def test_add_file_finding_level(self):
# print("\n\nDebug Print Log: testing 'add image' \n")
# The Name of the Finding created by test_add_product_finding => 'App Vulnerable to XSS'
# Test To Add Finding To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to All Finding page
self.goto_all_findings_list(driver)
# Select and click on the particular finding to edit
driver.find_element_by_link_text("App Vulnerable to XSS").click()
# Click on the 'dropdownMenu1 button'
driver.find_element_by_id("dropdownMenu1").click()
# Click on `Edit Finding`
driver.find_element_by_link_text("Manage Files").click()
# select first file input field: form-0-image
# Set full image path for image file 'strange.png
image_path = os.path.join(dir_path, 'finding_image.png')
driver.find_element_by_id("id_form-0-title").send_keys('Finding Title')
driver.find_element_by_id("id_form-0-file").send_keys(image_path)
# Save uploaded image
with WaitForPageLoad(driver, timeout=50):
driver.find_element_by_css_selector(
"button.btn.btn-success").click()
# Query the site to determine if the finding has been added
# Assert ot the query to dtermine status of failure
self.assertTrue(
self.is_success_message_present(text='Files updated successfully'))
def test_import_scan_result(self):
driver = self.driver
# Navigate to All Finding page
self.goto_all_findings_list(driver)
# Select and click on the particular finding to edit
driver.find_element_by_link_text("App Vulnerable to XSS").click()
# Click on the 'Finding' dropdown menubar
driver.find_element_by_partial_link_text("Findings").click()
# Click on `Import Scan Results` link text
driver.find_element_by_link_text("Import Scan Results").click()
# Select `ZAP Scan` as Scan Type
Select(driver.find_element_by_id("id_scan_type")).select_by_visible_text('ZAP Scan')
# Select `Default` as the Environment
Select(driver.find_element_by_id("id_environment")).select_by_visible_text('Development')
# upload scan file
file_path = os.path.join(dir_path, 'zap_sample.xml')
driver.find_element_by_name("file").send_keys(file_path)
# Click Submit button
with WaitForPageLoad(driver, timeout=50):
driver.find_elements_by_css_selector("button.btn.btn-primary")[1].click()
# Query the site to determine if the finding has been added
# print("\n\nDebug Print Log: findingTxt fetched: {}\n".format(productTxt))
# print("Checking for '.*ZAP Scan processed a total of 4 findings.*'")
# Assert ot the query to dtermine status of failure
self.assertTrue(self.is_success_message_present(text='ZAP Scan processed a total of 4 findings'))
def test_add_test_finding(self):
# Test To Add Finding To Test
# Login to the site.
driver = self.driver
# Navigate to the engagement page
self.goto_active_engagements_overview(driver)
# Select a previously created engagement title
driver.find_element_by_partial_link_text("Beta Test").click()
# "Click" the dropdown button to see options
test_menu = driver.find_element_by_id("test-menu")
test_menu.click()
driver.find_element_by_link_text("Add Finding to Test").click()
# Keep a good practice of clearing field before entering value
# fill up at least all required input field options.
# fields: 'Title', 'Date', 'Severity', 'Description', 'Mitigation' and 'Impact'
# finding Title
driver.find_element_by_id("id_title").clear()
driver.find_element_by_id("id_title").send_keys(
"App Vulnerable to XSS2")
# finding Date as a default value and can be safely skipped
# finding Severity
Select(driver.find_element_by_id(
"id_severity")).select_by_visible_text("High")
# cvss
driver.find_element_by_id("id_cvssv3").send_keys(
"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H")
# finding Description
driver.find_element_by_id("id_cvssv3").send_keys(
Keys.TAB, "This is just a Test Case Finding2")
# Finding Mitigation
# Use Javascript to bypass the editor by making Setting textArea style from none to inline
# Any Text written to textarea automatically reflects in Editor field.
driver.execute_script(
"document.getElementsByName('mitigation')[0].style.display = 'inline'"
)
driver.find_element_by_name("mitigation").send_keys(
Keys.TAB, "How to mitigate this finding2")
# Finding Impact
# Use Javascript to bypass the editor by making Setting textArea style from none to inline
# Any Text written to textarea automatically reflects in Editor field.
driver.execute_script(
"document.getElementsByName('impact')[0].style.display = 'inline'")
driver.find_element_by_name("impact").send_keys(
Keys.TAB, "This has a very critical effect on production2")
# Add an endpoint
driver.find_element_by_id("id_endpoints_to_add").send_keys(
"product2.finding.com")
# "Click" the Done button to Add the finding with other defaults
with WaitForPageLoad(driver, timeout=30):
driver.find_element_by_xpath("//input[@name='_Finished']").click()
# Query the site to determine if the finding has been added
# Assert to the query to dtermine status of failure
self.assertTrue(
self.is_text_present_on_page(text='App Vulnerable to XSS2'))
# Select and click on the finding to check if endpoint has been added
driver.find_element_by_link_text("App Vulnerable to XSS2").click()
self.assertTrue(
self.is_text_present_on_page(text='product2.finding.com'))
def test_add_file_test_level(self):
# View existing test from ProductTest()
# Login to the site.
driver = self.login_page()
# goto engagemnent list (and wait for javascript to load)
self.goto_all_engagements_overview(driver)
# Select a previously created engagement title
driver.find_element(By.PARTIAL_LINK_TEXT, "Ad Hoc Engagement").click()
driver.find_element(By.PARTIAL_LINK_TEXT, "Pen Test").click()
driver.find_element(By.NAME, "Manage Files").click()
# select first file input field: form-0-image
# Set full image path for image file 'strange.png
image_path = os.path.join(dir_path, 'finding_image.png')
driver.find_element(By.ID, "id_form-0-title").send_keys('Test Title')
driver.find_element(By.ID, "id_form-0-file").send_keys(image_path)
# Save uploaded image
with WaitForPageLoad(driver, timeout=50):
driver.find_element(By.CSS_SELECTOR, "button.btn.btn-success").click()
# Query the site to determine if the finding has been added
# Assert ot the query to dtermine status of failure
self.assertTrue(self.is_success_message_present(text='Files updated successfully'))
