func initServices(wsContainer *restful.Container, db *mgo.Database) error {
// manager
mgr := manager.New(db)
if err := mgr.Init(); err != nil {
return err
}
// password manager for generation and verification passwords
passCtx := passlib.NewContext()
sch := scheduler.NewMemoryScheduler(mgr.Copy())
// services
base := services.New(mgr, passCtx, sch)
all := []services.ServiceInterface{
auth.New(base),
plugin.New(base),
plan.New(base),
user.New(base),
project.New(base),
target.New(base),
scan.New(base),
me.New(base),
agent.New(base),
feed.New(base),
file.New(base),
issue.New(base),
}
// initialize services
for _, s := range all {
if err := s.Init(); err != nil {
return err
}
}
// register services in container
for _, s := range all {
s.Register(wsContainer)
}
return nil
}
func TestChangePassword(t *testing.T) {
logrus.SetLevel(logrus.PanicLevel)
mongo, dbName, err := tests.RandomTestMongoUp()
if err != nil {
t.Fatal(err)
}
defer tests.RandomTestMongoDown(mongo, dbName)
mgr := manager.New(mongo.DB(dbName))
passCtx := passlib.NewContext()
// create and auth user
sess := filters.NewSession()
service := New(services.New(mgr, passCtx, scheduler.NewFake()))
wsContainer := restful.NewContainer()
wsContainer.Router(restful.CurlyRouter{})
wsContainer.Filter(filters.SessionFilterMock(sess))
service.Register(wsContainer)
ts := httptest.NewServer(wsContainer)
defer ts.Close()
c.Convey("Given authorized user with password - password", t, func() {
pass, err := passCtx.Encrypt("password")
if err != nil {
t.Fatal(err)
}
u, err := mgr.Users.Create(&user.User{
Password: pass,
})
if err != nil {
t.Fatal(err)
}
sess.Set(filters.SessionUserKey, u.Id.Hex())
c.Convey("Change password with wrong entity", func() {
err, resp, sErr := changePassword(ts.URL, map[string]int{"old": 1})
c.So(err, c.ShouldBeNil)
c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
c.So(sErr, c.ShouldNotBeNil)
c.So(sErr.Code, c.ShouldEqual, services.CodeWrongEntity)
})
c.Convey("Change password with wrong old password", func() {
err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "bad"})
c.So(err, c.ShouldBeNil)
c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
c.So(sErr, c.ShouldNotBeNil)
c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData)
})
c.Convey("Change password with right old password, but new is short", func() {
err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "short"})
c.So(err, c.ShouldBeNil)
c.So(resp.StatusCode, c.ShouldEqual, http.StatusBadRequest)
c.So(sErr, c.ShouldNotBeNil)
c.So(sErr.Code, c.ShouldEqual, services.CodeWrongData)
})
c.Convey("Change password with right old password, and good new password", func() {
err, resp, sErr := changePassword(ts.URL, map[string]string{"old": "password", "new": "password2"})
c.So(err, c.ShouldBeNil)
c.So(resp.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(sErr, c.ShouldBeNil)
modified, err := mgr.Users.GetById(u.Id)
if err != nil {
t.Fatal(err)
}
verified, err := passCtx.Verify("password2", modified.Password)
if err != nil {
t.Fatal(err)
}
c.So(verified, c.ShouldBeTrue)
})
})
}
func TestSessionCreate(t *testing.T) {
logrus.SetLevel(logrus.PanicLevel)
mongo, dbName, err := tests.RandomTestMongoUp()
if err != nil {
t.Fatal(err)
}
defer tests.RandomTestMongoDown(mongo, dbName)
mgr := manager.New(mongo.DB(dbName))
err = loadFixtures(mgr)
if err != nil {
t.Fatal(err)
}
// create and auth user
sess := filters.NewSession()
u, err := mgr.Users.Create(&user.User{})
if err != nil {
t.Fatal(err)
}
sess.Set(filters.SessionUserKey, u.Id.Hex())
scanService := New(services.New(mgr, nil, scheduler.NewFake()))
wsContainer := restful.NewContainer()
wsContainer.Router(restful.CurlyRouter{})
