def test_put_report_tracking_status_json_not_dict_error(
self,
YesWeHackRawApiClientMock: MagicMock,
YesWeHackRawApiReportMock: MagicMock,
) -> None:
YesWeHackRawApiClientMock.return_value.login.return_value = True
RequestsResponseMock = create_autospec(requests.models.Response)
RequestsResponseMock.return_value.json.return_value = 'I am an API response'
YesWeHackRawApiReportMock.return_value.put_tracking_status.return_value = RequestsResponseMock()
client = YesWeHackApiClient(
configuration=YesWeHackConfiguration(),
)
raw_report = YesWeHackRawApiReportMock(
ywh_api=None,
lazy=True,
id=123,
)
report = Report(
raw_report=raw_report,
report_id='123',
title='A bug report',
local_id='YWH-123',
bug_type=BugType(
name='bug-type',
link='http://bug.example.com/type',
remediation_link='http://bug.example.com/type/remediation',
),
scope='',
cvss=Cvss(
criticity='critical',
score=9.0,
vector='vector',
),
end_point='/',
vulnerable_part='post',
part_name='param',
payload_sample='abcde',
technical_environment='',
description_html='This is a bug',
attachments=[],
hunter=Author(
username='******',
),
logs=[],
status='accepted',
tracking_status='AFI',
program=ReportProgram(
title='My program',
slug='my-program',
),
)
with self.assertRaises(YesWeHackApiClientError):
client.put_report_tracking_status(
report=report,
tracker_name='tracker',
issue_id='foo',
issue_url='https://tracker.example.com/issues/foo',
status='T',
comment='Tracker synchronized.',
)
def test_send_report_issue_create_error(
self,
client_mock_class: MagicMock,
incident_model_mock_class: MagicMock,
session_mock_class: MagicMock,
) -> None:
response = create_autospec(ResponseSpec, spec_set=True)
response.data = {
'sys_id': '456',
'number': 'INC0123',
}
client = client_mock_class(address=ANY, )
client.get_session.return_value = session_mock_class()
incident_model = incident_model_mock_class(client=client, )
incident_model.__aenter__.return_value = incident_model
incident_model.create.side_effect = AiosnowException
tracker_client = ServiceNowTrackerClient(
configuration=ServiceNowConfiguration(
host='my-instance.servicenow.local', ), )
raw_report = YesWeHackRawApiReport(
ywh_api=None,
lazy=True,
id=123,
)
report = Report(
raw_report=raw_report,
report_id='123',
title='A bug report',
local_id='YWH-123',
bug_type=BugType(
name='bug-type',
link='http://bug.example.com/type',
remediation_link='http://bug.example.com/type/remediation',
),
scope='',
cvss=Cvss(
criticity='critical',
score=9.0,
vector='vector',
),
end_point='/',
vulnerable_part='post',
part_name='param',
payload_sample='abcde',
technical_environment='',
description_html='This is a bug',
attachments=[],
hunter=Author(username='******', ),
logs=[],
status='accepted',
tracking_status='AFI',
program=ReportProgram(
title='My program',
slug='my-program',
),
)
with self.assertRaises(ServiceNowTrackerClientError):
tracker_client.send_report(report=report, )
def test_send_report_error_project_not_found(
self,
gitlab_mock_class: MagicMock,
project_manager_mock_class: MagicMock,
project_mock_class: MagicMock,
project_issues_manager_mock_class: MagicMock,
project_issue_mock_class: MagicMock,
) -> None:
project_manager_mock = project_manager_mock_class(gl=ANY)
gitlab_mock_class.return_value.projects = project_manager_mock
project_manager_mock.get.side_effect = GitlabError('Project not found')
client = GitLabTrackerClient(configuration=GitLabConfiguration(
project='my-project', ), )
raw_report = YesWeHackRawApiReport(
ywh_api=None,
lazy=True,
id=123,
)
report = Report(
raw_report=raw_report,
report_id='123',
title='A bug report',
local_id='YWH-123',
bug_type=BugType(
name='bug-type',
link='http://bug.example.com/type',
remediation_link='http://bug.example.com/type/remediation',
),
scope='',
cvss=Cvss(
criticity='critical',
score=9.0,
vector='vector',
),
end_point='/',
vulnerable_part='post',
part_name='param',
payload_sample='abcde',
technical_environment='',
description_html='This is a bug',
attachments=[],
hunter=Author(username='******', ),
logs=[],
