def test_resolve_simple(): mod_1 = module_util.import_module("test_module") vuln1 = mod_1.new_vulnerability("VULN_1_A", "Test Vuln A", "A", "1.0.0") vuln1.add_dependency(("B", ">0.1")) mod_1.add_vulnerability(vuln1) mod_1.override_class_name("mod_1") mod_1.set_name("Mod_1") assert mod_1.get_class_name() == "mod_1" module_util.set_stub_module("mod_1", mod_1) mod_2 = module_util.import_module("test_module") vuln2 = mod_2.new_vulnerability("VULN_2_A", "Test Vuln B", "B", "1.0.0") mod_2.add_vulnerability(vuln2) mod_2.override_class_name("mod_2") mod_2.set_name("Mod_2") assert mod_2.get_class_name() == "mod_2" module_util.set_stub_module("mod_2", mod_2) mod_list = module_util.get_module_list() assert "mod_1" in mod_list assert "mod_2" in mod_list resolving = resolve.resolver() resolving.add_module("mod_1") assert resolving.start_resolve() == True assert resolving.get_install_order() == ['mod_2', 'mod_1'] resolving = resolve.resolver() resolving.add_module("mod_1") resolving.add_module("mod_2") assert resolving.start_resolve() == True assert resolving.get_install_order() == ['mod_2', 'mod_1'] assert resolving.get_install_order() != ['mod_1', 'mod_2'] module_util.remove_stub_module("mod_1") module_util.remove_stub_module("mod_2")
def generate_modules(config): for item in config: new_module = module_util.import_module("test_module") if not "class_name" in item: raise ValueError("class_name is required") elif not "print_name" in item: raise ValueError("print_name is required") new_module.override_class_name(item['class_name']) new_module.set_name(item['print_name']) assert new_module.get_class_name() == item['class_name'] assert new_module.name() == item['print_name'] for vuln in item['vulns']: new_vuln = new_module.new_vulnerability(vuln['name'], vuln['desc'], vuln['provides'], vuln['version']) if len(vuln['deps']) > 0: new_vuln.add_dependency(vuln['deps']) new_module.add_vulnerability(new_vuln) module_util.set_stub_module(item['class_name'], new_module) added_stub_modules.append(item['class_name'])
def test_invalid_storage_file(): test_inst = module_util.import_module("test_module") try: sfile = test_inst.storage_file("doesnt_exist") assert False except: assert True
def test_multi_vuln(): name = "test" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) item = test_inst.new_vulnerability(name + "2", description, provides, "1.0.0") test_inst.add_vulnerability(item) test_inst.set_multi_vuln(True) count2 = 0 for i in range(70): vuln_list = test_inst.get_vulnerabilities(force=True) assert len(vuln_list) == 1 or len(vuln_list) == 2 if len(vuln_list) == 2: count2 += 1 assert (vuln_list[0].name() == name or vuln_list[0].name() == name + "2") assert count2 > 0
def test_forced_vulns_valid(): name = "forced" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) item = test_inst.new_vulnerability("notforced", description, provides, "1.0.0") test_inst.add_vulnerability(item) test_inst.set_forced([name]) for i in range(70): vuln_list = test_inst.get_vulnerabilities(force=True) assert len(vuln_list) == 1 present = False for vuln in vuln_list: if vuln.name() == name: present = True assert present == True
def test_invalid_add_vuln(): name = "test" description = "test description" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description) try: test_inst.add_vulnerability({}) assert False except ValueError: assert True try: test_inst.add_vulnerability([]) assert False except ValueError: assert True try: test_inst.add_vulnerability("hi") assert False except ValueError: assert True try: test_inst.add_vulnerability(1) assert False except ValueError: assert True test_inst.clear_vulnerabilities()
def test_new_vuln(): name = "test" description = "test description" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description) assert isinstance(item, base.vulnerability) assert item.name() == name assert item.provides() == None assert item.version() == None
def test_valid_has_provides(): name = "test" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) assert test_inst.has_provides(provides) == True assert test_inst.has_provides("another") == False
def test_version_restriction_dep(): test_obj = module_util.import_module("test_module") vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") vuln.add_dependency(("test", ">2.0.0a")) test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 test_obj.add_dependency_restriction("test", ">2.0.0") assert len(test_obj.get_vulnerabilities(force=True)) == 0
def test_module_import(): #~ temp = importlib.import_module("modules.test_module.test_module") temp = __import__("modules.test_module.test_module",globals(), locals(), ['./modules'],0) module_class = getattr(temp, "test_module") test_obj = module_class() test_obj2 = module_util.import_module("test_module") assert isinstance(test_obj, module_class) assert isinstance(test_obj2, module_class)
