Пример #1
0
    def test_update_vuln_template_with_custom_fields(self, session,
                                                     test_client):

        custom_field_schema = CustomFieldsSchemaFactory(
            field_name='cvss',
            field_type='str',
            field_display_name='CVSS',
            table_name='vulnerability')
        template = VulnerabilityTemplateFactory.create()
        session.add(custom_field_schema)
        session.add(template)
        session.commit()

        raw_data = {
            "cwe": "",
            "description": "test2",
            "desc": "test2",
            "exploitation": "critical",
            "name": "test2",
            "references": [],
            "refs": [],
            "resolution": "",
            "type": "vulnerability_template",
            "customfields": {
                "cvss": "updated value",
            }
        }

        res = test_client.put(self.url(template.id), data=raw_data)
        assert res.status_code == 200
        assert res.json['customfields'] == {u'cvss': u'updated value'}

        vuln_template = session.query(VulnerabilityTemplate).filter_by(
            id=template.id).first()
        assert vuln_template.custom_fields == {u'cvss': u'updated value'}
Пример #2
0
    def test_apply_template_by_id(self, api, session, test_client):
        workspace = WorkspaceFactory.create()
        template = VulnerabilityTemplateFactory.create()
        vuln = VulnerabilityFactory.create(workspace=workspace,
                                           severity='low',
                                           confirmed=False)
        session.add(workspace)
        session.add(vuln)
        session.add(template)
        session.commit()

        template_name = template.name
        template_id = template.id
        searcher = Searcher(api(workspace, test_client, session))
        rules = [{
            'id': 'APPLY_TEMPLATE',
            'model': 'Vulnerability',
            'object': "severity=low",
            'actions': [f"--UPDATE:template={template_id}"]
        }]

        searcher.process(rules)
        vulns_count = session.query(Vulnerability).filter_by(
            workspace=workspace).count()
        assert vulns_count == 1
        vuln = session.query(Vulnerability).filter_by(
            workspace=workspace).first()
        assert vuln.name == template_name
Пример #3
0
    def test_when_a_template_with_ref_is_deleted_ref_remains_at_database(
            self, session, test_client):
        session.query(ReferenceTemplate).count() == 0
        template = VulnerabilityTemplateFactory.create()
        ref1 = ReferenceTemplateFactory.create()
        template.reference_template_instances.add(ref1)
        session.commit()
        res = test_client.delete(self.url(template))
        assert res.status_code == 204

        assert session.query(ReferenceTemplate).count() == 1