def test_positive_multi_categories_multi_keywords(self): # First, make sure that the CWE does not exist. self.assertRaises(CWE.DoesNotExist, CWE.objects.get, code=101) # Second, try to add the CWE to the database cat1 = Category.objects.get(name=self.CATEGORY_NAMES[0]) kw1 = Keyword.objects.get(name=self.STEMMED_NAMES[0]) cat2 = Category.objects.get(name=self.CATEGORY_NAMES[1]) kw2 = Keyword.objects.get(name=self.STEMMED_NAMES[1]) cwe = CWE(code=101, name="cwe-101", description="cwe description") cwe.save() cwe.categories.add(cat1, cat2) cwe.keywords.add(kw1, kw2) # Third, verify that the CWE was added successfully. cwe2 = CWE.objects.get(code=101) self.assertEqual(cwe.code, cwe2.code) self.assertEqual(cwe.name, cwe2.name) self.assertEqual(cwe.description, cwe2.description) self.assertEqual(cwe.categories.count(), 2) self.assertEqual(cwe.keywords.count(), 2) self.assertEqual(cwe.categories.get(name=self.CATEGORY_NAMES[0]), cat1) self.assertEqual(cwe.categories.get(name=self.CATEGORY_NAMES[1]), cat2) self.assertEqual(cwe.keywords.get(name=self.STEMMED_NAMES[0]), kw1) self.assertEqual(cwe.keywords.get(name=self.STEMMED_NAMES[1]), kw2)
def test_negative_add_duplicated(self): # First, make sure that the CWE does not exist. self.assertRaises(CWE.DoesNotExist, CWE.objects.get, code=105) # Second, add the CWE to the database, and it should succeed. # Because we want to test the prevention of duplication, we can ignore the # CWE category and keyword for now and focus on the CWE code. cwe = CWE(code=105, name="cwe-105", description="cwe description") cwe.save() cwe2 = CWE.objects.get(code=105) self.assertEqual(cwe.code, cwe2.code) # Thrid, try to add a CWE with the same code, and an exception should # be thrown. cwe_dup = CWE(code=105, name="cwe-duplicated", description="cwe duplicated description") # In Django 1.5/1.6, each test is wrapped in a transaction, so if an exception occurs, # it breaks the transaction until you explicitly roll it back. Therefore, any further # ORM operations in that transaction, will fail with that django.db.transaction.TransactionManagementError # exception. We need to capture the exception with transaction.atomic(). # See the Django document: https://docs.djangoproject.com/en/1.8/topics/db/transactions/ with transaction.atomic(): self.assertRaises(IntegrityError, cwe_dup.save)
def _add_cwe_referring_to_category_1(self): """ Create a CWE that refers to "category_1" """ category_1 = Category.objects.get(name="category_1") cwe = CWE(code=1, name="cwe_1") cwe.save() cwe.categories.add(category_1)
def _db_op__cwe__add(self): cat = Category(name="category_1") cat.save() kw1 = Keyword.objects.get(name="keyword_1") cwe = CWE(code=1, name="cwe_name") cwe.save() cwe.categories.add(cat) cwe.keywords.add(kw1) self.assertEqual(CWE.objects.all().count(), 1)
def setUp(self): """ This method does the general setup needed for the test methods. For now it just creates a custom MUOContainer object """ test_user = User(username='******', is_active=True) test_user.save() self.user = test_user cwe1 = CWE(code=1, name='CWE-1') cwe1.save() cwe2 = CWE(code=2, name='CWE-2') cwe2.save() misuse_case = MisuseCase() misuse_case.save() misuse_case.cwes.add(*[cwe1, cwe2]) muo_container = MUOContainer.objects.create(misuse_case=misuse_case, is_custom=True, status='draft') muo_container.save() muo_container.cwes.add(*[cwe1, cwe2]) # The id field is auto incremental and we need to know the id of the currently created object self.current_id = muo_container.id use_case = UseCase(muo_container=muo_container, misuse_case=misuse_case) use_case.save()
def test_point_03_keyword_suggestion_works_correctly(self): # Create a CWE. kw1 = Keyword(name="bypass") kw1.save() cat_1 = Category(name="category_1") cat_1.save() cwe_obj = CWE(code=1234, name="cwe_1") cwe_obj.save() cwe_obj.keywords.add(kw1) cwe_obj.categories.add(cat_1) # Open the created CWE. self.browser.get("%s%s%s/" % (self.live_server_url, "/app/cwe/cwe/", str(cwe_obj.id))) # Verify: "Get Keywords Suggestions" area is shown. elm_title_keyword_suggestions = self.browser.find_elements_by_xpath("//h3")[3] self.assertEqual(elm_title_keyword_suggestions.get_attribute("textContent").strip(), "Get Keywords Suggestions") # Enter Text: "Suggest Text Area": "This is a CWE about authentication bypass" self.browser.find_element_by_id("suggest_textarea").send_keys("This is a CWE about authentication bypass") # Click Button: "Request Suggestions" self.browser.find_element_by_id("suggest_button").click() # Verify: Suggested keywords are listed. self.assertTrue(self.browser.find_elements_by_xpath("//span[@data-value='cwe']") is not None) self.assertTrue(self.browser.find_elements_by_xpath("//span[@data-value='bypass']") is not None) self.assertTrue(self.browser.find_elements_by_xpath("//span[@data-value='authent']") is not