aljaz/recon-pipeline
1
0
Fork 0
mirror of https://github.com/aljazceru/recon-pipeline.git synced 2025-12-19 23:34:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d7dbd1e7b3d50b5c320e69f2b3cc233d51113baa
recon-pipeline/tests/test_web/test_subdomain_takeover.py
Ryan Good d7dbd1e7b3 Dependency Checking (#75) 
* Adds req testing methodology, needs fixes

* Improves dependency exception handling

* Better meets_requirements implementation

Still need to adjust tests to fake installation

* Changes to exception boolean to enable tool check

tests and class variables modified for new tool check

* Adjust test_get_scans to use appropriate variable

* Adds Go requirement where relevant

* Adds missing scan dependencies

* Add clarification to error message
2020-08-07 08:48:49 -05:00

151 lines
6.0 KiB
Python
Raw Blame History

import shutil
import tempfile
from pathlib import Path
from unittest.mock import MagicMock, patch
import pytest
from pipeline.recon.web import SubjackScan, TKOSubsScan, GatherWebTargets
subjack_results = Path(__file__).parent.parent / "data" / "recon-results" / "subjack-results"
tkosubs_results = Path(__file__).parent.parent / "data" / "recon-results" / "tkosubs-results"
class TestTKOSubsScanScan:
def setup_method(self):
self.tmp_path = Path(tempfile.mkdtemp())
self.scan = TKOSubsScan(
target_file=__file__, results_dir=str(self.tmp_path), db_location=str(self.tmp_path / "testing.sqlite")
)
self.scan.exception = False
def teardown_method(self):
shutil.rmtree(self.tmp_path)
def test_scan_requires(self):
with patch("pipeline.recon.web.GatherWebTargets"):
with patch("pipeline.recon.web.subdomain_takeover.meets_requirements"):
retval = self.scan.requires()
assert isinstance(retval, GatherWebTargets)
def test_scan_creates_results_dir(self):
assert self.scan.results_subfolder == self.tmp_path / "tkosubs-results"
def test_scan_creates_results_file(self):
assert self.scan.output_file == self.tmp_path / "tkosubs-results" / "tkosubs.csv"
def test_scan_creates_database(self):
assert self.scan.db_mgr.location.exists()
assert self.tmp_path / "testing.sqlite" == self.scan.db_mgr.location
def test_scan_creates_results(self):
self.scan.results_subfolder = tkosubs_results
self.scan.output_file = self.scan.results_subfolder / "tkosubs.csv"
self.scan.parse_results()
assert self.scan.output().exists()
def test_parse_results(self):
myresults = self.tmp_path / "tkosubs-results" / "tkosubs.csv"
myresults.parent.mkdir(parents=True, exist_ok=True)
content = "Domain,Cname,Provider,IsVulnerable,IsTakenOver,Response\n"
content += "google.com,Cname,Provider,true,IsTakenOver,Response\n"
content += "maps.google.com,Cname,Provider,false,IsTakenOver,Response\n"
myresults.write_text(content)
self.scan.output_file = myresults
self.scan.db_mgr.get_or_create_target_by_ip_or_hostname = MagicMock()
self.scan.db_mgr.get_or_create_target_by_ip_or_hostname.return_value = MagicMock()
self.scan.db_mgr.add = MagicMock()
self.scan.parse_results()
assert self.scan.output().exists()
assert self.scan.db_mgr.add.called
assert self.scan.db_mgr.get_or_create_target_by_ip_or_hostname.called
@pytest.mark.parametrize("test_input", [["google.com"], None])
def test_scan_run(self, test_input):
with patch("subprocess.run") as mocked_run:
self.scan.parse_results = MagicMock()
self.scan.db_mgr.get_all_hostnames = MagicMock()
self.scan.db_mgr.get_all_hostnames.return_value = test_input
self.scan.run()
if test_input is None:
assert not mocked_run.called
assert not self.scan.parse_results.called
else:
assert mocked_run.called
assert self.scan.parse_results.called
class TestSubjackScan:
def setup_method(self):
self.tmp_path = Path(tempfile.mkdtemp())
self.scan = SubjackScan(
target_file=__file__, results_dir=str(self.tmp_path), db_location=str(self.tmp_path / "testing.sqlite")
)
self.scan.exception = False
def teardown_method(self):
shutil.rmtree(self.tmp_path)
def test_scan_requires(self):
with patch("pipeline.recon.web.GatherWebTargets"):
with patch("pipeline.recon.web.subdomain_takeover.meets_requirements"):
retval = self.scan.requires()
assert isinstance(retval, GatherWebTargets)
def test_scan_creates_results_dir(self):
assert self.scan.results_subfolder == self.tmp_path / "subjack-results"
def test_scan_creates_results_file(self):
assert self.scan.output_file == self.tmp_path / "subjack-results" / "subjack.txt"
def test_scan_creates_database(self):
assert self.scan.db_mgr.location.exists()
assert self.tmp_path / "testing.sqlite" == self.scan.db_mgr.location
def test_scan_creates_results(self):
self.scan.results_subfolder = subjack_results
self.scan.output_file = self.scan.results_subfolder / "subjack.txt"
self.scan.parse_results()
assert self.scan.output().exists()
def test_parse_results(self):
myresults = self.tmp_path / "subjack-results" / "subjack.txt"
myresults.parent.mkdir(parents=True, exist_ok=True)
content = "[Not Vulnerable] email.assetinventory.bugcrowd.com\n"
content += "[Vulnerable] email.assetinventory.bugcrowd.com\n"
content += "[Vulnerable] assetinventory.bugcrowd.com:8080\n"
content += "weird input\n"
myresults.write_text(content)
self.scan.output_file = myresults
self.scan.db_mgr.get_or_create_target_by_ip_or_hostname = MagicMock()
self.scan.db_mgr.get_or_create_target_by_ip_or_hostname.return_value = MagicMock()
self.scan.db_mgr.add = MagicMock()
self.scan.parse_results()
assert self.scan.output().exists()
assert self.scan.db_mgr.add.called
assert self.scan.db_mgr.get_or_create_target_by_ip_or_hostname.called
@pytest.mark.parametrize("test_input", [["google.com"], None])
def test_scan_run(self, test_input):
with patch("subprocess.run") as mocked_run:
self.scan.parse_results = MagicMock()
self.scan.db_mgr.get_all_hostnames = MagicMock()
self.scan.db_mgr.get_all_hostnames.return_value = test_input
self.scan.run()
if test_input is None:
assert not mocked_run.called
assert not self.scan.parse_results.called
else:
assert mocked_run.called
assert self.scan.parse_results.called
Reference in New Issue View Git Blame Copy Permalink