def test_verify_created_vulns_with_host_and_service_verification( self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) service = ServiceFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None) session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='service', object_id=service.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) session.commit() res = test_client.get( self.url(workspace=command.workspace) + 'activity_feed/') assert res.status_code == 200 assert res.json == [{ u'_id': command.id, u'command': command.command, u'import_source': u'shell', u'tool': command.tool, u'user': command.user, u'date': time.mktime(command.start_date.timetuple()) * 1000, u'params': command.params, u'hosts_count': 1, u'services_count': 1, u'vulnerabilities_count': 2, u'criticalIssue': 1 }]
def test_activity_feed(self, session, test_client): command = self.factory.create() another_command = EmptyCommandFactory.create(workspace=command.workspace) vuln = session.query(Vulnerability).get(command.command_objects[0].object_id) session.flush() CommandObjectFactory.create( command=another_command, object_type='vulnerability', object_id=vuln.id, workspace=command.workspace ) CommandObjectFactory.create( command=another_command, object_type='host', object_id=vuln.host.id, workspace=command.workspace ) session.commit() res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed')) assert res.status_code == 200 assert list(filter(lambda stats: stats['_id'] == command.id, res.json)) == [ {'_id': command.id, 'command': command.command, 'import_source': 'shell', 'user': command.user, 'date': time.mktime(command.start_date.timetuple()) * 1000, 'params': command.params, 'tool': command.tool, 'hosts_count': 1, 'services_count': 0, 'vulnerabilities_count': 1, 'criticalIssue': 0}] assert list(filter(lambda stats: stats['_id'] == another_command.id, res.json)) == [{ '_id': another_command.id, 'command': another_command.command, 'import_source': 'shell', 'tool': another_command.tool, 'user': another_command.user, 'date': time.mktime( another_command.start_date.timetuple()) * 1000, 'params': another_command.params, 'hosts_count': 0, 'services_count': 0, 'vulnerabilities_count': 0, 'criticalIssue': 0}]
def test_create_host_cant_assign_command_from_another_workspace(self, test_client, session): command = EmptyCommandFactory.create() new_workspace = WorkspaceFactory.create() session.commit() assert len(command.command_objects) == 0 url = self.url(workspace=new_workspace) + '?' + urlencode({'command_id': command.id}) res = test_client.post(url, data={ "ip": "127.0.0.1", "description": "aaaaa", }) assert res.status_code == 400 assert res.json == {u'message': u'Command not found.'} assert len(command.command_objects) == 0
def test_create_host_from_command(self, test_client, session): command = EmptyCommandFactory.create() session.commit() assert len(command.command_objects) == 0 url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id}) res = test_client.post(url, data={ "ip": "127.0.0.1", "description": "aaaaa", }) assert res.status_code == 201 assert len(command.command_objects) == 1 cmd_obj = command.command_objects[0] assert cmd_obj.object_type == 'host' assert cmd_obj.object_id == res.json['id']
def test_verify_created_critical_vulns_is_correctly_showing_sum_values(self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) session.flush() CommandObjectFactory.create( command=command, object_type='host', object_id=host.id, workspace=workspace ) CommandObjectFactory.create( command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace ) CommandObjectFactory.create( command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace ) session.commit() res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed')) assert res.status_code == 200 assert res.json == [ {'_id': command.id, 'command': command.command, 'import_source': 'shell', 'tool': command.tool, 'user': command.user, 'date': time.mktime(command.start_date.timetuple()) * 1000, 'params': command.params, 'hosts_count': 1, 'services_count': 0, 'vulnerabilities_count': 2, 'criticalIssue': 1} ]
def test_create_service_from_command(self, test_client, session): host = HostFactory.create(workspace=self.workspace) command = EmptyCommandFactory.create(workspace=self.workspace) session.commit() assert len(command.command_objects) == 0 url = self.url(workspace=command.workspace) + '?' + urlencode({'command_id': command.id}) raw_data = { "name": "SSH", "description": "SSH service", "owned": False, "ports": [22], "protocol": "tcp", "status": "open", "parent": host.id } res = test_client.post(url, data=raw_data) assert res.status_code == 201 assert len(command.command_objects) == 1 cmd_obj = command.command_objects[0] assert cmd_obj.object_type == 'service' assert cmd_obj.object_id == res.json['id']
