def test_update_vuln_template_with_custom_fields(self, session,
test_client):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability')
template = VulnerabilityTemplateFactory.create()
session.add(custom_field_schema)
session.add(template)
session.commit()
raw_data = {
"cwe": "",
"description": "test2",
"desc": "test2",
"exploitation": "critical",
"name": "test2",
"references": [],
"refs": [],
"resolution": "",
"type": "vulnerability_template",
"customfields": {
"cvss": "updated value",
}
}
res = test_client.put(self.url(template.id), data=raw_data)
assert res.status_code == 200
assert res.json['customfields'] == {u'cvss': u'updated value'}
vuln_template = session.query(VulnerabilityTemplate).filter_by(
id=template.id).first()
assert vuln_template.custom_fields == {u'cvss': u'updated value'}
def test_create_same_vuln_template_with_custom_fields(
self, session, test_client):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability')
session.add(custom_field_schema)
session.commit()
raw_data = {
"id": 123010,
"cwe": "",
"description": "test2",
"desc": "test2",
"exploitation": "critical",
"name": "test2",
"references": [],
"refs": [],
"resolution": "",
"type": "vulnerability_template",
"customfields": {
"cvss": "value",
}
}
res = test_client.post(self.url(), data=raw_data)
assert res.status_code == 201
assert res.json['customfields'] == {u'cvss': u'value'}
def test_add_vuln_template_custom_fields_and_some_more_fields(self, session, test_client, csrf_token):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='cvss',
field_type='str',
field_display_name='CVSS',
table_name='vulnerability'
)
session.add(custom_field_schema)
session.commit()
file_contents = b"""name,exploitation,resolution,data,cvss\n
"test",high,"resolution","technical details","5"
"""
data = {
'file': (BytesIO(file_contents), 'vulns.csv'),
'csrf_token': csrf_token
}
headers = {'Content-type': 'multipart/form-data'}
res = test_client.post('/v3/vulnerability_template/bulk_create',
data=data, headers=headers, use_json_data=False)
assert res.status_code == 200
assert len(res.json['vulns_created']) == 1
inserted_template = session.query(VulnerabilityTemplate).filter_by(name='test').first()
assert inserted_template.resolution == 'resolution'
assert inserted_template.severity == 'high'
assert inserted_template.data == 'technical details'
assert 'cvss' in inserted_template.custom_fields
assert inserted_template.custom_fields['cvss'] == '5'
def test_bulk_create_with_custom_fields_list(self, test_client, workspace,
session, logged_user):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='changes',
field_type='list',
field_display_name='Changes',
table_name='vulnerability')
session.add(custom_field_schema)
session.commit()
assert count(Host, workspace) == 0
assert count(VulnerabilityGeneric, workspace) == 0
url = self.check_url(f'/v2/ws/{workspace.name}/bulk_create/')
host_data_ = host_data.copy()
service_data_ = service_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_['custom_fields'] = {'changes': ['1', '2', '3']}
service_data_['vulnerabilities'] = [vuln_data_]
host_data_['services'] = [service_data_]
host_data_['credentials'] = [credential_data]
host_data_['vulnerabilities'] = [vuln_data_]
res = test_client.post(url,
data=dict(hosts=[host_data_],
command=command_data))
assert res.status_code == 201, res.json
assert count(Host, workspace) == 1
assert count(Service, workspace) == 1
assert count(Vulnerability, workspace) == 2
assert count(Command, workspace) == 1
host = Host.query.filter(Host.workspace == workspace).one()
assert host.ip == "127.0.0.1"
assert host.creator_id == logged_user.id
assert set({hn.name
for hn in host.hostnames}) == {"test.com", "test2.org"}
assert len(host.services) == 1
assert len(host.vulnerabilities) == 1
assert len(host.services[0].vulnerabilities) == 1
service = Service.query.filter(Service.workspace == workspace).one()
assert service.creator_id == logged_user.id
credential = Credential.query.filter(
Credential.workspace == workspace).one()
assert credential.creator_id == logged_user.id
command = Command.query.filter(Credential.workspace == workspace).one()
assert command.creator_id == logged_user.id
assert res.json["command_id"] == command.id
for vuln in Vulnerability.query.filter(
Vulnerability.workspace == workspace):
assert vuln.custom_fields['changes'] == ['1', '2', '3']
def test_create_vuln_with_custom_fields(session, workspace):
custom_field_schema = CustomFieldsSchemaFactory(
field_name='changes',
field_type='list',
field_display_name='Changes',
table_name='vulnerability'
)
session.add(custom_field_schema)
session.commit()
host_data_ = host_data.copy()
vuln_data_ = vuln_data.copy()
vuln_data_['custom_fields'] = {'changes': ['1', '2', '3']}
host_data_['vulnerabilities'] = [vuln_data_]
command = new_empty_command(workspace)
bc.bulk_create(workspace, command, dict(hosts=[host_data_],
command=command_data.copy()))
assert count(Host, workspace) == 1
assert count(Vulnerability, workspace) == 1
assert count(Command, workspace) == 1
for vuln in Vulnerability.query.filter(Vulnerability.workspace == workspace):
assert vuln.custom_fields['changes'] == ['1', '2', '3']