def test_delete_vulns_with_dynamic_values(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln1 = VulnerabilityFactory.create(workspace=workspace, name="TEST1") vuln2 = VulnerabilityFactory.create(workspace=workspace, name="TEST2") session.add(workspace) session.add(vuln1) session.add(vuln2) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'DELETE_VULN_{{name}}', 'model': 'Vulnerability', 'object': "regex=^{{name}}", 'actions': ["--DELETE:"], 'values': [{ 'name': 'TEST1' }, { 'name': 'TEST2' }] }] vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 0
def test_bulk_create_with_one_conflict(self, test_client, session, csrf_token): vuln_template = VulnerabilityTemplate(name='conflict_vuln', severity='high') session.add(vuln_template) session.commit() vuln_1 = VulnerabilityFactory.build_dict() vuln_1['name'] = 'conflict_vuln' vuln_1['exploitation'] = vuln_1['severity'] vuln_2 = VulnerabilityFactory.build_dict() vuln_2['exploitation'] = vuln_2['severity'] data = {'csrf_token': csrf_token, 'vulns': [vuln_1, vuln_2]} res = test_client.post( self.check_url('/v2/vulnerability_template/bulk_create/'), json=data) assert res.status_code == 200 assert len(res.json['vulns_with_conflict']) == 1 assert res.json['vulns_with_conflict'][0][1] == vuln_1['name'] assert len(res.json['vulns_created']) == 1 assert res.json['vulns_created'][0][1] == vuln_2['name']
def test_bulk_create_with_conflict_in_every_vuln(self, test_client, session, csrf_token): vuln_template_1 = VulnerabilityTemplate(name='conflict_vuln_1', severity='high') session.add(vuln_template_1) vuln_template_2 = VulnerabilityTemplate(name='conflict_vuln_2', severity='high') session.add(vuln_template_2) session.commit() vuln_1 = VulnerabilityFactory.build_dict() vuln_1['name'] = 'conflict_vuln_1' vuln_1['exploitation'] = vuln_1['severity'] vuln_2 = VulnerabilityFactory.build_dict() vuln_2['name'] = 'conflict_vuln_2' vuln_2['exploitation'] = vuln_2['severity'] data = { 'csrf_token': csrf_token, 'vulns': [vuln_1, vuln_2] } res = test_client.post('/v3/vulnerability_template/bulk_create', json=data) assert res.status_code == 409 assert len(res.json['vulns_with_conflict']) == 2 assert res.json['vulns_with_conflict'][0][1] == vuln_1['name'] assert res.json['vulns_with_conflict'][1][1] == vuln_2['name'] assert len(res.json['vulns_created']) == 0
def test_bulk_delete_with_references(self, test_client, session): previous_creds = Credential.query.count() previous_vulns = Vulnerability.query.count() previous_services = Service.query.count() service_1 = self.factory.create(workspace=self.workspace) service_2 = self.factory.create(workspace=self.workspace) service_3 = self.factory.create(workspace=self.workspace) for _ in range(3): CredentialFactory.create(service=service_1, workspace=self.workspace) VulnerabilityFactory.create(service=service_2, workspace=self.workspace) CredentialFactory.create(service=service_3, workspace=self.workspace) VulnerabilityFactory.create(service=service_3, workspace=self.workspace) session.commit() raw_data = {'ids': [service_1.id, service_2.id, service_3.id]} res = test_client.delete(self.url(), data=raw_data) assert res.status_code == 200 assert res.json['deleted'] == 3
def test_add_ref_to_duplicated_vuln(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln', host=host, service=None) duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln 2', host=host, service=None) session.add(workspace) session.add(vuln) session.add(duplicated_vuln) session.add(host) session.commit() first_vuln_id = vuln.id searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'ADD_REFS_DUPLICATED_VULNS', 'model': 'Vulnerability', 'fields': ['name'], 'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects 'conditions': ['severity=low'], 'actions': ["--UPDATE:refs=REF_TEST"] }] vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vuln1 = session.query(Vulnerability).get(first_vuln_id) assert len(vuln1.references) > 0 assert list(vuln1.references)[0] == 'REF_TEST'
def test_remove_duplicated_by_name(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln', host=host, service=None) duplicated_vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', name='Duplicated Vuln 2', host=host, service=None) session.add(workspace) session.add(vuln) session.add(duplicated_vuln) session.add(host) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'REMOVE_DUPLICATED_VULNS', 'model': 'Vulnerability', 'fields': ['name'], 'object': "severity=low --old", # Without --old param Searcher deletes all duplicated objects 'actions': ["--DELETE:"] }] vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 2 searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 1
