def test_parse_file(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/mobsf/report1.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() self.assertEqual(18, len(findings)) item = findings[0] self.assertEquals('android.permission.WRITE_EXTERNAL_STORAGE', item.title) self.assertEquals('High', item.severity) item = findings[2] self.assertEquals('android.permission.INTERNET', item.title) self.assertEquals('Info', item.severity) item = findings[10] self.assertEquals('Symbols are stripped', item.title) self.assertEquals('Info', item.severity) self.assertEquals('lib/armeabi-v7a/libdivajni.so', item.file_path) self.assertEquals(7, item.nb_occurences) item = findings[17] self.assertEquals('Loading Native Code (Shared Library)', item.title) self.assertEquals('Info', item.severity) self.assertEquals(1, item.nb_occurences)
def setup(self, testfile): file = MockFileObject(testfile) product_type = Product_Type(critical_product=True, key_product=False) product_type.save() test_type = Test_Type(static_tool=True, dynamic_tool=False) test_type.save() product = Product(prod_type=product_type) product.save() engagement = Engagement( product=product, target_start=timezone.now(), target_end=timezone.now() ) engagement.save() parser = ScoutSuiteParser() return parser.get_findings( file, Test( engagement=engagement, test_type=test_type, target_start=timezone.now(), target_end=timezone.now(), ), )
def setUpTestData(cls): cls.user = User() cls.product_type = Product_Type() cls.product_type_member = Product_Type_Member() cls.product = Product() cls.product_member = Product_Member() cls.product.prod_type = cls.product_type cls.engagement = Engagement() cls.engagement.product = cls.product cls.test = Test() cls.test.engagement = cls.engagement cls.finding = Finding() cls.finding.test = cls.test cls.endpoint = Endpoint() cls.endpoint.product = cls.product cls.product_type_member_reader = Product_Type_Member() cls.product_type_member_reader.user = cls.user cls.product_type_member_reader.product_type = cls.product_type cls.product_type_member_reader.role = Roles.Reader cls.product_type_member_owner = Product_Type_Member() cls.product_type_member_owner.user = cls.user cls.product_type_member_owner.product_type = cls.product_type cls.product_type_member_owner.role = Roles.Owner cls.product_member_reader = Product_Member() cls.product_member_reader.user = cls.user cls.product_member_reader.product = cls.product cls.product_member_reader.role = Roles.Reader cls.product_member_owner = Product_Member() cls.product_member_owner.user = cls.user cls.product_member_owner.product = cls.product cls.product_member_owner.role = Roles.Owner
def test_parse_file_with_multiple_vuln_has_multiple_finding(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( get_unit_tests_path() + "/scans/microfocus_webinspect/Webinspect_many_vuln.xml") parser = MicrofocusWebinspectParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(8, len(findings)) item = findings[1] self.assertEqual(525, item.cwe) self.assertIsNotNone(item.references) self.assertEqual("1cfe38ee-89f7-4110-ad7c-8fca476b2f04", item.unique_id_from_tool) self.assertEqual(1, len(item.unsaved_endpoints)) endpoint = item.unsaved_endpoints[0] self.assertEqual("php.vulnweb.com", endpoint.host) self.assertEqual(80, endpoint.port) self.assertIsNone( endpoint.path ) # path begins with '/' but Endpoint store "root-less" path
def setup(self, testfile): product_type = Product_Type(critical_product=True, key_product=False) product_type.save() test_type = Test_Type(static_tool=True, dynamic_tool=False) test_type.save() product = Product(prod_type=product_type) product.save() engagement = Engagement( product=product, target_start=timezone.now(), target_end=timezone.now() ) engagement.save() parser = AWSScout2Parser() findings = parser.get_findings( testfile, Test( engagement=engagement, test_type=test_type, target_start=timezone.now(), target_end=timezone.now(), ), ) testfile.close() return findings
def test_parse_file_with_one_vuln_has_one_finding(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-one-vuln.xml") parser = NiktoXMLParser(testfile, test) self.assertEqual(1, len(parser.items))
def test_parse_file_3_1_9_ios(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/mobsf/ios.json") parser = MobSFParser(testfile, test) testfile.close()
def init(self, reportFilename): my_file_handle = open(reportFilename) product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement return my_file_handle, product, engagement, test
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-many-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) self.assertTrue(len(findings) == 10)
def test_parse_file_with_old_format(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-old-format.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) self.assertEqual(1, len(findings))
def setUp(self): tool_type = Tool_Type.objects.create(name='SonarQube') Tool_Configuration.objects.create(name='SonarQube', tool_type=tool_type, authentication_type="API") product = Product(name='product') engagement = Engagement(product=product) self.test = Test(engagement=engagement)
def test_parse_file_with_no_vuln_has_no_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( "dojo/unittests/scans/microfocus_webinspect/Webinspect_no_vuln.xml" ) parser = MicrofocusWebinspectXMLParser(testfile, test) self.assertEqual(0, len(parser.items))
def test_parse_file_with_no_vuln_has_no_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open(get_unit_tests_path() + "/scans/microfocus_webinspect/Webinspect_no_vuln.xml") parser = MicrofocusWebinspectParser() findings = parser.get_findings(testfile, test) self.assertEqual(0, len(findings))
def test_parse_file(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/mobsf/report1.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close()
