def test_update_external_bts(self): query_bts = ''' mutation { updateClientDescription ( btsUrl: "new test btsUrl", findingId: "436992569", treatment: "NEW", justification: "" ) { success finding { btsUrl historicTreatment } } } ''' testing_client = Client(SCHEMA) request_loaders = { 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } result = self._get_result(query_bts, testing_client, request_loaders) assert 'errors' not in result assert result['data']['updateClientDescription']['success'] query_bts_empty = ''' mutation { updateClientDescription ( btsUrl: "", findingId: "436992569", treatment: "NEW", justification: "" ) { success finding { btsUrl historicTreatment } } } ''' testing_client = Client(SCHEMA) request_loaders = { 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } result = self._get_result(query_bts_empty, testing_client, request_loaders) assert 'errors' not in result assert result['data']['updateClientDescription']['success']
def test_update_treatment_accepted(self): query = ''' mutation { updateClientDescription ( btsUrl: "", findingId: "463558592", treatment: "ACCEPTED", justification: "This is a treatment justification test", acceptanceDate: "-" ) { success finding { btsUrl historicTreatment } } } ''' testing_client = Client(SCHEMA) request_loaders = { 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } result = self._get_result(query, testing_client, request_loaders) assert 'errors' not in result assert result['data']['updateClientDescription']['success']
def test_update_severity(self): query = ''' mutation { updateSeverity ( findingId: "422286126", data: { attackComplexity: 0.77, attackVector: 0.62, availabilityImpact: "0", availabilityRequirement: "1", confidentialityImpact: "0", confidentialityRequirement: "1", cvssVersion: "3.1", exploitability: 0.91, id: "422286126", integrityImpact: "0.22", integrityRequirement: "1", modifiedAttackComplexity: 0.77, modifiedAttackVector: 0.62, modifiedAvailabilityImpact: "0", modifiedConfidentialityImpact: "0", modifiedIntegrityImpact: "0.22", modifiedPrivilegesRequired: "0.62", modifiedSeverityScope: 0, modifiedUserInteraction: 0.85, privilegesRequired: "0.62", remediationLevel: "0.97", reportConfidence: "0.92", severity: "2.9", severityScope: 0, userInteraction: 0.85 } ) { success finding { cvssVersion severity } } } ''' testing_client = Client(SCHEMA) request_loaders = {'finding': FindingLoader()} result = self._get_result(query, testing_client, request_loaders) assert 'errors' not in result assert result['data']['updateSeverity']['success']
def get_context(self, request): """Appends dataloader instances to context""" context = super(APIView, self).get_context(request) context.loaders = { 'event': EventLoader(), 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } return context
def test_delete_finding(self): query = ''' mutation { deleteFinding(findingId: "560175507", justification: NOT_REQUIRED) { success } } ''' testing_client = Client(SCHEMA) request_loaders = {'finding': FindingLoader()} result = self._get_result(query, testing_client, request_loaders) assert 'errors' not in result assert result['data']['deleteFinding']['success'] with pytest.raises(FindingNotFound): assert get_finding('560175507')
def test_verify_finding(self): query = ''' mutation { verifyFinding( findingId: "463461507", justification: "This is a commenting test, of the verifying of a request." ) { success } } ''' testing_client = Client(SCHEMA) request_loaders = {'finding': FindingLoader()} result = self._get_result(query, testing_client, request_loaders) assert 'errors' in result assert result['errors'][0]['message'] == str( NotVerificationRequested())
def test_get_finding(self): """ Check for finding """ query = '''{ finding(identifier: "422286126"){ id vulnerabilities { findingId id historicState specific vulnType where } } }''' request_loaders = { 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } result = self._get_result(query, False, request_loaders) assert not result.errors assert result.data.get('finding')['id'] == '422286126' test_data = OrderedDict([('findingId', '422286126'), ('id', '80d6a69f-a376-46be-98cd-2fdedcffdcc0'), ('historicState', [{ 'date': '2018-09-28 10:32:58', 'state': 'open', 'analyst': '*****@*****.**' }, { 'date': '2019-01-08 16:01:26', 'state': 'open', 'analyst': '*****@*****.**' }]), ('specific', 'phone'), ('vulnType', 'inputs'), ('where', 'https://example.com')]) assert test_data in result.data.get('finding')['vulnerabilities']
def test_get_project(self): """ Check for project resources """ query = ''' query { project(projectName: "unittesting"){ name, hasForces, totalFindings, description, subscription, lastClosingVuln, } } ''' testing_client = Client(SCHEMA) request = RequestFactory().get('/') middleware = SessionMiddleware() middleware.process_request(request) request.session.save() request.session['username'] = '******' request.session['company'] = 'unittest' request.session['role'] = 'admin' request.COOKIES[settings.JWT_COOKIE_NAME] = jwt.encode( { 'user_email': 'unittest', 'user_role': 'admin', 'company': 'unittest' }, algorithm='HS512', key=settings.JWT_SECRET, ) request.loaders = {'finding': FindingLoader()} result = testing_client.execute(query, context=request) assert 'errors' not in result assert result['data']['project'] assert result['data']['project']['hasForces'] == True assert result['data']['project']['lastClosingVuln'] == 23
def test_get_vulnerability(self): """Check for vulnerabilities""" query = ''' query { finding(identifier: "422286126") { id releaseDate portsVulns: vulnerabilities( vulnType: "ports") { ...vulnInfo } linesVulns: vulnerabilities( vulnType: "lines") { ...vulnInfo } inputsVulns: vulnerabilities( vulnType: "inputs") { ...vulnInfo } } } fragment vulnInfo on Vulnerability { vulnType where specific currentState id findingId treatment treatmentManager treatmentJustification externalBts }''' request = RequestFactory().get('/') middleware = SessionMiddleware() middleware.process_request(request) request.session.save() request.session['username'] = '******' request.session['company'] = 'unittest' request.session['role'] = 'admin' request.COOKIES[settings.JWT_COOKIE_NAME] = jwt.encode( { 'user_email': 'unittest', 'user_role': 'admin', 'company': 'unittest' }, algorithm='HS512', key=settings.JWT_SECRET, ) request.loaders = { 'finding': FindingLoader(), 'vulnerability': VulnerabilityLoader() } result = SCHEMA.execute(query, context=request) assert not result.errors assert result.data.get('finding')['id'] == '422286126' test_data = OrderedDict([ ('vulnType', 'inputs'), ('where', 'https://example.com'), ('specific', 'phone'), ('currentState', 'open'), ('id', '80d6a69f-a376-46be-98cd-2fdedcffdcc0'), ('findingId', '422286126'), ('treatment', 'In progress'), ('treatmentManager', '*****@*****.**'), ('treatmentJustification', 'This is a treatment justification test'), ('externalBts', '') ]) assert test_data in result.data.get('finding')['inputsVulns']