wsContainer.Filter(filters.SessionFilterMock(sess))
scanService.Register(wsContainer)
marshalSession := func(s *scan.Session) []byte {
data, err := json.Marshal(s)
if err != nil {
t.Fatal(err)
}
return data
}
ts := httptest.NewServer(wsContainer)
defer ts.Close()
c.Convey("Given base scan with sessions", t, func() {
baseScan, err := mgr.Scans.Create(&scan.Scan{
Status: scan.StatusWorking,
Plan: mgr.NewId(),
Target: mgr.NewId(),
Owner: mgr.NewId(),
Project: mgr.NewId(),
Sessions: []*scan.Session{
&scan.Session{
Id: mgr.NewId(),
Status: scan.StatusWorking,
Plugin: mgr.NewId(),
},
},
})
c.So(err, c.ShouldBeNil)
scanId := mgr.FromId(baseScan.Id)
parentSession := baseScan.Sessions[0]
baseScan.Sessions = append(baseScan.Sessions, parentSession)
sess := &scan.Session{
Step: &plan.WorkflowStep{
Plugin: "barbudo/wappalyzer:0.0.2",
},
Scan: baseScan.Id,
Parent: parentSession.Id,
}
c.Convey("When create session with empty body", func() {
res := sessionCreate(t, ts.URL, scanId, nil)
shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity")
})
c.Convey("When create session with bad body", func() {
res := sessionCreate(t, ts.URL, scanId, []byte("{'}"))
shouldBeBadRequest(t, res, services.CodeWrongEntity, "wrong entity")
})
c.Convey("When create session without step", func() {
res := sessionCreate(t, ts.URL, scanId, marshalSession(&scan.Session{}))
shouldBeBadRequest(t, res, services.CodeWrongData, "step is required")
})
c.Convey("When create session with empty step.plugin", func() {
sess.Step.Plugin = ""
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "step.plugin is required")
})
c.Convey("When create session with wrong scan", func() {
sess.Scan = mgr.NewId()
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "wrong scan id")
})
c.Convey("When scan is not in working state", func() {
baseScan.Status = scan.StatusFinished
if err := mgr.Scans.Update(baseScan); err != nil {
t.Fatal(err)
return
}
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "scan should have working status")
})
c.Convey("When parent is empty", func() {
sess.Parent = ""
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "parent field is required")
})
c.Convey("When parent is not existed", func() {
sess.Parent = mgr.NewId()
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "parent not found")
})
c.Convey("When parent doesn't have working status", func() {
parentSession.Status = scan.StatusFinished
mgr.Scans.UpdateSession(baseScan, parentSession)
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "parent should have working status")
})
c.Convey("When plugin has wrong name", func() {
sess.Step.Plugin = "bad_name"
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
shouldBeBadRequest(t, res, services.CodeWrongData, "plugin bad_name is not found")
})
c.Convey("When everything is ok", func() {
res := sessionCreate(t, ts.URL, scanId, marshalSession(sess))
c.Convey("Session returns and updated into db", func() {
c.So(res.StatusCode, c.ShouldEqual, http.StatusCreated)
baseScan, err := mgr.Scans.GetById(baseScan.Id)
c.So(err, c.ShouldBeNil)
c.So(len(baseScan.Sessions), c.ShouldEqual, 1)
c.So(len(baseScan.Sessions[0].Children), c.ShouldEqual, 1)
child := baseScan.Sessions[0].Children[0]
c.So(child.Parent, c.ShouldEqual, parentSession.Id)
c.So(child.Status, c.ShouldEqual, scan.StatusCreated)
c.So(child.Scan, c.ShouldEqual, baseScan.Id)
})
})
})
}
func TestSessionCreate(t *testing.T) {
mongo, dbName, err := tests.RandomTestMongoUp()
if err != nil {
t.Fatal(err)
}
defer tests.RandomTestMongoDown(mongo, dbName)
mgr := manager.New(mongo.DB(dbName))
// create and auth user
sess := filters.NewSession()
u, err := mgr.Users.Create(&user.User{})
if err != nil {
t.Fatal(err)
}
