Loading tests/helper_generate_finding_file.py +4 −4 Original line number Diff line number Diff line Loading @@ -62,10 +62,10 @@ def single_issue(partial_fid): <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>EXAMPLE</issueBackground> <remediationBackground>EXAMPLE</remediationBackground> <issueDetail>EXAMPLE</issueDetail> <remediationDetail>EXAMPLE</remediationDetail> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> Loading tests/test_files/scanner_results/burp_combined/two_findings_to_combine.json 0 → 100644 +75 −0 Original line number Diff line number Diff line <?xml version="1.0"?> <!DOCTYPE issues [ <!ELEMENT issues (issue*)> <!ATTLIST issues burpVersion CDATA ""> <!ATTLIST issues exportTime CDATA ""> <!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, issueDetailItems?, remediationDetail?, requestresponse*)> <!ELEMENT serialNumber (#PCDATA)> <!ELEMENT type (#PCDATA)> <!ELEMENT name (#PCDATA)> <!ELEMENT host (#PCDATA)> <!ATTLIST host ip CDATA ""> <!ELEMENT path (#PCDATA)> <!ELEMENT location (#PCDATA)> <!ELEMENT severity (#PCDATA)> <!ELEMENT confidence (#PCDATA)> <!ELEMENT issueBackground (#PCDATA)> <!ELEMENT remediationBackground (#PCDATA)> <!ELEMENT issueDetail (#PCDATA)> <!ELEMENT issueDetailItems (issueDetailItem*)> <!ELEMENT issueDetailItem (#PCDATA)> <!ELEMENT remediationDetail (#PCDATA)> <!ELEMENT requestresponse (request?, response?, responseRedirected?)> <!ELEMENT request (#PCDATA)> <!ATTLIST request method CDATA ""> <!ATTLIST request base64 (true|false) "false"> <!ELEMENT response (#PCDATA)> <!ATTLIST response base64 (true|false) "false"> <!ELEMENT responseRedirected (#PCDATA)> ]> <issues burpVersion="1.6.05" exportTime="Sat Sep 13 22:39:44 CEST 2014"> <issue> <serialNumber>173204192</serialNumber> <type>importer_test_fid2</type> <name>Example importer_test_fid2</name> <host ip="127.0.0.1">http://example.com</host> <path>EXAMPLE_PATH</path> <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> <responseRedirected>false</responseRedirected> </requestresponse> </issue> <issue> <serialNumber>798964346</serialNumber> <type>importer_test_fid1</type> <name>Example importer_test_fid1</name> <host ip="127.0.0.1">http://example.com</host> <path>EXAMPLE_PATH</path> <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> <responseRedirected>false</responseRedirected> </requestresponse> </issue> </issues> tests/test_finding_grouping.py +20 −2 Original line number Diff line number Diff line Loading @@ -40,7 +40,7 @@ class FindingHelper: return new_ids @staticmethod def run_evaluation(client, test_name: str, partial_fids: Set[str], expected_fids: Set[str], profile: str = 'importer_test'): def run_evaluation(client, test_name: str, partial_fids: Set[str], expected_fids: Set[str], profile: str = 'importer_test') -> ProcessingSettings: delete_templates(client) logger.debug(f"{test_name=} | {partial_fids=} | {expected_fids=}") Loading @@ -60,6 +60,7 @@ class FindingHelper: imported_fids = set([x["fid"] for x in data]) assert imported_fids == expected_fids return ps @pytest.mark.skipif(not PWNDOC_DANGER_OVERRIDE, reason="PWNDOC_DANGER_OVERRIDE must be allowed to enable testing of interaction with PwnDoc") Loading Loading @@ -87,7 +88,7 @@ class TestGroupingAndAliasing: return orig def test_pwndoc_grouping_two_imports(self, client): # This tests whether a broken grouping will trigger visual warning. # This tests whether a broken grouping will trigger visual warning. # todo: does it? full_fids = ["burp_importer_test_fid1", "burp_importer_test_fid2"] folder_name = PwnDocCommunication.setup_fake_scan2report_import( Loading Loading @@ -115,3 +116,20 @@ class TestGroupingAndAliasing: findings_scan2report_dicts: List[dict] = api_pwndoc_audit.convert_findings_to_scan2report_dicts(ps.audit_id, ps.locale) assert findings_scan2report_dicts[0].get("fid") == 'IMPORTER_TEST_GROUP_1' assert len(findings_scan2report_dicts) == 1 def test_grouping_description(self, client): input_partial_fids = FindingHelper.full_fids_to_partial_fids({"burp_importer_test_fid1", "burp_importer_test_fid2"}) ps = FindingHelper.run_evaluation(client, "test_description", input_partial_fids, {'IMPORTER_TEST_GROUP_1'}) with open(ps.get_result_path(), encoding='utf8') as f: findings = json.load(f) assert len(findings) == 1 description: str = findings[0]['description'] sequence_of_items = [ '[OG]', 'issueBackground', config.TNS_DESCRIPTION_PROOF_DELIMITER, 'issueDetail', '[OG]', 'issueBackground', config.TNS_DESCRIPTION_PROOF_DELIMITER, 'issueDetail', ] cur_pos = 0 for x in sequence_of_items: cur_pos = description.find(x, cur_pos) assert cur_pos != -1, f'Description is combined in wrong order. Expected order is DESC A, PROOF A, DESC B, PROOF B. Actual description is:\n\n\n{description}' Loading
