def test_add_file_finding_level(self): # print("\n\nDebug Print Log: testing 'add image' \n") # The Name of the Finding created by test_add_product_finding => 'App Vulnerable to XSS' # Test To Add Finding To product # login to site, password set to fetch from environ driver = self.login_page() # Navigate to All Finding page self.goto_all_findings_list(driver) # Select and click on the particular finding to edit driver.find_element_by_link_text("App Vulnerable to XSS").click() # Click on the 'dropdownMenu1 button' driver.find_element_by_id("dropdownMenu1").click() # Click on `Edit Finding` driver.find_element_by_link_text("Manage Files").click() # select first file input field: form-0-image # Set full image path for image file 'strange.png image_path = os.path.join(dir_path, 'finding_image.png') driver.find_element_by_id("id_form-0-title").send_keys('Finding Title') driver.find_element_by_id("id_form-0-file").send_keys(image_path) # Save uploaded image with WaitForPageLoad(driver, timeout=50): driver.find_element_by_css_selector( "button.btn.btn-success").click() # Query the site to determine if the finding has been added # Assert ot the query to dtermine status of failure self.assertTrue( self.is_success_message_present(text='Files updated successfully'))
def test_import_scan_result(self): driver = self.driver # Navigate to All Finding page self.goto_all_findings_list(driver) # Select and click on the particular finding to edit driver.find_element_by_link_text("App Vulnerable to XSS").click() # Click on the 'Finding' dropdown menubar driver.find_element_by_partial_link_text("Findings").click() # Click on `Import Scan Results` link text driver.find_element_by_link_text("Import Scan Results").click() # Select `ZAP Scan` as Scan Type Select(driver.find_element_by_id("id_scan_type")).select_by_visible_text('ZAP Scan') # Select `Default` as the Environment Select(driver.find_element_by_id("id_environment")).select_by_visible_text('Development') # upload scan file file_path = os.path.join(dir_path, 'zap_sample.xml') driver.find_element_by_name("file").send_keys(file_path) # Click Submit button with WaitForPageLoad(driver, timeout=50): driver.find_elements_by_css_selector("button.btn.btn-primary")[1].click() # Query the site to determine if the finding has been added # print("\n\nDebug Print Log: findingTxt fetched: {}\n".format(productTxt)) # print("Checking for '.*ZAP Scan processed a total of 4 findings.*'") # Assert ot the query to dtermine status of failure self.assertTrue(self.is_success_message_present(text='ZAP Scan processed a total of 4 findings'))
def test_add_test_finding(self): # Test To Add Finding To Test # Login to the site. driver = self.driver # Navigate to the engagement page self.goto_active_engagements_overview(driver) # Select a previously created engagement title driver.find_element_by_partial_link_text("Beta Test").click() # "Click" the dropdown button to see options test_menu = driver.find_element_by_id("test-menu") test_menu.click() driver.find_element_by_link_text("Add Finding to Test").click() # Keep a good practice of clearing field before entering value # fill up at least all required input field options. # fields: 'Title', 'Date', 'Severity', 'Description', 'Mitigation' and 'Impact' # finding Title driver.find_element_by_id("id_title").clear() driver.find_element_by_id("id_title").send_keys( "App Vulnerable to XSS2") # finding Date as a default value and can be safely skipped # finding Severity Select(driver.find_element_by_id( "id_severity")).select_by_visible_text("High") # cvss driver.find_element_by_id("id_cvssv3").send_keys( "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") # finding Description driver.find_element_by_id("id_cvssv3").send_keys( Keys.TAB, "This is just a Test Case Finding2") # Finding Mitigation # Use Javascript to bypass the editor by making Setting textArea style from none to inline # Any Text written to textarea automatically reflects in Editor field. driver.execute_script( "document.getElementsByName('mitigation')[0].style.display = 'inline'" ) driver.find_element_by_name("mitigation").send_keys( Keys.TAB, "How to mitigate this finding2") # Finding Impact # Use Javascript to bypass the editor by making Setting textArea style from none to inline # Any Text written to textarea automatically reflects in Editor field. driver.execute_script( "document.getElementsByName('impact')[0].style.display = 'inline'") driver.find_element_by_name("impact").send_keys( Keys.TAB, "This has a very critical effect on production2") # Add an endpoint driver.find_element_by_id("id_endpoints_to_add").send_keys( "product2.finding.com") # "Click" the Done button to Add the finding with other defaults with WaitForPageLoad(driver, timeout=30): driver.find_element_by_xpath("//input[@name='_Finished']").click() # Query the site to determine if the finding has been added # Assert to the query to dtermine status of failure self.assertTrue( self.is_text_present_on_page(text='App Vulnerable to XSS2')) # Select and click on the finding to check if endpoint has been added driver.find_element_by_link_text("App Vulnerable to XSS2").click() self.assertTrue( self.is_text_present_on_page(text='product2.finding.com'))
def test_add_file_test_level(self): # View existing test from ProductTest() # Login to the site. driver = self.login_page() # goto engagemnent list (and wait for javascript to load) self.goto_all_engagements_overview(driver) # Select a previously created engagement title driver.find_element(By.PARTIAL_LINK_TEXT, "Ad Hoc Engagement").click() driver.find_element(By.PARTIAL_LINK_TEXT, "Pen Test").click() driver.find_element(By.NAME, "Manage Files").click() # select first file input field: form-0-image # Set full image path for image file 'strange.png image_path = os.path.join(dir_path, 'finding_image.png') driver.find_element(By.ID, "id_form-0-title").send_keys('Test Title') driver.find_element(By.ID, "id_form-0-file").send_keys(image_path) # Save uploaded image with WaitForPageLoad(driver, timeout=50): driver.find_element(By.CSS_SELECTOR, "button.btn.btn-success").click() # Query the site to determine if the finding has been added # Assert ot the query to dtermine status of failure self.assertTrue(self.is_success_message_present(text='Files updated successfully'))