Пример #1
0
def test_get_vulnweb_evidence(vulnerability_web_factory, depotfile, session):
    # Use vuln web to ensure its parent is a service and not a host
    all_vulns = vulnerability_web_factory.create_batch(10)
    session.commit()
    vuln = all_vulns[0]

    correct_file = File(filename='faraday.png',
                        object_id=vuln.id,
                        object_type='vulnerability',
                        content=depotfile)
    session.add(
        File(filename='faraday.png',
             object_id=vuln.service_id,
             object_type='service',
             content=depotfile))
    session.add(correct_file)

    for other_vuln in all_vulns[1:]:
        session.add(
            File(filename='faraday.png',
                 object_id=other_vuln.id,
                 object_type='vulnerability',
                 content=depotfile))
        session.add(
            File(filename='faraday.png',
                 object_id=other_vuln.service_id,
                 object_type='service',
                 content=depotfile))

    session.commit()
    assert vuln.evidence == [correct_file]
Пример #2
0
def test_add_vulnweb_evidence(vulnerability_web, depotfile, session):
    session.commit()
    file_ = File(filename='faraday.png', content=depotfile)
    vulnerability_web.evidence.append(file_)
    session.commit()
    assert len(vulnerability_web.evidence) == 1
    assert vulnerability_web.evidence[0].object_type == 'vulnerability'
    assert vulnerability_web.evidence[0].object_id == vulnerability_web.id
Пример #3
0
    def populate(self, workspace, service, session, user,
                 vulnerability_factory, credential_factory,
                 empty_command_factory):
        session.commit()
        self.session = session
        assert service.workspace_id == workspace.id

        workspace.set_scope(['*.infobytesec.com', '192.168.1.0/24'])
        self.user = user
        self.workspace = workspace
        self.permission = WorkspacePermission(user=user, workspace=workspace)
        session.add(self.permission)
        self.host = service.host
        self.host.set_hostnames(['a.com', 'b.com'])
        self.service = service

        self.host_cred = credential_factory.create(
            host=self.host,
            service=None,
            workspace=workspace,
            creator=user,
        )

        self.service_cred = credential_factory.create(
            host=None,
            service=service,
            workspace=workspace,
            creator=user,
        )

        self.host_vuln = vulnerability_factory.create(
            host=self.host,
            service=None,
            workspace=workspace,
            creator=user,
        )

        self.service_vuln = vulnerability_factory.create(
            host=None,
            service=service,
            workspace=workspace,
            creator=user,
        )

        session.flush()
        for vuln in [self.host_vuln, self.service_vuln]:
            vuln.references = ['CVE-1234', 'CVE-4331']
            vuln.policy_violations = ["PCI-DSS"]

        self.attachment = File(
            name='test.png',
            filename='test.png',
            content=b'test',
            object_type='vulnerability',
            object_id=self.service_vuln.id,
            creator=user,
        )
        self.session.add(self.attachment)

        self.host_attachment = File(
            name='test.png',
            filename='test.png',
            content=b'test',
            object_type='host',
            object_id=self.host.id,
            creator=user,
        )
        self.session.add(self.host_attachment)

        self.comment = Comment(
            text="test",
            object_type='host',
            object_id=self.host.id,
            workspace=self.workspace,
            creator=user,
        )
        self.session.add(self.comment)

        self.reply_comment = Comment(
            text="ok",
            object_type='host',
            object_id=self.host.id,
            workspace=self.workspace,
            reply_to=self.comment,
            creator=user,
        )

        self.command = empty_command_factory.create(workspace=workspace,
                                                    creator=user)
        CommandObject.create(self.host_vuln, self.command)
        CommandObject.create(self.service_vuln, self.command)

        self.methodology_template = MethodologyTemplate(name="test", )
        session.add(self.methodology_template)

        self.methodology_template_task = TaskTemplate(
            name="aaaa", template=self.methodology_template)
        session.add(self.methodology_template)

        self.methodology = Methodology(name="test",
                                       template=self.methodology_template,
                                       workspace=self.workspace)
        session.add(self.methodology)

        self.methodology_task = Task(name="aaaa",
                                     workspace=self.workspace,
                                     template=self.methodology_template_task,
                                     methodology=self.methodology)
        session.add(self.methodology_template_task)

        self.methodology_task_assigned = TaskAssignedTo(
            task=self.methodology_task,
            user=self.user,
        )
        session.add(self.methodology_task_assigned)

        session.commit()