custom_field_schema)
session.commit()
assert count(Host, workspace) == 0
assert count(VulnerabilityGeneric, workspace) == 0
url = self.check_url(f'/v2/ws/{workspace.name}/bulk_create/')
host_data_ = host_data.copy()
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_['custom_fields'] = {'changes': ['1', '2', '3']}
service_data_['vulnerabilities'] = [vuln_data_]
host_data_['services'] = [service_data_]
host_data_['credentials'] = [credential_data]
host_data_['vulnerabilities'] = [vuln_data_]
res = test_client.post(url,
data=dict(hosts=[host_data_],
command=command_data))
assert res.status_code == 201, res.json
assert count(Host, workspace) == 1
assert count(Service, workspace) == 1
assert count(Vulnerability, workspace) == 2
assert count(Command, workspace) == 1
host = Host.query.filter(Host.workspace == workspace).one()
assert host.ip == "127.0.0.1"
assert host.creator_id == logged_user.id
assert set({hn.name
for hn in host.hostnames}) == {"test.com", "test2.org"}
assert len(host.services) == 1
assert len(host.vulnerabilities) == 1
assert len(host.services[0].vulnerabilities) == 1
service = Service.query.filter(Service.workspace == workspace).one()
assert service.creator_id == logged_user.id
credential = Credential.query.filter(
Credential.workspace == workspace).one()
assert credential.creator_id == logged_user.id
command = Command.query.filter(Credential.workspace == workspace).one()
assert command.creator_id == logged_user.id
assert res.json["command_id"] == command.id
for vuln in Vulnerability.query.filter(
Vulnerability.workspace == workspace):
assert vuln.custom_fields['changes'] == ['1', '2', '3']
def test_custom_fields_data(self, session, test_client):
add_text_field = CustomFieldsSchemaFactory.create(
table_name='vulnerability',
field_name='cvss',
field_type='text',
field_order=1,
field_display_name='CVSS',
)
session.add(add_text_field)
session.commit()
res = test_client.get(self.url())
assert res.status_code == 200
assert {'table_name': 'vulnerability', 'id': add_text_field.id, 'field_type': 'text',
'field_name': 'cvss', 'field_display_name': 'CVSS', 'field_metadata': None,
'field_order': 1} in res.json
def test_add_custom_fields_with_metadata(self, session, test_client):
add_choice_field = CustomFieldsSchemaFactory.create(
table_name='vulnerability',
field_name='gender',
field_type='choice',
field_metadata=['Male', 'Female'],
field_order=1,
field_display_name='Gender',
)
session.add(add_choice_field)
session.commit()
res = test_client.get(self.url())
assert res.status_code == 200
assert {'table_name': 'vulnerability', 'id': add_choice_field.id, 'field_type': 'choice',
'field_name': 'gender', 'field_display_name': 'Gender', 'field_metadata': "['Male', 'Female']",
'field_order': 1} in res.json
def test_create_vuln_with_custom_fields(session, workspace):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='changes',
field_type='list',
field_display_name='Changes',
table_name='vulnerability'
)
session.add(custom_field_schema)
session.commit()
host_data_ = host_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_['custom_fields'] = {'changes': ['1', '2', '3']}
host_data_['vulnerabilities'] = [vuln_data_]
command = new_empty_command(workspace)
bc.bulk_create(workspace, command, dict(hosts=[host_data_],
command=command_data.copy()))
assert count(Host, workspace) == 1
assert count(Vulnerability, workspace) == 1
assert count(Command, workspace) == 1
for vuln in Vulnerability.query.filter(Vulnerability.workspace == workspace):
assert vuln.custom_fields['changes'] == ['1', '2', '3']