示例#1
0
def test_scan_target_without_config(get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_target = "http://www.secureCodeBox.io/"

    zap_automation = ZapAutomation(zap=zap, config_dir="", target=test_target)
    zap_automation.scan_target(target=test_target)
示例#2
0
def test_bodgeit_scan_without_config(get_bodgeit_url, get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_target = "http://localhost:8080/bodgeit/"
    
    zap_automation = ZapAutomation(zap=zap, config_dir="")
    zap_automation.scan_target(target=test_target)
    
    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 5
示例#3
0
def test_juiceshop_scan_with_config(get_juiceshop_url, get_zap_instance: ZAPv2):
    
    zap = get_zap_instance
    test_config_yaml = "./tests/mocks/scan-full-juiceshop-local/"
    test_target = "http://localhost:3000/"
    
    zap_automation = ZapAutomation(zap=zap, config_dir=test_config_yaml)
    zap_automation.scan_target(target=test_target)
    
    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))
    
    assert int(len(alerts)) >= 2
示例#4
0
def test_global_config(get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_target = "http://www.secureCodeBox.io/"
    test_config_yaml = "./tests/mocks/global/"
    
    zap_automation = ZapAutomation(zap=zap, config_dir=test_config_yaml)
    zap_automation.scan_target(target=test_target)
    
    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 1
示例#5
0
def test_petstore_scan_with_config(get_petstore_url, get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_config_yaml = "./tests/mocks/scan-full-petstore-docker/"
    test_target = "http://petstore:8080/"

    zap_automation = ZapAutomation(zap=zap, config_dir=test_config_yaml)
    zap_automation.scan_target(target=test_target)

    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 1
示例#6
0
def test_juiceshop_scan_without_config(get_juiceshop_url,
                                       get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_target = "http://juiceshop:3000/"

    zap_automation = ZapAutomation(zap=zap, config_dir="")
    zap_automation.scan_target(target=test_target)

    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 2
示例#7
0
def test_petstore_scan_with_alert_filters(get_petstore_url, get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_config_yaml = "./tests/mocks/scan-full-petstore-alert-filter-docker/"
    test_target = "http://petstore:8080/"
    
    zap_automation = ZapAutomation(zap=zap, config_dir=test_config_yaml, target=test_target)
    zap_automation.scan_target(target=test_target)
    
    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %d', len(alerts))

    # should normally be 13 alerts but most of them are ignored using alertFilters in the scan config
    assert int(len(alerts)) > 1 and int(len(alerts)) < 10
示例#8
0
def test_bodgeit_scan_with_config(get_bodgeit_url, get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_config_yaml = "./tests/mocks/scan-full-bodgeit-docker/"
    test_target = "http://bodgeit:8080/bodgeit/"

    logging.warning("get_bodgeit_url: %s", get_bodgeit_url)

    zap_automation = ZapAutomation(zap=zap, config_dir=test_config_yaml)
    zap_automation.scan_target(target=test_target)

    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 5
示例#9
0
def test_cascading_scan_config(get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_target = "http://localhost:8080/bodgeit/"
    test_config_yaml = "./tests/mocks/cascading-scan-full-local/"
    test_context = "scb-test-context"

    zap_automation = ZapAutomation(zap=zap,
                                   config_dir=test_config_yaml,
                                   target=test_target,
                                   forced_context=test_context)
    zap_automation.scan_target(target=test_target)

    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %d', len(alerts))

    assert int(len(alerts)) >= 1
示例#10
0
def test_petstore_scan_with_relative_config(get_petstore_url,
                                            get_zap_instance: ZAPv2):

    zap = get_zap_instance
    test_config_yaml = "./tests/mocks/scan-full-petstore-relative/"
    test_target = "http://localhost:8000/"
    test_context = "scb-petstore-context"

    zap_automation = ZapAutomation(zap=zap,
                                   config_dir=test_config_yaml,
                                   target=test_target,
                                   forced_context=test_context)
    zap_automation.scan_target(target=test_target)

    alerts = zap_automation.get_zap_scanner.get_alerts(test_target, [], [])

    logging.info('Found ZAP Alerts: %s', str(len(alerts)))

    assert int(len(alerts)) >= 1