status='accepted',
tracking_status='AFI',
program=ReportProgram(
title='My program',
slug='my-program',
),
)
with self.assertRaises(GitLabTrackerClientError):
client.send_report(report=report, )
def _build_report(
self,
report_id: int,
tracking_status: str = 'AFI',
attachments: Optional[List[Attachment]] = None,
logs: Optional[List[Log]] = None,
) -> Report:
raw_report = YesWeHackRawApiReport(
ywh_api=create_autospec(YesWeHackRawApi),
lazy=True,
id=report_id,
)
return Report(
raw_report=raw_report,
report_id=str(report_id),
title='A bug report',
local_id=f'YWH-{report_id}',
bug_type=BugType(
name='bug-type',
link='http://bug.example.com/type',
remediation_link='http://bug.example.com/type/remediation',
),
scope='',
cvss=Cvss(
criticity='critical',
score=9.0,
vector='vector',
),
end_point='/',
vulnerable_part='post',
part_name='param',
payload_sample='abcde',
technical_environment='',
description_html='This is a bug',
attachments=attachments or [],
hunter=Author(username='******', ),
logs=logs or [],
status='accepted',
tracking_status=tracking_status,
program=ReportProgram(
title='Program 1',
slug='program1',
),
)
def map_raw_report(
context: MappingContext,
raw_report: YesWeHackRawApiReport,
) -> Report:
"""
Map a raw API report to a local report.
Args:
context: a mapping context
raw_report: a raw report
Returns:
a local report
"""
attachments = _map_raw_attachments(
context=context,
raw_attachments=raw_report.attachments,
)
bug_type = _map_raw_bug_type(
context=context,
raw_bug_type=raw_report.bug_type,
)
cvss = _map_raw_cvss(
context=context,
raw_cvss=raw_report.cvss,
)
priority = _map_raw_priority(
context=context,
raw_priority=raw_report.priority,
) if raw_report.priority else None
hunter = _map_raw_author(
context=context,
raw_author=raw_report.hunter,
)
status = _map_raw_status(
context=context,
raw_status=raw_report.status,
)
logs = map_raw_logs(
context=context,
raw_logs=raw_report.logs or [],
)
return Report(
raw_report=raw_report,
report_id=str(raw_report.id),
title=raw_report.title,
local_id=raw_report.local_id,
bug_type=bug_type,
scope=raw_report.scope,
cvss=cvss,
end_point=raw_report.end_point,
vulnerable_part=raw_report.vulnerable_part,
part_name=raw_report.part_name,
payload_sample=raw_report.payload_sample,
technical_environment=raw_report.technical_environment,
description_html=cleanup_ywh_redirects_from_html(
ywh_domain=context.yeswehack_domain,
html=raw_report.description_html,
),
attachments=attachments,
hunter=hunter,
status=status,
tracking_status=raw_report.tracking_status,
logs=logs,
priority=priority,
program=_map_raw_report_program(
context=context,
raw_program=raw_report.program or {},
),
)
def test_send_report(
self,
jira_mock_class: MagicMock,
issue_mock_class: MagicMock,
) -> None:
issue_mock = issue_mock_class(options=ANY, session=ANY)
issue_mock.key = '456'
issue_mock.permalink.return_value = 'http://tracker/issue/456'
jira_mock_class.return_value.create_issue.return_value = issue_mock
client = JiraTrackerClient(
configuration=JiraConfiguration(
project='my-project',
),
)
raw_report = YesWeHackRawApiReport(
ywh_api=None,
lazy=True,
id=123,
)
report = Report(
raw_report=raw_report,
report_id='123',
title='A bug report',
local_id='YWH-123',
bug_type=BugType(
name='bug-type',
link='http://bug.example.com/type',
remediation_link='http://bug.example.com/type/remediation',
),
scope='',
cvss=Cvss(
criticity='critical',
score=9.0,
vector='vector',
),
end_point='/',
vulnerable_part='post',
part_name='param',
payload_sample='abcde',
technical_environment='',
description_html='This is a bug',
attachments=[],
hunter=Author(
username='******',
),
logs=[],
status='accepted',
tracking_status='AFI',
program=ReportProgram(
title='My program',
slug='my-program',
),
)
issue = client.send_report(
report=report,
)
self.assertIsInstance(issue, TrackerIssue)
self.assertEqual('456', issue.issue_id)
self.assertEqual('http://tracker/issue/456', issue.issue_url)
self.assertEqual('my-project', issue.project)
self.assertFalse(issue.closed)