def test_parse_file_with_various_cwes(self):
testfile = open("unittests/scans/gitlab_sast/gl-sast-report-cwe.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertTrue(len(findings) == 3)
self.assertEqual(79, findings[0].cwe)
self.assertEqual(89, findings[1].cwe)
self.assertEqual(None, findings[2].cwe)
def test_parse_file_issue4336(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report_issue4344.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(1, len(findings))
finding = findings[0]
self.assertEqual("[None severity] Potential XSS vulnerability",
finding.title)
def test_parse_file_with_one_vuln_has_one_finding(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(1, len(findings))
finding = findings[0]
self.assertEqual("Password in URL", finding.title)
self.assertEqual("Critical", finding.severity)
def test_parse_file_with_various_confidences(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-confidence.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertTrue(len(findings) == 8)
i = 0
for item in findings:
self.assertTrue(item.cwe is None or isinstance(item.cwe, int))
self.assertEqual(item.get_scanner_confidence_text(),
get_confidence_defectdojo(i))
i = i + 1
def test_with_scan(self):
testfile = open(
"unittests/scans/gitlab_sast/gl-sast-report-confidence.json")
parser = GitlabSastParser()
tests = parser.get_tests(None, testfile)
self.assertEqual(1, len(tests))
test = tests[0]
self.assertEqual("njsscan", test.name)
self.assertEqual("njsscan", test.type)
self.assertEqual("0.1.9", test.version)
findings = test.findings
self.assertEqual(8, len(findings))
def test_without_scan(self):
testfile = open(
"unittests/scans/gitlab_sast/gl-sast-report-1-vuln.json")
parser = GitlabSastParser()
tests = parser.get_tests(None, testfile)
self.assertEqual(1, len(tests))
test = tests[0]
self.assertIsNone(test.name)
self.assertIsNone(test.type)
self.assertIsNone(test.version)
findings = test.findings
self.assertEqual(1, len(findings))
def test_parse_file_with_multiple_vuln_has_multiple_findings(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertTrue(3, len(findings))
finding = findings[0]
self.assertEqual("Password in URL", finding.title)
self.assertEqual("Critical", finding.severity)
finding = findings[1]
self.assertEqual("Password in URL", finding.title)
self.assertEqual("Critical", finding.severity)
finding = findings[2]
self.assertEqual("PKCS8 key", finding.title)
self.assertEqual("Critical", finding.severity)
def test_import_scan_without_test_scan_type(self):
# GitLabSastParser implements get_tests but report has no scanner name
scan = open(get_unit_tests_path() + "/scans/gitlab_sast/gl-sast-report-1-vuln.json")
scan_type = GitlabSastParser().get_scan_types()[0]
user, _ = User.objects.get_or_create(username="******")
user_reporter, _ = User.objects.get_or_create(username="******")
product_type, _ = Product_Type.objects.get_or_create(name="test2")
product, _ = Product.objects.get_or_create(
name="TestDojoDefaultImporter2",
prod_type=product_type,
)
engagement, _ = Engagement.objects.get_or_create(
name="Test Create Engagement2",
product=product,
target_start=timezone.now(),
target_end=timezone.now(),
)
importer = Importer()
scan_date = None
environment, _ = Development_Environment.objects.get_or_create(name="Development")
test, len_new_findings, len_closed_findings, _ = importer.import_scan(scan, scan_type, engagement, lead=None, environment=environment,
active=True, verified=True, tags=None, minimum_severity=None,
user=user, endpoints_to_add=None, scan_date=scan_date, version=None, branch_tag=None, build_id=None,
commit_hash=None, push_to_jira=None, close_old_findings=False, group_by=None, api_scan_configuration=None)
self.assertEqual("GitLab SAST Report", test.test_type.name)
self.assertEqual(1, len_new_findings)
self.assertEqual(0, len_closed_findings)
def test_parse_file_with_various_confidences(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-confidence.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertTrue(len(findings) == 8)
for item in findings:
self.assertTrue(item.cwe is None or isinstance(item.cwe, int))
finding = findings[3]
self.assertEqual("Tentative", finding.get_scanner_confidence_text())
finding = findings[4]
self.assertEqual("Tentative", finding.get_scanner_confidence_text())
finding = findings[5]
self.assertEqual("Firm", finding.get_scanner_confidence_text())
finding = findings[6]
self.assertEqual("Firm", finding.get_scanner_confidence_text())
finding = findings[7]
self.assertEqual("Certain", finding.get_scanner_confidence_text())
def test_parse_file_with_no_vuln_has_no_findings(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-0-vuln.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(0, len(findings))
def test_parse_file_with_multiple_vuln_has_multiple_findings(self):
testfile = open(
"dojo/unittests/scans/gitlab_sast/gl-sast-report-many-vuln.json")
parser = GitlabSastParser()
findings = parser.get_findings(testfile, Test())
self.assertTrue(len(findings) > 2)
