Пример #1
0
    def test_jira_user_reg(self):
        url = "https://www.example.org/secure/Dashboard.jspa"

        target_dir = os.path.dirname(os.path.realpath("__file__"))
        path = os.path.join(target_dir, "tests/test_data/jira_registration.txt")
        contents = Path(path).read_text()

        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                with requests_mock.Mocker() as m:
                    m.get(
                        "https://www.example.org/secure/Signup!default.jspa",
                        text=contents,
                        status_code=200,
                    )

                    results = jira.check_jira_user_registration(url)
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(results)
        self.assertTrue(len(results) > 0)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertNotIn("Error", stdout.getvalue())
        self.assertTrue(
            any("Jira User Registration Enabled" in r.message for r in results)
        )

        network.reset()
Пример #2
0
    def test_cve_2019_11043_false(self):
        network.init("", "", "")
        output.setup(False, False, False)
        url = "https://www.example.org/"

        p = command_line.build_parser()
        ns = p.parse_args(args=["scan"])
        s = Session(ns, url)

        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                with requests_mock.Mocker() as m:
                    m.get(requests_mock.ANY, status_code=200)
                    m.head(requests_mock.ANY, status_code=200)

                    results = php.check_cve_2019_11043(
                        s, ["https://www.example.org/test/"]
                    )
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(results)
        self.assertTrue(len(results) == 0)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertNotIn("Error", stdout.getvalue())

        network.reset()
Пример #3
0
    def test_jira_found(self):
        url = "https://www.example.org/"

        target_dir = os.path.dirname(os.path.realpath("__file__"))
        path = os.path.join(target_dir, "tests/test_data/jira_dashboard.txt")
        contents = Path(path).read_text()

        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                with requests_mock.Mocker() as m:
                    m.get(url, text="body", status_code=200)
                    m.get(f"{url}secure/Dashboard.jspa", text=contents, status_code=200)
                    m.get(
                        f"{url}jira/secure/Dashboard.jspa", text="body", status_code=404
                    )

                    session = Session(None, url)

                    results, jira_url = jira.check_for_jira(session)
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(jira_url)
        self.assertIsNotNone(results)
        self.assertTrue(len(results) > 0)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertNotIn("Error", stdout.getvalue())
        self.assertTrue(any("Jira Installation Found" in r.message for r in results))
        self.assertTrue(any("v8.1.0-801000" in r.message for r in results))

        network.reset()
Пример #4
0
    def test_net_init_none(self):
        try:
            network.init(None, None, None)
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(network._requester)

        network.reset()
Пример #5
0
    def test_net_init_valid_proxy_alt(self):
        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                network.init("127.0.0.1:1234", "", "")
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(network._requester)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertNotIn("Error", stdout.getvalue())
        self.assertNotIn("Invalid proxy server specified", stdout.getvalue())

        network.reset()
Пример #6
0
    def test_net_init_invalid_header(self):
        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                network.init("", "", "AUTH123")

                _ = network.http_get("http://example.com")
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(network._requester)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertIn("Error", stdout.getvalue())
        self.assertIn("header must be in NAME=VALUE format", stdout.getvalue())

        network.reset()
Пример #7
0
    def test_ds_store(self):
        url = "https://www.example.org/"

        try:
            output.setup(False, True, True)
            with utils.capture_sys_output() as (stdout, stderr):
                with requests_mock.Mocker() as m:
                    m.get(requests_mock.ANY, content=b"\0\0\0\1Bud1\0", status_code=200)

                    results = file_search.find_ds_store([url])
        except Exception as error:
            self.assertIsNone(error)

        self.assertIsNotNone(results)
        self.assertTrue(len(results) > 0)
        self.assertNotIn("Exception", stderr.getvalue())
        self.assertNotIn("Error", stdout.getvalue())
        self.assertTrue(any(".DS_Store File Found" in r.message for r in results))

        network.reset()