def test_version_restriction_dep(): test_obj = module_util.import_module('test_module') vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") vuln.add_dependency(("test", ">2.0.0a")) test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 test_obj.add_dependency_restriction("test", ">2.0.0") assert len(test_obj.get_vulnerabilities(force=True)) == 0
def test_module_import(): #~ temp = importlib.import_module("modules.test_module.test_module") temp = __import__("modules.test_module.test_module", globals(), locals(), ['./modules'], 0) module_class = getattr(temp, "test_module") test_obj = module_class() test_obj2 = module_util.import_module("test_module") assert isinstance(test_obj, module_class) assert isinstance(test_obj2, module_class)
def __load_provides(self, provides_string, restriction_list): choose_list = [] for module in module_util.get_module_list(): current_module = module_util.import_module(module) if current_module.has_provides( provides_string) and current_module.get_class_name( ) not in restriction_list: # If the module we selected is already loaded (but not processed), use it if current_module.get_class_name( ) in self.__name_map and self.__name_map[ current_module.get_class_name()] != None: self.__provides_map[ provides_string] = current_module.get_class_name() return self.__name_map[current_module.get_class_name()] else: choose_list.append(module) if choose_list == 0: return None selected_module_name = ba_random().array_random(choose_list) selected_module = module_util.import_module(selected_module_name) if selected_module == None: return None # Set the provides mapping self.__provides_map[provides_string] = selected_module.get_class_name() self.__insert_module(selected_module.get_class_name(), selected_module) return self.__name_map[selected_module.get_class_name()]
def test_valid_add_vuln(): name = "test" description = "test description" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description) try: test_inst.add_vulnerability(item) assert True except ValueError: assert False test_inst.clear_vulnerabilities()
def __load_provides(self, provides_string, restriction_list): choose_list = [] for module in module_util.get_module_list(): current_module = module_util.import_module(module) if current_module.has_provides(provides_string) and current_module.get_class_name() not in restriction_list: # If the module we selected is already loaded (but not processed), use it if current_module.get_class_name() in self.__name_map and self.__name_map[current_module.get_class_name()] != None: self.__provides_map[provides_string] = current_module.get_class_name() return self.__name_map[current_module.get_class_name()] else: choose_list.append(module) if choose_list == 0: return None selected_module_name = ba_random().array_random(choose_list) selected_module = module_util.import_module(selected_module_name) if selected_module == None: return None # Set the provides mapping self.__provides_map[provides_string] = selected_module.get_class_name() self.__insert_module(selected_module.get_class_name(), selected_module) return self.__name_map[selected_module.get_class_name()]
def test_version_restriction_os(): test_obj = module_util.import_module("test_module") vuln = test_obj.new_vulnerability("Restrict_Test_OS", "Test", "restrict", "1.0.0") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities(force=True)) == 1 if os_data.os_info().matches(os_data.os_match("linux", "ubuntu")): vuln.add_supported_os("linux", "centos") else: vuln.add_supported_os("linux", "ubuntu") assert len(test_obj.get_vulnerabilities(force=True)) == 0
def test_valid_internal(): name = "test" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) vuln_list = test_inst.get_vulnerabilities() test_list = test_inst.get_running_vulns() for i in range(len(vuln_list)): if not vuln_list[i].name() == test_list[i].name(): assert False
def test_get_vuln_object(): name = "test" description = "test description" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description) test_inst.add_vulnerability(item) test_item = test_inst.get_vulnerability_object("test") assert isinstance(test_item, base.vulnerability) assert test_item.name() == name assert test_item.description() == description assert test_item.provides() == None assert test_item.version() == None
def test_version_restriction_ver(): test_obj = module_util.import_module('test_module') vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 test_obj.add_version_restriction("restrict", ">=1.0") assert len(test_obj.get_vulnerabilities(force=True)) == 1 test_obj.add_version_restriction("restrict", "<1.0") assert len(test_obj.get_vulnerabilities(force=True)) == 0
