def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.dbManager = mock()
self.changesController = mock()
self.reportManager = mock()
self.dbManager = DbManager()
self.mappersManager = MapperManager()
self.model_controller = controller.ModelController(
mock(), self.mappersManager)
self.workspace_manager = WorkspaceManager(self.dbManager,
self.mappersManager,
self.changesController,
self.reportManager)
self.workspace_manager.createWorkspace('temp_workspace', 'desc',
DBTYPE.FS)
self.workspace_manager.openWorkspace('temp_workspace')
self._plugin_controller = PluginControllerForApi(
"test", {
"nmap": nmap_plugin.NmapPlugin(),
"nessus": nessus_plugin.NessusPlugin()
}, mock())
api.setUpAPIs(self.model_controller, self.workspace_manager)
class NetsparkerPluginTest(unittest.TestCase):
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.model_controller = controller.ModelController(mock())
self.workspace = mock(Workspace)
when(self.workspace).getContainee().thenReturn(ModelObjectContainer())
self.cm = mock(CommandManager)
when(self.cm).saveCommand().thenReturn(True)
self.model_controller.setWorkspace(self.workspace)
self._plugin_controller = PluginControllerForApi(
"test", {"netsparker": plugin.NetsparkerPlugin()}, self.cm)
api.setUpAPIs(self.model_controller)
def test_report(self):
output_file = open(
os.path.join(os.getcwd(),
'test_cases/data/netsparker_plugin_with_api.xml'))
output = output_file.read()
self._plugin_controller.processCommandInput("./netsparker report")
self._plugin_controller.onCommandFinished("./netsparker report",
output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 1,
"Not all hosts added to model")
class PluginControllerAPI(RESTApi):
def __init__(self, plugin_manager, mapper_manager):
self.plugin_controller = PluginControllerForApi(
"PluginController",
plugin_manager.getPlugins(),
mapper_manager)
def getRoutes(self):
routes = []
routes.append(Route(path='/cmd/input',
view_func=self.postCmdInput,
methods=['POST']))
routes.append(Route(path='/cmd/output',
view_func=self.postCmdOutput,
methods=['POST']))
routes.append(Route(path='/cmd/active-plugins',
view_func=self.clearActivePlugins,
methods=['DELETE']))
return routes
def pluginAvailable(self, new_cmd, output_file):
code = 200
return jsonify(code=code,
cmd=new_cmd,
custom_output_file=output_file)
def postCmdInput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
cmd = json_data.get('cmd')
has_plugin, new_cmd, output_file = self.plugin_controller.\
processCommandInput(cmd)
if has_plugin:
return self.pluginAvailable(new_cmd, output_file)
return self.noContent("no plugin available for cmd")
#cmd not sent, bad request
return self.badRequest("cmd parameter not sent")
def postCmdOutput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
if 'output' in json_data.keys():
cmd = json_data.get('cmd')
output = base64.b64decode(json_data.get('output'))
if self.plugin_controller.onCommandFinished(cmd, output):
return self.ok("output successfully sent to plugin")
return self.badRequest("output received but no active plugin")
return self.badRequest("output parameter not sent")
return self.badRequest("cmd parameter not sent")
def clearActivePlugins(self):
self.plugin_controller.clearActivePlugins()
return self.ok("active plugins cleared")
class PluginControllerAPI(RESTApi):
def __init__(self, plugin_manager, mapper_manager):
self.plugin_controller = PluginControllerForApi(
"PluginController",
plugin_manager.getPlugins(),
mapper_manager)
def getRoutes(self):
routes = []
routes.append(Route(path='/cmd/input',
view_func=self.postCmdInput,
methods=['POST']))
routes.append(Route(path='/cmd/output',
view_func=self.postCmdOutput,
methods=['POST']))
routes.append(Route(path='/cmd/active-plugins',
view_func=self.clearActivePlugins,
methods=['DELETE']))
return routes
def pluginAvailable(self, new_cmd, output_file):
code = 200
return jsonify(code=code,
cmd=new_cmd,
custom_output_file=output_file)
def postCmdInput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
cmd = json_data.get('cmd')
has_plugin, new_cmd, output_file = self.plugin_controller.\
processCommandInput(cmd)
if has_plugin:
return self.pluginAvailable(new_cmd, output_file)
return self.noContent("no plugin available for cmd")
#cmd not sent, bad request
return self.badRequest("cmd parameter not sent")
def postCmdOutput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
if 'output' in json_data.keys():
cmd = json_data.get('cmd')
output = base64.b64decode(json_data.get('output'))
if self.plugin_controller.onCommandFinished(cmd, output):
return self.ok("output successfully sent to plugin")
return self.badRequest("output received but no active plugin")
return self.badRequest("output parameter not sent")
return self.badRequest("cmd parameter not sent")
def clearActivePlugins(self):
self.plugin_controller.clearActivePlugins()
return self.ok("active plugins cleared")
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.model_controller = controller.ModelController(mock())
self.workspace = mock(Workspace)
