class TestViewEndpointMetaData(TestCase): def setUp(self): self.p = Product() self.p.Name = 'Test Product' self.p.Description = 'Product for Testing Endpoint functionality' self.p.save() self.e = Endpoint() self.e.product = self.p self.e.host = '127.0.0.1' self.e.save() self.util = EndpointMetaDataTestUtil() self.util.save_custom_field(self.e, 'TestField', 'TestValue') def test_view_endpoint_without_metadata_has_no_additional_info(self): self.util.delete_custom_field(self.e, 'TestField') get_request = self.util.create_get_request(self.util.create_user(True), 'endpoint/1') v = views.view_endpoint(get_request, 1) self.assertNotContains(v, 'Additional Information') def test_view_endpoint_with_metadata_has_additional_info(self): get_request = self.util.create_get_request(self.util.create_user(True), 'endpoint/1') v = views.view_endpoint(get_request, 1) self.assertContains(v, "Additional Information") self.assertContains(v, 'TestField') self.assertContains(v, 'TestValue')
def setup(self, testfile): product_type = Product_Type(critical_product=True, key_product=False) product_type.save() test_type = Test_Type(static_tool=True, dynamic_tool=False) test_type.save() product = Product(prod_type=product_type) product.save() engagement = Engagement( product=product, target_start=timezone.now(), target_end=timezone.now() ) engagement.save() parser = AWSScout2Parser() findings = parser.get_findings( testfile, Test( engagement=engagement, test_type=test_type, target_start=timezone.now(), target_end=timezone.now(), ), ) testfile.close() return findings
def setup(self, testfile): file = MockFileObject(testfile) product_type = Product_Type(critical_product=True, key_product=False) product_type.save() test_type = Test_Type(static_tool=True, dynamic_tool=False) test_type.save() product = Product(prod_type=product_type) product.save() engagement = Engagement( product=product, target_start=timezone.now(), target_end=timezone.now() ) engagement.save() parser = ScoutSuiteParser() return parser.get_findings( file, Test( engagement=engagement, test_type=test_type, target_start=timezone.now(), target_end=timezone.now(), ), )
def setUp(self): p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Endpoint functionality' p.save() e = Endpoint() e.product = p e.host = '127.0.0.1' e.save()
def setUp(self): p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Endpoint functionality' p.save() e = Endpoint() e.product = p e.host = '127.0.0.1' e.save() call_command('loaddata', 'dojo/fixtures/system_settings', verbosity=0)
def create_product(self, name, *args, description='dummy description', prod_type=None, **kwargs): if not prod_type: prod_type = Product_Type.objects.first() product = Product(name=name, description=description, prod_type=prod_type) product.save()
def setUp(self): p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Endpoint functionality' p.save() e = Endpoint() e.product = p e.host = '127.0.0.1' e.save() EndpointMetaDataTestUtil.save_custom_field(e, 'TestField', 'TestValue') EndpointMetaDataTestUtil.save_custom_field(p, 'TestProductField', 'TestProductValue')
def setUp(self): self.p = Product() self.p.Name = 'Test Product' self.p.Description = 'Product for Testing Endpoint functionality' self.p.save() self.e = Endpoint() self.e.product = self.p self.e.host = '127.0.0.1' self.e.save() self.util = EndpointMetaDataTestUtil() self.util.save_custom_field(self.e, 'TestField', 'TestValue')
def setUp(self): p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Endpoint functionality' p.save() e = Endpoint() e.product = p e.host = '127.0.0.1' e.save() EndpointMetaDataTestUtil.save_custom_field(e, 'TestField', 'TestValue') EndpointMetaDataTestUtil.save_custom_field(p, 'TestProductField', 'TestProductValue') call_command('loaddata', 'dojo/fixtures/system_settings', verbosity=0)
def test_parse_file_with_multiple_vuln_has_multiple_finding(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( get_unit_tests_path() + "/scans/microfocus_webinspect/Webinspect_many_vuln.xml") parser = MicrofocusWebinspectParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(8, len(findings)) item = findings[1] self.assertEqual(525, item.cwe) self.assertIsNotNone(item.references) self.assertEqual("1cfe38ee-89f7-4110-ad7c-8fca476b2f04", item.unique_id_from_tool) self.assertEqual(1, len(item.unsaved_endpoints)) endpoint = item.unsaved_endpoints[0] self.assertEqual("php.vulnweb.com", endpoint.host) self.assertEqual(80, endpoint.port) self.assertIsNone( endpoint.path ) # path begins with '/' but Endpoint store "root-less" path
