From 2de0dfceed14ded4a97d315ed0004d62965543e4 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Thu, 20 Jun 2024 20:45:01 +0200 Subject: [PATCH] Fix T20 --- docker/install_chrome_dependencies.py | 6 +- dojo/api_v2/prefetch/schema.py | 1 - dojo/api_v2/serializers.py | 1 - dojo/api_v2/views.py | 1 - dojo/apps.py | 2 +- dojo/celery.py | 2 +- dojo/decorators.py | 4 +- dojo/importers/options.py | 2 +- dojo/jira_link/helper.py | 2 +- dojo/management/commands/dupecheck.py | 14 +++-- .../management/commands/jira_async_updates.py | 15 +++-- .../commands/jira_status_reconciliation.py | 4 +- dojo/management/commands/migrate_surveys.py | 6 +- dojo/management/commands/print_settings.py | 7 ++- .../commands/push_to_jira_update.py | 8 ++- .../commands/test_celery_decorator.py | 17 ++--- dojo/product/views.py | 4 -- dojo/utils.py | 6 +- dojo/views.py | 2 +- dojo/wsgi.py | 2 +- tests/Import_scanner_test.py | 63 ++++++++++--------- tests/base_test_class.py | 42 ++++++------- tests/close_old_findings_dedupe_test.py | 3 +- tests/dedupe_test.py | 3 +- tests/file_test.py | 1 - tests/finding_test.py | 20 +++--- tests/notes_test.py | 7 ++- tests/product_member_test.py | 39 ++++++------ tests/product_type_member_test.py | 39 ++++++------ tests/product_type_test.py | 11 ++-- tests/report_builder_test.py | 2 - tests/zap.py | 33 +++++----- unittests/dojo_test_case.py | 31 +++------ unittests/test_deduplication_logic.py | 3 - unittests/test_endpoint_model.py | 13 ---- unittests/test_import_reimport.py | 3 +- unittests/test_jira_config_engagement.py | 3 +- unittests/test_jira_import_and_pushing_api.py | 2 - unittests/test_notifications.py | 7 --- unittests/test_search_parser.py | 2 - unittests/tools/test_checkmarx_one_parser.py | 5 +- .../tools/test_dependency_check_parser.py | 5 +- ..._jfrog_xray_api_summary_artifact_parser.py | 1 - 43 files changed, 208 insertions(+), 236 deletions(-) diff --git a/docker/install_chrome_dependencies.py b/docker/install_chrome_dependencies.py index c85372bf5d1..1b8f29585ea 100644 --- a/docker/install_chrome_dependencies.py +++ b/docker/install_chrome_dependencies.py @@ -3,9 +3,11 @@ This solution is largely based on the Playwright's browser dependencies script at https://github.com/microsoft/playwright/blob/main/utils/linux-browser-dependencies/inside_docker/list_dependencies.js """ - +import logging import subprocess +logger = logging.getLogger(__name__) + def find_packages(library_name): stdout = run_command(["apt-file", "search", library_name]) @@ -58,4 +60,4 @@ def ldd(file_path): for p in packages: missing_packages.append(p) -print(" ".join(missing_packages)) +logger.info("missing_packages: " + (" ".join(missing_packages))) diff --git a/dojo/api_v2/prefetch/schema.py b/dojo/api_v2/prefetch/schema.py index 030a572a159..4f6150d4c50 100644 --- a/dojo/api_v2/prefetch/schema.py +++ b/dojo/api_v2/prefetch/schema.py @@ -10,7 +10,6 @@ def _get_path_to_GET_serializer_map(generator): method, view, ) in generator._get_paths_and_endpoints(): - # print(path, path_pattern, method, view) if method == "GET": if hasattr(view, "get_serializer_class"): path_to_GET_serializer[path] = view.get_serializer_class() diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 006edc63f81..f2263da341e 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -1178,7 +1178,6 @@ class Meta: exclude = ("inherited_tags",) def validate(self, data): - # print('EndpointSerialize.validate') if not self.context["request"].method == "PATCH": if "product" not in data: diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index c0a6f14229c..43d8077225b 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -1711,7 +1711,6 @@ def destroy(self, request, *args, **kwargs): return Response(status=status.HTTP_204_NO_CONTENT) # def list(self, request): - # print(vars(request)) # # Note the use of `get_queryset()` instead of `self.queryset` # queryset = self.get_queryset() # serializer = self.serializer_class(queryset, many=True) diff --git a/dojo/apps.py b/dojo/apps.py index 9b3f7864086..74e52f8ac8e 100644 --- a/dojo/apps.py +++ b/dojo/apps.py @@ -16,7 +16,7 @@ class DojoAppConfig(AppConfig): def ready(self): # we need to initializer waston here because in models.py is to early if we want add extra fields to index - # print('ready(): initializing watson') + # logger.info('ready(): initializing watson') # commented out ^ as it prints in manage.py dumpdata, docker logs and many other places # logger doesn't work yet at this stage diff --git a/dojo/celery.py b/dojo/celery.py index b2c742a7927..2b6575c2fbc 100644 --- a/dojo/celery.py +++ b/dojo/celery.py @@ -21,7 +21,7 @@ @app.task(bind=True) def debug_task(self): - print(f'Request: {self.request!r}') + logger.info(f'Request: {self.request!r}') @setup_logging.connect diff --git a/dojo/decorators.py b/dojo/decorators.py index c919a2995bc..e15c82de13d 100644 --- a/dojo/decorators.py +++ b/dojo/decorators.py @@ -153,8 +153,8 @@ def wrapper(self, *args, **kwargs): return func(self, *args, **kwargs) except Exception: - print("exception occured at url:", self.driver.current_url) - print("page source:", self.driver.page_source) + logger.info(f"exception occured at url: {self.driver.current_url}") + logger.info(f"page source: {self.driver.page_source}") f = open("/tmp/selenium_page_source.html", "w", encoding='utf-8') f.writelines(self.driver.page_source) # time.sleep(30) diff --git a/dojo/importers/options.py b/dojo/importers/options.py index 5ae687085a6..57298dd04fa 100644 --- a/dojo/importers/options.py +++ b/dojo/importers/options.py @@ -1,7 +1,7 @@ import logging from datetime import datetime from functools import wraps -from pprint import pprint as pp +from pprint import pformat as pp from typing import Any, Callable, List from django.contrib.auth.models import User diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index f2b869e55a9..8ebe9edb963 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -1048,7 +1048,7 @@ def issue_from_jira_is_active(issue_from_jira): # "resolution": "None" if not hasattr(issue_from_jira.fields, 'resolution'): - print(vars(issue_from_jira)) + logger.debug(vars(issue_from_jira)) return True if not issue_from_jira.fields.resolution: diff --git a/dojo/management/commands/dupecheck.py b/dojo/management/commands/dupecheck.py index 2fc252c7ae6..9068c43279c 100644 --- a/dojo/management/commands/dupecheck.py +++ b/dojo/management/commands/dupecheck.py @@ -1,3 +1,5 @@ +import logging + from django.core.management.base import BaseCommand from django.db.models import Count @@ -8,22 +10,24 @@ This script will identify duplicates in DefectDojo: """ +logger = logging.getLogger(__name__) + class Command(BaseCommand): help = 'No input commands for dedupe findings.' def count_the_duplicates(self, model, column): - print("===================================") - print(" Table:" + str(model) + " Column: " + column) - print("===================================") + logger.info("===================================") + logger.info(" Table:" + str(model) + " Column: " + column) + logger.info("===================================") duplicates = model.objects.values(column).annotate(Count('id')).order_by().filter(id__count__gt=1) kwargs = {'{}__{}'.format(column, 