Esempio n. 1
0
func initServices(wsContainer *restful.Container, db *mgo.Database) error {
	// manager
	mgr := manager.New(db)
	if err := mgr.Init(); err != nil {
		return err
	}

	// password manager for generation and verification passwords
	passCtx := passlib.NewContext()

	sch := scheduler.NewMemoryScheduler(mgr.Copy())

	// services
	base := services.New(mgr, passCtx, sch)
	all := []services.ServiceInterface{
		auth.New(base),
		plugin.New(base),
		plan.New(base),
		user.New(base),
		project.New(base),
		target.New(base),
		scan.New(base),
		me.New(base),
		agent.New(base),
		feed.New(base),
		file.New(base),
		issue.New(base),
	}

	// initialize services
	for _, s := range all {
		if err := s.Init(); err != nil {
			return err
		}
	}
	// register services in container
	for _, s := range all {
		s.Register(wsContainer)
	}

	return nil
}
Esempio n. 2
0
func TestChangePassword(t *testing.T) {
	logrus.SetLevel(logrus.PanicLevel)

	mongo, dbName, err := tests.RandomTestMongoUp()
	if err != nil {
		t.Fatal(err)
	}
	defer tests.RandomTestMongoDown(mongo, dbName)

	mgr := manager.New(mongo.DB(dbName))

	passCtx := passlib.NewContext()

	// create and auth user
	sess := filters.NewSession()
	service := New(services.New(mgr, passCtx, scheduler.NewFake()))
	wsContainer := restful.NewContainer()
	wsContainer.Router(restful.CurlyRouter{})
	wsContainer.Filter(filters.SessionFilterMock(sess))
	service.Register(wsContainer)

	ts := httptest.NewServer(wsContainer)
	defer ts.Close()

	c.Convey("Given authorized user with password - password", t, func() {
		pass, err := passCtx.Encrypt("password")
		if err != nil {
			t.Fatal(err)
		}
		u, err := mgr.Users.Create(&user.User{
			Password: pass,
		})
		if err != nil {
			t.Fatal(err)
		}
		sess.Set(filters.SessionUserKey, u.Id.Hex())

		c.Convey("Change password with wrong entity", func() {
			err, resp, sErr := changePassword(ts.URL, map[string]int{"old": 1})
			c.So(err, c.ShouldBeNil)
			c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
			c.So(sErr, c.ShouldNotBeNil)
			c.So(sErr.Code, c.ShouldEqual, services.CodeWrongEntity)
		})

		c.Convey("Change password with wrong old password", func() {
			err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "bad"})
			c.So(err, c.ShouldBeNil)
			c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
			c.So(sErr, c.ShouldNotBeNil)
			c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData)
		})

		c.Convey("Change password with right old password, but new is short", func() {
			err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "short"})
			c.So(err, c.ShouldBeNil)
			c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
			c.So(sErr, c.ShouldNotBeNil)
			c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData)
		})

		c.Convey("Change password with right old password, and good new password", func() {
			err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "password2"})
			c.So(err, c.ShouldBeNil)
			c.So(resp.StatusCode, c.ShouldEqual, http.StatusOK)
			c.So(sErr, c.ShouldBeNil)

			modified, err := mgr.Users.GetById(u.Id)
			if err != nil {
				t.Fatal(err)
			}
			verified, err := passCtx.Verify("password2", modified.Password)
			if err != nil {
				t.Fatal(err)
			}
			c.So(verified, c.ShouldBeTrue)
		})
	})
}
Esempio n. 3
0
func TestSessionCreate(t *testing.T) {
	logrus.SetLevel(logrus.PanicLevel)

	mongo, dbName, err := tests.RandomTestMongoUp()
	if err != nil {
		t.Fatal(err)
	}
	defer tests.RandomTestMongoDown(mongo, dbName)

	mgr := manager.New(mongo.DB(dbName))
	err = loadFixtures(mgr)
	if err != nil {
		t.Fatal(err)
	}