def test_set_multi_invalid(): name = "test" description = "test description" test_inst = module_util.import_module("test_module") try: test_inst.set_multi_vuln('a') assert False except ValueError: assert True try: test_inst.set_multi_vuln([]) assert False except ValueError: assert True
def test_version_restriction_os(): test_obj = module_util.import_module('test_module') vuln = test_obj.new_vulnerability("Restrict_Test_OS", "Test", "restrict", "1.0.0") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities(force=True)) == 1 if os_data.os_info().matches(os_data.os_match('linux', 'ubuntu')): vuln.add_supported_os('linux', 'centos') else: vuln.add_supported_os('linux', 'ubuntu') assert len(test_obj.get_vulnerabilities(force=True)) == 0
def test_NONE_vuln(): name = "test" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) item = test_inst.new_vulnerability("NONE", description, provides, "1.0.0") test_inst.add_vulnerability(item) test_inst.set_multi_vuln(True) for i in range(50): vuln_list = test_inst.get_vulnerabilities(force=True) assert len(vuln_list) == 1 assert (vuln_list[0].name() == name or vuln_list[0].name() == "NONE")
def test_version_restriction_temp_ver(): test_obj = module_util.import_module("test_module") vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 test_obj._add_temp_version_restriction("restrict", ">=1.0") assert len(test_obj.get_vulnerabilities(force=True)) == 1 test_obj._add_temp_version_restriction("restrict", "<1.0") assert len(test_obj.get_vulnerabilities(force=True)) == 0 test_obj._clear_temp_restrictions() assert len(test_obj.get_vulnerabilities(force=True)) == 1
def test_version_restriction_level(): test_obj = module_util.import_module("test_module") vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") vuln.set_difficulty("hard") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 HARD = 3 EASY = 1 test_obj.set_difficulty_limit(EASY) assert len(test_obj.get_vulnerabilities(force=True)) == 0 test_obj.set_difficulty_limit(HARD) assert len(test_obj.get_vulnerabilities(force=True)) == 1
def test_version_restriction_level(): test_obj = module_util.import_module('test_module') vuln = test_obj.new_vulnerability("Restrict_Test_1", "Test", "restrict", "1.0.0") vuln.set_difficulty("hard") test_obj.add_vulnerability(vuln) assert len(test_obj.get_vulnerabilities()) == 1 HARD = 3 EASY = 1 test_obj.set_difficulty_limit(EASY) assert len(test_obj.get_vulnerabilities(force=True)) == 0 test_obj.set_difficulty_limit(HARD) assert len(test_obj.get_vulnerabilities(force=True)) == 1
def test_valid_has_difficulty(): name = "test" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") item.set_difficulty("easy") test_inst.add_vulnerability(item) assert test_inst.has_difficulty("easy") == True assert test_inst.has_difficulty("hard") == True test_inst.clear_vulnerabilities() item = test_inst.new_vulnerability(name, description, provides, "1.0.0") item.set_difficulty("hard") test_inst.add_vulnerability(item) assert test_inst.has_difficulty("easy") == False assert test_inst.has_difficulty("hard") == True
def add_module(self, module, forced=[]): if issubclass(module.__class__, base.module_base): module_name = module.get_class_name() elif cross_version.isstring(module): module_name = module else: raise ValueError("Invalid module to add. Must be module object or name") if module_util.module_exists(module_name): if self.__debug: print("Adding module " + module_name) self.__insert_module(module_name, module_util.import_module(module_name)) self.__set_modules.append(module_name) if len(forced) > 0: self.__name_map[module_name].set_forced(forced) else: return
def test_forced_vulns_valid_multi(): name = "forced" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) item = test_inst.new_vulnerability("notforced", description, provides, "1.0.0") test_inst.add_vulnerability(item) test_inst.set_forced([name]) test_inst.set_multi_vuln(True) onecount = 0 twocount = 0 for i in range(70): vuln_list = test_inst.get_vulnerabilities(force=True) present = False for vuln in vuln_list: if vuln.name() == name: present = True assert present == True if len(vuln_list) == 1: onecount += 1 elif len(vuln_list) == 2: twocount += 1 else: assert False assert onecount > 0 assert twocount > 0
