示例#1
0
    def test_validate_saml2int(self):
        """ -- Test API with profile saml2int against idp_incomplete.xml """
        logging.info(TestValidator.test_validate_saml2int.__doc__)
        print(TestValidator.test_validate_saml2int.__doc__)
        PROJROOT = os.path.dirname(os.path.dirname(__file__))
        logging.info('PROJROOT=' + PROJROOT)
        md_fname = os.path.join(PROJROOT, 'testdata', 'idp_incomplete.xml')
        #profile_fname = os.path.join(PROJROOT, 'rules', 'profiles', 'saml2int.json')
        import pkgdata
        profile_fname = pkgdata.get_path(
            'rules', os.path.join('profiles', 'saml2int.json'))
        validator = Validator(
            ApiArgs(md_xml=md_fname, profile=profile_fname).cliInvocation)
        val_result = validator.validate()

        workdir = os.path.join(PROJROOT, 'work')
        if not os.path.exists(workdir):
            os.makedirs(workdir)
        fname = os.path.join(workdir, 'saml2int.json')
        with open(fname, 'w') as fd:
            fd.write(val_result.get_json())
        try:
            assertNoDiff(fname)
        except (AssertionError, FileNotFoundError) as e:
            print(e)
示例#2
0
def main():
    invocation = CliInvocation()
    validator = Validator(invocation)
    if invocation.args.proflist:
        print('File | Profile')
        for profile in validator.get_profiles():
            print(profile['file'] + ' | ' + profile['name'])
        exit(0)
    else:
        return validator.validate()
示例#3
0
def main():
    invocation = CliInvocation()
    validator = Validator(invocation)
    if invocation.args.proflist:
        print('File | Profile')
        for profile in validator.get_profiles():
            print(profile['file'] + ' | ' + profile['name'])
        exit(0)
    else:
        return validator.validate()
示例#4
0
 def __init__(self):
     self.HttpServer = {'port': 8080, 'listen': '0.0.0.0'}
     self.templatedir = os.path.join(
         os.path.dirname(os.path.realpath(__file__)), 'template')
     self.tempdir = '/tmp'
     # setup list of available profiles
     self.profiles = {}
     validator = Validator(ApiArgs(listprofiles=True).cliInvocation)
     self.profileoptions = '<option disabled selected value> -- select an option -- </option>'
     for display_name in Validator.get_profiles().values():
         self.profileoptions += '<option>' + display_name + '</option>'
示例#5
0
 def __init__(self, config):
     with open(os.path.join(config.templatedir, 'validate_srv_req.html'), 'r', encoding="utf-8") as f:
         self.req_template = jinja2.Template(f.read())
     with open(os.path.join(config.templatedir, 'validate_srv_res.html'), 'r', encoding="utf-8") as f:
         self.res_template = jinja2.Template(f.read())
     self.config = config
     self.p_dict = Validator.get_profiles()
     self.p_keys = Validator.get_profiles().keys()
     self.p_reverse = {}
     for (k, v) in Validator.get_profiles().items():
         self.p_reverse[v] = k
示例#6
0
 def __init__(self, config):
     with open(os.path.join(config.templatedir, 'validate_srv_req.html'),
               'r',
               encoding="utf-8") as f:
         self.req_template = jinja2.Template(f.read())
     with open(os.path.join(config.templatedir, 'validate_srv_res.html'),
               'r',
               encoding="utf-8") as f:
         self.res_template = jinja2.Template(f.read())
     self.config = config
     self.p_dict = Validator.get_profiles()
     self.p_keys = Validator.get_profiles().keys()
     self.p_reverse = {}
     for (k, v) in Validator.get_profiles().items():
         self.p_reverse[v] = k
示例#7
0
def execute_a_test(rule, expected_severity, testfile, PROJROOT):
    """ assert that severity level matches the expected value """
    logging.info('  -- Testing schematron rule ' + rule)
    md_file = os.path.join(PROJROOT, 'testdata', testfile)
    validator = Validator(ApiArgs(md_xml=md_file, rule=rule).cliInvocation)
    validator_result = validator.validate()

    # pyunit test not useful to have multiple assertions in a test because it does not continue
    # all unittests in a loop run as a single pyunit test