'in'): [item[column] for item in duplicates]} duplicates = model.objects.filter(**kwargs) if not duplicates: - print("No duplicates found") + logger.info("No duplicates found") for dupe in duplicates: - print(f'{dupe.id}, Duplicate value: {getattr(dupe, column)}, Object: {dupe}') + logger.info(f'{dupe.id}, Duplicate value: {getattr(dupe, column)}, Object: {dupe}') def handle(self, *args, **options): self.count_the_duplicates(Product, 'name') diff --git a/dojo/management/commands/jira_async_updates.py b/dojo/management/commands/jira_async_updates.py index e85afdc1776..8f822a1c3a2 100644 --- a/dojo/management/commands/jira_async_updates.py +++ b/dojo/management/commands/jira_async_updates.py @@ -1,3 +1,5 @@ +import logging + from django.core.management.base import BaseCommand from django.utils import timezone from jira.exceptions import JIRAError @@ -10,6 +12,8 @@ Useful if you need to make bulk changes with JIRA: """ +logger = logging.getLogger(__name__) + class Command(BaseCommand): help = 'No input commands for JIRA bulk update.' @@ -28,15 +32,14 @@ def handle(self, *args, **options): issue = jira.issue(j_issue.jira_id) # Issue Cloned - print(issue.fields.issuelinks[0]) + logger.info(issue.fields.issuelinks[0]) - print("Jira Issue: " + str(issue)) - print("Resolution: " + str(issue.fields.resolution)) + logger.info("Jira Issue: " + str(issue)) + logger.info("Resolution: " + str(issue.fields.resolution)) if issue.fields.resolution is not None \ and not finding.under_defect_review: - # print issue.fields.__dict__ - print("Jira Issue: " + str(issue) + " changed status") + logger.info("Jira Issue: " + str(issue) + " changed status") # Create Jira Note now = timezone.now() @@ -57,4 +60,4 @@ def handle(self, *args, **options): finding) finding.save() else: - print("No update necessary") + logger.info("No update necessary") diff --git a/dojo/management/commands/jira_status_reconciliation.py b/dojo/management/commands/jira_status_reconciliation.py index db1337fda69..7eb676d8424 100644 --- a/dojo/management/commands/jira_status_reconciliation.py +++ b/dojo/management/commands/jira_status_reconciliation.py @@ -22,7 +22,7 @@ def jira_status_reconciliation(*args, **kwargs): logger.debug('mode: %s product:%s engagement: %s dryrun: %s', mode, product, engagement, dryrun) if mode and mode not in ('push_status_to_jira', 'import_status_from_jira', 'reconcile'): - print('mode must be one of reconcile, push_status_to_jira or import_status_from_jira') + logger.info('mode must be one of reconcile, push_status_to_jira or import_status_from_jira') return False if not mode: @@ -195,7 +195,7 @@ def jira_status_reconciliation(*args, **kwargs): logger.info('results (semicolon seperated)') for message in messages: - print(message) + logger.info(message) class Command(BaseCommand): diff --git a/dojo/management/commands/migrate_surveys.py b/dojo/management/commands/migrate_surveys.py index 98cea012ab8..03e16136c60 100644 --- a/dojo/management/commands/migrate_surveys.py +++ b/dojo/management/commands/migrate_surveys.py @@ -1,3 +1,4 @@ +import logging import sys from django.core.management.base import BaseCommand @@ -9,6 +10,7 @@ Author: Cody Maffucci This script will migrate survey data from one external app to core dojo """ +logger = logging.getLogger(__name__) class Command(BaseCommand): @@ -56,9 +58,9 @@ def handle(self, *args, **options): update_string = 'UPDATE `' + new_table_name + '` SET polymorphic_ctype_id = ' + str(ctype_id) + ';' cursor.execute(str(update_string)) # Drop the ddse table - print('All defectDojo_engagement_sruvey tables migrated to dojo tables') + logger.info('All defectDojo_engagement_sruvey tables migrated to dojo tables') # Delete the old tables in reverse order to drop the children first for table in reversed(table_list): cursor.execute('DROP TABLE `' + table + '`;') - print('All defectDojo_engagement_sruvey tables removed') + logger.info('All defectDojo_engagement_sruvey tables removed') diff --git a/dojo/management/commands/print_settings.py b/dojo/management/commands/print_settings.py index 518e22aa6e2..5176af64c06 100644 --- a/dojo/management/commands/print_settings.py +++ b/dojo/management/commands/print_settings.py @@ -1,9 +1,12 @@ +import logging import os -from pprint import pprint +from pprint import pformat from django.conf import settings from django.core.management.base import BaseCommand +logger = logging.getLogger(__name__) + class Command(BaseCommand): help = 'Display all the currently loaded settings in the project' @@ -18,4 +21,4 @@ def handle(self, *args, **options): value = getattr(settings, attr) a_dict[attr] = value - pprint(a_dict) + logging.info(pformat(a_dict)) diff --git a/dojo/management/commands/push_to_jira_update.py b/dojo/management/commands/push_to_jira_update.py index 2b3c10b0bb1..34b41b487f1 100644 --- a/dojo/management/commands/push_to_jira_update.py +++ b/dojo/management/commands/push_to_jira_update.py @@ -1,3 +1,5 @@ +import logging + from django.core.management.base import BaseCommand from pytz import timezone @@ -5,6 +7,8 @@ from dojo.models import Finding from dojo.utils import get_system_setting +logger = logging.getLogger(__name__) + locale = timezone(get_system_setting('time_zone')) """ @@ -22,6 +26,6 @@ def handle(self, *args, **options): findings = findings.filter(verified=True, active=True) for finding in findings: - print("Checking issue:" + str(finding.id)) + logger.info("Checking issue:" + str(finding.id)) jira_helper.update_jira_issue(finding, True) - print("########\n") + logger.info("########\n") diff --git a/dojo/management/commands/test_celery_decorator.py b/dojo/management/commands/test_celery_decorator.py index 6fe77e02348..e36d8abd82e 100644 --- a/dojo/management/commands/test_celery_decorator.py +++ b/dojo/management/commands/test_celery_decorator.py @@ -1,4 +1,5 @@ +import logging from functools import wraps from django.core.management.base import BaseCommand @@ -8,6 +9,8 @@ from dojo.models import Finding, Notes from dojo.utils import test_valentijn +logger = logging.getLogger(__name__) + class Command(BaseCommand): help = "Command to do some tests with celery and decorators. Just committing it so 'we never forget'" @@ -20,7 +23,6 @@ def handle(self, *args, **options): test_valentijn(finding, Notes.objects.all().first()) # test_valentijn(1) - # print('sync') # my_test_task(finding) # sync @@ -30,7 +32,6 @@ def handle(self, *args, **options): # inside after # outside after - # print('async') # my_test_task.delay(finding) # async @@ -48,15 +49,15 @@ def handle(self, *args, **options): def test2(clazz, id): model = clazz.objects.get(id=id) - print(model) + logger.debug(model) def my_decorator_outside(func): @wraps(func) def wrapper(*args, **kwargs): - print("outside before") + logger.debug("outside before") func(*args, **kwargs) - print("outside after") + logger.debug("outside after") if getattr(func, 'delay', None): wrapper.delay = my_decorator_outside(func.delay) @@ -67,9 +68,9 @@ def wrapper(*args, **kwargs): def my_decorator_inside(func): @wraps(func) def wrapper(*args, **kwargs): - print("inside before") + logger.debug("inside before") func(*args, **kwargs) - print("inside after") + logger.debug("inside