def test_webinspect_api_helper_init_with_setting_overrides_success(log_info_mock, api_mock):
# Given
expected_host = "test server"
expected_username = None
expected_password = None
expected_silent_flag = False
override_mock = MagicMock()
override_mock.endpoint = "test server"
# When
webinspect_api_helper_object = WebInspectAPIHelper(host=None,
username=expected_username,
password=expected_password,
webinspect_setting_overrides=override_mock,
silent=expected_silent_flag)
# Expect
assert webinspect_api_helper_object.host == expected_host
assert webinspect_api_helper_object.username == expected_username
assert webinspect_api_helper_object.password == expected_password
# assert override_mock.call_count == 1
assert webinspect_api_helper_object.silent is expected_silent_flag
log_info_mock.assert_called_once_with(expected_host)
assert log_info_mock.call_count == 1
assert api_mock.call_count == 1
def _set_api(self, username, password):
"""
created so I could mock this functionality better. It sets up the webinspect api
:param username:
:param password:
:return:
"""
self.webinspect_api = WebInspectAPIHelper(username=username, password=password,
webinspect_setting_overrides=self.scan_overrides)
def test_webinspect_api_helper_upload_settings_success(api_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.upload_settings = api_mock
# When
webinspect_api_helper_object.upload_settings()
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_get_scan_by_name_success(api_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.get_scan_by_name = api_mock
# When
webinspect_api_helper_object.get_scan_by_name("test_name")
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_stop_scan_success(api_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.stop_scan = api_mock
scan_guid = "test_guid"
# When
webinspect_api_helper_object.stop_scan(scan_guid)
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_policy_exists_success(api_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.get_policy_by_guid = api_mock
policy_guid = "test_guid"
# When
webinspect_api_helper_object.policy_exists(policy_guid)
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_get_scan_status_success(api_mock, json_loads_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.get_current_status = api_mock
json_loads_mock.side_effect = None
# When
webinspect_api_helper_object.get_scan_status("test_guid")
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_export_scan_results_success(api_mock, log_export_success_mock, open_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.export_scan_format = api_mock
# When
webinspect_api_helper_object.export_scan_results('scan_id', '.xml')
# Expect
assert log_export_success_mock.call_count == 1
assert api_mock.call_count == 1
def test_webinspect_api_helper_create_scan_success(api_mock, json_dumps_mock, log_scan_start_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.create_scan = api_mock
# When
webinspect_api_helper_object.create_scan()
# Expect
assert api_mock.call_count == 1
assert log_scan_start_mock.call_count == 1
def test_webinspect_api_helper_export_scan_results_failure_unbound_local_error(api_mock, log_export_failure_mock, open_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.export_scan_format = api_mock
open_mock.side_effect = UnboundLocalError
# When
webinspect_api_helper_object.export_scan_results('scan_id', '.xml')
# Expect
assert log_export_failure_mock.call_count == 1
assert api_mock.call_count == 1
def test_webinspect_api_upload_policy_no_existing_policy_success(upload_policy_mock, delete_policy_mock, get_policy_mock, ntpath_mock):
# Given
# There is no existing policy by this name so no deletion
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
# When
webinspect_api_helper_object.upload_policy()
# Expect
assert get_policy_mock.call_count == 1
assert delete_policy_mock.call_count == 0
assert upload_policy_mock.call_count == 1
def test_webinspect_api_helper_list_scans_failure_name_error(api_mock, log_error_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.list_scans = api_mock
api_mock.side_effect = NameError
# When
webinspect_api_helper_object.list_scans()
# Expect
assert log_error_mock.call_count == 1
assert api_mock.call_count == 1
def test_webinspect_api_helper_get_scan_status_failure_unbound_local_error(api_mock, json_loads_mock, log_error_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.api.get_current_status = api_mock
json_loads_mock.side_effect = UnboundLocalError
# When
webinspect_api_helper_object.get_scan_status("test_guid")
# Expect
assert log_error_mock.call_count == 1
assert api_mock.call_count == 1
def test_webinspect_api_helper_upload_webmacro_success(api_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.setting_overrides.webinspect_upload_webmacros = ['test_list']