when(self.workspace).getContainee().thenReturn(ModelObjectContainer())
self.cm = mock(CommandManager)
when(self.cm).saveCommand().thenReturn(True)
self.model_controller.setWorkspace(self.workspace)
self._plugin_controller = PluginControllerForApi("test", {"netsparker": plugin.NessusPlugin()}, self.cm)
api.setUpAPIs(self.model_controller)
class PluginsToModelControllerIntegration(unittest.TestCase):
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.dbManager = mock()
self.changesController = mock()
self.reportManager = mock()
self.dbManager = DbManager()
self.mappersManager = MapperManager()
self.model_controller = controller.ModelController(mock(), self.mappersManager)
self.workspace_manager = WorkspaceManager(self.dbManager,
self.mappersManager,
self.changesController,
self.reportManager)
self.workspace_manager.createWorkspace('temp_workspace', 'desc', DBTYPE.FS)
self.workspace_manager.openWorkspace('temp_workspace')
self._plugin_controller = PluginControllerForApi("test", {"nmap": nmap_plugin.NmapPlugin(),
"nessus": nessus_plugin.NessusPlugin()}, mock())
api.setUpAPIs(self.model_controller, self.workspace_manager)
def tearDown(self):
self.workspace_manager.removeWorkspace('temp_workspace')
def test_nmap_scan_saves_host(self):
output_file = open(os.path.join(os.getcwd(), 'test_cases/data/nmap_plugin_with_api.xml'))
output = output_file.read()
self._plugin_controller.processCommandInput("nmap localhost")
self._plugin_controller.onCommandFinished("nmap localhost", output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 1,
"Not all hosts added to model")
host = self.model_controller.getAllHosts()[0]
self.assertEquals(len(host.getAllInterfaces()), 1,
"Not all interfaces added to model")
interface = host.getAllInterfaces()[0]
self.assertEquals(len(interface.getAllServices()), 3,
"Not all services added to model")
services = interface.getAllServices()
self.assertTrue(all( [ s.getStatus() == 'open' for s in services]),
"Port status not saved correctly")
def test_nessus_scan_saves_host(self):
output_file = open(os.path.join(os.getcwd(), 'test_cases/data/nessus_plugin_with_api.nessus'))
output = output_file.read()
self._plugin_controller.processCommandInput("./nessus report")
self._plugin_controller.onCommandFinished("./nessus report", output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 7,
"Not all hosts added to model")
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.model_controller = controller.ModelController(mock())
self.workspace = mock(Workspace)
when(self.workspace).getContainee().thenReturn(ModelObjectContainer())
self.cm = mock(CommandManager)
when(self.cm).saveCommand().thenReturn(True)
self.model_controller.setWorkspace(self.workspace)
self._plugin_controller = PluginControllerForApi("test", {"netsparker": plugin.NetsparkerPlugin()}, self.cm)
api.setUpAPIs(self.model_controller)
class NetsparkerPluginTest(unittest.TestCase):
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.model_controller = controller.ModelController(mock())
self.workspace = mock(Workspace)
when(self.workspace).getContainee().thenReturn(ModelObjectContainer())
self.cm = mock(CommandManager)
when(self.cm).saveCommand().thenReturn(True)
self.model_controller.setWorkspace(self.workspace)
self._plugin_controller = PluginControllerForApi("test", {"netsparker": plugin.NetsparkerPlugin()}, self.cm)
api.setUpAPIs(self.model_controller)
def test_report(self):
output_file = open(os.path.join(os.getcwd(), "test_cases/data/netsparker_plugin_with_api.xml"))
output = output_file.read()
self._plugin_controller.processCommandInput("./netsparker report")
self._plugin_controller.onCommandFinished("./netsparker report", output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 1, "Not all hosts added to model")
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.dbManager = mock()
self.changesController = mock()
self.reportManager = mock()
self.dbManager = DbManager()
self.mappersManager = MapperManager()
self.model_controller = controller.ModelController(mock(), self.mappersManager)
self.workspace_manager = WorkspaceManager(self.dbManager,
self.mappersManager,
self.changesController,
self.reportManager)
self.workspace_manager.createWorkspace('temp_workspace', 'desc', DBTYPE.FS)
self.workspace_manager.openWorkspace('temp_workspace')
self._plugin_controller = PluginControllerForApi("test", {"nmap": nmap_plugin.NmapPlugin(),
"nessus": nessus_plugin.NessusPlugin()}, mock())
api.setUpAPIs(self.model_controller, self.workspace_manager)
def __init__(self, plugin_manager):
self.plugin_controller = PluginControllerForApi("PluginController", plugin_manager.getPlugins(), CommandManager())
def __init__(self, plugin_manager, mapper_manager):
self.plugin_controller = PluginControllerForApi(
"PluginController",
plugin_manager.getPlugins(),
mapper_manager)
class PluginsToModelControllerIntegration(unittest.TestCase):
def setUp(self):
"""
Generic test to verify that the object exists and can be
instantiated without problems.
"""
self.dbManager = mock()
self.changesController = mock()
self.reportManager = mock()
self.dbManager = DbManager()
self.mappersManager = MapperManager()
self.model_controller = controller.ModelController(
mock(), self.mappersManager)
self.workspace_manager = WorkspaceManager(self.dbManager,
self.mappersManager,
self.changesController,
self.reportManager)
self.workspace_manager.createWorkspace('temp_workspace', 'desc',
DBTYPE.FS)
self.workspace_manager.openWorkspace('temp_workspace')
self._plugin_controller = PluginControllerForApi(
"test", {
"nmap": nmap_plugin.NmapPlugin(),
"nessus": nessus_plugin.NessusPlugin()
}, mock())
api.setUpAPIs(self.model_controller, self.workspace_manager)
def tearDown(self):
self.workspace_manager.removeWorkspace('temp_workspace')
def test_nmap_scan_saves_host(self):
output_file = open(
os.path.join(os.getcwd(),
'test_cases/data/nmap_plugin_with_api.xml'))
output = output_file.read()
self._plugin_controller.processCommandInput("nmap localhost")
self._plugin_controller.onCommandFinished("nmap localhost", output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 1,
"Not all hosts added to model")
host = self.model_controller.getAllHosts()[0]
self.assertEquals(len(host.getAllInterfaces()), 1,
"Not all interfaces added to model")
interface = host.getAllInterfaces()[0]
self.assertEquals(len(interface.getAllServices()), 3,
"Not all services added to model")
services = interface.getAllServices()
self.assertTrue(all([s.getStatus() == 'open' for s in services]),
"Port status not saved correctly")
def test_nessus_scan_saves_host(self):
output_file = open(
os.path.join(os.getcwd(),
'test_cases/data/nessus_plugin_with_api.nessus'))
output = output_file.read()
self._plugin_controller.processCommandInput("./nessus report")
self._plugin_controller.onCommandFinished("./nessus report", output)
self.model_controller.processAllPendingActions()
self.assertEquals(len(self.model_controller.getAllHosts()), 7,
"Not all hosts added to model")
def __init__(self, plugin_manager, hostname, port):
self.plugin_controller = PluginControllerForApi("PluginController", plugin_manager.getPlugins(), CommandManager())
self.app = Flask(__name__.split('.')[0])
self.addRoutes()
self.hostname = hostname
self.port = port
class PluginControllerAPI(object):
def __init__(self, plugin_manager, hostname, port):
self.plugin_controller = PluginControllerForApi("PluginController", plugin_manager.getPlugins(), CommandManager())
self.app = Flask(__name__.split('.')[0])
self.addRoutes()
self.hostname = hostname
self.port = port
#self.api = Api(self.app)
def getApp(self):
return self.app
#def run(self):
# self.app.run(host=self.hostname, port=self.port)
def addRoutes(self):
self.app.add_url_rule('/cmd/input',
view_func=self.postCmdInput,
methods=['POST'])
self.app.add_url_rule('/cmd/output',
view_func=self.postCmdOutput,
methods=['POST'])
self.app.add_url_rule('/cmd/active-plugins',
view_func=self.clearActivePlugins,
methods=['DELETE'])
def startAPI(self):
pass
def stopAPI(self):
pass
def badRequest(self, message):
error = 400
return jsonify(error=error,
message=message), error
def noContent(self, message):
code = 204
return jsonify(code=code,
message=message), code
def pluginAvailable(self, new_cmd, output_file):
code = 200
return jsonify(code=code,
cmd=new_cmd,
custom_output_file=output_file)
def ok(self, message):
code = 200
return jsonify(code=code,
message=message)
def postCmdInput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
cmd = json_data.get('cmd')
has_plugin, new_cmd, output_file = self.plugin_controller.\
processCommandInput(cmd)
if has_plugin:
return self.pluginAvailable(new_cmd, output_file)
return self.noContent("no plugin available for cmd")
#cmd not sent, bad request
return self.badRequest("cmd parameter not sent")
def postCmdOutput(self):
json_data = request.get_json()
if 'cmd' in json_data.keys():
if 'output' in json_data.keys():
cmd = json_data.get('cmd')
output = base64.b64decode(json_data.get('output'))
if self.plugin_controller.onCommandFinished(cmd, output):
return self.ok("output successfully sent to plugin")
return self.badRequest("output received but no active plugin")
return self.badRequest("output parameter not sent")
return self.badRequest("cmd parameter not sent")
def clearActivePlugins(self):
self.plugin_controller.clearActivePlugins()
return self.ok("active plugins cleared")
def __init__(self, plugin_manager, mapper_manager):
self.plugin_controller = PluginControllerForApi(
"PluginController",
plugin_manager.getPlugins(),
mapper_manager)