after") return wrapper @@ -77,7 +78,7 @@ def wrapper(*args, **kwargs): @app.task @my_decorator_inside def my_test_task(new_finding, *args, **kwargs): - print('oh la la what a nice task') + logger.debug('oh la la what a nice task') # example working with multiple parameters... diff --git a/dojo/product/views.py b/dojo/product/views.py index 95a133bc132..da581faac7c 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -144,8 +144,6 @@ def product(request): # perform annotation/prefetching by replacing the queryset in the page with an annotated/prefetched queryset. prod_list.object_list = prefetch_for_product(prod_list.object_list) - # print(prod_list.object_list.explain) - add_breadcrumb(title=_("Product List"), top_level=not len(request.GET), request=request) return render(request, 'dojo/product.html', { @@ -232,7 +230,6 @@ def view_product(request, pid): success_percent = round((float(total_pass) / float(total)) * 100, 2) waiting_percent = round((float(total_wait) / float(total)) * 100, 2) fail_percent = round(100 - success_percent - waiting_percent, 2) - print(fail_percent) benchAndPercent.append({ 'id': benchmarks[i].benchmark_type.id, 'name': benchmarks[i].benchmark_type, @@ -1649,7 +1646,6 @@ def edit_notifications(request, pid): logger.debug('existing product notifications found') form = ProductNotificationsForm(request.POST, instance=product_notifications) - # print(vars(form)) if form.is_valid(): form.save() diff --git a/dojo/utils.py b/dojo/utils.py index 2bf51f60f11..9e97364259e 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -856,9 +856,7 @@ def get_punchcard_data(objs, start_date, weeks, view='Finding'): # add week in progress + empty weeks on the end if needed while tick < weeks + 1: - # print(tick) week_data, label = get_week_data(start_of_week, tick, day_counts) - # print(week_data, label) punchcard.extend(week_data) ticks.append(label) tick += 1 @@ -1776,11 +1774,9 @@ def is_safe_url(url): def get_return_url(request): return_url = request.POST.get('return_url', None) - # print('return_url from POST: ', return_url) if return_url is None or not return_url.strip(): # for some reason using request.GET.get('return_url') never works return_url = request.GET['return_url'] if 'return_url' in request.GET else None - # print('return_url from GET: ', return_url) return return_url if return_url else None @@ -2334,7 +2330,7 @@ def crawl(self, object, model_list, **kwargs): logger.debug('ASYNC_DELETE: Deleting ' + str(len(objects_to_delete)) + ' ' + self.get_object_name(model) + 's in chunks') chunks = self.chunk_list(model, objects_to_delete) for chunk in chunks: - print('deleting', len(chunk), self.get_object_name(model)) + logger.debug(f'deleting {len(chunk)} {self.get_object_name(model)}') self.delete_chunk(chunk) self.delete_chunk([object]) logger.debug('ASYNC_DELETE: Successfully deleted ' + self.get_object_name(object) + ': ' + str(object)) diff --git a/dojo/views.py b/dojo/views.py index cd22e6ac2d3..367256231e2 100644 --- a/dojo/views.py +++ b/dojo/views.py @@ -222,5 +222,5 @@ def access_file(request, fid, oid, obj_type, url=False): # If reaching this far, user must have permission to get file file = get_object_or_404(FileUpload, pk=fid) redirect_url = f'{settings.MEDIA_ROOT}/{file.file.url.lstrip(settings.MEDIA_URL)}' - print(redirect_url) + logger.debug(redirect_url) return FileResponse(open(redirect_url, "rb")) diff --git a/dojo/wsgi.py b/dojo/wsgi.py index 0e8b2c7f8c7..b0425c24c2b 100644 --- a/dojo/wsgi.py +++ b/dojo/wsgi.py @@ -51,7 +51,7 @@ def is_debugger_listening(port): if os.environ.get("DD_DEBUG_WAIT_FOR_CLIENT") == "True": logger.info(f"Waiting for the debugging client to connect on port {debugpy_port}") debugpy.wait_for_client() # noqa: T100 - print("Debugging client connected, resuming execution") + logger.debug("Debugging client connected, resuming execution") except RuntimeError as e: if str(e) != "Can't listen for client connections: [Errno 98] Address already in use": logger.exception(e) diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index 2a9f1701194..6e038c5cf4b 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -1,3 +1,4 @@ +import logging import os import re import shutil @@ -10,6 +11,8 @@ from selenium.webdriver.common.by import By from selenium.webdriver.support.ui import Select +logger = logging.getLogger(__name__) + class ScannerTest(BaseTestCase): def setUp(self): @@ -42,13 +45,13 @@ def test_check_test_file(self): missing_tests += [test] if len(missing_tests) > 0: - print('The following scanners are missing test cases or incorrectly named') - print('Names must match those listed in /dojo/tools') - print('Test cases can be added/modified here:') - print('https://github.com/DefectDojo/sample-scan-files\n') + logger.info('The following scanners are missing test cases or incorrectly named') + logger.info('Names must match those listed in /dojo/tools') + logger.info('Test cases can be added/modified here:') + logger.info('https://github.com/DefectDojo/sample-scan-files\n') for test in missing_tests: - print(test) - print() + logger.info(test) + logger.info() assert len(missing_tests) == 0 def test_check_for_doc(self): @@ -70,13 +73,13 @@ def test_check_for_doc(self): missing_docs += [tool] if len(missing_docs) > 0: - print('The following scanners are missing documentation') - print('Names must match those listed in /dojo/tools') - print('Documentation can be added here:') - print('https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs\n') + logger.info('The following scanners are missing documentation') + logger.info('Names must match those listed in /dojo/tools') + logger.info('Documentation can be added here:') + logger.info('https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs\n') for tool in missing_docs: - print(tool) - print() + logger.info(tool) + logger.info() assert len(missing_docs) == 0 def test_check_for_forms(self): @@ -108,13 +111,13 @@ def test_check_for_forms(self): missing_forms += [tool] if len(missing_forms) > 0: - print('The following scanners are missing forms') - print('Names must match those listed in /dojo/tools') - print('forms can be added here:') - print('https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/forms.py\n') + logger.info('The following scanners are missing forms') + logger.info('Names must match those listed in /dojo/tools') + logger.info('forms can be added here:') + logger.info('https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/forms.py\n') for tool in missing_forms: - print(tool) - print() + logger.info(tool) + logger.info() assert len(missing_forms) == 0 @unittest.skip("Deprecated since Dynamic Parser infrastructure") @@ -149,13 +152,13 @@ def test_check_for_options(self): missing_templates += [tool] if len(missing_templates) > 0: - print('The following scanners are missing templates') - print('Names must match those listed in /dojo/tools') - print('templates can be added here:') - print('https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/templates/dojo/import_scan_results.html\n') + logger.info('The following scanners are missing templates') + logger.info('Names must match those listed in /dojo/tools') + logger.info('templates