benoit@0: # -*- encoding: utf-8 -*- benoit@0: # Description: benoit@0: # Test Case for the Vulnerabilities benoit@0: # benoit@0: # Authors: benoit@0: # BenoƮt Allard benoit@0: # benoit@0: # Copyright: benoit@0: # Copyright (C) 2014 Greenbone Networks GmbH benoit@0: # benoit@0: # This program is free software; you can redistribute it and/or benoit@0: # modify it under the terms of the GNU General Public License benoit@0: # as published by the Free Software Foundation; either version 2 benoit@0: # of the License, or (at your option) any later version. benoit@0: # benoit@0: # This program is distributed in the hope that it will be useful, benoit@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of benoit@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the benoit@0: # GNU General Public License for more details. benoit@0: # benoit@0: # You should have received a copy of the GNU General Public License benoit@0: # along with this program; if not, write to the Free Software benoit@0: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. benoit@0: benoit@0: from .utils import TestCase benoit@0: benoit@0: class TestiVulnerability(TestCase): benoit@0: benoit@0: def testCreateVulnerability(self): benoit@0: rv = self.createDoc('Title', 'Type') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: self.app.get('/vulnerability/add') benoit@0: rv = self.app.post('/vulnerability/add', data=dict(ordinal="1", title="", systemname="", id_value="", discoverydate="", releasedate="", cve="")) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: benoit@0: def testCreateCWE(self): benoit@0: self.testCreateVulnerability() benoit@0: self.app.get('/vulnerability/1/cwe/add') benoit@0: rv = self.app.post('/vulnerability/1/cwe/add', data=dict(id='CWE-601', description="URL Redirection to Untrusted Site ('Open Redirect')")) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: self.app.get('/vulnetrability/1') benoit@0: rv = self.app.get('/vulnerability/1/cwe/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: benoit@0: def testAddAndEditInvolvement(self): benoit@0: self.testCreateVulnerability() benoit@0: rv = self.app.get('/vulnerability/1/involvement/add') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/involvement/add', data=dict(party='Vendor', status='Open', description='')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/involvement/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1/involvement/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/involvement/0/edit', data=dict(party='Other', status='Open', description='test')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/involvement/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: benoit@0: def testAddAndEditInvolvement(self): benoit@0: self.testCreateVulnerability() benoit@0: rv = self.app.get('/vulnerability/1/productstatus/add') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/productstatus/add', data=dict(party='Vendor', status='Open', description='')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/productstatus/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1/productstatus/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/productstatus/0/edit', data=dict(party='Other', status='Open', description='test')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/productstatus/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: benoit@0: def testAddAndEditThreat(self): benoit@0: self.testCreateVulnerability() benoit@0: rv = self.app.get('/vulnerability/1/threat/add') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/threat/add', data=dict(type='Test', description='blah', date='', products=[], groups=[])) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/threat/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1/threat/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/threat/0/edit', data=dict(type='Test', description='blah2', date='', products=[], groups=[])) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/threat/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: benoit@0: def testAddAndEditCVSS(self): benoit@0: self.testCreateVulnerability() benoit@0: rv = self.app.get('/vulnerability/1/cvss/add') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/cvss/add', data=dict(basescore='5.8', environmentalscore='', temporalscore='', vector='A/B/C/D')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/cvss/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1/cvss/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/cvss/0/edit', data=dict(basescore='6.8', environmentalscore='', temporalscore='', vector='A/B/C/D')) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/cvss/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: benoit@0: def testAddAndEditRemediation(self): benoit@0: self.testCreateVulnerability() benoit@0: rv = self.app.get('/vulnerability/1/remediation/add') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/remediation/add', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[])) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/remediation/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1/remediation/0/edit') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.post('/vulnerability/1/remediation/0/edit', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[])) benoit@0: self.assertEqual(rv.status_code, 302) benoit@0: rv = self.app.get('/vulnerability/1/remediation/0') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: rv = self.app.get('/vulnerability/1') benoit@0: self.assertEqual(rv.status_code, 200) benoit@0: