Nettacker/tests/api/test_core.py at bd465bc4a2851e17acd1fcbac4b5ecefb3423151 · pUrGe12/Nettacker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import os
from unittest.mock import patch, MagicMock, mock_open
from pathlib import Path

from flask import Flask, Request
from werkzeug.exceptions import NotFound

from nettacker.api.core import (
    get_value,
    mime_types,
    get_file,
    api_key_is_valid,
    languages_to_country,
    graphs,
    profiles,
    scan_methods,
)
from nettacker.config import Config
from tests.common import TestCase


class TestCore(TestCase):
    def setUp(self):
        self.app = Flask(__name__)
        self.app.config["OWASP_NETTACKER_CONFIG"] = {"api_access_key": "test_key"}
        self.request = MagicMock(spec=Request)
        self.request.args = {"key": "test_key"}
        self.request.form = {}
        self.request.cookies = {}

    def test_get_value(self):
        self.assertEqual(get_value(self.request, "key"), "test_key")
        self.assertEqual(get_value(self.request, "nonexistent"), "")

    def test_mime_types(self):
        mtypes = mime_types()
        self.assertIn(".html", mtypes)
        self.assertEqual(mtypes[".html"], "text/html")

    @patch("builtins.open", new_callable=mock_open, read_data="test_data")
    def test_get_file_valid(self, mock_open):
        Config.path.web_static_dir = Path.cwd()
        filename = Config.path.web_static_dir / "test.txt"
        self.assertEqual(get_file(filename), "test_data")

    @patch("builtins.open", side_effect=IOError)
    def test_get_file_ioerror(self, mock_open):
        Config.path.web_static_dir = Path.cwd()
        filename = Config.path.web_static_dir / "test.txt"
        with self.assertRaises(NotFound):
            get_file(filename)

    @patch("builtins.open", side_effect=ValueError)
    def test_get_file_valueerror(self, mock_open):
        Config.path.web_static_dir = Path.cwd()
        filename = Config.path.web_static_dir / "test.txt"
        with self.assertRaises(NotFound):
            get_file(filename)

    def test_get_file_outside_web_static_dir(self):
        Config.path.web_static_dir = Path("/safe/dir").resolve()
        filename = Path("/unauthorized/access.txt").resolve()
        with self.assertRaises(NotFound):
            get_file(filename)

    def test_api_key_is_valid(self):
        with self.app.test_request_context():
            api_key_is_valid(self.app, self.request)

    def test_api_key_invalid(self):
        self.request.args = {"key": "wrong_key"}
        with self.assertRaises(Exception):
            api_key_is_valid(self.app, self.request)

    @patch("nettacker.core.app.Nettacker.load_graphs", return_value=["graph1", "graph2"])
    def test_graphs(self, mock_graphs):
        result = graphs()
        self.assertIn('<input id="graph1"', result)
        self.assertIn('<a class="label label-default">graph2</a>', result)
        self.assertIn('value="graph1"', result)
        self.assertIn('name="graph_name"', result)

    @patch("nettacker.core.app.Nettacker.load_graphs", return_value=[])
    def test_graphs_empty(self, mock_graphs):
        result = graphs()
        self.assertIn("None</a>", result)

    @patch(
        "nettacker.core.app.Nettacker.load_profiles",
        return_value={"scan": {}, "brute": {}, "custom": {}},
    )
    def test_profiles(self, mock_profiles):
        result = profiles()
        self.assertIn("checkbox-scan", result)
        self.assertIn('label-success">scan</a>', result)
        self.assertIn('label-warning">brute</a>', result)
        self.assertIn('label-default">custom</a>', result)

    @patch(
        "nettacker.core.app.Nettacker.load_modules",
        return_value={"ssh_brute": {}, "http_vuln": {}, "tcp_scan": {}, "all": {}},
    )
    def test_scan_methods(self, mock_methods):
        result = scan_methods()
        self.assertIn("checkbox-scan-module", result)
        self.assertIn('label-success">tcp_scan</a>', result)

        self.assertIn("checkbox-brute-module", result)
        self.assertIn('label-warning">ssh_brute</a>', result)

        self.assertIn("checkbox-vuln-module", result)
        self.assertIn('label-danger">http_vuln</a>', result)

        self.assertNotIn("all", result)

    @patch("nettacker.core.messages.get_languages", return_value=["en", "fr", "es", "de"])
    def test_languages_to_country(self, mock_langs):
        result = languages_to_country()
        self.assertIn("flag-icon-us", result)
        self.assertIn("flag-icon-fr", result)
        self.assertIn('<option selected id="en"', result)
        self.assertIn("flag-icon-es", result)
        self.assertIn("flag-icon-de", result)