webinspect_api_helper_object.setting_overrides.endpoint = "test_host"
webinspect_api_helper_object.api.upload_webmacro = api_mock
# When
webinspect_api_helper_object.upload_webmacros()
# Expect
assert api_mock.call_count == 1
def test_webinspect_api_helper_upload_settings_failed_name_error(api_mock, log_error_mock, log_no_server_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
api_mock.side_effect = NameError
webinspect_api_helper_object.api.upload_settings = api_mock
# When
webinspect_api_helper_object.upload_settings()
# Expect
assert log_no_server_mock.call_count == 1
assert log_error_mock.call_count == 1
assert api_mock.call_count == 1
def test_webinspect_api_helper_create_scan_failure_value_error(api_mock, json_dumps_mock, log_scan_failed_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
json_dumps_mock.side_effect = ValueError
webinspect_api_helper_object.api.create_scan = api_mock
# When
with pytest.raises(SystemExit):
webinspect_api_helper_object.create_scan()
# Expect
assert api_mock.call_count == 0 # because it errors before the call
assert log_scan_failed_mock.call_count == 1
def test_webinspect_api_helper_upload_settings_failed_unbound_local_error(api_mock, log_error_mock, log_no_server_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.setting_overrides.webinspect_upload_webmacros = ['test_list']
api_mock.side_effect = UnboundLocalError
webinspect_api_helper_object.api.upload_webmacro = api_mock
# When
webinspect_api_helper_object.upload_webmacros()
# Expect
assert log_no_server_mock.call_count == 1
assert log_error_mock.call_count == 1
assert api_mock.call_count == 1
def list_scans(scan_name, server, username, password):
if server: # if any cli servers were passed.
servers = []
for s in server:
servers.append(s)
else:
servers = [(e[0]) for e in WebInspectConfig().endpoints]
auth_config = WebInspectAuth()
username, password = auth_config.authenticate(username, password)
for server in servers:
query_client = WebInspectAPIHelper(host=server,
username=username,
password=password)
if scan_name:
results = query_client.get_scan_by_name(scan_name)
if results and len(results):
print("Scans matching the name {} found on {}".format(
scan_name, server))
print("{0:80} {1:40} {2:10}".format(
'Scan Name', 'Scan ID', 'Scan Status'))
print("{0:80} {1:40} {2:10}\n".format(
'-' * 80, '-' * 40, '-' * 10))
for match in results:
print("{0:80} {1:40} {2:10}".format(
match['Name'], match['ID'], match['Status']))
else:
Logger.app.error(
"No scans matching the name {} were found on {}".
format(scan_name, server))
else:
results = query_client.list_scans()
if results and len(results):
print("Scans found on {}".format(server))
print("{0:80} {1:40} {2:10}".format(
'Scan Name', 'Scan ID', 'Scan Status'))
print("{0:80} {1:40} {2:10}\n".format(
'-' * 80, '-' * 40, '-' * 10))
for scan in results:
print("{0:80} {1:40} {2:10}".format(
scan['Name'], scan['ID'], scan['Status']))
else:
print("No scans found on {}".format(server))
# If we've made it this far, our new credentials are valid and should be saved
if username is not None and password is not None and not auth_config.has_auth_creds(
):
auth_config.write_credentials(username, password)
def test_webinspect_api_upload_policy_delete_existing_policy_success(upload_policy_mock, delete_policy_mock, get_policy_mock, ntpath_mock):
# Given
# There is existing policy by this name so deletion
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
expected_response = WebInspectResponse(response_code=200, success=True, data={'test_data': 'test_data',
'uniqueId': "12345"}) # there is an existing policy on the server
get_policy_mock.return_value = expected_response
# When
webinspect_api_helper_object.upload_policy()
# Expect
assert get_policy_mock.call_count == 1
assert delete_policy_mock.call_count == 1
assert upload_policy_mock.call_count == 1
def test_webinspect_api_upload_policy_failure_type_error(upload_policy_mock, delete_policy_mock, get_policy_mock, ntpath_mock, log_error_mock):
# not 100% sure where these tests fail, but want to make sure we catch it properly
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
get_policy_mock.side_effect = TypeError
# When
webinspect_api_helper_object.upload_policy()
# Expect
assert log_error_mock.call_count == 1
assert get_policy_mock.call_count == 1
assert delete_policy_mock.call_count == 0
assert upload_policy_mock.call_count == 1
def test_webinspect_api_upload_policy_failure_uncaught_error(upload_policy_mock, delete_policy_mock, get_policy_mock, ntpath_mock, log_error_mock):
# I'm not confident this is a great test - but if something unexpected exception happens we want to at least test how it's handled.. . ?