def setUpTestData(cls): cls.user = User() cls.product_type = Product_Type() cls.product_type_member = Product_Type_Member() cls.product = Product() cls.product_member = Product_Member() cls.product.prod_type = cls.product_type cls.engagement = Engagement() cls.engagement.product = cls.product cls.test = Test() cls.test.engagement = cls.engagement cls.finding = Finding() cls.finding.test = cls.test cls.endpoint = Endpoint() cls.endpoint.product = cls.product cls.product_type_member_reader = Product_Type_Member() cls.product_type_member_reader.user = cls.user cls.product_type_member_reader.product_type = cls.product_type cls.product_type_member_reader.role = Roles.Reader cls.product_type_member_owner = Product_Type_Member() cls.product_type_member_owner.user = cls.user cls.product_type_member_owner.product_type = cls.product_type cls.product_type_member_owner.role = Roles.Owner cls.product_member_reader = Product_Member() cls.product_member_reader.user = cls.user cls.product_member_reader.product = cls.product cls.product_member_reader.role = Roles.Reader cls.product_member_owner = Product_Member() cls.product_member_owner.user = cls.user cls.product_member_owner.product = cls.product cls.product_member_owner.role = Roles.Owner
def test_parse_file(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/mobsf/report1.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() self.assertEqual(18, len(findings)) item = findings[0] self.assertEquals('android.permission.WRITE_EXTERNAL_STORAGE', item.title) self.assertEquals('High', item.severity) item = findings[2] self.assertEquals('android.permission.INTERNET', item.title) self.assertEquals('Info', item.severity) item = findings[10] self.assertEquals('Symbols are stripped', item.title) self.assertEquals('Info', item.severity) self.assertEquals('lib/armeabi-v7a/libdivajni.so', item.file_path) self.assertEquals(7, item.nb_occurences) item = findings[17] self.assertEquals('Loading Native Code (Shared Library)', item.title) self.assertEquals('Info', item.severity) self.assertEquals(1, item.nb_occurences)
def init(self, reportFilename): my_file_handle = open(reportFilename) product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement return my_file_handle, product, engagement, test
def test_parse_file_3_1_9_ios(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/mobsf/ios.json") parser = MobSFParser(testfile, test) testfile.close()
def test_parse_file_with_one_vuln_has_one_finding(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-one-vuln.xml") parser = NiktoXMLParser(testfile, test) self.assertEqual(1, len(parser.items))
def test_parse_file(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/mobsf/report1.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close()
def test_parse_file_with_no_vuln_has_no_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open(get_unit_tests_path() + "/scans/microfocus_webinspect/Webinspect_no_vuln.xml") parser = MicrofocusWebinspectParser() findings = parser.get_findings(testfile, test) self.assertEqual(0, len(findings))
def setUp(self): tool_type = Tool_Type.objects.create(name='SonarQube') Tool_Configuration.objects.create(name='SonarQube', tool_type=tool_type, authentication_type="API") product = Product(name='product') engagement = Engagement(product=product) self.test = Test(engagement=engagement)
def test_parse_file_with_old_format(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-old-format.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) self.assertEqual(1, len(findings))
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-many-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) self.assertTrue(len(findings) == 10)
def test_parse_file_with_no_vuln_has_no_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( "dojo/unittests/scans/microfocus_webinspect/Webinspect_no_vuln.xml" ) parser = MicrofocusWebinspectXMLParser(testfile, test) self.assertEqual(0, len(parser.items))
def new_product(request): jform = None if request.method == 'POST': form = ProductForm(request.POST, instance=Product()) if get_system_setting('enable_jira'): jform = JIRAPKeyForm(request.POST, instance=JIRA_PKey()) else: jform = None if form.is_valid(): product = form.save() tags = request.POST.getlist('tags') t = ", ".join('"{0}"'.format(w) for w in tags) product.tags = t messages.add_message(request, messages.SUCCESS, 'Product added successfully.', extra_tags='alert-success') if get_system_setting('enable_jira'): if jform.is_valid(): jira_pkey = jform.save(commit=False) if jira_pkey.conf is not None: jira_pkey.product = product jira_pkey.save() messages.add_message( request, messages.SUCCESS, 'JIRA information added successfully.', extra_tags='alert-success') # SonarQube API Configuration sonarqube_form = Sonarqube_ProductForm(request.POST) if sonarqube_form.is_valid(): sonarqube_product = sonarqube_form.save(commit=False) sonarqube_product.product = product sonarqube_product.save() create_notification(event='product_added', title=product.name, url=reverse('view_product', args=(product.id, ))) return HttpResponseRedirect( reverse('view_product', args=(product.id, ))) else: form = ProductForm() if get_system_setting('enable_jira'): jform = JIRAPKeyForm() else: jform = None add_breadcrumb(title="New Product", top_level=False, request=request) return render(request, 'dojo/new_product.html', { 'form': form, 'jform': jform, 'sonarqube_form': Sonarqube_ProductForm() })
