Exemplo n.º 1
0
 def test_bandit_parser_has_many_findings_recent2(self):
     testfile = open("unittests/scans/bandit/dd2.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(165, len(findings))
     with self.subTest(i=0):
         item = findings[0]
         self.assertEqual("Try, Except, Pass detected.", item.title)
         self.assertEqual(
             datetime.datetime(2021, 10, 3, 12, 53, 18, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Low", item.severity)
         self.assertEqual("dojo/benchmark/views.py", item.file_path)
         self.assertEqual("try_except_pass:B110", item.vuln_id_from_tool)
         self.assertEqual("Certain", item.get_scanner_confidence_text())
     with self.subTest(i=50):
         item = findings[50]
         self.assertEqual(
             "Use of mark_safe() may expose cross-site scripting vulnerabilities and should be reviewed.",
             item.title)
         self.assertEqual(
             datetime.datetime(2021, 10, 3, 12, 53, 18, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Medium", item.severity)
         self.assertEqual("dojo/reports/widgets.py", item.file_path)
         self.assertEqual("blacklist:B308", item.vuln_id_from_tool)
         self.assertEqual("Certain", item.get_scanner_confidence_text())
     with self.subTest(i=100):
         item = findings[100]
         self.assertEqual("Potential XSS on mark_safe function.",
                          item.title)
         self.assertEqual(
             datetime.datetime(2021, 10, 3, 12, 53, 18, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Medium", item.severity)
         self.assertEqual("dojo/templatetags/display_tags.py",
                          item.file_path)
         self.assertEqual("django_mark_safe:B703", item.vuln_id_from_tool)
         self.assertEqual("Certain", item.get_scanner_confidence_text())
     with self.subTest(i=164):
         item = findings[164]
         self.assertEqual("Possible binding to all interfaces.", item.title)
         self.assertEqual(
             datetime.datetime(2021, 10, 3, 12, 53, 18, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Medium", item.severity)
         self.assertEqual("dojo/wsgi.py", item.file_path)
         self.assertEqual("hardcoded_bind_all_interfaces:B104",
                          item.vuln_id_from_tool)
         self.assertEqual("Firm", item.get_scanner_confidence_text())
Exemplo n.º 2
0
 def test_bandit_parser_has_many_findings(self):
     testfile = open("dojo/unittests/scans/bandit/many_vulns.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(213, len(findings))
     item = findings[0]
     self.assertEqual("Try, Except, Pass detected.", item.title)
     self.assertEqual(
         datetime.datetime(2020, 12, 30, 9, 35, 48, tzinfo=tzlocal()),
         item.date)
     self.assertEqual("Low", item.severity)
     self.assertEqual("dojo/benchmark\\views.py", item.file_path)
     self.assertEqual('try_except_pass:B110', item.vuln_id_from_tool)
     self.assertEqual("Certain", item.get_scanner_confidence_text())
Exemplo n.º 3
0
 def test_bandit_parser_has_many_findings_recent(self):
     testfile = open("dojo/unittests/scans/bandit/dd.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(47, len(findings))
     item = findings[0]
     self.assertEqual(
         "Use of insecure MD2, MD4, MD5, or SHA1 hash function.",
         item.title)
     self.assertEqual(
         datetime.datetime(2021, 3, 30, 18, 23, 12, tzinfo=tzlocal()),
         item.date)
     self.assertEqual("Medium", item.severity)
     self.assertEqual("dojo/tools/acunetix/parser.py", item.file_path)
     self.assertEqual('blacklist:B303', item.vuln_id_from_tool)
     self.assertEqual("Certain", item.get_scanner_confidence_text())
Exemplo n.º 4
0
 def test_bandit_parser_has_many_findings(self):
     testfile = open("unittests/scans/bandit/many_vulns.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(214, len(findings))
     with self.subTest(i=0):
         item = findings[0]
         self.assertEqual("Try, Except, Pass detected.", item.title)
         self.assertEqual(
             datetime.datetime(2020, 12, 30, 9, 35, 48, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Low", item.severity)
         self.assertEqual("dojo/benchmark\\views.py", item.file_path)
         self.assertEqual("try_except_pass:B110", item.vuln_id_from_tool)
         self.assertEqual("Certain", item.get_scanner_confidence_text())
         self.assertIn(
             "https://bandit.readthedocs.io/en/latest/plugins/b110_try_except_pass.html",
             item.references)
Exemplo n.º 5
0
 def test_bandit_parser_has_one_finding(self):
     testfile = open("unittests/scans/bandit/one_vuln.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     testfile.close()
     self.assertEqual(1, len(findings))
     with self.subTest(i=0):
         item = findings[0]
         self.assertEqual(
             "Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.",
             item.title,
         )
         self.assertEqual(
             datetime.datetime(2020, 12, 30, 10, 3, 39, tzinfo=tzlocal()),
             item.date)
         self.assertEqual("Low", item.severity)
         self.assertEqual("one/one.py", item.file_path)
         self.assertEqual("assert_used:B101", item.vuln_id_from_tool)
         self.assertEqual("Certain", item.get_scanner_confidence_text())
         self.assertIn(
             "https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html",
             item.references)
Exemplo n.º 6
0
 def test_bandit_parser_has_no_finding(self):
     testfile = open("dojo/unittests/scans/bandit/no_vuln.json")
     parser = BanditParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(0, len(findings))