def get_server_status(self, server): try: conn = Connection(server.host) #add auth scan = Scan(conn) scan.scan_id = conn.get_scans()[0].scan_id scan.running = conn.get_scans()[0].status except: scan = None return scan
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri( httpretty.GET, self.get_url('/scans/0/log'), responses=[ # # Responses for ?page pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), # # Responses for ?id=0 pagination # httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/45'), body=TRAFFIC_DETAIL_RESPONSE_45, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/traffic/46'), body=TRAFFIC_DETAIL_RESPONSE_46, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the log using the ids # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [ LogEntry('debug', 'one', '23-Jun-2015 16:21', None, 0), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High', 1) ] received_log_entries = [] for log_entry in log.get_by_start_id(0): self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding) all_traffic = finding.get_traffic() self.assertIsInstance(all_traffic, list) self.assertEqual(len(all_traffic), 2) traffic = all_traffic[0] self.assertIn('GET ', traffic.get_request()) self.assertIn('<html>', traffic.get_response())
def test_simple_scan(self): # # Mock all HTTP responses # httpretty.register_uri(httpretty.GET, self.get_url('/'), body=INDEX_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/version'), body=VERSION_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.POST, self.get_url('/scans/'), body=SCAN_START_RESPONSE, content_type='application/json', status=201) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/status'), body=SCAN_STATUS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/scans/1/status'), body=NOT_FOUND, content_type='application/json', status=404) httpretty.register_uri(httpretty.GET, self.get_url('/scans/0/log'), responses=[ httpretty.Response(body=LOG_RESPONSE, content_type='application/json', status=200), httpretty.Response(body=EMPTY_LOG_RESPONSE, content_type='application/json', status=200), ]) httpretty.register_uri(httpretty.GET, self.get_url('/kb/'), body=FINDINGS_RESPONSE, content_type='application/json') httpretty.register_uri(httpretty.GET, self.get_url('/kb/0'), body=FINDINGS_DETAIL_RESPONSE, content_type='application/json') conn = Connection(self.api_url) #conn.set_verbose(True) self.assertTrue(conn.can_access_api()) # # Start a scan and assert # scan = Scan(conn) self.assertIsNone(scan.scan_id) scan.start('mock_profile', [TARGET_URL]) self.assertJSONEquals(httpretty.last_request(), SCAN_START_REQUEST) self.assertEqual(scan.scan_id, 0) # # Get scan status # json_data = scan.get_status() self.assertEqual(json_data['is_running'], True) self.assertEqual(json_data['is_paused'], False) self.assertEqual(json_data['exception'], None) # # Test the error handling # scan.scan_id = 1 self.assertRaises(APIException, scan.get_status) scan.scan_id = 0 # # Get the log # log = scan.get_log() self.assertIsInstance(log, Log) expected_log_entries = [LogEntry('debug', 'one', '23-Jun-2015 16:21', None), LogEntry('vulnerability', 'two', '23-Jun-2015 16:22', 'High')] received_log_entries = [] for log_entry in log: self.assertIsInstance(log_entry, LogEntry) received_log_entries.append(log_entry) self.assertEqual(received_log_entries, expected_log_entries) # # Get the vulnerabilities # findings = scan.get_findings() self.assertIsInstance(findings, list) self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.name, 'SQL injection') self.assertIsInstance(finding, Finding)