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
get_policy_mock.side_effect = IOError # a random error that isn't handled
# When
with pytest.raises(Exception):
webinspect_api_helper_object.upload_policy()
# Expect
assert log_error_mock.call_count == 0 # we break before this
assert get_policy_mock.call_count == 1
assert delete_policy_mock.call_count == 0
assert upload_policy_mock.call_count == 0 # we break before this
def test_webinspect_api_verify_scan_policy(get_policy_by_guid_mock, get_index_mock, check_if_built_in_mock,
policy_exists_mock):
# Given
webinspect_api_helper_object = WebInspectAPIHelper(silent=True, webinspect_setting_overrides=MagicMock())
webinspect_api_helper_object.setting_overrides.scan_policy = "test_policy"
# get_policy_by_guid_mock.return_value =
# webinspect_api_helper_object.api.get_policy_by_guid = # get_policy_by_guid_mock
check_if_built_in_mock.return_value = True
test_config = MagicMock()
# When
webinspect_api_helper_object.verify_scan_policy(test_config)
# Expect
assert check_if_built_in_mock.call_count == 1
assert get_index_mock.call_count == 1
assert get_policy_by_guid_mock.call_count == 1
def download(server, scan_name, scan_id, extension, username, password):
try:
auth_config = WebInspectAuth()
username, password = auth_config.authenticate(username, password)
query_client = WebInspectAPIHelper(host=server, username=username, password=password)
if not scan_id:
results = query_client.get_scan_by_name(scan_name)
if len(results) == 0:
webinspect_logexceptionhelper.log_error_no_scans_found(scan_name)
elif len(results) == 1:
scan_id = results[0]['ID']
Logger.app.info("Scan matching the name {} found.".format(scan_name))
Logger.app.info("Downloading scan {}".format(scan_name))
query_client.export_scan_results(scan_id, extension, scan_name)
else:
webinspect_logexceptionhelper.log_info_multiple_scans_found(scan_name)
print("{0:80} {1:40} {2:10}".format('Scan Name', 'Scan ID', 'Scan Status'))
print("{0:80} {1:40} {2:10}\n".format('-' * 80, '-' * 40, '-' * 10))
for result in results:
print("{0:80} {1:40} {2:10}".format(result['Name'], result['ID'], result['Status']))
else:
if query_client.get_scan_status(scan_id):
query_client.export_scan_results(scan_id, extension, scan_name)
else:
if query_client.get_scan_status(scan_id):
query_client.export_scan_results(scan_id, extension, scan_name)
else:
Logger.console.error("Unable to find scan with ID matching {}".format(scan_id))
except (UnboundLocalError, TypeError) as e:
webinspect_logexceptionhelper.log_error_webinspect_download(e)
# If we've made it this far, our new credentials are valid and should be saved
if username is not None and password is not None and not auth_config.has_auth_creds():
auth_config.write_credentials(username, password)