def test_forced_vulns_valid_multiple_forced(): name = "forced" name2 = "alsoforced" description = "test description" provides = "test" test_inst = module_util.import_module("test_module") item = test_inst.new_vulnerability(name, description, provides, "1.0.0") test_inst.add_vulnerability(item) item = test_inst.new_vulnerability(name2, description, provides, "1.0.0") test_inst.add_vulnerability(item) firstcount = 0 secondcount = 0 for i in range(70): test_inst.set_forced([name, name2]) vuln_list = test_inst.get_vulnerabilities(force=True) assert len(vuln_list) == 1 present = False vuln = vuln_list[0] assert vuln.name() == name or vuln.name() == name2 if vuln.name() == name: firstcount += 1 elif vuln.name() == name2: secondcount += 1 else: assert False assert firstcount > 0 assert secondcount > 0
def test_set_stub_module(): test_obj = module_util.import_module("test_module") test_obj.override_class_name("test2") assert test_obj.get_class_name() == "test2" test_obj.set_name("test2") assert test_obj.name() == "test2" module_util.set_stub_module("test2", test_obj) assert module_util.module_exists("test2") module_list = module_util.get_module_list() assert "test2" in module_list module_util.remove_stub_module("test2") assert not module_util.module_exists("test2") module_list = module_util.get_module_list() assert not "test2" in module_list
def add_module(self, module, forced=[]): if issubclass(module.__class__, base.module_base): module_name = module.get_class_name() elif cross_version.isstring(module): module_name = module else: raise ValueError( "Invalid module to add. Must be module object or name") if module_util.module_exists(module_name): if self.__debug: print("Adding module " + module_name) self.__insert_module(module_name, module_util.import_module(module_name)) self.__set_modules.append(module_name) if len(forced) > 0: self.__name_map[module_name].set_forced(forced) else: return
def test_storage_file(): test_inst = module_util.import_module("test_module") sfile = test_inst.storage_file("test_file") assert sfile.get_contents().strip() == "This is data"
def __module(self, options): if len(options) == 0: print("Incomplete command") print( "Valid sub-commands: add, remove, info, list, random, force, test" ) else: subcommand = options[0] del options[0] if subcommand == "add": if not len(options) == 1: print("module add: No module name") else: module_name = options[0] if module_util.module_exists(module_name): if not module_name in self.__vars['to_run']['value']: self.__vars['to_run']['value'].append(module_name) print("Module added") else: print("Module is already set to be run") else: print("Module '" + module_name + "' does not exist") elif subcommand == "random": rand_list = [] self.__vars['to_run']['value'] = [] while len(rand_list) == 0: mod_list = module_util.get_module_list() set_level = self.__vars['level']['value'] for module in mod_list: # Skip the test module if module == "test_module": continue mod_obj = module_util.import_module(module) if mod_obj: if set_level == "any": if ba_random().will_do(): rand_list.append(module) else: if mod_obj.has_difficulty( set_level) and ba_random().will_do(): rand_list.append(module) else: print("Could not import module " + module) for module_name in rand_list: self.__vars['to_run']['value'].append(module_name) elif subcommand == "remove": if not len(options) == 1: print("module add: No module set") else: module_name = options[0] if module_util.module_exists(module_name): if module_name in self.__vars['to_run']['value']: self.__vars['to_run']['value'].remove(module_name) print("Module removed") else: print("Module is not set to run") else: print("Module '" + module_name + "' does not exist") elif subcommand == "info": if not len(options) == 1: print("module info: No module name") else: module_name = options[0] if module_util.module_exists(module_name): tmp_module = module_util.import_module(module_name) print(tmp_module.info()) print("Vulnerabilities:") for vuln in tmp_module.full_vulnerability_list(): print(" " + vuln) else: print("Module '" + module_name + "' does not exist") elif subcommand == "list": module_list = module_util.get_module_list() if len(module_list) > 0: for item in module_list: if item == "test_module": continue if item in self.__vars['to_run']['value']: print("\t+ " + item) else: print("\t- " + item) else: print("\nNo modules are set to run!") elif subcommand == "force": if not len(options) == 2: print("Enter a module and vulnerability to force") else: module = options[0] vuln = options[1] if module_util.module_exists(module): if vuln in module_util.import_module( module).full_vulnerability_list(): if not module in self.__vars['force']['value']: self.__vars['force']['value'][module] = [] if not vuln in self.__vars['force']['value'][ module]: self.__vars['force']['value'][module].append( vuln) else: print( "That vulnerability is already being forced" ) else: print("Module '" + module + "' does not have the vulnerability '" + vuln + "'") else: print("Module '" + module + "' does not exist") elif subcommand == "test": if self.__debug_mode == False: print("'module test' can only be used in debug mode") elif not len(options) == 2: print("Enter a module and vulnerability to test") else: module = options[0] vuln = options[1] if module_util.module_exists(module): module_obj = module_util.import_module(module) if vuln in module_obj.full_vulnerability_list(): result = module_obj.test(vuln) if result == False: print("Test failed") else: print("Test succeeded") else: print("Module '" + module + "' does not have the vulnerability '" + vuln + "'") else: print("Module '" + module + "' does not exist") else: print("module: invalid subcommand '" + subcommand + "'")
