def get_server_status(self, server):
try:
conn = Connection(server.host)
#add auth
scan = Scan(conn)
scan.scan_id = conn.get_scans()[0].scan_id
scan.running = conn.get_scans()[0].status
except:
scan = None
return scan
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(
httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
#
# Responses for ?page pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
#
# Responses for ?id=0 pagination
#
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/45'),
body=TRAFFIC_DETAIL_RESPONSE_45,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/traffic/46'),
body=TRAFFIC_DETAIL_RESPONSE_46,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the log using the ids
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [
LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0),
LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1)
]
received_log_entries = []
for log_entry in log.get_by_start_id(0):
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)
all_traffic = finding.get_traffic()
self.assertIsInstance(all_traffic, list)
self.assertEqual(len(all_traffic), 2)
traffic = all_traffic[0]
self.assertIn('GET ', traffic.get_request())
self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self):
#
# Mock all HTTP responses
#
httpretty.register_uri(httpretty.GET,
self.get_url('/'),
body=INDEX_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/version'),
body=VERSION_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.POST,
self.get_url('/scans/'),
body=SCAN_START_RESPONSE,
content_type='application/json',
status=201)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/status'),
body=SCAN_STATUS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/1/status'),
body=NOT_FOUND,
content_type='application/json',
status=404)
httpretty.register_uri(httpretty.GET,
self.get_url('/scans/0/log'),
responses=[
httpretty.Response(body=LOG_RESPONSE,
content_type='application/json',
status=200),
httpretty.Response(body=EMPTY_LOG_RESPONSE,
content_type='application/json',
status=200),
])
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/'),
body=FINDINGS_RESPONSE,
content_type='application/json')
httpretty.register_uri(httpretty.GET,
self.get_url('/kb/0'),
body=FINDINGS_DETAIL_RESPONSE,
content_type='application/json')
conn = Connection(self.api_url)
#conn.set_verbose(True)
self.assertTrue(conn.can_access_api())
#
# Start a scan and assert
#
scan = Scan(conn)
self.assertIsNone(scan.scan_id)
scan.start('mock_profile', [TARGET_URL])
self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST)
self.assertEqual(scan.scan_id, 0)
#
# Get scan status
#
json_data = scan.get_status()
self.assertEqual(json_data['is_running'], True)
self.assertEqual(json_data['is_paused'], False)
self.assertEqual(json_data['exception'], None)
#
# Test the error handling
#
scan.scan_id = 1
self.assertRaises(APIException, scan.get_status)
scan.scan_id = 0
#
# Get the log
#
log = scan.get_log()
self.assertIsInstance(log, Log)
expected_log_entries = [LogEntry('debug', 'one',
'23-Jun-2015 16:21', None),
LogEntry('vulnerability', 'two',
'23-Jun-2015 16:22', 'High')]
received_log_entries = []
for log_entry in log:
self.assertIsInstance(log_entry, LogEntry)
received_log_entries.append(log_entry)
self.assertEqual(received_log_entries, expected_log_entries)
#
# Get the vulnerabilities
#
findings = scan.get_findings()
self.assertIsInstance(findings, list)
self.assertEqual(len(findings), 1)
finding = findings[0]
self.assertEqual(finding.name, 'SQL injection')
self.assertIsInstance(finding, Finding)
