forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProduct_unit_test.py
336 lines (318 loc) · 17.5 KB
/
Product_unit_test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
from selenium import webdriver
from selenium.webdriver.support.ui import Select
from selenium.webdriver.common.keys import Keys
import unittest
import re
import sys
import os
class ProductTest(unittest.TestCase):
def setUp(self):
# Initialize the driver
self.driver = webdriver.Chrome('chromedriver')
# Allow a little time for the driver to initialize
self.driver.implicitly_wait(30)
# Set the base address of the dojo
self.base_url = "http://localhost:8000/"
self.verificationErrors = []
self.accept_next_alert = True
def login_page(self):
# Make a member reference to the driver
driver = self.driver
# Navigate to the login page
driver.get(self.base_url + "login")
# Good practice to clear the entry before typing
driver.find_element_by_id("id_username").clear()
# Set the user to an admin account
# os.environ['DD_ADMIN_USER']
driver.find_element_by_id("id_username").clear()
driver.find_element_by_id("id_username").send_keys(os.environ['DD_ADMIN_USER'])
driver.find_element_by_id("id_password").clear()
driver.find_element_by_id("id_password").send_keys(os.environ['DD_ADMIN_PASSWORD'])
# "Click" the but the login button
driver.find_element_by_css_selector("button.btn.btn-success").click()
return driver
def test_create_product(self):
# Login to the site. Password will have to be modified
# to match an admin password in your own container
driver = self.login_page()
# Navigate to the product page
driver.get(self.base_url + "product")
# "Click" the dropdown button to see options
driver.find_element_by_id("dropdownMenu1").click()
# "Click" the add prodcut button
driver.find_element_by_link_text("Add Product").click()
# Fill in th product name
driver.find_element_by_id("id_name").clear()
driver.find_element_by_id("id_name").send_keys("QA Test")
# Tab into the description area to fill some text
# Couldnt find a way to get into the box with selenium
driver.find_element_by_id("id_name").send_keys("\tThis is just a test. Be very afraid.")
# Select an option in the poroduct type
Select(driver.find_element_by_id("id_prod_type")).select_by_visible_text("Research and Development")
# "Click" the submit button to complete the transaction
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the product has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
# Also confirm success even if Product is returned as already exists for test sake
self.assertTrue(re.search(r'Product added successfully', productTxt) or
re.search(r'Product with this Name already exists.', productTxt))
# For product consistency sake, We won't be editting the product title
# instead We can edit the product description
def test_edit_product_description(self):
# Login to the site. Password will have to be modified
# to match an admin password in your own container
driver = self.login_page()
# Navigate to the product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# Click on the 'Edit' option
driver.find_element_by_link_text("Edit").click()
# Edit product description
driver.find_element_by_id("id_name").send_keys(Keys.TAB, "Updated Desription: ")
# "Click" the submit button to complete the transaction
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the product has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Product updated successfully', productTxt) or
re.search(r'Product with this Name already exists.', productTxt))
def test_add_product_engagement(self):
# Test To Add Engagement To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# Click on the 'Engagement dropdown button'
driver.find_element_by_partial_link_text("Engagement").click()
# 'click' the Add New Engagement option
driver.find_element_by_link_text("Add New Engagement").click()
# Keep a good practice of clearing field before entering value
# fill up at least all required input field options.
# fields: 'Name', 'Description', 'Target Start', 'Target End', 'Testing Lead' and 'Status'
# engagement name
driver.find_element_by_id("id_name").clear()
driver.find_element_by_id("id_name").send_keys("Beta Test")
# engagement description
# Tab into the description area to fill some text
# Couldnt find a way to get into the box with selenium
driver.find_element_by_id("id_name").send_keys(Keys.TAB, "Running Test on product before approving and push to production.")
# engagement target start and target end already have defaults
# we can safely skip
# Testing Lead: This can be the logged in user
Select(driver.find_element_by_id("id_lead")).select_by_visible_text('admin')
# engagement status
Select(driver.find_element_by_id("id_status")).select_by_visible_text("In Progress")
# "Click" the Done button to Add the engagement
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the product has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Engagement added successfully', productTxt))
def test_add_product_finding(self):
# Test To Add Finding To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# Click on the 'Finding dropdown button'
driver.find_element_by_partial_link_text("Findings").click()
# Click on `Add New Finding`
driver.find_element_by_link_text("Add New Finding").click()
# Keep a good practice of clearing field before entering value
# fill up at least all required input field options.
# fields: 'Title', 'Date', 'Severity', 'Description', 'Mitigation' and 'Impact'
# finding Title
driver.find_element_by_id("id_title").clear()
driver.find_element_by_id("id_title").send_keys("App Vulnerable to XSS")
# finding Date as a default value and can be safely skipped
# finding Severity
Select(driver.find_element_by_id("id_severity")).select_by_visible_text("High")
# finding Description
driver.find_element_by_id("id_severity").send_keys(Keys.TAB, "This is just a Test Case Finding")
# Finding Mitigation
# Use Javascript to bypass the editor by making Setting textArea style from none to inline
# Any Text written to textarea automatically reflects in Editor field.
driver.execute_script("document.getElementsByName('mitigation')[0].style.display = 'inline'")
driver.find_element_by_name("mitigation").send_keys(Keys.TAB, "How to mitigate this finding")
