def test_restless_using_order_by(self):
test_filter = {
"order_by": [
{
"field": "host__vulnerability_critical_generic_count"
},
{
"field": "host__vulnerability_high_generic_count"
},
{
"field": "host__vulnerability_medium_generic_count"
},
],
"filters": [{
"or": [
{
"name": "severity",
"op": "==",
"val": "critical"
},
{
"name": "severity",
"op": "==",
"val": "high"
},
{
"name": "severity",
"op": "==",
"val": "medium"
},
]
}]
}
res = FlaskRestlessSchema().load(test_filter)
assert res == test_filter
def _filter(self, filters, workspace_name):
try:
filters = FlaskRestlessSchema().load(json.loads(filters)) or {}
hostname_filters = []
if filters:
filters['filters'], hostname_filters = self._hostname_filters(
filters.get('filters', []))
except (ValidationError, JSONDecodeError) as ex:
logger.exception(ex)
flask.abort(400, "Invalid filters")
workspace = self._get_workspace(workspace_name)
marshmallow_params = {
'many': True,
'context': {},
'exclude': ('_attachments', )
}
if 'group_by' not in filters:
offset = None
limit = None
if 'offset' in filters:
offset = filters.pop('offset')
if 'limit' in filters:
limit = filters.pop(
'limit') # we need to remove pagination, since
try:
vulns = self._generate_filter_query(VulnerabilityGeneric,
filters, hostname_filters,
workspace,
marshmallow_params)
except AttributeError as e:
flask.abort(400, e)
total_vulns = vulns
if limit:
vulns = vulns.limit(limit)
if offset:
vulns = vulns.offset(offset)
vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dump(vulns.all())
return vulns, total_vulns.count()
else:
vulns = self._generate_filter_query(
VulnerabilityGeneric,
filters,
hostname_filters,
workspace,
marshmallow_params,
)
column_names = ['count'] + [
field['field'] for field in filters.get('group_by', [])
]
rows = [list(zip(column_names, row)) for row in vulns.all()]
vulns_data = []
for row in rows:
vulns_data.append({field[0]: field[1] for field in row})
return vulns_data, len(rows)
def _filter(self, filters, workspace_name, confirmed=False):
try:
filters = FlaskRestlessSchema().load(json.loads(filters))
_, hostname_filters = self._hostname_filters(filters.get('filters', []))
except (ValidationError, JSONDecodeError) as ex:
logger.exception(ex)
flask.abort(400, "Invalid filters")
if confirmed:
if 'filters' not in filters:
filters = {}
filters['filters'] = []
filters['filters'].append({
"name": "confirmed",
"op": "==",
"val": "true"
})
workspace = self._get_workspace(workspace_name)
marshmallow_params = {'many': True, 'context': {}}
normal_vulns_data = self._filter_vulns(Vulnerability, filters, hostname_filters, workspace, marshmallow_params, False)
web_vulns_data = self._filter_vulns(VulnerabilityWeb, filters, hostname_filters, workspace, marshmallow_params, True)
return normal_vulns_data + web_vulns_data
def test_simple_and_operator(self):
test_filter = {
"filters": [{
'and': [{
"name": "severity",
"op": "eq",
"val": "low"
}, {
"name": "severity",
"op": "eq",
"val": "medium"
}]
}]
}
res = FlaskRestlessSchema().load(test_filter)
assert res == test_filter
def test_simple_or_operator(self):
test_filter = {
"filters": [{
"or": [{
"name": "id",
"op": "lt",
"val": 10
}, {
"name": "id",
"op": "gt",
"val": 20
}]
}]
}
res = FlaskRestlessSchema().load(test_filter)
assert res == test_filter
def test_nested_find_item_function(self):
_filter = {
"and": [{
"or": [{
"name": "name",
"op": "ilike",
"val": "%hola mundo%"
}, {
"name": "description",
"op": "ilike",
"val": "%prueba%"
}]
}, {
"name": "severity",
"op": "eq",
"val": "high"
}]
}
res = FlaskRestlessSchema().load(_filter)[0]
assert 'and' in res
for and_op in res['and']:
if 'or' in and_op:
for or_op in and_op['or']:
if or_op['name'] == 'name':
assert or_op == {
"name": "name",
"op": "ilike",
"val": "%hola mundo%"
}
elif or_op['name'] == 'description':
assert or_op == {
"name": "description",
"op": "ilike",
"val": "%prueba%"
}
else:
raise Exception('Invalid result')
else:
assert and_op == {
"name": "severity",
"op": "eq",
"val": "high"
}
def test_equals_by_date(self):
test_filter = {
"filters": [{
"name": "create_date",
"op": "eq",
"val": '2020-01-10'
}]
}
res = FlaskRestlessSchema().load(test_filter)
assert res == {
"filters": [{
'name': 'create_date',
'op': '>=',
'val': '2020-01-10T00:00:00.000000'
}, {
'name': 'create_date',
'op': '<=',
'val': '2020-01-10T23:59:59.000000'
}]
}
def test_nested_filters(self):
_filter = {
"filters": [{
"and": [{
"or": [{
"name": "name",
"op": "ilike",
"val": "%hola mundo%"
}, {
"name": "name",
"op": "ilike",
"val": "%prueba%"
}]
}, {
"name": "severity",
"op": "eq",
"val": "high"
}]
}]
}
assert FlaskRestlessSchema().load(_filter) == _filter
def test_nested_filters_fail(self):
_filter = {
"filters": [{
"and": [{
"or": [{
"name": "test",
"op": "ilike",
"val": "%hola mundo%"
}, {
"name": "toFail",
"op": "ilike",
"val": "%prueba%"
}]
}, {
"name": "severity",
"op": "eq",
"val": "high"
}]
}]
}
with pytest.raises(ValidationError):
FlaskRestlessSchema().load(_filter)
def test_restless_using_group_by(self):
test_filter = {"group_by": [{"field": "severity"}]}
res = FlaskRestlessSchema().load(test_filter)
assert res == test_filter
def test_FlaskRestlessSchema_(self):
test_filter = [{"name": "severity", "op": "eq", "val": "low"}]
res = FlaskRestlessSchema().load(test_filter)
assert res == test_filter
def test_find_item_function(self):
_filter = [{"name": "severity", "op": "eq", "val": "low"}]
assert FlaskRestlessSchema().load(_filter) == _filter
def test_full_filters(self):
_filter = {"filters": [{"name": "severity", "op": "eq", "val": "low"}]}
assert FlaskRestlessSchema().load(_filter) == _filter
def test_filters_fail(self):
_filter = [{"name": "host_id", "op": "eq", "val": "1"}]
assert FlaskRestlessSchema().load(_filter) == _filter