can be added here:') + logger.info('https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/templates/dojo/import_scan_results.html\n') for tool in missing_templates: - print(tool) - print() + logger.info(tool) + logger.info() assert len(missing_templates) == 0 def test_engagement_import_scan_result(self): @@ -235,13 +238,13 @@ def test_engagement_import_scan_result(self): break if len(failed_tests) > 0: - print('The following scan imports produced errors') - print('Names of tests must match those listed in /dojo/tools') - print('Tests can be added/modified here:') - print('https://github.com/DefectDojo/sample-scan-files\n') + logger.info('The following scan imports produced errors') + logger.info('Names of tests must match those listed in /dojo/tools') + logger.info('Tests can be added/modified here:') + logger.info('https://github.com/DefectDojo/sample-scan-files\n') for test in failed_tests: - print(test) - print() + logger.info(test) + logger.info() assert len(failed_tests) == 0 def tearDown(self): diff --git a/tests/base_test_class.py b/tests/base_test_class.py index e676e919160..9972f9974c9 100644 --- a/tests/base_test_class.py +++ b/tests/base_test_class.py @@ -1,3 +1,4 @@ +import logging import os import re import unittest @@ -10,6 +11,7 @@ from selenium.webdriver.support.ui import WebDriverWait # import time +logger = logging.getLogger(__name__) dd_driver = None @@ -22,8 +24,8 @@ def wrapper(self, *args, **kwargs): return func(self, *args, **kwargs) except Exception: - print("exception occured at url:", self.driver.current_url) - print("page source:", self.driver.page_source) + logger.info(f"exception occured at url: {self.driver.current_url}") + logger.info(f"page source: {self.driver.page_source}") f = open("selenium_page_source.html", "w", encoding="utf-8") f.writelines(self.driver.page_source) # time.sleep(30) @@ -58,7 +60,7 @@ def setUpClass(cls): if not dd_driver: # setupModule and tearDownModule are not working in our scenario, so for now we use setupClass and a global variable # global variables are dirty, but in unit tests scenario's like these they are acceptable - print("launching browser for: ", cls.__name__) + logger.info(f"launching browser for: {cls.__name__}") global dd_driver_options dd_driver_options = Options() @@ -88,8 +90,8 @@ def setUpClass(cls): dd_driver_options.add_experimental_option("prefs", prefs) # change path of chromedriver according to which directory you have chromedriver. - print( - "starting chromedriver with options: ", vars(dd_driver_options), desired, + logger.info( + f"starting chromedriver with options: {vars(dd_driver_options)} {desired}", ) # TODO - this filter needs to be removed @@ -250,19 +252,16 @@ def wait_for_datatable_if_content(self, no_content_id, wrapper_id): def is_element_by_css_selector_present(self, selector, text=None): elems = self.driver.find_elements(By.CSS_SELECTOR, selector) if len(elems) == 0: - # print('no elements!') return False if text is None: return True for elem in elems: - print(elem.text) + logger.info(elem.text) if text in elem.text: - # print('contains!') return True - # print('text mismatch!') return False def is_element_by_id_present(self, id): @@ -287,7 +286,7 @@ def is_text_present_on_page(self, text): # path = "//*[contains(text(), '" + text + "')]" # elems = self.driver.find_elements(By.XPATH, path) # if len(elems) == 0: - # print("DEBUG: couldn't find: ", text, "path: ", path) + # logger.debug("couldn't find: ", text, "path: ", path) body = self.driver.find_element(By.TAG_NAME, "body") return re.search(text, body.text) @@ -297,7 +296,7 @@ def element_exists_by_id(self, id): return len(elems) > 0 def change_system_setting(self, id, enable=True): - print("changing system setting " + id + " enable: " + str(enable)) + logger.info("changing system setting " + id + " enable: " + str(enable)) driver = self.driver driver.get(self.base_url + "system_settings") @@ -340,7 +339,7 @@ def enable_github(self): def set_block_execution(self, block_execution=True): # we set the admin user (ourselves) to have block_execution checked # this will force dedupe to happen synchronously, among other things like notifications, rules, ... - print("setting block execution to: ", str(block_execution)) + logger.info(f"setting block execution to: {str(block_execution)}") driver = self.driver driver.get(self.base_url + "profile") if ( @@ -420,27 +419,26 @@ def assertNoConsoleErrors(self): accepted_javascript_messages = r"(zoom\-in\.cur.*)404\ \(Not\ Found\)|Uncaught TypeError: Cannot read properties of null \(reading \'trigger\'\)|Uncaught TypeError: Cannot read properties of null \(reading \'innerHTML\'\)" if entry["level"] == "SEVERE": - # print(self.driver.current_url) # TODO actually this seems to be the previous url # self.driver.save_screenshot("C:\\Data\\django-DefectDojo\\tests\\javascript-errors.png") # with open("C:\\Data\\django-DefectDojo\\tests\\javascript-errors.html", "w") as f: # f.write(self.driver.page_source) - print(entry) - print( + logger.info(entry) + logger.info( "There was a SEVERE javascript error in the console, please check all steps fromt the current test to see where it happens", ) - print( + logger.info( "Currently there is no reliable way to find out at which url the error happened, but it could be: ." + self.driver.current_url, ) if self.accept_javascript_errors: - print( - "WARNING: skipping SEVERE javascript error because accept_javascript_errors is True!", + logger.warning( + "skipping SEVERE javascript error because accept_javascript_errors is True!", ) elif re.search(accepted_javascript_messages, entry["message"]): - print( - "WARNING: skipping javascript errors related to known issues images, see https://github.com/DefectDojo/django-DefectDojo/blob/master/tests/base_test_class.py#L324", + logger.warning( + "skipping javascript errors related to known issues images, see https://github.com/DefectDojo/django-DefectDojo/blob/master/tests/base_test_class.py#L324", ) else: self.assertNotEqual(entry["level"], "SEVERE") @@ -454,14 +452,14 @@ def tearDown(self): @classmethod def tearDownDriver(cls): - print("tearDownDriver: ", cls.__name__) + logger.info(f"tearDownDriver: {cls.__name__}") global dd_driver if dd_driver: if ( not dd_driver_options.experimental_options or not dd_driver_options.experimental_options.get("detach") ): - print("closing browser") + logger.info("closing browser") dd_driver.quit() diff --git a/tests/close_old_findings_dedupe_test.py b/tests/close_old_findings_dedupe_test.py index cb7db1b836c..c4996b1fb57 100644 --- a/tests/close_old_findings_dedupe_test.py +++ b/tests/close_old_findings_dedupe_test.py @@ -37,7 +37,6 @@ def check_nb_duplicates(self, expected_number_of_duplicates): trs = driver.find_elements(By.XPATH, '//*[@id="open_findings"]/tbody/tr') for row in trs: concatRow = ' '.join([td.text for td in row.find_elements(By.XPATH, ".