def test_parse_file_3_1_9_ios(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/mobsf/ios.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() self.assertEqual(11, len(findings))
def test_parse_file_with_no_vulnerabilities_has_no_findings(self): my_file_handle = open("dojo/unittests/scans/checkmarx/no_finding.xml") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = CheckmarxXMLParser(my_file_handle, test) my_file_handle.close() self.assertEqual(0, len(self.parser.items))
def test_validate_more(self): testfile = 'dojo/unittests/scans/burp_api/many_vulns.json' with open(testfile) as f: test = Test() test.engagement = Engagement() test.engagement.product = Product() parser = BurpApiParser(f, test) for item in parser.items: item.clean() self.assertIsNotNone(item.impact)
def test_parse_file_with_utf8_various_non_ascii_char(self): my_file_handle = open( "dojo/unittests/scans/checkmarx/utf8_various_non_ascii_char.xml") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = CheckmarxXMLParser(my_file_handle, test) my_file_handle.close() self.assertEqual(1, len(self.parser.items))
def test_validate(self): testfile = "dojo/unittests/scans/burp_suite_pro/example.json" with open(testfile) as f: test = Test() test.engagement = Engagement() test.engagement.product = Product() parser = BurpApiParser() findings = parser.get_findings(f, test) for item in findings: item.clean() self.assertIsNotNone(item.impact)
def setUp(self): product = Product.objects.get(name='product') engagement = Engagement(product=product) self.test = Test( engagement=engagement, sonarqube_config=Sonarqube_Product.objects.all().last()) other_product = Product(name='other product') other_engagement = Engagement(product=other_product) self.other_test = Test( engagement=other_engagement, sonarqube_config=Sonarqube_Product.objects.all().last())
def test_parse_file_with_no_vulnerabilities_has_no_findings(self): my_file_handle = open( "dojo/unittests/scans/sonarqube/sonar-no-finding.html") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = SonarQubeHtmlParser(my_file_handle, test) my_file_handle.close() self.assertEqual(0, len(self.parser.items))
def test_appspider_parser_has_one_finding(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open("dojo/unittests/scans/appspider/one_vuln.xml") parser = AppSpiderXMLParser(testfile, test) testfile.close() self.assertEqual(1, len(parser.items)) item = parser.items[0] with self.subTest(item=0): self.assertEqual(525, item.cwe)
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/nikto/nikto-report-many-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertTrue(len(findings) == 10)
def setUp(self): product = Product.objects.get(name='product') engagement = Engagement(product=product) self.test = Test(engagement=engagement, api_scan_configuration=Product_API_Scan_Configuration. objects.all().last()) other_product = Product(name='other product') other_engagement = Engagement(product=other_product) self.other_test = Test( engagement=other_engagement, api_scan_configuration=Product_API_Scan_Configuration.objects.all( ).last())
def test_parse_file_with_one_vuln_has_one_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( "dojo/unittests/scans/microfocus_webinspect/Webinspect_one_vuln.xml" ) parser = MicrofocusWebinspectXMLParser(testfile, test) self.assertEqual(1, len(parser.items)) item = parser.items[0] self.assertEqual(200, item.cwe) self.assertLess(0, len(item.unsaved_endpoints))
def test_parse_file_with_one_vuln_has_one_finding(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-one-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(1, len(findings))
def setUp(self): self.p = Product() self.p.Name = 'Test Product' self.p.Description = 'Product for Testing Endpoint functionality' self.p.save() self.e = Endpoint() self.e.product = self.p self.e.host = '127.0.0.1' self.e.save() call_command('loaddata', 'dojo/fixtures/system_settings', verbosity=0) self.util = EndpointMetaDataTestUtil() self.util.save_custom_field(self.e, 'TestField', 'TestValue')
def create(): settings = System_Settings() settings.save() p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Apply Template functionality' p.save() e = Engagement() e.product = p e.target_start = timezone.now() e.target_end = e.target_start + datetime.timedelta(days=5) e.save() tt = Test_Type() tt.name = 'Temporary Test' tt.save() t = Test() t.engagement = e t.test_type = tt t.target_start = timezone.now() t.target_end = t.target_start + datetime.timedelta(days=5) t.save() user = FindingTemplateTestUtil.create_user(True) f = Finding() f.title = 'Finding for Testing Apply Template functionality' f.severity = 'High' f.description = 'Finding for Testing Apply Template Functionality' f.test = t f.reporter = user f.last_reviewed = timezone.now() f.last_reviewed_by = user f.save()