def test_retrieve_issue_status_and_issues_by_group(self):
        # Don't be shock. This test fits here; by querying
        # user and group, we should only be given the latest
        # issue status.

        bob = User(self.email)
        bob.create()

        group1 = Group("group1", users=[bob.email])
        group2 = Group("group2", users=[bob.email])
        res1 = group1.create()
        res2 = group2.create()

        plan = Plan(self.TEST_PLAN)
        plan.create()

        site1 = Site(self.target_url,
                     groups=[group1.group_name],
                     plans=[self.TEST_PLAN["name"]])
        site1.create()
        site2 = Site(self.target_url,
                     groups=[group2.group_name],
                     plans=[self.TEST_PLAN["name"]])
        site2.create()

        # if we query just test1, should get back only foo.com
        report = Reports()
        res5 = report.get_status(user=bob.email, group_name=group1.group_name)
        r = res5.json()['report']
        self.assertEqual(
            len(r), 1)  # there should just be one dict returned in the list
        self.assertEqual(r[0]['target'], site1.url)

        # if we try it on get_report_issues we should see similar result
        res6 = report.get_issues(user=bob.email, group_name=group1.group_name)
        r = res6.json()['report']
        self.assertEqual(
            len(r), 1)  # there should just be one dict returned in the list
        self.assertEqual(r[0]['target'], site1.url)
示例#2
0
    def test_scan(self):
        """
        This is a comprehensive test that runs through the following
        endpoints:

        1. POST /scans
        2. GET /scans/<scan_id>
        3. PUT /scans/<scan_id>/control
        4. GET /scans/<scan_id>/summary
        5. GET /reports/history
        6. GET /reports/status
        7. GET /reports/issues

        """

        # Create user, site, group, plan and site
        # This is already handled in setUp call.

        # POST /scans
        # create a scan on target_url based on our 
        # test plan (which runs HelloWorldPlugin)
        scan = Scan(self.user.email, self.TEST_PLAN["name"], {"target": self.target_url})
        res1 = scan.create()
        scan_id = res1.json()['scan']['id']

        # PUT /scans/<scan_id>/control
        # Start the scan now.
        res2 = scan.start(scan_id)
        self.assertEqual(res2.json()['success'], True)

        # GET /scans/<scan_id>
        # Check the status. It should be in QUEUED (hopefully it doesn't go too fast)
        res3 = scan.get_scan_details(scan_id)
        self.assertEqual(res3.json()["scan"]["state"], "QUEUED")
        # POST and GET scan details should have the same set of keys at the top-level
        # and at the "scan" level
        self.assertEqual(set(res3.json().keys()), set(res1.json().keys()))
        self.assertEqual(set(res3.json()["scan"].keys()), set(res1.json()["scan"].keys()))

        # give scanner a few seconds
        time.sleep(6)

        # GET /scans/<scan_id>
        # now check if the scan has completed or not
        res4 = scan.get_scan_details(scan_id)
        self.assertEqual(res4.json()['scan']['state'], 'FINISHED')
        
        # GET /scans/<scan_id>/summary
        res5 = scan.get_summary(scan_id)
        # bug #106 include scan creator in the output
        self.assertEqual(res5.json()['summary']['meta'], 
            {'user': self.email, 'tags': []})

        # GET /reports/history
        res6 = Reports().get_history()
        self.assertEqual(res6.json()["success"], True)
        expected_inner_keys = set(['configuration', 'created', 'finished', 'id',
                'issues', "meta", 'plan', 'queued', 'sessions', 'state'])
        self.assertEqual(set(res6.json()['report'][0].keys()), expected_inner_keys)
        self.assertEqual(res6.json()['report'][0]['id'], scan_id)

        # GET /reports/status
        res7 = Reports().get_status(user=self.user.email)
        self.assertEqual(res7.json()["success"], True)
        expected_inner_keys = set(['plan', 'scan', 'target'])
        self.assertEqual(set(res7.json()['report'][0].keys()), expected_inner_keys)
        self.assertEqual(res7.json()['report'][0]['plan'], self.plan.plan["name"])
        self.assertEqual(res7.json()['report'][0]['target'], self.target_url)

        # GET /reports/issues
        res8 = Reports().get_issues(user=self.user.email)
        self.assertEqual(res8.json()["success"], True)
        expected_inner_keys = ('issues', 'target',)
        self.assertEqual(set(res8.json()['report'][0].keys()), set(["issues", "target"]))

        issues = res8.json()['report'][0]['issues']
        # DelayPlugin emits only one issue
        self.assertEqual(len(issues), 1)
        self.assertEqual(issues[0]["summary"], "Hello World")
        self.assertEqual('Info', issues[0]['severity'])
        self.assertEqual(issues[0]["severity"], "Info")
        self.assertEqual(res8.json()['report'][0]['target'], self.target_url)
示例#3
0
    def test_scan(self):
        """
        This is a comprehensive test that runs through the following
        endpoints:

        1. POST /scans
        2. GET /scans/<scan_id>
        3. PUT /scans/<scan_id>/control
        4. GET /scans/<scan_id>/summary
        5. GET /reports/history
        6. GET /reports/status
        7. GET /reports/issues

        """

        # Create user, site, group, plan and site
        # This is already handled in setUp call.

        # POST /scans
        # create a scan on target_url based on our
        # test plan (which runs HelloWorldPlugin)
        scan = Scan(self.user.email, self.TEST_PLAN["name"],
                    {"target": self.target_url})
        res1 = scan.create()
        scan_id = res1.json()['scan']['id']

        # PUT /scans/<scan_id>/control
        # Start the scan now.
        res2 = scan.start(scan_id)
        self.assertEqual(res2.json()['success'], True)

        # GET /scans/<scan_id>
        # Check the status. It should be in QUEUED (hopefully it doesn't go too fast)
        res3 = scan.get_scan_details(scan_id)
        self.assertEqual(res3.json()["scan"]["state"], "QUEUED")
        # POST and GET scan details should have the same set of keys at the top-level
        # and at the "scan" level
        self.assertEqual(set(res3.json().keys()), set(res1.json().keys()))
        self.assertEqual(set(res3.json()["scan"].keys()),
                         set(res1.json()["scan"].keys()))

        # give scanner a few seconds
        time.sleep(6)

        # GET /scans/<scan_id>
        # now check if the scan has completed or not
        res4 = scan.get_scan_details(scan_id)
        self.assertEqual(res4.json()['scan']['state'], 'FINISHED')

        # GET /scans/<scan_id>/summary
        res5 = scan.get_summary(scan_id)
        # bug #106 include scan creator in the output
        self.assertEqual(res5.json()['summary']['meta'], {
            'user': self.email,
            'tags': []
        })

        # GET /reports/history
        res6 = Reports().get_history()
        self.assertEqual(res6.json()["success"], True)
        expected_inner_keys = set([
            'configuration', 'created', 'finished', 'id', 'issues', "meta",
            'plan', 'queued', 'sessions', 'state'
        ])
        self.assertEqual(set(res6.json()['report'][0].keys()),
                         expected_inner_keys)
        self.assertEqual(res6.json()['report'][0]['id'], scan_id)

        # GET /reports/status
        res7 = Reports().get_status(user=self.user.email)
        self.assertEqual(res7.json()["success"], True)
        expected_inner_keys = set(['plan', 'scan', 'target'])
        self.assertEqual(set(res7.json()['report'][0].keys()),
                         expected_inner_keys)
        self.assertEqual(res7.json()['report'][0]['plan'],
                         self.plan.plan["name"])
        self.assertEqual(res7.json()['report'][0]['target'], self.target_url)

        # GET /reports/issues
        res8 = Reports().get_issues(user=self.user.email)
        self.assertEqual(res8.json()["success"], True)
        expected_inner_keys = (
            'issues',
            'target',
        )
        self.assertEqual(set(res8.json()['report'][0].keys()),
                         set(["issues", "target"]))

        issues = res8.json()['report'][0]['issues']
        # DelayPlugin emits only one issue
        self.assertEqual(len(issues), 1)
        self.assertEqual(issues[0]["summary"], "Hello World")
        self.assertEqual('Info', issues[0]['severity'])
        self.assertEqual(issues[0]["severity"], "Info")
        self.assertEqual(res8.json()['report'][0]['target'], self.target_url)