def test_parser_has_many_finding2(self):
with open("unittests/scans/arachni/js.com.afr.json") as testfile:
parser = ArachniParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(10, len(findings))
# finding 0
finding = findings[0]
self.assertEqual("SQL Injection", finding.title)
self.assertEqual(89, finding.cwe)
self.assertEqual("High", finding.severity)
self.assertEqual(
datetime.datetime(2021,
3,
18,
10,
29,
55,
tzinfo=datetime.timezone(
datetime.timedelta(seconds=3600))),
finding.date)
self.assertEqual(1, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual('juice-shop.herokuapp.com', endpoint.host)
self.assertEqual(443, endpoint.port)
self.assertEqual('https', endpoint.protocol)
# finding 9
finding = findings[9]
self.assertEqual("Interesting response", finding.title)
self.assertEqual("Info", finding.severity)
self.assertEqual(
datetime.datetime(2021,
3,
18,
10,
29,
55,
tzinfo=datetime.timezone(
datetime.timedelta(seconds=3600))),
finding.date)
self.assertIsNone(finding.cwe)
self.assertEqual(25, finding.nb_occurences)
self.assertEqual(25, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual('juice-shop.herokuapp.com', endpoint.host)
self.assertEqual(443, endpoint.port)
self.assertEqual('https', endpoint.protocol)
def test_parser_has_many_finding(self):
with open("unittests/scans/arachni/dd.com.afr.json") as testfile:
parser = ArachniParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(3, len(findings))
# finding 0
finding = findings[0]
self.assertEqual("Missing 'Strict-Transport-Security' header",
finding.title)
self.assertEqual(200, finding.cwe)
self.assertEqual("Medium", finding.severity)
self.assertEqual(
datetime.datetime(2021,
3,
17,
19,
41,
46,
tzinfo=datetime.timezone(
datetime.timedelta(seconds=3600))),
finding.date)
self.assertEqual(1, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual('demo.defectdojo.org', endpoint.host)
self.assertEqual(443, endpoint.port)
self.assertEqual('https', endpoint.protocol)
# finding 2
finding = findings[2]
self.assertEqual("Interesting response", finding.title)
self.assertIsNone(finding.cwe)
self.assertEqual("Info", finding.severity)
self.assertEqual(
datetime.datetime(2021,
3,
17,
19,
41,
46,
tzinfo=datetime.timezone(
datetime.timedelta(seconds=3600))),
finding.date)
self.assertIn('interesting', finding.unsaved_tags)
self.assertIn('response', finding.unsaved_tags)
self.assertIn('server', finding.unsaved_tags)
def test_parser_has_one_finding(self):
with open("dojo/unittests/scans/arachni/arachni.afr.json") as testfile:
parser = ArachniParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(1, len(findings))
# finding 0
finding = findings[0]
self.assertEqual("Cross-Site Scripting (XSS)", finding.title)
self.assertEqual(79, finding.cwe)
self.assertEqual("High", finding.severity)
self.assertEqual(
datetime.datetime(2017,
11,
14,
2,
57,
29,
tzinfo=datetime.timezone.utc), finding.date)