    #assert validator_result.level == expected_severity, ('expected severity level ' +
    #    expected_severity + ' but test returned ' + validator_result.level + '. rule: ' + rule +
    #    ', testdata: ' + testfile)
    if validator_result.level != expected_severity:
        print (rule + ' expected severity level ' + expected_severity + ' but test returned ' +
               validator_result.level + '. (' + rule + ' | ' + testfile + ')')
示例#8
0
 def test_list_profiles(self):
     """ -- List profiles """
     logging.info(TestValidator.test_list_profiles.__doc__)
     print(TestValidator.test_list_profiles.__doc__)
     # print('Profile Key | Profile Display Name')
     for (profile, display_name) in Validator.get_profiles().items():
         # print(profile + ' | ' + display_name)
         pass
示例#9
0
 def test_list_profiles(self):
     """ -- List profiles """
     logging.info(TestValidator.test_list_profiles.__doc__)
     print(TestValidator.test_list_profiles.__doc__)
     # print('Profile Key | Profile Display Name')
     for (profile, display_name) in Validator.get_profiles().items():
         # print(profile + ' | ' + display_name)
         pass
示例#10
0
def execute_a_test(rule, expected_severity, testfile, PROJROOT):
    """ assert that severity level matches the expected value """
    logging.info('  -- Testing schematron rule ' + rule)
    md_file = os.path.join(PROJROOT, 'testdata', testfile)
    validator = Validator(ApiArgs(md_xml=md_file, rule=rule).cliInvocation)
    validator_result = validator.validate()

    # pyunit test not useful to have multiple assertions in a test because it does not continue
    # all unittests in a loop run as a single pyunit test

    #assert validator_result.level == expected_severity, ('expected severity level ' +
    #    expected_severity + ' but test returned ' + validator_result.level + '. rule: ' + rule +
    #    ', testdata: ' + testfile)
    if validator_result.level != expected_severity:
        print(rule + ' expected severity level ' + expected_severity +
              ' but test returned ' + validator_result.level + '. (' + rule +
              ' | ' + testfile + ')')
示例#11
0
 def post_handler(self, req):
     file = req.files['md_instance']
     fname = filename = secure_filename(file.filename)
     if not fname:
         return BaseResponse('no file uploaded', status=400)
     tmpfile = os.path.join(self.config.tempdir,
                            fname + '_' + str(random.randrange(99999999)))
     file.save(tmpfile)
     # webservice client uses md_profile_key; browser uses md_profile
     if 'md_profile_key' in req.form:
         profile_key = secure_filename(req.form['md_profile_key'])
         profile_display_name = self.p_dict[profile_key]
         api_call = True
     elif 'md_profile' in req.form:
         profile_display_name = req.form['md_profile']
         if not profile_display_name in self.p_reverse:
             return BaseResponse('invalid metadata profile: ' +
                                 profile_display_name,
                                 status=400)
         profile_key = self.p_reverse[profile_display_name]
         api_call = False
     else:
         return BaseResponse('missing argument profile key', status=400)
     profile_file = profile_key + '.json'
     validator = Validator(
         ApiArgs(tmpfile, profile=profile_file).cliInvocation)
     if profile_key not in self.p_dict.keys():
         return BaseResponse('invalid profile key: ' + profile_key +
                             ', need: ' + ', '.join(self.p_keys),
                             status=400)
     validator_result = validator.validate()
     os.remove(tmpfile)
     json = ''.join(validator_result.get_json()) + '\n'
     if api_call:
         return BaseResponse(json,
                             mimetype='application/json',
                             direct_passthrough=False)
     else:
         html = self.res_template.render(
             validationType=profile_display_name,
             fname=fname,
             val_out=json.replace("\n", "<br/>"))
         return BaseResponse(html,
                             mimetype='text/html',
                             direct_passthrough=False)
示例#12
0
 def __init__(self):
     self.HttpServer = {
         'port': 8080,
         'listen': '0.0.0.0'
     }
     self.templatedir = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'template')
     self.tempdir = '/tmp'
     # setup list of available profiles
     self.profiles = {}
     validator = Validator(ApiArgs(listprofiles=True).cliInvocation)
     self.profileoptions = '<option disabled selected value> -- select an option -- </option>'
     for display_name in Validator.get_profiles().values():
         self.profileoptions += '<option>' + display_name +  '</option>'
示例#13
0
 def post_handler(self, req):
     file = req.files['md_instance']
     fname = filename = secure_filename(file.filename)
     if not fname:
         return BaseResponse('no file uploaded', status=400)
     tmpfile = os.path.join(self.config.tempdir, fname + '_' + str(random.randrange(99999999)))
     file.save(tmpfile)
     # webservice client uses md_profile_key; browser uses md_profile
     if 'md_profile_key' in req.form:
         profile_key = secure_filename(req.form['md_profile_key'])
         profile_display_name = self.p_dict[profile_key]
         api_call = True
     elif 'md_profile' in req.form:
         profile_display_name = req.form['md_profile']
         if not profile_display_name in self.p_reverse:
             return BaseResponse('invalid metadata profile: ' + profile_display_name, status=400)
         profile_key = self.p_reverse[profile_display_name]
         api_call = False
     else:
         return BaseResponse('missing argument profile key', status=400)
     profile_file = profile_key + '.json'
     validator = Validator(ApiArgs(tmpfile, profile=profile_file).cliInvocation)
     if profile_key not in self.p_dict.keys():
         return BaseResponse('invalid profile key: ' + profile_key + ', need: ' + ', '.join(self.p_keys), status=400)
     validator_result = validator.validate()
     os.remove(tmpfile)
     json = ''.join(validator_result.get_json()) + '\n'
     if api_call:
         return BaseResponse(json,
                             mimetype='application/json',
                             direct_passthrough=False)
     else:
         html = self.res_template.render(validationType=profile_display_name,
                                        fname=fname,
                                        val_out=json.replace("\n", "<br/>"))
         return BaseResponse(html,
                             mimetype='text/html',
                             direct_passthrough=False)
示例#14
0
    def test_validate_saml2int(self):
        """ -- Test API with profile saml2int against idp_incomplete.xml """
        logging.info(TestValidator.test_validate_saml2int.__doc__)
        print(TestValidator.test_validate_saml2int.__doc__)
        PROJROOT = os.path.dirname(os.path.dirname(__file__))
        logging.info('PROJROOT=' + PROJROOT)
        md_fname = os.path.join(PROJROOT, 'testdata', 'idp_incomplete.xml')
        #profile_fname = os.path.join(PROJROOT, 'rules', 'profiles', 'saml2int.json')
        import pkgdata
        profile_fname =  pkgdata.get_path('rules', os.path.join('profiles', 'saml2int.json'))
        validator = Validator(ApiArgs(md_xml=md_fname, profile=profile_fname).cliInvocation)
        val_result = validator.validate()