def new_product(request): jform = None if request.method == 'POST': form = ProductForm(request.POST, instance=Product()) if get_system_setting('enable_jira'): jform = JIRAPKeyForm(request.POST, instance=JIRA_PKey()) else: jform = None if form.is_valid(): product = form.save() tags = request.POST.getlist('tags') t = ", ".join('"{0}"'.format(w) for w in tags) product.tags = t messages.add_message(request, messages.SUCCESS, 'Product added successfully.', extra_tags='alert-success') if get_system_setting('enable_jira'): if jform.is_valid(): jira_pkey = jform.save(commit=False) if jira_pkey.conf is not None: jira_pkey.product = product jira_pkey.save() messages.add_message( request, messages.SUCCESS, 'JIRA information added successfully.', extra_tags='alert-success') # SonarQube API Configuration sonarqube_form = Sonarqube_ProductForm(request.POST) if sonarqube_form.is_valid(): sonarqube_product = sonarqube_form.save(commit=False) sonarqube_product.product = product sonarqube_product.save() create_notification(event='product_added', title=product.name, url=reverse('view_product', args=(product.id, ))) return HttpResponseRedirect( reverse('view_product', args=(product.id, ))) else: form = ProductForm() if get_system_setting('enable_jira'): jform = JIRAPKeyForm() else: jform = None add_breadcrumb(title="New Product", top_level=False, request=request) return render(request, 'dojo/new_product.html', { 'form': form, 'jform': jform, 'sonarqube_form': Sonarqube_ProductForm() })
def test_parse_file_with_no_vulnerabilities_has_no_findings(self): my_file_handle = open("dojo/unittests/scans/checkmarx/no_finding.xml") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = CheckmarxXMLParser(my_file_handle, test) my_file_handle.close() self.assertEqual(0, len(self.parser.items))
def test_validate_more(self): testfile = 'dojo/unittests/scans/burp_api/many_vulns.json' with open(testfile) as f: test = Test() test.engagement = Engagement() test.engagement.product = Product() parser = BurpApiParser(f, test) for item in parser.items: item.clean() self.assertIsNotNone(item.impact)
def setUp(self): p = Product() p.Name = 'Test Product' p.Description = 'Product for Testing Endpoint functionality' p.save() e = Endpoint() e.product = p e.host = '127.0.0.1' e.save()
def test_parse_file_3_1_9_ios(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/mobsf/ios.json") parser = MobSFParser() findings = parser.get_findings(testfile, test) testfile.close() self.assertEqual(11, len(findings))
def setUp(self): product = Product.objects.get(name='product') engagement = Engagement(product=product) self.test = Test( engagement=engagement, sonarqube_config=Sonarqube_Product.objects.all().last()) other_product = Product(name='other product') other_engagement = Engagement(product=other_product) self.other_test = Test( engagement=other_engagement, sonarqube_config=Sonarqube_Product.objects.all().last())
def test_parse_file_with_no_vulnerabilities_has_no_findings(self): my_file_handle = open( "dojo/unittests/scans/sonarqube/sonar-no-finding.html") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = SonarQubeHtmlParser(my_file_handle, test) my_file_handle.close() self.assertEqual(0, len(self.parser.items))
def test_parse_file_with_utf8_various_non_ascii_char(self): my_file_handle = open( "dojo/unittests/scans/checkmarx/utf8_various_non_ascii_char.xml") product = Product() engagement = Engagement() test = Test() engagement.product = product test.engagement = engagement self.parser = CheckmarxXMLParser(my_file_handle, test) my_file_handle.close() self.assertEqual(1, len(self.parser.items))
def test_validate(self): testfile = "dojo/unittests/scans/burp_suite_pro/example.json" with open(testfile) as f: test = Test() test.engagement = Engagement() test.engagement.product = Product() parser = BurpApiParser() findings = parser.get_findings(f, test) for item in findings: item.clean() self.assertIsNotNone(item.impact)
def test_appspider_parser_has_one_finding(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open("dojo/unittests/scans/appspider/one_vuln.xml") parser = AppSpiderXMLParser(testfile, test) testfile.close() self.assertEqual(1, len(parser.items)) item = parser.items[0] with self.subTest(item=0): self.assertEqual(525, item.cwe)
def test_parse_file_with_one_vuln_has_one_finding(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("dojo/unittests/scans/nikto/nikto-report-one-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(1, len(findings))
def test_parse_file_with_one_vuln_has_one_findings(self): test = Test() test.engagement = Engagement() test.engagement.product = Product() testfile = open( "dojo/unittests/scans/microfocus_webinspect/Webinspect_one_vuln.xml" ) parser = MicrofocusWebinspectXMLParser(testfile, test) self.assertEqual(1, len(parser.items)) item = parser.items[0] self.assertEqual(200, item.cwe) self.assertLess(0, len(item.unsaved_endpoints))
def create_product(self, name, *args, description='dummy description', prod_type=None, **kwargs): if not prod_type: prod_type = Product_Type.objects.first() product = Product(name=name, description=description, prod_type=prod_type) product.save()
def test_parse_file_with_multiple_vuln_has_multiple_findings(self): test = Test() engagement = Engagement() engagement.product = Product() test.engagement = engagement testfile = open("unittests/scans/nikto/nikto-report-many-vuln.xml") parser = NiktoParser() findings = parser.get_findings(testfile, test) for finding in findings: for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertTrue(len(findings) == 10)
def setUp(self): product = Product.objects.get(name='product') engagement = Engagement(product=product) self.test = Test(engagement=engagement, api_scan_configuration=Product_API_Scan_Configuration. objects.all().last()) other_product = Product(name='other product') other_engagement = Engagement(product=other_product) self.other_test = Test( engagement=other_engagement, api_scan_configuration=Product_API_Scan_Configuration.objects.all( ).last())
def setUp(self): self.p = Product() self.p.Name = 'Test Product' self.p.Description = 'Product for Testing Endpoint functionality' self.p.save() self.e = Endpoint() self.e.product = self.p self.e.host = '127.0.0.1' self.e.save() self.util = EndpointMetaDataTestUtil() self.util.save_custom_field(self.e, 'TestField', 'TestValue')