def test_verify_created_vulns_with_host_and_service_verification( self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) service = ServiceFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None) session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='service', object_id=service.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) session.commit() res = test_client.get( self.url(workspace=command.workspace) + 'activity_feed/') assert res.status_code == 200 assert res.json == [{ u'_id': command.id, u'command': command.command, u'import_source': u'shell', u'tool': command.tool, u'user': command.user, u'date': time.mktime(command.start_date.timetuple()) * 1000, u'params': command.params, u'hosts_count': 1, u'services_count': 1, u'vulnerabilities_count': 2, u'criticalIssue': 1 }]
def test_bulk_create_without_csrf_token(self, test_client): vuln_1 = VulnerabilityFactory.build_dict() vuln_1['exploitation'] = vuln_1['severity'] vuln_2 = VulnerabilityFactory.build_dict() vuln_2['exploitation'] = vuln_2['severity'] data = { 'vulns': [vuln_1, vuln_2] } res = test_client.post('/v3/vulnerability_template/bulk_create', json=data) assert res.status_code == 403 assert res.json['message'] == 'Invalid CSRF token.'
def populate_workspace(workspace): host = HostFactory.create(workspace=workspace) service = ServiceFactory.create(workspace=workspace, host=host) code = SourceCodeFactory.create(workspace=workspace) # Create non confirmed vulnerabilities # Create standard vulns VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[0], workspace=workspace, host=host, service=None, confirmed=False) VulnerabilityFactory.create_batch(NC_STANDARD_VULN_COUNT[1], workspace=workspace, service=service, host=None, confirmed=False) # Create web vulns VulnerabilityWebFactory.create_batch(NC_WEB_VULN_COUNT, workspace=workspace, service=service, confirmed=False) # Create source code vulns VulnerabilityCodeFactory.create_batch(NC_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code, confirmed=False) # Create confirmed vulnerabilities # Create standard vulns VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[0], workspace=workspace, host=host, service=None, confirmed=True) VulnerabilityFactory.create_batch(C_STANDARD_VULN_COUNT[1], workspace=workspace, service=service, host=None, confirmed=True) # Create web vulns VulnerabilityWebFactory.create_batch(C_WEB_VULN_COUNT, workspace=workspace, service=service, confirmed=True) # Create source code vulns VulnerabilityCodeFactory.create_batch(C_SOURCE_CODE_VULN_COUNT, workspace=workspace, source_code=code, confirmed=True) db.session.commit()
def test_searcher_update_rules(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--UPDATE:severity=med"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.severity == 'medium' check_command(vuln, session)
def test_update_severity_by_creator(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) user = UserFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, tool='Nessus', severity='low', host=host, creator=user, service=None) session.add(workspace) session.add(vuln) session.add(host) session.commit() vuln_id = vuln.id assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY_INSIDE_HOST', 'model': 'Vulnerability', 'object': f'creator={user.username}', # Without --old param Searcher deletes all duplicated objects 'conditions': ['tool=Nessus'], 'actions': ["--UPDATE:severity=info"] }] searcher.process(rules) vuln = session.query(Vulnerability).get(vuln_id) assert vuln.severity == 'informational'
def test_apply_template_by_id(self, api, session, test_client): workspace = WorkspaceFactory.create() template = VulnerabilityTemplateFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=False) session.add(workspace) session.add(vuln) session.add(template) session.commit() template_name = template.name template_id = template.id searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'APPLY_TEMPLATE', 'model': 'Vulnerability', 'object': "severity=low", 'actions': [f"--UPDATE:template={template_id}"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.name == template_name
def test_update_custom_field(self, api, session, test_client): workspace = WorkspaceFactory.create() custom_field = CustomFieldsSchemaFactory.create( table_name='vulnerability', field_name='cfield', field_type='str', field_order=1, field_display_name='CField', ) vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=True) vuln.custom_fields = {'cfield': 'test'} session.add(workspace) session.add(custom_field) session.add(vuln) session.commit() assert vuln.confirmed is True searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_CUSTOM_FIELD', 'model': 'Vulnerability', 'object': "severity=low", 'conditions': ['confirmed=True'], 'actions': ["--UPDATE:cfield=CUSTOM_FIELD_UPDATED"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by(workspace=workspace).first() assert vuln.custom_fields['cfield'] == 'CUSTOM_FIELD_UPDATED' check_command(vuln, session)
def test_mail_notification(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() mail_notification = MailNotification( '*****@*****.**', 'testpass', 'smtp.gmail.com', 587 ) _api = api(workspace, test_client, session) searcher = Searcher(_api, mail_notification=mail_notification) rules = [{ 'id': 'SEND_MAIL', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--ALERT:[email protected]"] }] searcher.process(rules) assert searcher.mail_notification == mail_notification
def test_update_severity_by_values_with_space_2(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, name='Cross-domain Referer leakage', severity='low', service=None) session.add(workspace) session.add(vuln) session.commit() vuln_id = vuln.id assert vuln.severity == 'low' searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY', 'model': 'Vulnerability', 'object': "name=Cross-domain%Referer%leakage", # Without --old param Searcher deletes all duplicated objects 'conditions': ['name=Cross-domain%Referer%leakage'], 'actions': ["--UPDATE:severity=info"] }] searcher.process(rules) vuln = session.query(Vulnerability).get(vuln_id) assert vuln.severity == 'informational'
def test_confirm_vuln(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low', confirmed=False) session.add(workspace) session.add(vuln) session.commit() assert vuln.confirmed is False searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CONFIRM_VULN', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--UPDATE:confirmed=True"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by( workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by( workspace=workspace).first() assert vuln.confirmed is True
def test_vuln_template_bulk_create(self, test_client, csrf_token): vuln_1 = VulnerabilityFactory.build_dict() vuln_1['exploitation'] = vuln_1['severity'] vuln_2 = VulnerabilityFactory.build_dict() vuln_2['exploitation'] = vuln_2['severity'] data = {'csrf_token': csrf_token, 'vulns': [vuln_1, vuln_2]} res = test_client.post( self.check_url('/v2/vulnerability_template/bulk_create/'), json=data) assert res.status_code == 200 vulns_created = res.json['vulns_created'] assert len(vulns_created) == 2 assert vulns_created[0][1] == vuln_1['name'] assert vulns_created[1][1] == vuln_2['name']
def test_update_severity_inside_one_host(self, api, session, test_client): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln1 = VulnerabilityFactory.create(workspace=workspace, severity='low', host=host, service=None) vuln2 = VulnerabilityFactory.create(workspace=workspace, severity='low', host=host, service=None) session.add(workspace) session.add(vuln1) session.add(vuln2) session.add(host) session.commit() parent_id = host.id first_vuln_id = vuln1.id second_vuln_id = vuln2.id assert vuln1.severity == 'low' assert vuln2.severity == 'low' assert vuln1.parent.id == parent_id assert vuln2.parent.id == parent_id searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'CHANGE_SEVERITY_INSIDE_HOST', 'model': 'Vulnerability', 'parent': parent_id, 'object': "severity=low", # Without --old param Searcher deletes all duplicated objects 'conditions': ['severity=low'], 'actions': ["--UPDATE:severity=info"] }] searcher.process(rules) vuln1 = session.query(Vulnerability).get(first_vuln_id) vuln2 = session.query(Vulnerability).get(second_vuln_id) assert vuln1.severity == 'informational' assert vuln2.severity == 'informational'
def test_verify_created_critical_vulns_is_correctly_showing_sum_values(self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) session.flush() CommandObjectFactory.create( command=command, object_type='host', object_id=host.id, workspace=workspace ) CommandObjectFactory.create( command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace ) CommandObjectFactory.create( command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace ) session.commit() res = test_client.get(urljoin(self.url(workspace=command.workspace), 'activity_feed')) assert res.status_code == 200 assert res.json == [ {'_id': command.id, 'command': command.command, 'import_source': 'shell', 'tool': command.tool, 'user': command.user, 'date': time.mktime(command.start_date.timetuple()) * 1000, 'params': command.params, 'hosts_count': 1, 'services_count': 0, 'vulnerabilities_count': 2, 'criticalIssue': 1} ]