def test_multiple_commands_executed_with_same_objects_found( self, session, test_client): """ This text verifies that multiple command does not affect activity feed counters. """ workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None) service = ServiceFactory.create(workspace=workspace) commands = [] in_the_middle_commands = [] first_command = None for index in range(0, 10): command = EmptyCommandFactory.create(workspace=workspace) commands.append(command) if index > 0: # in the middle commands should not affect counters (should be at 0) in_the_middle_commands.append(command) else: first_command = command session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace) # This command will change activity feed counters vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None) session.flush() last_command = EmptyCommandFactory.create(workspace=workspace) CommandObjectFactory.create(command=last_command, object_type='service', object_id=service.id, workspace=workspace) CommandObjectFactory.create(command=last_command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) session.commit() res = test_client.get( self.url(workspace=command.workspace) + 'activity_feed/') assert res.status_code == 200 raw_first_command = list( filter(lambda comm: comm['_id'] == commands[0].id, res.json)) assert raw_first_command.pop() == { u'_id': first_command.id, u'command': first_command.command, u'import_source': u'shell', u'user': first_command.user, u'date': time.mktime(first_command.start_date.timetuple()) * 1000, u'params': first_command.params, u'hosts_count': 1, u'services_count': 0, u'vulnerabilities_count': 1, u'tool': first_command.tool, u'criticalIssue': 0 } for in_the_middle_command in in_the_middle_commands: raw_in_the_middle_command = list( filter(lambda comm: comm['_id'] == in_the_middle_command.id, res.json)) assert raw_in_the_middle_command.pop() == { u'_id': in_the_middle_command.id, u'command': in_the_middle_command.command, u'import_source': u'shell', u'user': in_the_middle_command.user, u'date': time.mktime(in_the_middle_command.start_date.timetuple()) * 1000, u'params': in_the_middle_command.params, u'hosts_count': 0, u'tool': in_the_middle_command.tool, u'services_count': 0, u'vulnerabilities_count': 0, u'criticalIssue': 0 } # new command must create new service and vuln raw_last_command = list( filter(lambda comm: comm['_id'] == last_command.id, res.json)) assert raw_last_command.pop() == { u'_id': last_command.id, u'command': last_command.command, u'import_source': u'shell', u'user': last_command.user, u'date': time.mktime(last_command.start_date.timetuple()) * 1000, u'params': last_command.params, u'hosts_count': 0, u'tool': last_command.tool, u'services_count': 1, u'vulnerabilities_count': 1, u'criticalIssue': 0 }
def test_verify_correct_severities_sum_values(self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) vuln_critical = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_high = VulnerabilityFactory.create(severity='high', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) vuln_med2 = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) vuln_low = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None) vuln_info = VulnerabilityFactory.create(severity='informational', workspace=workspace, host=host, service=None) vuln_info2 = VulnerabilityFactory.create(severity='informational', workspace=workspace, host=host, service=None) vuln_unclassified = VulnerabilityFactory.create( severity='unclassified', workspace=workspace, host=host, service=None) session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_critical.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_high.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med2.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_low.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_info.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_info2.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_unclassified.id, workspace=workspace) session.commit() res = test_client.get(f'/v2/ws/{command.workspace.name}/activities/') assert res.status_code == 200 assert res.json['activities'][0]['vulnerabilities_count'] == 8 assert res.json['activities'][0]['criticalIssue'] == 1 assert res.json['activities'][0]['highIssue'] == 1 assert res.json['activities'][0]['mediumIssue'] == 2 assert res.json['activities'][0]['lowIssue'] == 1 assert res.json['activities'][0]['infoIssue'] == 2 assert res.json['activities'][0]['unclassifiedIssue'] == 1