# Finding Impact
# Use Javascript to bypass the editor by making Setting textArea style from none to inline
# Any Text written to textarea automatically reflects in Editor field.
driver.execute_script("document.getElementsByName('impact')[0].style.display = 'inline'")
driver.find_element_by_name("impact").send_keys(Keys.TAB, "This has a very critical effect on production")
# "Click" the Done button to Add the finding with other defaults
driver.find_element_by_xpath("//input[@name='_Finished']").click()
# Query the site to determine if the finding has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'App Vulnerable to XSS', productTxt))
def test_add_product_endpoints(self):
# Test To Add Endpoints To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# Click on the 'Endpoints' dropdown button
driver.find_element_by_partial_link_text("Endpoints").click()
# 'click' the Add New Endpoint option
driver.find_element_by_link_text("Add New Endpoint").click()
# Keep a good practice of clearing field before entering value
# Endpoints
driver.find_element_by_id("id_endpoint").clear()
driver.find_element_by_id("id_endpoint").send_keys("strange.prod.dev\n123.45.6.30")
# submit
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the finding has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Endpoint added successfully', productTxt))
def test_add_product_custom_field(self):
# Test To Add Custom Fields To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# 'click' the Add Custom Fields
driver.find_element_by_link_text("Add Custom Fields").click()
# Keep a good practice of clearing field before entering value
# Custom Name
driver.find_element_by_id("id_name").clear()
driver.find_element_by_id("id_name").send_keys("Security Level")
# Custom Value
driver.find_element_by_id("id_value").clear()
driver.find_element_by_id("id_value").send_keys("Loose")
# submit
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the finding has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
# Also confirm success even if variable is returned as already exists for test sake
self.assertTrue(re.search(r'Metadata added successfully', productTxt) or
re.search(r'A metadata entry with the same name exists already for this object.', productTxt))
def test_edit_product_custom_field(self):
# Test To Edit Product Custom Fields
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# 'click' the Edit Custom Fields
driver.find_element_by_link_text("Edit Custom Fields").click()
# Keep a good practice of clearing field before entering value
# Edit Custom Value of First field
driver.find_element_by_xpath("//input[@value='Loose']").clear()
driver.find_element_by_xpath("//input[@value='Loose']").send_keys("Strong")
# submit
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the finding has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine success or failure
self.assertTrue(re.search(r'Metadata edited successfully', productTxt) or
re.search(r'A metadata entry with the same name exists already for this object.', productTxt))
def test_add_product_tracking_files(self):
# Test To Add tracking files To product
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# 'click' the Add Product Tracking Files
driver.find_element_by_link_text("Add Product Tracking Files").click()
# Keep a good practice of clearing field before entering value
# Just fill up to main required fields: 'File path' nd 'review status'
# Full File path
driver.find_element_by_id("id_path").clear()
driver.find_element_by_id("id_path").send_keys("/strange/folder/")
# REview Status
Select(driver.find_element_by_id("id_review_status")).select_by_visible_text("Untracked")
# submit
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the finding has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Added Tracked File to a Product', productTxt))
def test_edit_product_tracking_files(self):
# Test To Edit Product Tracking Files
# login to site, password set to fetch from environ
driver = self.login_page()
# Navigate to Product page
driver.get(self.base_url + "product")
# Select and click on the particular product to edit
driver.find_element_by_link_text("QA Test").click()
# "Click" the dropdown option
driver.find_element_by_id("dropdownMenu1").click()
# 'click' the Edit Product Tracking Files
driver.find_element_by_link_text("View Product Tracking Files").click()
# Keep a good practice of clearing field before entering value
# Edit Custom Value of First field
driver.find_element_by_link_text("Edit").click()
# Edit full file path
driver.find_element_by_id("id_path").clear()
driver.find_element_by_id("id_path").send_keys("/unknown/folder/")
# submit
driver.find_element_by_css_selector("input.btn.btn-primary").click()
# Query the site to determine if the Tracking file has been updated
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Tool Product Configuration Successfully Updated', productTxt))
def test_delete_product(self):
# Login to the site. Password will have to be modified
# to match an admin password in your own container
driver = self.login_page()
# Navigate to the product page
driver.get(self.base_url + "product")
# Select the specific product to delete
driver.find_element_by_link_text("QA Test").click()
# Click the drop down menu
driver.find_element_by_id('dropdownMenu1').click()
# "Click" the Delete option
driver.find_element_by_link_text("Delete").click()
# "Click" the delete button to complete the transaction
driver.find_element_by_css_selector("button.btn.btn-danger").click()
# Query the site to determine if the product has been added
productTxt = driver.find_element_by_tag_name("BODY").text
# Assert ot the query to dtermine status of failure
self.assertTrue(re.search(r'Product and relationships removed.', productTxt))
def tearDown(self):
self.driver.quit()
self.assertEqual([], self.verificationErrors)
def suite():
suite = unittest.TestSuite()
# Add each test and the suite to be run
# success and failure is output by the test
suite.addTest(ProductTest('test_create_product'))
suite.addTest(ProductTest('test_edit_product_description'))
suite.addTest(ProductTest('test_add_product_engagement'))
suite.addTest(ProductTest('test_add_product_finding'))
suite.addTest(ProductTest('test_add_product_endpoints'))
suite.addTest(ProductTest('test_add_product_custom_field'))
suite.addTest(ProductTest('test_edit_product_custom_field'))
suite.addTest(ProductTest('test_add_product_tracking_files'))
suite.addTest(ProductTest('test_edit_product_tracking_files'))
suite.addTest(ProductTest('test_delete_product'))
return suite
if __name__ == "__main__":
runner = unittest.TextTestRunner(descriptions=True, failfast=True)
ret = not runner.run(suite()).wasSuccessful()
sys.exit(ret)