def test_searcher_delete_rules(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'DELETE_LOW', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--DELETE:"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 0
def test_searcher_rules_tag_vulns_low(self, api, session, test_client): workspace = WorkspaceFactory.create() vuln = VulnerabilityFactory.create(workspace=workspace, severity='low') session.add(workspace) session.add(vuln) session.commit() searcher = Searcher(api(workspace, test_client, session)) rules = [{ 'id': 'DELETE_LOW', 'model': 'Vulnerability', 'object': "severity=low", 'actions': ["--UPDATE:tags=TEST"] }] searcher.process(rules) vulns_count = session.query(Vulnerability).filter_by(workspace=workspace).count() assert vulns_count == 1 vuln = session.query(Vulnerability).filter_by(workspace=workspace, id=vuln.id).first() assert list(vuln.tags) == ["TEST"] check_command(vuln, session)
def test_multiple_commands_executed_with_same_objects_found( self, session, test_client): """ This text verifies that multiple command does not affect activity feed counters. """ workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace) vuln = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None) service = ServiceFactory.create(workspace=workspace) commands = [] in_the_middle_commands = [] first_command = None for index in range(0, 10): command = EmptyCommandFactory.create(workspace=workspace) commands.append(command) if index > 0: # in the middle commands should not affect counters (should be at 0) in_the_middle_commands.append(command) else: first_command = command session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln.id, workspace=workspace) # This command will change activity feed counters vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, service=service, host=None) session.flush() last_command = EmptyCommandFactory.create(workspace=workspace) CommandObjectFactory.create(command=last_command, object_type='service', object_id=service.id, workspace=workspace) CommandObjectFactory.create(command=last_command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) session.commit() res = test_client.get( self.url(workspace=command.workspace) + 'activity_feed/') assert res.status_code == 200 raw_first_command = list( filter(lambda comm: comm['_id'] == commands[0].id, res.json)) assert raw_first_command.pop() == { u'_id': first_command.id, u'command': first_command.command, u'import_source': u'shell', u'user': first_command.user, u'date': time.mktime(first_command.start_date.timetuple()) * 1000, u'params': first_command.params, u'hosts_count': 1, u'services_count': 0, u'vulnerabilities_count': 1, u'tool': first_command.tool, u'criticalIssue': 0 } for in_the_middle_command in in_the_middle_commands: raw_in_the_middle_command = list( filter(lambda comm: comm['_id'] == in_the_middle_command.id, res.json)) assert raw_in_the_middle_command.pop() == { u'_id': in_the_middle_command.id, u'command': in_the_middle_command.command, u'import_source': u'shell', u'user': in_the_middle_command.user, u'date': time.mktime(in_the_middle_command.start_date.timetuple()) * 1000, u'params': in_the_middle_command.params, u'hosts_count': 0, u'tool': in_the_middle_command.tool, u'services_count': 0, u'vulnerabilities_count': 0, u'criticalIssue': 0 } # new command must create new service and vuln raw_last_command = list( filter(lambda comm: comm['_id'] == last_command.id, res.json)) assert raw_last_command.pop() == { u'_id': last_command.id, u'command': last_command.command, u'import_source': u'shell', u'user': last_command.user, u'date': time.mktime(last_command.start_date.timetuple()) * 1000, u'params': last_command.params, u'hosts_count': 0, u'tool': last_command.tool, u'services_count': 1, u'vulnerabilities_count': 1, u'criticalIssue': 0 }
def test_export_data_xml_metasploit_format(self, test_client, session): workspace = WorkspaceFactory.create() host = HostFactory.create(workspace=workspace, ip='127.0.0.1', os='Linux', mac='30-65-EC-6F-C4-58', description='Host for test purposes') host.set_hostnames(['localhost', 'test']) session.add(host) session.commit() # Hardcode create_date and update_date for tests purposes host.create_date = host.create_date.replace(2020, 4, 1, 20, 49, 31) host.update_date = host.update_date.replace(2020, 4, 1, 20, 49, 31) service = ServiceFactory.create(workspace=workspace, host=host, port=8080, protocol='tcp', status='open', name='Test service', version='5.0', description='Description for service') session.add(service) session.commit() # Hardcode create_date and update_date for