view tests/testVulnerability.py @ 141:ce39a5267998

Add an export to the error page, and an exploding endpoint
author Benoît Allard <benoit.allard@greenbone.net>
date Tue, 28 Oct 2014 09:55:18 +0100
parents 4a9f23230eba
children
line wrap: on
line source
# -*- encoding: utf-8 -*-
# Description:
# Test Case for the Vulnerabilities
#
# Authors:
# BenoƮt Allard <benoit.allard@greenbone.net>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

from .utils import TestCase

class TestiVulnerability(TestCase):

    def testCreateVulnerability(self):
        rv = self.createDoc('Title', 'Type')
        self.assertEqual(rv.status_code, 200)
        self.app.get('/vulnerability/add')
        rv = self.app.post('/vulnerability/add', data=dict(ordinal="1", title="", systemname="", id_value="", discoverydate="", releasedate="", cve=""))
        self.assertEqual(rv.status_code, 302)

    def testCreateCWE(self):
        self.testCreateVulnerability()
        self.app.get('/vulnerability/1/cwe/add')
        rv = self.app.post('/vulnerability/1/cwe/add', data=dict(id='CWE-601', description="URL Redirection to Untrusted Site ('Open Redirect')"))
        self.assertEqual(rv.status_code, 302)
        self.app.get('/vulnetrability/1')
        rv = self.app.get('/vulnerability/1/cwe/0/edit')
        self.assertEqual(rv.status_code, 200)

    def testAddAndEditInvolvement(self):
        self.testCreateVulnerability()
        rv = self.app.get('/vulnerability/1/involvement/add')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/involvement/add', data=dict(party='Vendor', status='Open', description=''))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/involvement/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1/involvement/0/edit')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/involvement/0/edit', data=dict(party='Other', status='Open', description='test'))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/involvement/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1')
        self.assertEqual(rv.status_code, 200)

    def testAddAndEditInvolvement(self):
        self.testCreateVulnerability()
        rv = self.app.get('/vulnerability/1/productstatus/add')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/productstatus/add', data=dict(party='Vendor', status='Open', description=''))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/productstatus/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1/productstatus/0/edit')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/productstatus/0/edit', data=dict(party='Other', status='Open', description='test'))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/productstatus/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1')
        self.assertEqual(rv.status_code, 200)

    def testAddAndEditThreat(self):
        self.testCreateVulnerability()
        rv = self.app.get('/vulnerability/1/threat/add')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/threat/add', data=dict(type='Test', description='blah', date='', products=[], groups=[]))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/threat/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1/threat/0/edit')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/threat/0/edit', data=dict(type='Test', description='blah2', date='', products=[], groups=[]))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/threat/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1')
        self.assertEqual(rv.status_code, 200)

    def testAddAndEditCVSS(self):
        self.testCreateVulnerability()
        rv = self.app.get('/vulnerability/1/cvss/add')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/cvss/add', data=dict(basescore='5.8', environmentalscore='', temporalscore='', vector='A/B/C/D'))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/cvss/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1/cvss/0/edit')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/cvss/0/edit', data=dict(basescore='6.8', environmentalscore='', temporalscore='', vector='A/B/C/D'))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/cvss/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1')
        self.assertEqual(rv.status_code, 200)

    def testAddAndEditRemediation(self):
        self.testCreateVulnerability()
        rv = self.app.get('/vulnerability/1/remediation/add')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/remediation/add', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[]))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/remediation/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1/remediation/0/edit')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.post('/vulnerability/1/remediation/0/edit', data=dict(type="A", description="b", date="", entitlement="", url="", products=[], groups=[]))
        self.assertEqual(rv.status_code, 302)
        rv = self.app.get('/vulnerability/1/remediation/0')
        self.assertEqual(rv.status_code, 200)
        rv = self.app.get('/vulnerability/1')
        self.assertEqual(rv.status_code, 200)

http://farol.wald.intevation.org