        workdir = os.path.join(PROJROOT, 'work')
        if not os.path.exists(workdir):
            os.makedirs(workdir)
        fname = os.path.join(workdir, 'saml2int.json')
        with open(fname, 'w') as fd:
            fd.write(val_result.get_json())
        try:
            assertNoDiff(fname)
        except (AssertionError, FileNotFoundError) as e:
            print(e)
示例#15
0
        profile_dict = json.loads(''.join(fd.readlines()))
    html = '<html><head><meta charset="UTF-8"><link rel="stylesheet" type="text/css" ' \
           'href="../css/tables.css"></head><body><h1>SAML Schematron Rules for profile "%s"</h1>%s</body></html>'
    os.system('scripts/listrules.sh > work/listrules.json')
    rules = json.loads(''.join(open('work/listrules.json').readlines()))
    tabhtml = '<table class="pure-table">'
    for rule in sorted(rules):
        if not rule.startswith('rule'):
            continue
        if rule not in profile_dict['rules']:
            continue
        try:
            tabhtml += '<tr><td>%s</td><td>%s</td><td>%s</td></tr>\n' % \
                    (rule, rules[rule]["Severity"], rules[rule]["Message"])
        except KeyError as e:
            print("rule:" + rule)
            raise
    tabhtml += '</table>'
    fname = 'saml_schtron/webapp/static/html/' + profile['file'][:-5] + '.html'
    with open(fname, 'w') as fd:
        fd.write(html % (profile['name'], tabhtml))
    print('File %s written.' % fname)


validator = Validator(ApiArgs(listprofiles=True).cliInvocation)
gen_profile_rules({
    'file': 'allrules.json',
    'name': 'All available schematron rules'
})
for profile in validator.get_profiles():
    gen_profile_rules(profile)
示例#16
0
def gen_profile_rules(profile):
    with open('rules/profiles/' + profile['file']) as fd:
        profile_dict = json.loads(''.join(fd.readlines()))
    html = '<html><head><meta charset="UTF-8"><link rel="stylesheet" type="text/css" ' \
           'href="../css/tables.css"></head><body><h1>SAML Schematron Rules for profile "%s"</h1>%s</body></html>'
    os.system('scripts/listrules.sh > work/listrules.json')
    rules = json.loads(''.join(open('work/listrules.json').readlines()))
    tabhtml = '<table class="pure-table">'
    for rule in sorted(rules):
        if not rule.startswith('rule'):
            continue
        if rule not in profile_dict['rules']:
            continue
        try:
            tabhtml += '<tr><td>%s</td><td>%s</td><td>%s</td></tr>\n' % \
                    (rule, rules[rule]["Severity"], rules[rule]["Message"])
        except KeyError as e:
            print("rule:" + rule)
            raise
    tabhtml += '</table>'
    fname = 'saml_schtron/webapp/static/html/' + profile['file'][:-5] + '.html'
    with open(fname, 'w') as fd:
        fd.write(html % (profile['name'], tabhtml))
    print('File %s written.' % fname)


validator = Validator(ApiArgs(listprofiles=True).cliInvocation)
gen_profile_rules({'file': 'allrules.json', 'name': 'All available schematron rules'})
for profile in validator.get_profiles():
    gen_profile_rules(profile)