tests purposes service.create_date = service.create_date.replace( 2020, 4, 1, 20, 49, 49) service.update_date = service.update_date.replace( 2020, 4, 1, 20, 49, 49) vuln = VulnerabilityFactory.create(workspace=workspace, host=host, service=None, name='Vulnerability test', description='Desc for testing') session.add(vuln) vuln_web = VulnerabilityWebFactory.create( workspace=workspace, service=service, name='Vulnerability Web test', description='Desc for testing web vuln', severity="high", path='faraday.com', method="GET", parameters="ABCDEF", parameter_name="qwerty", query_string="query for vuln", request="GET for vuln") session.add(vuln_web) session.commit() url = self.check_url( f'/v2/ws/{workspace.name}/export_data?format=xml_metasploit') response = test_client.get(url) assert response.status_code == 200 response_xml = response.data xml_file_path = TEST_DATA_PATH / \ 'faraday_export_data_xml_metasploit.xml' with xml_file_path.open('rb') as output: xml_file = output.read() response_tree = fromstring(response_xml) xml_file_tree = fromstring(xml_file) xpaths_list = [{ '//host': ['address', 'mac', 'name', 'comments'] }, { '//host/services/service': ['port', 'proto', 'state', 'name', 'info'] }, { '//MetasploitV4/services/service': ['port', 'proto', 'state', 'name', 'info'] }, { '//MetasploitV4/web_sites/web_site': ['vhost', 'host', 'port', 'comments', 'ssl'] }, { '//host/vulns/vuln': ['name', 'info'] }, { '//MetasploitV4/web_vulns/web_vuln': [ 'name', 'description', 'risk', 'path', 'method', 'params', 'pname', 'query', 'request', 'vhost', 'host', 'port', 'ssl' ] }] for xpath_data in xpaths_list: for xpath, tags_list in xpath_data.items(): for tag in tags_list: full_xpath = xpath + '/' + tag if full_xpath == '//host/name': # Check hostnames list order # Sometimes host.set_hostnames() switch the order of the hostnames list sent. response_hostnames = response_tree.xpath( full_xpath)[0].text xml_file_hostnames = xml_file_tree.xpath( full_xpath)[0].text if response_hostnames != xml_file_hostnames: # For testing purposes, response_hostnames list will be reordered. response_hostnames = response_hostnames.split(',') response_hostnames[0], response_hostnames[ 1] = response_hostnames[1], response_hostnames[ 0] response_tree.xpath(full_xpath)[0].text = ','.join( response_hostnames) assert response_tree.xpath( full_xpath)[0].text == xml_file_hostnames else: assert response_tree.xpath(full_xpath)[ 0].text == xml_file_tree.xpath(full_xpath)[0].text
def test_verify_correct_severities_sum_values(self, session, test_client): workspace = WorkspaceFactory.create() command = EmptyCommandFactory.create(workspace=workspace) host = HostFactory.create(workspace=workspace) vuln_critical = VulnerabilityFactory.create(severity='critical', workspace=workspace, host=host, service=None) vuln_high = VulnerabilityFactory.create(severity='high', workspace=workspace, host=host, service=None) vuln_med = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) vuln_med2 = VulnerabilityFactory.create(severity='medium', workspace=workspace, host=host, service=None) vuln_low = VulnerabilityFactory.create(severity='low', workspace=workspace, host=host, service=None) vuln_info = VulnerabilityFactory.create(severity='informational', workspace=workspace, host=host, service=None) vuln_info2 = VulnerabilityFactory.create(severity='informational', workspace=workspace, host=host, service=None) vuln_unclassified = VulnerabilityFactory.create( severity='unclassified', workspace=workspace, host=host, service=None) session.flush() CommandObjectFactory.create(command=command, object_type='host', object_id=host.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_critical.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_high.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_med2.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_low.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_info.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_info2.id, workspace=workspace) CommandObjectFactory.create(command=command, object_type='vulnerability', object_id=vuln_unclassified.id, workspace=workspace) session.commit() res = test_client.get(f'/v2/ws/{command.workspace.name}/activities/') assert res.status_code == 200 assert res.json['activities'][0]['vulnerabilities_count'] == 8 assert res.json['activities'][0]['criticalIssue'] == 1 assert res.json['activities'][0]['highIssue'] == 1 assert res.json['activities'][0]['mediumIssue'] == 2 assert res.json['activities'][0]['lowIssue'] == 1 assert res.json['activities'][0]['infoIssue'] == 2 assert res.json['activities'][0]['unclassifiedIssue'] == 1