Codebase list python-faraday / bd674824-7810-4dbf-8a8b-4c9505581ed5/main tests / test_api_vulnerability_template.py
bd674824-7810-4dbf-8a8b-4c9505581ed5/main

Tree @bd674824-7810-4dbf-8a8b-4c9505581ed5/main (Download .tar.gz)

test_api_vulnerability_template.py @bd674824-7810-4dbf-8a8b-4c9505581ed5/mainraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
#-*- coding: utf8 -*-
'''
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

'''

import os
from io import BytesIO
import pytest

from faraday.server.api.modules.vulnerability_template import VulnerabilityTemplateView
from tests import factories
from tests.test_api_non_workspaced_base import (
    ReadOnlyAPITests
)
from faraday.server.models import (
    VulnerabilityTemplate,
    ReferenceTemplate)
from tests.factories import (
    VulnerabilityTemplateFactory,
    ReferenceTemplateFactory,
    CustomFieldsSchemaFactory
)

CURRENT_PATH = os.path.dirname(os.path.abspath(__file__))


@pytest.mark.usefixtures('logged_user')
class TestListVulnerabilityTemplateView(ReadOnlyAPITests):
    model = VulnerabilityTemplate
    factory = factories.VulnerabilityTemplateFactory
    api_endpoint = 'vulnerability_template'
    view_class = VulnerabilityTemplateView

    def test_backwards_json_compatibility(self, test_client, session):
        self.factory.create()
        session.commit()
        res = test_client.get(self.url())
        assert res.status_code == 200
        assert 'rows' in res.json
        for vuln in res.json['rows']:
            assert set([u'id', u'key', u'value', u'doc']) == set(vuln.keys())
            object_properties = [
                u'exploitation',
                u'references',
                u'refs',
                u'name',
                u'cwe',
                u'_rev',
                u'_id',
                u'resolution',
                u'description',
                u'desc'
            ]

            expected = set(object_properties)
            result = set(vuln['doc'].keys())
            assert expected - result == set()

    def _create_post_data_vulnerability_template(self, references):
        data = {
            "exploitation":"high",
            "references":references,
            "name":"name",
            "resolution": "resolution",
            "cwe":"swe",
            "description":"desc"}
        return data

    def test_create_new_vulnerability_template(self, session, test_client):
        vuln_count_previous = session.query(VulnerabilityTemplate).count()
        raw_data = self._create_post_data_vulnerability_template(references='')
        res = test_client.post('/v2/vulnerability_template/', data=raw_data)
        assert res.status_code == 201
        assert isinstance(res.json['_id'], int)
        assert vuln_count_previous + 1 == session.query(VulnerabilityTemplate).count()
        vuln_template = VulnerabilityTemplate.query.get(res.json['_id'])
        assert vuln_template.references == set()

    def test_update_vulnerability_template(self, session, test_client):
        template = self.factory.create()
        session.commit()
        raw_data = self._create_post_data_vulnerability_template(references='')
        res = test_client.put('/v2/vulnerability_template/{0}/'.format(template.id), data=raw_data)
        assert res.status_code == 200
        updated_template = session.query(VulnerabilityTemplate).filter_by(id=template.id).first()
        assert updated_template.name == raw_data['name']
        assert updated_template.severity == raw_data['exploitation']
        assert updated_template.resolution == raw_data['resolution']
        assert updated_template.description == raw_data['description']
        assert updated_template.references == set([])

    @pytest.mark.parametrize('references', [
        ',',
        ',,',
        'a,',
        ['a', 'b', ''],
        {"a": 1},
        {}
    ])
    def test_400_on_invalid_reference(self, session, test_client, references):
        template = self.factory.create()
        session.commit()
        raw_data = self._create_post_data_vulnerability_template(
            references=references)
        res = test_client.put('/v2/vulnerability_template/{0}/'.format(
            template.id), data=raw_data)
        assert res.status_code == 400

    def test_update_vulnerabiliy_template_change_refs(self, session, test_client):
        template = self.factory.create()
        for ref_name in set(['old1', 'old2']):
            ref = ReferenceTemplateFactory.create(name=ref_name)
            self.first_object.reference_template_instances.add(ref)
        session.commit()
        raw_data = self._create_post_data_vulnerability_template(references='new_ref,another_ref')
        res = test_client.put('/v2/vulnerability_template/{0}/'.format(template.id), data=raw_data)
        assert res.status_code == 200
        updated_template = session.query(VulnerabilityTemplate).filter_by(id=template.id).first()
        assert updated_template.name == raw_data['name']
        assert updated_template.severity == raw_data['exploitation']
        assert updated_template.resolution == raw_data['resolution']
        assert updated_template.description == raw_data['description']
        assert updated_template.references == set([u'another_ref', u'new_ref'])