	// create and auth user
	sess := filters.NewSession()
	u, err := mgr.Users.Create(&user.User{})
	if err != nil {
		t.Fatal(err)
	}
	sess.Set(filters.SessionUserKey, u.Id.Hex())

	scanService := New(services.New(mgr, nil, scheduler.NewFake()))
	wsContainer := restful.NewContainer()
	wsContainer.Router(restful.CurlyRouter{})
	wsContainer.Filter(filters.SessionFilterMock(sess))
	scanService.Register(wsContainer)

	marshalSession := func(s *scan.Session) []byte {
		data, err := json.Marshal(s)
		if err != nil {
			t.Fatal(err)
		}
		return data
	}

	ts := httptest.NewServer(wsContainer)
	defer ts.Close()

	c.Convey("Given base scan with sessions", t, func() {

		baseScan, err := mgr.Scans.Create(&scan.Scan{
			Status:  scan.StatusWorking,
			Plan:    mgr.NewId(),
			Target:  mgr.NewId(),
			Owner:   mgr.NewId(),
			Project: mgr.NewId(),
			Sessions: []*scan.Session{
				&scan.Session{
					Id:     mgr.NewId(),
					Status: scan.StatusWorking,
					Plugin: mgr.NewId(),
				},
			},
		})
		c.So(err, c.ShouldBeNil)
		scanId := mgr.FromId(baseScan.Id)

		parentSession := baseScan.Sessions[0]

		baseScan.Sessions = append(baseScan.Sessions, parentSession)

		sess := &scan.Session{
			Step: &plan.WorkflowStep{
				Plugin: "barbudo/wappalyzer:0.0.2",
			},
			Scan:   baseScan.Id,
			Parent: parentSession.Id,
		}

		c.Convey("When create session with empty body", func() {
			res := sessionCreate(t, ts.URL, scanId, nil)
			shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity")
		})

		c.Convey("When create session with bad body", func() {
			res := sessionCreate(t, ts.URL, scanId, []byte("{'}"))
			shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity")
		})

		c.Convey("When create session without step", func() {
			res := sessionCreate(t, ts.URL, scanId, marshalSession(&scan.Session{}))
			shouldBeBadRequest(t, res, services.CodeWrongData, "step is required")
		})

		c.Convey("When create session with empty step.plugin", func() {
			sess.Step.Plugin = ""
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "step.plugin is required")
		})

		c.Convey("When create session with wrong scan", func() {
			sess.Scan = mgr.NewId()
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "wrong scan id")
		})

		c.Convey("When scan is not in working state", func() {
			baseScan.Status = scan.StatusFinished
			if err := mgr.Scans.Update(baseScan); err != nil {
				t.Fatal(err)
				return
			}
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "scan should have working status")
		})

		c.Convey("When parent is empty", func() {
			sess.Parent = ""
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "parent field is required")
		})

		c.Convey("When parent is not existed", func() {
			sess.Parent = mgr.NewId()
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "parent not found")
		})

		c.Convey("When parent doesn't have working status", func() {
			parentSession.Status = scan.StatusFinished
			mgr.Scans.UpdateSession(baseScan, parentSession)
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "parent should have working status")
		})

		c.Convey("When plugin has wrong name", func() {
			sess.Step.Plugin = "bad_name"
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
			shouldBeBadRequest(t, res, services.CodeWrongData, "plugin bad_name is not found")
		})

		c.Convey("When everything is ok", func() {
			res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))

			c.Convey("Session returns and updated into db", func() {
				c.So(res.StatusCode, c.ShouldEqual, http.StatusCreated)
				baseScan, err := mgr.Scans.GetById(baseScan.Id)
				c.So(err, c.ShouldBeNil)
				c.So(len(baseScan.Sessions), c.ShouldEqual, 1)
				c.So(len(baseScan.Sessions[0].Children), c.ShouldEqual, 1)
				child := baseScan.Sessions[0].Children[0]
				c.So(child.Parent, c.ShouldEqual, parentSession.Id)
				c.So(child.Status, c.ShouldEqual, scan.StatusCreated)
				c.So(child.Scan, c.ShouldEqual, baseScan.Id)
			})
		})

	})
}
Esempio n. 4
0
func TestSessionCreate(t *testing.T) {
	mongo, dbName, err := tests.RandomTestMongoUp()
	if err != nil {
		t.Fatal(err)
	}
	defer tests.RandomTestMongoDown(mongo, dbName)

	mgr := manager.New(mongo.DB(dbName))

