Mercurial > farol
view tests/testVulnerability.py @ 152:617915733729
Raise requirement on FarolLuz (now that it's released)
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Wed, 05 Nov 2014 11:18:51 +0100 |
parents | 4a9f23230eba |
children |
line wrap: on
line source
# -*- encoding: utf-8 -*- # Description: # Test Case for the Vulnerabilities # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. from .utils import TestCase class TestiVulnerability(TestCase): def testCreateVulnerability(self): rv = self.createDoc('Title', 'Type') self.assertEqual(rv.status_code, 200) self.app.get('/vulnerability/add') rv = self.app.post('/vulnerability/add', data=dict(ordinal="1", title="", systemname="", id_value="", discoverydate="", releasedate="", cve="")) self.assertEqual(rv.status_code, 302) def testCreateCWE(self): self.testCreateVulnerability() self.app.get('/vulnerability/1/cwe/add') rv = self.app.post('/vulnerability/1/cwe/add', data=dict(id='CWE-601', description="URL Redirection to Untrusted Site ('Open Redirect')")) self.assertEqual(rv.status_code, 302) self.app.get('/vulnetrability/1') rv = self.app.get('/vulnerability/1/cwe/0/edit') self.assertEqual(rv.status_code, 200) def testAddAndEditInvolvement(self): self.testCreateVulnerability() rv = self.app.get('/vulnerability/1/involvement/add') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/involvement/add', data=dict(party='Vendor', status='Open', description='')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/involvement/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1/involvement/0/edit') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/involvement/0/edit', data=dict(party='Other', status='Open', description='test')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/involvement/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1') self.assertEqual(rv.status_code, 200) def testAddAndEditInvolvement(self): self.testCreateVulnerability() rv = self.app.get('/vulnerability/1/productstatus/add') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/productstatus/add', data=dict(party='Vendor', status='Open', description='')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/productstatus/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1/productstatus/0/edit') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/productstatus/0/edit', data=dict(party='Other', status='Open', description='test')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/productstatus/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1') self.assertEqual(rv.status_code, 200) def testAddAndEditThreat(self): self.testCreateVulnerability() rv = self.app.get('/vulnerability/1/threat/add') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/threat/add', data=dict(type='Test', description='blah', date='', products=[], groups=[])) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/threat/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1/threat/0/edit') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/threat/0/edit', data=dict(type='Test', description='blah2', date='', products=[], groups=[])) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/threat/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1') self.assertEqual(rv.status_code, 200) def testAddAndEditCVSS(self): self.testCreateVulnerability() rv = self.app.get('/vulnerability/1/cvss/add') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/cvss/add', data=dict(basescore='5.8', environmentalscore='', temporalscore='', vector='A/B/C/D')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/cvss/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1/cvss/0/edit') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/cvss/0/edit', data=dict(basescore='6.8', environmentalscore='', temporalscore='', vector='A/B/C/D')) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/cvss/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1') self.assertEqual(rv.status_code, 200) def testAddAndEditRemediation(self): self.testCreateVulnerability() rv = self.app.get('/vulnerability/1/remediation/add') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/remediation/add', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[])) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/remediation/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1/remediation/0/edit') self.assertEqual(rv.status_code, 200) rv = self.app.post('/vulnerability/1/remediation/0/edit', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[])) self.assertEqual(rv.status_code, 302) rv = self.app.get('/vulnerability/1/remediation/0') self.assertEqual(rv.status_code, 200) rv = self.app.get('/vulnerability/1') self.assertEqual(rv.status_code, 200)