    def test_create_new_vulnerability_template_with_references(self, session, test_client):
        vuln_count_previous = session.query(VulnerabilityTemplate).count()
        raw_data = self._create_post_data_vulnerability_template(references='ref1,ref2')
        res = test_client.post('/v2/vulnerability_template/', data=raw_data)
        assert res.status_code == 201
        assert isinstance(res.json['_id'], int)
        assert set(res.json['refs']) == set(['ref1', 'ref2'])
        assert vuln_count_previous + 1 == session.query(VulnerabilityTemplate).count()
        new_template = session.query(VulnerabilityTemplate).filter_by(id=res.json['_id']).first()
        assert new_template.references == set([u'ref1', u'ref2'])

    def test_delete_vuln_template(self, session, test_client):
        template = self.factory.create()
        vuln_count_previous = session.query(VulnerabilityTemplate).count()
        res = test_client.delete('/v2/vulnerability_template/{0}/'.format(template.id))

        assert res.status_code == 204
        assert vuln_count_previous - 1 == session.query(VulnerabilityTemplate).count()

    def test_create_same_vuln_template_multipe_times_sohuld_raise_409(self, test_client):
        """
            Current test case was found un hackaton. When creating vuln
            template it returned error 500 instead of 409.

        """

        raw_data = {
            "id":123010,
            "cwe": "",
            "description": "test2",
            "desc":"test2",
            "exploitation":"critical",
            "name":"test2",
            "references":[],
            "refs":[],
            "resolution":"",
            "type":"vulnerability_template"
        }
        res = test_client.post(self.url(), data=raw_data)
        assert res.status_code == 201
        res = test_client.post(self.url(), data=raw_data)
        assert res.status_code == 409

    def test_when_a_template_with_ref_is_deleted_ref_remains_at_database(
            self, session, test_client):
        session.query(ReferenceTemplate).count() == 0
        template = VulnerabilityTemplateFactory.create()
        ref1 = ReferenceTemplateFactory.create()
        template.reference_template_instances.add(ref1)
        session.commit()
        res = test_client.delete(self.url(template))
        assert res.status_code == 204

        assert session.query(ReferenceTemplate).count() == 1

    def test_create_same_vuln_template_with_custom_fields(self, session, test_client):

        custom_field_schema = CustomFieldsSchemaFactory(
            field_name='cvss',
            field_type='str',
            field_display_name='CVSS',
            table_name='vulnerability'
        )
        session.add(custom_field_schema)
        session.commit()

        raw_data = {
            "id":123010,
            "cwe": "",
            "description": "test2",
            "desc":"test2",
            "exploitation":"critical",
            "name":"test2",
            "references":[],
            "refs":[],
            "resolution":"",
            "type": "vulnerability_template",
            "customfields": {
                "cvss": "value",
            }
        }

        res = test_client.post(self.url(), data=raw_data)
        assert res.status_code == 201
        assert res.json['customfields'] == {u'cvss': u'value'}

    def test_update_vuln_template_with_custom_fields(self, session, test_client):

        custom_field_schema = CustomFieldsSchemaFactory(
            field_name='cvss',
            field_type='str',
            field_display_name='CVSS',
            table_name='vulnerability'
        )
        template = VulnerabilityTemplateFactory.create()
        session.add(custom_field_schema)
        session.add(template)
        session.commit()

        raw_data = {
            "cwe": "",
            "description": "test2",
            "desc":"test2",
            "exploitation":"critical",
            "name":"test2",
            "references":[],
            "refs":[],
            "resolution":"",
            "type": "vulnerability_template",
            "customfields": {
                "cvss": "updated value",
            }
        }

        res = test_client.put(self.url(template.id), data=raw_data)
        assert res.status_code == 200
        assert res.json['customfields'] == {u'cvss': u'updated value'}

        vuln_template = session.query(VulnerabilityTemplate).filter_by(id=template.id).first()
        assert vuln_template.custom_fields == {u'cvss': u'updated value'}