	// create and auth user
	sess := filters.NewSession()
	u, err := mgr.Users.Create(&user.User{})
	if err != nil {
		t.Fatal(err)
	}
	sess.Set(filters.SessionUserKey, u.Id.Hex())

	service := New(services.New(mgr, nil, scheduler.NewFake()))
	wsContainer := restful.NewContainer()
	wsContainer.Router(restful.CurlyRouter{})
	wsContainer.Filter(filters.SessionFilterMock(sess))
	service.Register(wsContainer)

	ts := httptest.NewServer(wsContainer)
	defer ts.Close()

	c.Convey("Given empty issues collections", t, func() {
		_, err = mongo.DB(dbName).C("issues").RemoveAll(bson.M{})
		c.So(err, c.ShouldBeNil)
		projectObj, err := mgr.Projects.Create(&project.Project{
			Name:  "default",
			Owner: u.Id,
		})
		c.So(err, c.ShouldBeNil)
		targetObj, err := mgr.Targets.Create(&target.Target{
			Project: projectObj.Id,
			Type:    target.TypeWeb,
		})
		c.So(err, c.ShouldBeNil)

		c.Convey("Get list of all issues", func() {
			res, issues := getIssues(t, ts.URL, nil)
			c.Convey("Response should be empty", func() {
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issues.Count, c.ShouldEqual, 0)
				c.So(len(issues.Results), c.ShouldEqual, 0)
			})
		})

		c.Convey("Given target issue", func() {
			targetIssue, err := mgr.Issues.Create(&issue.TargetIssue{
				Target:  targetObj.Id,
				Project: projectObj.Id,
				Issue: issue.Issue{
					UniqId: "1",
				},
				Status: issue.Status{
					Confirmed: true,
				},
			})
			c.So(err, c.ShouldBeNil)
			c.So(targetIssue.Confirmed, c.ShouldEqual, true)
			c.So(targetIssue.Muted, c.ShouldEqual, false)
			c.So(targetIssue.False, c.ShouldEqual, false)
			c.So(targetIssue.Resolved, c.ShouldEqual, false)

			c.Convey("Get list of all issues", func() {
				res, issues := getIssues(t, ts.URL, nil)
				c.Convey("Response should have a new issue", func() {
					c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
					c.So(issues.Count, c.ShouldEqual, 1)
					c.So(len(issues.Results), c.ShouldEqual, 1)
					c.So(issues.Results[0].Id, c.ShouldEqual, targetIssue.Id)
				})
			})

			c.Convey("Set issue status confirmed", func() {
				res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
					Status: Status{
						Confirmed: utils.BoolP(false),
					},
				})
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issue.Confirmed, c.ShouldEqual, false)
				c.So(issue.Muted, c.ShouldEqual, false)
				c.So(issue.False, c.ShouldEqual, false)
				c.So(issue.Resolved, c.ShouldEqual, false)
			})

			c.Convey("Set issue status muted", func() {
				res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
					Status: Status{
						Muted: utils.BoolP(true),
					},
				})
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issue.Confirmed, c.ShouldEqual, true)
				c.So(issue.Muted, c.ShouldEqual, true)
				c.So(issue.False, c.ShouldEqual, false)
				c.So(issue.Resolved, c.ShouldEqual, false)
			})

			c.Convey("Set issue status false", func() {
				res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
					Status: Status{
						False: utils.BoolP(true),
					},
				})
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issue.Confirmed, c.ShouldEqual, true)
				c.So(issue.Muted, c.ShouldEqual, false)
				c.So(issue.False, c.ShouldEqual, true)
				c.So(issue.Resolved, c.ShouldEqual, false)
			})

			c.Convey("Set issue status resolved", func() {
				res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
					Status: Status{
						Resolved: utils.BoolP(true),
					},
				})
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issue.Confirmed, c.ShouldEqual, true)
				c.So(issue.Muted, c.ShouldEqual, false)
				c.So(issue.False, c.ShouldEqual, false)
				c.So(issue.Resolved, c.ShouldEqual, true)
			})

			c.Convey("Set all issue status", func() {
				res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
					Status: Status{
						Muted:     utils.BoolP(true),
						Resolved:  utils.BoolP(true),
						False:     utils.BoolP(true),
						Confirmed: utils.BoolP(false),
					},
				})
				c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
				c.So(issue.Confirmed, c.ShouldEqual, false)
				c.So(issue.Muted, c.ShouldEqual, true)
				c.So(issue.False, c.ShouldEqual, true)
				c.So(issue.Resolved, c.ShouldEqual, true)
			})

		})

	})

}