def __module(self, options): if len(options) == 0: print("Incomplete command") print("Valid sub-commands: add, remove, info, list, random, force, test") else: subcommand = options[0] del options[0] if subcommand == "add": if not len(options) == 1: print("module add: No module name") else: module_name = options[0] if module_util.module_exists(module_name): if not module_name in self.__vars['to_run']['value']: self.__vars['to_run']['value'].append(module_name) print("Module added") else: print("Module is already set to be run") else: print("Module '" + module_name + "' does not exist") elif subcommand == "random": rand_list = [] self.__vars['to_run']['value'] = [] while len(rand_list) == 0: mod_list = module_util.get_module_list() set_level = self.__vars['level']['value'] for module in mod_list: # Skip the test module if module == "test_module": continue mod_obj = module_util.import_module(module) if mod_obj: if set_level == "any": if ba_random().will_do(): rand_list.append(module) else: if mod_obj.has_difficulty(set_level) and ba_random().will_do(): rand_list.append(module) else: print("Could not import module "+ module) for module_name in rand_list: self.__vars['to_run']['value'].append(module_name) elif subcommand == "remove": if not len(options) == 1: print("module add: No module set") else: module_name = options[0] if module_util.module_exists(module_name): if module_name in self.__vars['to_run']['value']: self.__vars['to_run']['value'].remove(module_name) print("Module removed") else: print("Module is not set to run") else: print("Module '" + module_name + "' does not exist") elif subcommand == "info": if not len(options) == 1: print("module info: No module name") else: module_name = options[0] if module_util.module_exists(module_name): tmp_module = module_util.import_module(module_name) print(tmp_module.info()) print("Vulnerabilities:") for vuln in tmp_module.full_vulnerability_list(): print(" " + vuln) else: print("Module '" + module_name + "' does not exist") elif subcommand == "list": module_list = module_util.get_module_list() if len(module_list) > 0: for item in module_list: if item == "test_module": continue if item in self.__vars['to_run']['value']: print("\t+ " + item) else: print("\t- " + item) else: print("\nNo modules are set to run!") elif subcommand == "force": if not len(options) == 2: print("Enter a module and vulnerability to force") else: module = options[0] vuln = options[1] if module_util.module_exists(module): if vuln in module_util.import_module(module).full_vulnerability_list(): if not module in self.__vars['force']['value']: self.__vars['force']['value'][module] = [] if not vuln in self.__vars['force']['value'][module]: self.__vars['force']['value'][module].append(vuln) else: print("That vulnerability is already being forced") else: print("Module '" + module + "' does not have the vulnerability '" + vuln + "'") else: print("Module '" + module + "' does not exist") elif subcommand == "test": if self.__debug_mode == False: print("'module test' can only be used in debug mode") elif not len(options) == 2: print("Enter a module and vulnerability to test") else: module = options[0] vuln = options[1] if module_util.module_exists(module): module_obj = module_util.import_module(module) if vuln in module_obj.full_vulnerability_list(): result = module_obj.test(vuln) if result == False: print("Test failed") else: print("Test succeeded") else: print("Module '" + module + "' does not have the vulnerability '" + vuln + "'") else: print("Module '" + module + "' does not exist") else: print("module: invalid subcommand '" + subcommand + "'")
def test_set_name(): test_obj = module_util.import_module("test_module") assert test_obj.name() == "Test Module" test_obj.set_name("Test_Module 2") assert test_obj.name() == "Test_Module 2"
def test_module_name(): test_inst = module_util.import_module("test_module") assert test_inst.get_class_name() == "test_module"
def test_module_import(): test_obj = module_util.import_module("test_module") assert test_obj.name() == "Test Module"