def test_number_of_new_false_positives(self): # Add a couple of false positives to database as new issues, # and check that the they're counted properly issue = {'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson'} # Add one, expect count to be 1 dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.number_of_new_in_database(self.context), 1, "After adding one, expect one finding in database") # Add a second one, expect count to be 2 dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.number_of_new_in_database(self.context), 2, "After adding two, expect two findings in db")
def test_number_of_new_false_positives(self): # Add a couple of false positives to database as new issues, # and check that the they're counted properly issue = { 'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson' } # Add one, expect count to be 1 dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.number_of_new_in_database(self.context), 1, "After adding one, expect one finding in database") # Add a second one, expect count to be 2 dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.number_of_new_in_database(self.context), 2, "After adding two, expect two findings in db")
def test_add_false_positive(self): # Add a false positive to database and check that all fields # get populated and can be compared back originals issue = { 'scenario_id': '1', 'url': 'testurl', 'severity': 'testseverity', 'issuetype': 'testissuetype', 'issuename': 'testissuename', 'issuedetail': 'testissuedetail', 'confidence': 'testconfidence', 'host': 'testhost', 'port': 'testport', 'protocol': 'testprotocol', 'messages': '{foo=bar}' } dbtools.add_false_positive(self.context, issue) # Connect directly to the database and check the data is there db_engine = sqlalchemy.create_engine(self.context.dburl) dbconn = db_engine.connect() db_metadata = sqlalchemy.MetaData() headlessscanner_issues = Table( 'headlessscanner_issues', db_metadata, Column('new_issue', types.Boolean), Column('issue_no', types.Integer, primary_key=True, nullable=False), # Implicit autoincrement Column('timestamp', types.DateTime(timezone=True)), Column('test_runner_host', types.Text), Column('scenario_id', types.Text), Column('url', types.Text), Column('severity', types.Text), Column('issuetype', types.Text), Column('issuename', types.Text), Column('issuedetail', types.Text), Column('confidence', types.Text), Column('host', types.Text), Column('port', types.Text), Column('protocol', types.Text), Column('messages', types.LargeBinary)) db_select = sqlalchemy.sql.select([headlessscanner_issues]) db_result = dbconn.execute(db_select) result = db_result.fetchone() for key, value in issue.iteritems(): if key == 'messages': self.assertEqual(result[key], json.dumps(value)) else: self.assertEqual(result[key], value, '%s not found in database after add' % key) self.assertEqual(result['test_runner_host'], socket.gethostbyname(socket.getfqdn()), 'Test runner host name not correct in database') self.assertLessEqual(result['timestamp'], datetime.datetime.utcnow(), 'Timestamp not correctly stored in database') dbconn.close()
def test_add_false_positive(self): # Add a false positive to database and check that all fields # get populated and can be compared back originals issue = {'scenario_id': '1', 'url': 'testurl', 'severity': 'testseverity', 'issuetype': 'testissuetype', 'issuename': 'testissuename', 'issuedetail': 'testissuedetail', 'confidence': 'testconfidence', 'host': 'testhost', 'port': 'testport', 'protocol': 'testprotocol', 'messages': '{foo=bar}'} dbtools.add_false_positive(self.context, issue) # Connect directly to the database and check the data is there db_engine = sqlalchemy.create_engine(self.context.dburl) dbconn = db_engine.connect() db_metadata = sqlalchemy.MetaData() headlessscanner_issues = Table( 'headlessscanner_issues', db_metadata, Column('new_issue', types.Boolean), Column('issue_no', types.Integer, primary_key=True, nullable=False), # Implicit autoincrement Column('timestamp', types.DateTime(timezone=True)), Column('test_runner_host', types.Text), Column('scenario_id', types.Text), Column('url', types.Text), Column('severity', types.Text), Column('issuetype', types.Text), Column('issuename', types.Text), Column('issuedetail', types.Text), Column('confidence', types.Text), Column('host', types.Text), Column('port', types.Text), Column('protocol', types.Text), Column('messages', types.LargeBinary) ) db_select = sqlalchemy.sql.select([headlessscanner_issues]) db_result = dbconn.execute(db_select) result = db_result.fetchone() for key, value in issue.iteritems(): if key == 'messages': self.assertEqual(result[key], json.dumps(value)) else: self.assertEqual(result[key], value, '%s not found in database after add' % key) self.assertEqual(result['test_runner_host'], socket.gethostbyname(socket.getfqdn()), 'Test runner host name not correct in database') self.assertLessEqual(result['timestamp'], datetime.datetime.utcnow(), 'Timestamp not correctly stored in database') dbconn.close()
def step_impl(context): """Check whether the findings reported by Burp have already been found earlier""" scanissues = context.results # Go through each issue, and add issues that aren't in the database # into the database. If we've found new issues, assert False. new_items = 0 for issue in scanissues: issue['scenario_id'] = context.scenario_id if scandb.known_false_positive(context, issue) is False: new_items += 1 scandb.add_false_positive(context, issue) unprocessed_items = scandb.number_of_new_in_database(context) if unprocessed_items > 0: assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % (new_items, unprocessed_items) assert True
def step_impl(context): """Check whether the findings reported by Burp have already been found earlier""" scanissues = context.results # Go through each issue, and add issues that aren't in the database # into the database. If we've found new issues, assert False. new_items = 0 for issue in scanissues: issue['scenario_id'] = context.scenario_id if scandb.known_false_positive(context, issue) is False: new_items += 1 scandb.add_false_positive(context, issue) unprocessed_items = scandb.number_of_new_in_database(context) if unprocessed_items > 0: assert False, "Unprocessed findings in database. %s new issue(s), total %s issue(s)." % ( new_items, unprocessed_items) assert True
def test_false_positive_detection(self): # Test whether false positives in database are identified properly issue = {'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson'} # First add one false positive and try checking against it dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "Duplicate false positive not detected") # Change one of the differentiating fields, and test, and # add the tested one to the database. issue['scenario_id'] = '2' # Non-duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: scenario_id different") dbtools.add_false_positive(self.context, issue) # Repeat for all the differentiating fields issue['url'] = 'another url' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: url different") dbtools.add_false_positive(self.context, issue) issue['issuetype'] = 'foo' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: issuetype different") dbtools.add_false_positive(self.context, issue) # Finally, test the last one again twice, now it ought to be # reported back as a duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "A duplicate case not detected")
def test_false_positive_detection(self): # Test whether false positives in database are identified properly issue = { 'scenario_id': '1', 'timestamp': datetime.datetime.utcnow(), 'test_runner_host': 'localhost', 'url': 'url', 'severity': 'severity', 'issuetype': 'issuetype', 'issuename': 'issuename', 'issuedetail': 'issuedetail', 'confidence': 'confidence', 'host': 'host', 'port': 'port', 'protocol': 'protocol', 'messages': 'messagejson' } # First add one false positive and try checking against it dbtools.add_false_positive(self.context, issue) self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "Duplicate false positive not detected") # Change one of the differentiating fields, and test, and # add the tested one to the database. issue['scenario_id'] = '2' # Non-duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: scenario_id different") dbtools.add_false_positive(self.context, issue) # Repeat for all the differentiating fields issue['url'] = 'another url' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: url different") dbtools.add_false_positive(self.context, issue) issue['issuetype'] = 'foo' self.assertEqual(dbtools.known_false_positive(self.context, issue), False, "Not a duplicate: issuetype different") dbtools.add_false_positive(self.context, issue) # Finally, test the last one again twice, now it ought to be # reported back as a duplicate self.assertEqual(dbtools.known_false_positive(self.context, issue), True, "A duplicate case not detected")