    def test_add_vuln_template_from_csv(self, session, test_client, csrf_token):
        expected_created_vuln_template = 1
        file_contents = b"""cwe,name,description,resolution,exploitation,references\n
CWE-119,EN-Improper Restriction of Operations within the Bounds of a Memory Buffer (Type: Class),"The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.\n
Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.\n
As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.",,high,"Writing Secure Code: Chapter 5, ""Public Enemy #1: The Buffer Overrun"" Page 127; Chapter 14, ""Prevent I18N Buffer Overruns"" Page 441\n
Using the Strsafe.h Functions: http://msdn.microsoft.com/en-us/library/ms647466.aspx\n
Safe C String Library v1.0.3: http://www.zork.org/safestr/\n
Address Space Layout Randomization in Windows Vista: http://blogs.msdn.com/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windows-vista.aspx\n
Limiting buffer overflows with ExecShield: http://www.redhat.com/magazine/009jul05/features/execshield/\n
PaX: http://en.wikipedia.org/wiki/PaX\n
Understanding DEP as a mitigation technology part 1: http://blogs.technet.com/b/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-1.aspx\n
The Art of Software Security Assessment: Chapter 5, ""Memory Corruption"", Page 167.\n
The Art of Software Security Assessment: Chapter 5, ""Protection Mechanisms"", Page 189."
"""
        data = {
            'file': (BytesIO(file_contents), 'vulns.csv'),
            'csrf_token': csrf_token
        }
        headers = {'Content-type': 'multipart/form-data'}
        res = test_client.post('/v2/vulnerability_template/bulk_create/',
                               data=data, headers=headers, use_json_data=False)
        assert res.status_code == 200
        assert res.json['vulns_created'] == expected_created_vuln_template

    def test_add_unicode_vuln_template_from_csv(self, session, test_client, csrf_token):
        expected_created_vuln_template = 1
        file_contents = """cwe,name,description,resolution,exploitation,references
        ,ES-Exposición de información a través del listado de directorios,"Estos directorios no deberian estar publicos, pues exponen información sensible del tipo de tecnología utilizada, código de programación, información sobre rutas de acceso a distintos lugares, particularmente en este caso podemos listar toda la información del servidor sin ningun tipo de restricción
        ",Siempre evitar que se puedan listar directorios de manera externa y sin permisos,high,
        """
        data = {
            'file': (BytesIO(file_contents.encode()), 'vulns.csv'),
            'csrf_token': csrf_token
        }
        headers = {'Content-type': 'multipart/form-data'}
        res = test_client.post('/v2/vulnerability_template/bulk_create/',
                               data=data, headers=headers, use_json_data=False)
        assert res.status_code == 200
        assert res.json['vulns_created'] == expected_created_vuln_template

    def test_add_vuln_template_only_required_fields(self, session, test_client, csrf_token):
        expected_created_vuln_template = 1
        file_contents = b"""name,exploitation\n
        "test",high

    """
        data = {
            'file': (BytesIO(file_contents), 'vulns.csv'),
            'csrf_token': csrf_token
        }
        headers = {'Content-type': 'multipart/form-data'}
        res = test_client.post('/v2/vulnerability_template/bulk_create/',
                               data=data, headers=headers, use_json_data=False)
        assert res.status_code == 200
        assert res.json['vulns_created'] == expected_created_vuln_template

    def test_add_vuln_template_missing_required_fields(self, session, test_client, csrf_token):
        expected_created_vuln_template = 1
        file_contents = b"""name,description\n
        "test","description"

    """
        data = {
            'file': (BytesIO(file_contents), 'vulns.csv'),
            'csrf_token': csrf_token
        }
        headers = {'Content-type': 'multipart/form-data'}
        res = test_client.post('/v2/vulnerability_template/bulk_create/',
                               data=data, headers=headers, use_json_data=False)
        assert res.status_code == 400
        assert 'name' not in res.data.decode('utf8')
        assert 'exploitation' in res.data.decode('utf8')

    def test_add_vuln_template_custom_fields_and_some_more_fields(self, session, test_client, csrf_token):

        custom_field_schema = CustomFieldsSchemaFactory(
            field_name='cvss',
            field_type='str',
            field_display_name='CVSS',
            table_name='vulnerability'
        )
        session.add(custom_field_schema)
        session.commit()
        file_contents = b"""name,exploitation,resolution,data,cvss\n
        "test",high,"resolution","technical details","5"
    """
        data = {
            'file': (BytesIO(file_contents), 'vulns.csv'),
            'csrf_token': csrf_token
        }
        headers = {'Content-type': 'multipart/form-data'}
        res = test_client.post('/v2/vulnerability_template/bulk_create/',
                               data=data, headers=headers, use_json_data=False)
        assert res.status_code == 200
        assert res.json['vulns_created'] == 1
        inserted_template = session.query(VulnerabilityTemplate).filter_by(name='test').first()
        assert inserted_template.resolution == 'resolution'
        assert inserted_template.severity == 'high'
        assert inserted_template.data == 'technical details'
        assert 'cvss' in inserted_template.custom_fields
        assert inserted_template.custom_fields['cvss'] == '5'