sess.Set(filters.SessionUserKey, u.Id.Hex())
service := New(services.New(mgr, nil, scheduler.NewFake()))
wsContainer := restful.NewContainer()
wsContainer.Router(restful.CurlyRouter{})
wsContainer.Filter(filters.SessionFilterMock(sess))
service.Register(wsContainer)
ts := httptest.NewServer(wsContainer)
defer ts.Close()
c.Convey("Given empty issues collections", t, func() {
_, err = mongo.DB(dbName).C("issues").RemoveAll(bson.M{})
c.So(err, c.ShouldBeNil)
projectObj, err := mgr.Projects.Create(&project.Project{
Name: "default",
Owner: u.Id,
})
c.So(err, c.ShouldBeNil)
targetObj, err := mgr.Targets.Create(&target.Target{
Project: projectObj.Id,
Type: target.TypeWeb,
})
c.So(err, c.ShouldBeNil)
c.Convey("Get list of all issues", func() {
res, issues := getIssues(t, ts.URL, nil)
c.Convey("Response should be empty", func() {
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issues.Count, c.ShouldEqual, 0)
c.So(len(issues.Results), c.ShouldEqual, 0)
})
})
c.Convey("Given target issue", func() {
targetIssue, err := mgr.Issues.Create(&issue.TargetIssue{
Target: targetObj.Id,
Project: projectObj.Id,
Issue: issue.Issue{
UniqId: "1",
},
Status: issue.Status{
Confirmed: true,
},
})
c.So(err, c.ShouldBeNil)
c.So(targetIssue.Confirmed, c.ShouldEqual, true)
c.So(targetIssue.Muted, c.ShouldEqual, false)
c.So(targetIssue.False, c.ShouldEqual, false)
c.So(targetIssue.Resolved, c.ShouldEqual, false)
c.Convey("Get list of all issues", func() {
res, issues := getIssues(t, ts.URL, nil)
c.Convey("Response should have a new issue", func() {
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issues.Count, c.ShouldEqual, 1)
c.So(len(issues.Results), c.ShouldEqual, 1)
c.So(issues.Results[0].Id, c.ShouldEqual, targetIssue.Id)
})
})
c.Convey("Set issue status confirmed", func() {
res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
Status: Status{
Confirmed: utils.BoolP(false),
},
})
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issue.Confirmed, c.ShouldEqual, false)
c.So(issue.Muted, c.ShouldEqual, false)
c.So(issue.False, c.ShouldEqual, false)
c.So(issue.Resolved, c.ShouldEqual, false)
})
c.Convey("Set issue status muted", func() {
res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
Status: Status{
Muted: utils.BoolP(true),
},
})
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issue.Confirmed, c.ShouldEqual, true)
c.So(issue.Muted, c.ShouldEqual, true)
c.So(issue.False, c.ShouldEqual, false)
c.So(issue.Resolved, c.ShouldEqual, false)
})
c.Convey("Set issue status false", func() {
res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
Status: Status{
False: utils.BoolP(true),
},
})
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issue.Confirmed, c.ShouldEqual, true)
c.So(issue.Muted, c.ShouldEqual, false)
c.So(issue.False, c.ShouldEqual, true)
c.So(issue.Resolved, c.ShouldEqual, false)
})
c.Convey("Set issue status resolved", func() {
res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
Status: Status{
Resolved: utils.BoolP(true),
},
})
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issue.Confirmed, c.ShouldEqual, true)
c.So(issue.Muted, c.ShouldEqual, false)
c.So(issue.False, c.ShouldEqual, false)
c.So(issue.Resolved, c.ShouldEqual, true)
})
c.Convey("Set all issue status", func() {
res, issue := updateIssue(t, ts.URL, mgr.FromId(targetIssue.Id), &TargetIssueEntity{
Status: Status{
Muted: utils.BoolP(true),
Resolved: utils.BoolP(true),
False: utils.BoolP(true),
Confirmed: utils.BoolP(false),
},
})
c.So(res.StatusCode, c.ShouldEqual, http.StatusOK)
c.So(issue.Confirmed, c.ShouldEqual, false)
c.So(issue.Muted, c.ShouldEqual, true)
c.So(issue.False, c.ShouldEqual, true)
c.So(issue.Resolved, c.ShouldEqual, true)
})
})
})
}