None) # Click Button: "Add Keywords" self.browser.find_element_by_id("add_keywords_button").click() # Verify: Keywords are added. added_keywords = self.browser.find_elements_by_xpath("//span[@id='id_keywords-deck']/span") # Only three keywords, which means we do not add "bypass" again because it's already there. self.assertEqual(len(added_keywords), 3) # Because the "textContent" contains a non-ASCII character, we need to hold it in Unicode. self.assertTrue(unicode(added_keywords[0].get_attribute("textContent")).rfind("bypass") != -1) self.assertTrue(unicode(added_keywords[1].get_attribute("textContent")).rfind("cwe") != -1) self.assertTrue(unicode(added_keywords[2].get_attribute("textContent")).rfind("authent") != -1) # Click Button: "Save" self.browser.find_element_by_name("_save").click() # Verify: The new keywords are added successfully. keywords = cwe_obj.keywords self.assertEqual(keywords.count(), 3) self.assertTrue(keywords.get(name="bypass") is not None) self.assertTrue(keywords.get(name="cwe") is not None) self.assertTrue(keywords.get(name="authent") is not None)
def setUp(self): test_user = User(username='******') test_user.save() self.user = test_user cwe1 = CWE(code=1, name='CWE-1') cwe1.save() misuse_case = MisuseCase() misuse_case.save() misuse_case.cwes.add(*[cwe1]) muo_container = MUOContainer.objects.create(misuse_case=misuse_case, created_by=self.user) muo_container.save() muo_container.cwes.add(*[cwe1]) use_case = UseCase(muo_container=muo_container) # Usecase cannot be created without MUOContainer use_case.save() # save in the database self.muo_container = muo_container
def construct_test_database(self): """ This function creates the temporary database :param text: None :return: None """ from cwe.models import Keyword, Category, CWE xml = Keyword(name='xml') # 1 xml.save() execut = Keyword(name='execut') # 2 execut.save() remot = Keyword(name='remot') # 3 remot.save() scripting = Keyword(name='scripting') # 4 scripting.save() cross = Keyword(name='cross') # 5 cross.save() upload = Keyword(name='upload') # 6 upload.save() file = Keyword(name='file') # 7 file.save() cod = Keyword(name='cod') # 8 cod.save() javascript = Keyword(name='javascript') # 9 javascript.save() ver = Keyword(name='ver') # 10 ver.save() lack = Keyword(name='lack') # 11 lack.save() valid = Keyword(name='valid') # 12 valid.save() unauth = Keyword(name='unauth') # 13 unauth.save() bypass = Keyword(name='bypass') # 14 bypass.save() auth = Keyword(name='auth') # 15 auth.save() inject = Keyword(name='inject') # 16 inject.save() sql = Keyword(name='sql') # 17 sql.save() cwe = CWE(code=106, name='XML Injection') cwe.save() cwe.keywords.add(xml) cwe.keywords.add(inject) cwe.save() cwe = CWE(code=105, name='Remote Code Execution') cwe.save() cwe.keywords.add(execut) cwe.keywords.add(remot) cwe.keywords.add(cod) cwe.save() cwe = CWE(code=104, name='Cross site scripting') cwe.save() cwe.keywords.add(scripting) cwe.keywords.add(cross) cwe.save() cwe = CWE(code=103, name='File Upload Vulnerability') cwe.save() cwe.keywords.add(upload) cwe.keywords.add(file) cwe.save() cwe = CWE(code=102, name='Code Injection') cwe.save() cwe.keywords.add(cod) cwe.keywords.add(javascript) cwe.keywords.add(inject) cwe.save() cwe = CWE(code=101, name='Authentication bypass') cwe.save() cwe.keywords.add(ver) cwe.keywords.add(lack) cwe.keywords.add(valid) cwe.keywords.add(unauth) cwe.keywords.add(bypass) cwe.keywords.add(auth) cwe.save() cwe = CWE(code=100, name='SQL Injection') cwe.save() cwe.keywords.add(inject) cwe.keywords.add(sql) cwe.save()
def _set_up_test_data(self): # Create some CWEs. These CWEs will be used by all the test methods. cwe101 = CWE(code=101, name="101") cwe101.save()
def construct_test_database(self): # Create the first keyword kw1 = Keyword(name=self.KEYWORD_NAMES[0]) kw1.save() # Create the second keyword kw2 = Keyword(name=self.KEYWORD_NAMES[1]) kw2.save() # Create the first category cat1 = Category(name=self.CATEGORY_NAMES[0]) cat1.save() # Create the second category cat2 = Category(name=self.CATEGORY_NAMES[1]) cat2.save() # Create multiple CWEs to test multiplicity. # Create CWE with (kw1, cat1) cwe1 = CWE(code=101, name="cwe-101", description="") cwe1.save() cwe1.keywords.add(kw1) cwe1.categories.add(cat1) # Create CWE with (kw1, cat2) cwe2 = CWE(code=102, name="cwe-102", description="") cwe2.save() cwe2.keywords.add(kw1) cwe2.categories.add(cat2) # Create CWE with (kw2, cat1) cwe3 = CWE(code=103, name="cwe-103", description="") cwe3.save() cwe3.keywords.add(kw2) cwe3.categories.add(cat1) # Create CWE with (kw2, cat2) cwe4 = CWE(code=104, name="cwe-104", description="") cwe4.save() cwe4.keywords.add(kw2) cwe4.categories.add(cat2)
def _construct_test_database(self): cwe101 = CWE(code=101, name="CWE #101") cwe101.save() cwe102 = CWE(code=102, name="CWE #102") cwe102.save()