tests/helper_generate_finding_file.py +4 −4 Original line number Diff line number Diff line Loading @@ -62,10 +62,10 @@ def single_issue(partial_fid): <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>EXAMPLE</issueBackground> <remediationBackground>EXAMPLE</remediationBackground> <issueDetail>EXAMPLE</issueDetail> <remediationDetail>EXAMPLE</remediationDetail> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> Loading
tests/test_files/scanner_results/burp_combined/two_findings_to_combine.json 0 → 100644 +75 −0 Original line number Diff line number Diff line <?xml version="1.0"?> <!DOCTYPE issues [ <!ELEMENT issues (issue*)> <!ATTLIST issues burpVersion CDATA ""> <!ATTLIST issues exportTime CDATA ""> <!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, issueDetailItems?, remediationDetail?, requestresponse*)> <!ELEMENT serialNumber (#PCDATA)> <!ELEMENT type (#PCDATA)> <!ELEMENT name (#PCDATA)> <!ELEMENT host (#PCDATA)> <!ATTLIST host ip CDATA ""> <!ELEMENT path (#PCDATA)> <!ELEMENT location (#PCDATA)> <!ELEMENT severity (#PCDATA)> <!ELEMENT confidence (#PCDATA)> <!ELEMENT issueBackground (#PCDATA)> <!ELEMENT remediationBackground (#PCDATA)> <!ELEMENT issueDetail (#PCDATA)> <!ELEMENT issueDetailItems (issueDetailItem*)> <!ELEMENT issueDetailItem (#PCDATA)> <!ELEMENT remediationDetail (#PCDATA)> <!ELEMENT requestresponse (request?, response?, responseRedirected?)> <!ELEMENT request (#PCDATA)> <!ATTLIST request method CDATA ""> <!ATTLIST request base64 (true|false) "false"> <!ELEMENT response (#PCDATA)> <!ATTLIST response base64 (true|false) "false"> <!ELEMENT responseRedirected (#PCDATA)> ]> <issues burpVersion="1.6.05" exportTime="Sat Sep 13 22:39:44 CEST 2014"> <issue> <serialNumber>173204192</serialNumber> <type>importer_test_fid2</type> <name>Example importer_test_fid2</name> <host ip="127.0.0.1">http://example.com</host> <path>EXAMPLE_PATH</path> <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> <responseRedirected>false</responseRedirected> </requestresponse> </issue> <issue> <serialNumber>798964346</serialNumber> <type>importer_test_fid1</type> <name>Example importer_test_fid1</name> <host ip="127.0.0.1">http://example.com</host> <path>EXAMPLE_PATH</path> <location>EXAMPLE</location> <severity>High</severity> <confidence>Firm</confidence> <issueBackground>issueBackground</issueBackground> <remediationBackground>remediationBackground</remediationBackground> <issueDetail>issueDetail</issueDetail> <remediationDetail>remediationDetail</remediationDetail> <requestresponse> <request method="POST" base64="true"></request> <response base64="true"></response> <responseRedirected>false</responseRedirected> </requestresponse> </issue> </issues>
tests/test_finding_grouping.py +20 −2 Original line number Diff line number Diff line Loading @@ -40,7 +40,7 @@ class FindingHelper: return new_ids @staticmethod def run_evaluation(client, test_name: str, partial_fids: Set[str], expected_fids: Set[str], profile: str = 'importer_test'): def run_evaluation(client, test_name: str, partial_fids: Set[str], expected_fids: Set[str], profile: str = 'importer_test') -> ProcessingSettings: delete_templates(client) logger.debug(f"{test_name=} | {partial_fids=} | {expected_fids=}") Loading @@ -60,6 +60,7 @@ class FindingHelper: imported_fids = set([x["fid"] for x in data]) assert imported_fids == expected_fids return ps @pytest.mark.skipif(not PWNDOC_DANGER_OVERRIDE, reason="PWNDOC_DANGER_OVERRIDE must be allowed to enable testing of interaction with PwnDoc") Loading Loading @@ -87,7 +88,7 @@ class TestGroupingAndAliasing: return orig def test_pwndoc_grouping_two_imports(self, client): # This tests whether a broken grouping will trigger visual warning. # This tests whether a broken grouping will trigger visual warning. # todo: does it? full_fids = ["burp_importer_test_fid1", "burp_importer_test_fid2"] folder_name = PwnDocCommunication.setup_fake_scan2report_import( Loading Loading @@ -115,3 +116,20 @@ class TestGroupingAndAliasing: findings_scan2report_dicts: List[dict] = api_pwndoc_audit.convert_findings_to_scan2report_dicts(ps.audit_id, ps.locale) assert findings_scan2report_dicts[0].get("fid") == 'IMPORTER_TEST_GROUP_1' assert len(findings_scan2report_dicts) == 1 def test_grouping_description(self, client): input_partial_fids = FindingHelper.full_fids_to_partial_fids({"burp_importer_test_fid1", "burp_importer_test_fid2"}) ps = FindingHelper.run_evaluation(client, "test_description", input_partial_fids, {'IMPORTER_TEST_GROUP_1'}) with open(ps.get_result_path(), encoding='utf8') as f: findings = json.load(f) assert len(findings) == 1 description: str = findings[0]['description'] sequence_of_items = [ '[OG]', 'issueBackground', config.TNS_DESCRIPTION_PROOF_DELIMITER, 'issueDetail', '[OG]', 'issueBackground', config.TNS_DESCRIPTION_PROOF_DELIMITER, 'issueDetail', ] cur_pos = 0 for x in sequence_of_items: cur_pos = description.find(x, cur_pos) assert cur_pos != -1, f'Description is combined in wrong order. Expected order is DESC A, PROOF A, DESC B, PROOF B. Actual description is:\n\n\n{description}'