//td")]) - # print(concatRow) if '(DUPE)' and 'Duplicate' in concatRow: dupe_count += 1 @@ -48,7 +47,7 @@ def check_nb_duplicates(self, expected_number_of_duplicates): if (dupe_count != expected_number_of_duplicates): findings_table = driver.find_element(By.ID, 'open_findings') - print(findings_table.get_attribute('innerHTML')) + logger.debug(findings_table.get_attribute('innerHTML')) self.assertEqual(dupe_count, expected_number_of_duplicates) diff --git a/tests/dedupe_test.py b/tests/dedupe_test.py index 73214cc06d9..9971e30a468 100644 --- a/tests/dedupe_test.py +++ b/tests/dedupe_test.py @@ -35,7 +35,6 @@ def check_nb_duplicates(self, expected_number_of_duplicates): trs = driver.find_elements(By.XPATH, '//*[@id="open_findings"]/tbody/tr') for row in trs: concatRow = ' '.join([td.text for td in row.find_elements(By.XPATH, ".//td")]) - # print(concatRow) if '(DUPE)' and 'Duplicate' in concatRow: dupe_count += 1 @@ -46,7 +45,7 @@ def check_nb_duplicates(self, expected_number_of_duplicates): if (dupe_count != expected_number_of_duplicates): findings_table = driver.find_element(By.ID, 'open_findings') - print(findings_table.get_attribute('innerHTML')) + logger.debug(findings_table.get_attribute('innerHTML')) self.assertEqual(dupe_count, expected_number_of_duplicates) diff --git a/tests/file_test.py b/tests/file_test.py index dce9d43894a..56ed96e8792 100644 --- a/tests/file_test.py +++ b/tests/file_test.py @@ -20,7 +20,6 @@ def uncollapse_all(self, driver): return driver def test_add_file_finding_level(self): - # print("\n\nDebug Print Log: testing 'add image' \n") # The Name of the Finding created by test_add_product_finding => 'App Vulnerable to XSS' # Test To Add Finding To product # login to site, password set to fetch from environ diff --git a/tests/finding_test.py b/tests/finding_test.py index 7643e013ff7..7cfa93c9352 100644 --- a/tests/finding_test.py +++ b/tests/finding_test.py @@ -1,3 +1,4 @@ +import logging import os import sys import time @@ -12,6 +13,7 @@ from selenium.webdriver.support.ui import Select, WebDriverWait from user_test import UserTest +logger = logging.getLogger(__name__) dir_path = os.path.dirname(os.path.realpath(__file__)) @@ -130,7 +132,6 @@ def test_edit_finding(self): self.assertTrue(self.is_text_present_on_page(text='Additional Vulnerability Ids')) def test_add_image(self): - # print("\n\nDebug Print Log: testing 'add image' \n") # The Name of the Finding created by test_add_product_finding => 'App Vulnerable to XSS' # Test To Add Finding To product # login to site, password set to fetch from environ @@ -371,29 +372,26 @@ def test_make_finding_a_template(self): def test_apply_template_to_a_finding(self): driver = self.driver # Navigate to All Finding page - print("\nListing findings \n") + logger.info("\nListing findings \n") self.goto_all_findings_list(driver) # Select and click on the particular finding to edit driver.find_element(By.LINK_TEXT, "App Vulnerable to XSS").click() # Click on the 'dropdownMenu1 button' - # print("\nClicking on dropdown menu \n") driver.find_element(By.ID, "dropdownMenu1").click() self.assertNoConsoleErrors() # Click on `Apply Template to Finding` - # print("\nClicking on apply template \n") driver.find_element(By.LINK_TEXT, "Apply Template to Finding").click() self.assertNoConsoleErrors() # click on the template of 'App Vulnerable to XSS' - print("\nClicking on the template \n") + logger.info("\nClicking on the template \n") driver.find_element(By.LINK_TEXT, "App Vulnerable to XSS").click() self.assertNoConsoleErrors() # Click on 'Replace all' button - print("\nClicking on replace all \n") + logger.info("\nClicking on replace all \n") driver.find_element(By.XPATH, "//button[@data-option='Replace']").click() self.assertNoConsoleErrors() # Click the 'finished' button to submit - # print("\nClicking on finished \n") driver.find_element(By.NAME, '_Finished').click() self.assertNoConsoleErrors() # Query the site to determine if the finding has been added @@ -413,16 +411,15 @@ def test_create_finding_from_template(self): driver.find_element(By.PARTIAL_LINK_TEXT, "Pen Test").click() # Click on the 'dropdownMenu1 button' - # print("\nClicking on dropdown menu \n") + # logger.info("\nClicking on dropdown menu \n") driver.find_element(By.ID, "dropdownMenu_test_add").click() self.assertNoConsoleErrors() # Click on `Apply Template to Finding` - # print("\nClicking on apply template \n") driver.find_element(By.LINK_TEXT, "Finding From Template").click() self.assertNoConsoleErrors() # click on the template of 'App Vulnerable to XSS' - print("\nClicking on the template \n") + logger.info("\nClicking on the template \n") driver.find_element(By.LINK_TEXT, "Use This Template").click() self.assertNoConsoleErrors() @@ -430,7 +427,6 @@ def test_create_finding_from_template(self): driver.find_element(By.ID, "id_title").send_keys("App Vulnerable to XSS from Template") self.assertNoConsoleErrors() # Click the 'finished' button to submit - # print("\nClicking on finished \n") driver.find_element(By.ID, "id_finished").click() self.assertNoConsoleErrors() # Query the site to determine if the finding has been added @@ -476,8 +472,6 @@ def test_import_scan_result(self): with WaitForPageLoad(driver, timeout=50): driver.find_elements(By.CSS_SELECTOR, "button.btn.btn-primary")[1].click() # Query the site to determine if the finding has been added - # print("\n\nDebug Print Log: findingTxt fetched: {}\n".format(productTxt)) - # print("Checking for '.*ZAP Scan processed a total of 4 findings.*'") # Assert ot the query to dtermine status of failure self.assertTrue(self.is_success_message_present(text='ZAP Scan processed a total of 4 findings')) diff --git a/tests/notes_test.py b/tests/notes_test.py index 77546d33498..718d685c127 100644 --- a/tests/notes_test.py +++ b/tests/notes_test.py @@ -1,3 +1,4 @@ +import logging import sys import time import unittest @@ -6,6 +7,8 @@ from product_test import ProductTest from selenium.webdriver.common.by import By +logger = logging.getLogger(__name__) + """ Tests Notes functionality on all levels (Engagement, Test, and Finding) Private and public notes are tested @@ -33,7 +36,7 @@ def create_public_note(self, driver, level): text = driver.find_element(By.TAG_NAME, 'body').text pass_test = "Test public note" in text if not pass_test: - print('Public note created at the', level, 'level') + logger.info(f'Public note created at the {level} level') self.assertTrue(pass_test) def create_private_note(self, driver, level): @@ -51,7 +54,7 @@ def create_private_note(self, driver, level): private_status = "(will not appear in report)" in text pass_test = note_present and private_status if not pass_test: - print('Private note note created at the', level, 'level') + logger.info(f'Private note note created at the {level} level') self.assertTrue(pass_test) def test_finding_note(self): diff --git a/tests/product_member_test.py b/tests/product_member_test.py index 8e45a4a9cc7..ab4adb24e5e 100644 --- a/tests/product_member_test.py +++ b/tests/product_member_test.py @@ -1,3 +1,4 @@ +import logging import sys import unittest @@ -9,6 +10,8 @@ from selenium.webdriver.support.ui import Select, WebDriverWait from user_test import UserTest +logger = logging.getLogger(__name__) + class ProductMemberTest(BaseTestCase): @@ -44,9 +47,9 @@ def test_user_add_product_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_product")[0].text, "QA Test") self.assertEqual(driver.find_elements(By.NAME, "member_product_role")[0].text, "Reader") else: - print('--------------------------------') - print('test_user_add_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_user_add_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_user_edit_product_member(self): # Login to the site. Password will have to be modified @@ -71,9 +74,9 @@ def test_user_edit_product_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_product")[0].text, "QA Test") self.assertEqual(driver.find_elements(By.NAME, "member_product_role")[0].text, "Maintainer") else: - print('--------------------------------') - print('test_edit_add_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_edit_add_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_user_delete_product_member(self): # Login to the site. Password will have to be modified @@ -95,9 +98,9 @@ def test_user_delete_product_member(self): # Query the site to determine if the member has been deleted self.assertFalse(driver.find_elements(By.NAME, "member_product")) else: - print('--------------------------------') - print('test_user_delete_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_user_delete_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_add_product_member(self): # Login to the site. Password will have to be modified @@ -130,9 +133,9 @@ def test_product_add_product_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_user")[0].text, "Proper Samuel (propersahm)") self.assertEqual(driver.find_elements(By.NAME, "member_role")[0].text, "Reader") else: - print('--------------------------------') - print('test_product_add_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_add_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_edit_product_member(self): # Login to the site. Password will have to be modified @@ -157,9 +160,9 @@ def test_product_edit_product_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_user")[0].text, "Proper Samuel (propersahm)") self.assertEqual(driver.find_elements(By.NAME, "member_role")[0].text, "Maintainer") else: - print('--------------------------------') - print('test_product_edit_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_edit_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_delete_product_member(self): # Login to the site. Password will have to be modified @@ -181,9 +184,9 @@ def test_product_delete_product_member(self): # Query the site to determine if the member has been deleted self.assertFalse(driver.find_elements(By.NAME, "member_user")) else: - print('--------------------------------') - print('test_product_delete_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_delete_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def suite(): diff --git a/tests/product_type_member_test.py b/tests/product_type_member_test.py index 03664664d4e..31ef0e6f4e4 100644 --- a/tests/product_type_member_test.py +++ b/tests/product_type_member_test.py @@ -1,3 +1,4 @@ +import logging import sys import unittest @@ -8,6 +9,8 @@ from selenium.webdriver.support.ui import Select, WebDriverWait from user_test import UserTest +logger = logging.getLogger(__name__) + class ProductTypeMemberTest(BaseTestCase): @@ -43,9 +46,9 @@ def test_user_add_product_type_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_product_type")[0].text, "Research and Development") self.assertEqual(driver.find_elements(By.NAME, "member_product_type_role")[0].text, "Reader") else: - print('--------------------------------') - print('test_user_add_product_type_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_user_add_product_type_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_user_edit_product_type_member(self): # Login to the site. Password will have to be modified @@ -70,9 +73,9 @@ def test_user_edit_product_type_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_product_type")[0].text, "Research and Development") self.assertEqual(driver.find_elements(By.NAME, "member_product_type_role")[0].text, "Owner") else: - print('--------------------------------') - print('test_user_edit_product_type_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_user_edit_product_type_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_user_delete_product_type_member(self): # Login to the site. Password will have to be modified @@ -94,9 +97,9 @@ def test_user_delete_product_type_member(self): # Query the site to determine if the member has been deleted self.assertFalse(driver.find_elements(By.NAME, "member_product_type")) else: - print('--------------------------------') - print('test_user_delete_product_type_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_user_delete_product_type_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_type_add_product_type_member(self): # Login to the site. Password will have to be modified @@ -130,9 +133,9 @@ def test_product_type_add_product_type_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_user")[1].text, "Proper Samuel (propersahm)") self.assertEqual(driver.find_elements(By.NAME, "member_role")[1].text, "Reader") else: - print('--------------------------------') - print('test_product_type_add_product_type_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_type_add_product_type_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_type_edit_product_type_member(self): # Login to the site. Password will have to be modified @@ -159,9 +162,9 @@ def test_product_type_edit_product_type_member(self): self.assertEqual(driver.find_elements(By.NAME, "member_user")[1].text, "Proper Samuel (propersahm)") self.assertEqual(driver.find_elements(By.NAME, "member_role")[1].text, "Maintainer") else: - print('--------------------------------') - print('test_product_type_edit_product_type_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_type_edit_product_type_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def test_product_type_delete_product_type_member(self): # Login to the site. Password will have to be modified @@ -185,9 +188,9 @@ def test_product_type_delete_product_type_member(self): # Query the site to determine if the member has been deleted self.assertTrue(len(driver.find_elements(By.NAME, "member_user")) == 1) else: - print('--------------------------------') - print('test_product_delete_product_member: Not executed because legacy authorization is active') - print('--------------------------------') + logger.info('--------------------------------') + logger.info('test_product_delete_product_member: Not executed because legacy authorization is active') + logger.info('--------------------------------') def suite(): diff --git a/tests/product_type_test.py b/tests/product_type_test.py index f8854899a29..d8e4d35f54a 100644 --- a/tests/product_type_test.py +++ b/tests/product_type_test.py @@ -1,15 +1,18 @@ +import logging import sys import unittest from base_test_class import BaseTestCase, on_exception_html_source_logger from selenium.webdriver.common.by import By +logger = logging.getLogger(__name__) + class ProductTypeTest(BaseTestCase): @on_exception_html_source_logger def test_create_product_type(self): - print("\n\nDebug Print Log: testing 'create product type' \n") + logger.debug("\n\nDebug Print Log: testing 'create product type' \n") driver = self.driver driver.get(self.base_url + "product/type") driver.find_element(By.ID, "dropdownMenu1").click() @@ -47,7 +50,7 @@ def test_create_product_for_product_type(self): self.assertFalse(self.is_error_message_present()) def test_view_product_type(self): - print("\n\nDebug Print Log: testing 'view product type' \n") + logger.debug("\n\nDebug Print Log: testing 'view product type' \n") driver = self.driver driver.get(self.base_url + "product/type") driver.find_element(By.ID, "dropdownMenuProductType").click() @@ -57,7 +60,7 @@ def test_view_product_type(self): self.assertEqual('Product Type Product test type', product_type_text) def test_edit_product_type(self): - print("\n\nDebug Print Log: testing 'edit product type' \n") + logger.debug("\n\nDebug Print Log: testing 'edit product type' \n") driver = self.driver driver.get(self.base_url + "product/type") driver.find_element(By.ID, "dropdownMenuProductType").click() @@ -69,7 +72,7 @@ def test_edit_product_type(self): self.assertTrue(self.is_success_message_present(text='Product type updated successfully.')) def test_delete_product_type(self): - print("\n\nDebug Print Log: testing 'delete product type' \n") + logger.debug("\n\nDebug Print Log: testing 'delete product type' \n") driver = self.driver driver.get(self.base_url + "product/type") # TODO this assumes the first product_type in the list is the one that we just created (and can safely be deleted) diff --git a/tests/report_builder_test.py b/tests/report_builder_test.py index 6025d1c0a4f..f9b09f2fc14 100644 --- a/tests/report_builder_test.py +++ b/tests/report_builder_test.py @@ -139,13 +139,11 @@ def test_product_endpoint_report(self): driver.find_element(By.LINK_TEXT, "Endpoint Report").click() # extra dropdown click - # print('waiting for show-filters to appear due to the amazing javascript we have...') dropdown = WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.ID, "show-filters"))) dropdown = driver.find_element(By.ID, "show-filters") dropdown.click() - # print('waiting for filter section to expand...') my_select = WebDriverWait(driver, 20).until(EC.visibility_of_element_located((By.XPATH, "//label[@for='id_include_finding_notes']"))) my_select = Select(driver.find_element(By.ID, "id_include_finding_notes")) diff --git a/tests/zap.py b/tests/zap.py index db0f77bf3d9..457b4775a0f 100755 --- a/tests/zap.py +++ b/tests/zap.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 import collections +import logging import re import socket import time @@ -8,6 +9,8 @@ from prettytable import PrettyTable from zapv2 import ZAPv2 +logger = logging.getLogger(__name__) + class Main: if __name__ == "__main__": @@ -15,13 +18,13 @@ class Main: address = "127.0.0.1" port = 8080 - print("Checking if ZAP is running, connecting to ZAP on http://" + address + ":" + str(port)) + logger.info("Checking if ZAP is running, connecting to ZAP on http://" + address + ":" + str(port)) s = socket.socket() try: s.connect((address, port)) except OSError: - print("Error connecting to ZAP, exiting.") + logger.info("Error connecting to ZAP, exiting.") sys.exit(0) zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}) @@ -36,19 +39,19 @@ class Main: # Defining context name as hostname from URL and creating context using it. contextname = urlparse(targetURL).netloc - print("Context Name: " + contextname) + logger.info("Context Name: " + contextname) # Step1: Create context contextid = zap.context.new_context(contextname, apikey) - print("ContextID: " + contextid) + logger.info("ContextID: " + contextid) # Step2: Include in the context result = zap.context.include_in_context(contextname, targetURLregex, apikey) - print("URL regex defined in context: " + result) + logger.info("URL regex defined in context: " + result) # Step3: Session Management - Default is cookieBasedSessionManagement result = zap.sessionManagement.set_session_management_method(contextid, "cookieBasedSessionManagement", None, apikey) - print("Session method defined: " + result) + logger.info("Session method defined: " + result) loginUrl = "http://os.environ['DD_BASE_URL']/login" # loginUrlregex = "\Q" + loginUrl + "\E.*" @@ -59,17 +62,17 @@ class Main: # Wait for passive scanning to complete while (int(zap.pscan.records_to_scan) > 0): - print('Records to passive scan : ' + zap.pscan.records_to_scan) + logger.info('Records to passive scan : ' + zap.pscan.records_to_scan) time.sleep(15) - print('Passive scanning complete') + logger.info('Passive scanning complete') - print('Actively Scanning target ' + targetURL) + logger.info('Actively Scanning target ' + targetURL) ascan_id = zap.ascan.scan(targetURL, None, None, None, None, None, apikey) # Can provide more options for active scan here instead of using None. while (int(zap.ascan.status(ascan_id)) < 100): - print('Scan progress %: ' + zap.ascan.status(ascan_id)) + logger.info('Scan progress %: ' + zap.ascan.status(ascan_id)) time.sleep(15) - print('Scan completed') + logger.info('Scan completed') # Report the results sort_by_url = collections.defaultdict(list) @@ -103,11 +106,11 @@ class Main: summary.add_row(["Low", low]) summary.add_row(["Medium", medium]) summary.add_row(["High", high]) - print(summary) + logger.info(summary) for url in sort_by_url: - print() - print(url) + logger.info() + logger.info(url) results = PrettyTable(["Risk", "Description"]) results.padding_width = 1 @@ -117,4 +120,4 @@ class Main: for details in sort_by_url[url]: results.add_row([details['risk'], details['alert']]) - print(results) + logger.info(results) diff --git a/unittests/dojo_test_case.py b/unittests/dojo_test_case.py index 2c8cd2abfeb..e5b5983a01f 100644 --- a/unittests/dojo_test_case.py +++ b/unittests/dojo_test_case.py @@ -2,8 +2,8 @@ import json import logging import os -import pprint from itertools import chain +from pprint import pformat from django.test import TestCase from django.urls import reverse @@ -137,7 +137,7 @@ def model_to_dict(self, instance): return data def log_model_instance(self, instance): - logger.debug('model instance: %s', pprint.pprint(self.model_to_dict(instance))) + logger.debug('model instance: %s', pformat(self.model_to_dict(instance))) def log_model_instances(self, instances): for instance in instances: @@ -265,7 +265,6 @@ def add_product_jira(self, data, expect_redirect_to=None, expect_200=False): self.assertEqual(response.status_code, 200) elif expect_redirect_to: self.assertEqual(response.status_code, 302) - # print('url: ' + response.url) try: product = Product.objects.get(id=response.url.split('/')[-1]) except: @@ -324,15 +323,12 @@ def edit_product_jira(self, product, data, expect_redirect_to=None, expect_200=F def edit_jira_project_for_product_with_data(self, product, data, expected_delta_jira_project_db=0, expect_redirect_to=None, expect_200=None): jira_project_count_before = self.db_jira_project_count() - # print('before: ' + str(jira_project_count_before)) if not expect_redirect_to and not expect_200: expect_redirect_to = self.get_expected_redirect_product(product) response = self.edit_product_jira(product, data, expect_redirect_to=expect_redirect_to, expect_200=expect_200) - # print('after: ' + str(self.db_jira_project_count())) - self.assertEqual(self.db_jira_project_count(), jira_project_count_before + expected_delta_jira_project_db) return response @@ -345,15 +341,12 @@ def edit_jira_project_for_product2(self, product, expected_delta_jira_project_db def empty_jira_project_for_product(self, product, expected_delta_jira_project_db=0, expect_redirect_to=None, expect_200=False): logger.debug('empty jira project for product') jira_project_count_before = self.db_jira_project_count() - # print('before: ' + str(jira_project_count_before)) if not expect_redirect_to and not expect_200: expect_redirect_to = self.get_expected_redirect_product(product) response = self.edit_product_jira(product, self.get_product_with_empty_jira_project_data(product), expect_redirect_to=expect_redirect_to, expect_200=expect_200) - # print('after: ' + str(self.db_jira_project_count())) - self.assertEqual(self.db_jira_project_count(), jira_project_count_before + expected_delta_jira_project_db) return response @@ -468,14 +461,13 @@ def reimport_scan(self, payload, expected_http_status_code): def endpoint_meta_import_scan(self, payload, expected_http_status_code): logger.debug('endpoint_meta_import_scan payload %s', payload) response = self.client.post(reverse('endpointmetaimport-list'), payload) - print(response.content) + logger.debug(response.content) self.assertEqual(expected_http_status_code, response.status_code, response.content[:1000]) return json.loads(response.content) def get_test_api(self, test_id): response = self.client.get(reverse('test-list') + f'{test_id}/', format='json') self.assertEqual(200, response.status_code, response.content[:1000]) - # print('test.content: ', response.content) return json.loads(response.content) def import_scan_with_params(self, filename, scan_type='ZAP Scan', engagement=1, minimum_severity='Low', active=True, verified=False, @@ -657,7 +649,6 @@ def get_test_findings_api(self, test_id, active=None, verified=None, is_mitigate response = self.client.get(reverse('finding-list'), payload, format='json') self.assertEqual(200, response.status_code, response.content[:1000]) - # print('findings.content: ', response.content) return json.loads(response.content) def get_product_endpoints_api(self, product_id, host=None): @@ -683,22 +674,17 @@ def do_finding_tags_api(self, http_method, finding_id, tags=None): if tags: data = {'tags': tags} - # print('data:' + str(data)) - response = http_method(reverse('finding-tags', args=(finding_id,)), data, format='json') - # print(vars(response)) self.assertEqual(200, response.status_code, response.content[:1000]) return response def get_finding_tags_api(self, finding_id): response = self.do_finding_tags_api(self.client.get, finding_id) - # print(response.data) return response.data def get_finding_api_filter_tags(self, tags): response = self.client.get(reverse('finding-list') + f'?tags={tags}', format='json') self.assertEqual(200, response.status_code, response.content[:1000]) - # print(response.data) return response.data def post_finding_tags_api(self, finding_id, tags): @@ -728,10 +714,7 @@ def do_finding_notes_api(self, http_method, finding_id, note=None): if note: data = {'entry': note} - # print('data:' + str(data)) - response = http_method(reverse('finding-notes', args=(finding_id,)), data, format='json') - # print(vars(response)) self.assertEqual(201, response.status_code, response.content[:1000]) return response @@ -740,15 +723,15 @@ def post_finding_notes_api(self, finding_id, note): return response.data def log_finding_summary_json_api(self, findings_content_json=None): - print('summary') - print(findings_content_json) - print(findings_content_json['count']) + logger.debug('summary') + logger.debug(findings_content_json) + logger.debug(findings_content_json['count']) if not findings_content_json or findings_content_json['count'] == 0: logger.debug('no findings') else: for finding in findings_content_json['results']: - print(str(finding['id']) + ': ' + finding['title'][:5] + ':' + finding['severity'] + ': active: ' + str(finding['active']) + ': verified: ' + str(finding['verified']) + logger.debug(str(finding['id']) + ': ' + finding['title'][:5] + ':' + finding['severity'] + ': active: ' + str(finding['active']) + ': verified: ' + str(finding['verified']) + ': is_mitigated: ' + str(finding['is_mitigated']) + ": notes: " + str([n['id'] for n in finding['notes']]) + ": endpoints: " + str(finding['endpoints'])) diff --git a/unittests/test_deduplication_logic.py b/unittests/test_deduplication_logic.py index 46a99090b4d..e7a5cf6d84b 100644 --- a/unittests/test_deduplication_logic.py +++ b/unittests/test_deduplication_logic.py @@ -756,9 +756,6 @@ def test_dedupe_inside_engagement_unique_id(self): # first setup some finding with same unique_id in same engagement, but different test (same test_type) finding_new.test = Test.objects.get(id=66) finding_new.save() - # print(finding_new.pk) - # print(finding_new.hash_code) - # print(finding_new.duplicate) # expect duplicate as dedupe_inside_engagement is True and the other test is in the same engagement self.assert_finding(finding_new, not_pk=124, duplicate=True, duplicate_finding_id=124, hash_code=finding_124.hash_code) diff --git a/unittests/test_endpoint_model.py b/unittests/test_endpoint_model.py index 69694680dfb..b1588b80104 100644 --- a/unittests/test_endpoint_model.py +++ b/unittests/test_endpoint_model.py @@ -301,19 +301,6 @@ def test_str(self): eps = Endpoint_Status.objects.get(id=1) self.assertEqual(str(eps), "'High Impact Test Finding' on 'ftp://localhost'") - # def test_dummy(self): - # fs = Finding.objects.all() - # for f in fs: - # print(f.id, f.test.engagement.product.id, str(f)) - - # es = Endpoint.objects.all() - # for e in es: - # print(e.id, e.product.id, str(e)) - - # epss = Endpoint_Status.objects.all() - # for eps in epss: - # print(eps.id, eps.finding.id, eps.endpoint.id, str(eps)) - def test_status_evaluation(self): ep1 = Endpoint.objects.get(id=4) ep2 = Endpoint.objects.get(id=5) diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index 45c8ed63fab..e6edaa2cbc6 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -1767,8 +1767,7 @@ def import_scan_ui(self, engagement, payload): logger.debug('import_scan payload %s', payload) # response = self.client_ui.post(reverse('import_scan_results', args=(engagement, )), urlencode(payload), content_type='application/x-www-form-urlencoded') response = self.client_ui.post(reverse('import_scan_results', args=(engagement, )), payload) - # print(vars(response)) - # print('url: ' + response.url) + test = Test.objects.get(id=response.url.split('/')[-1]) # f = open('response.html', 'w+') # f.write(str(response.content, 'utf-8')) diff --git a/unittests/test_jira_config_engagement.py b/unittests/test_jira_config_engagement.py index cf952b60682..1b3072c15ee 100644 --- a/unittests/test_jira_config_engagement.py +++ b/unittests/test_jira_config_engagement.py @@ -149,8 +149,7 @@ def add_engagement_jira(self, data, expect_redirect_to=None, expect_200=False): self.assertEqual(response.status_code, 200) elif expect_redirect_to: self.assertEqual(response.status_code, 302) - # print('response: ' + response) - # print('url: ' + response.url) + try: engagement = Engagement.objects.get(id=response.url.split('/')[-1]) except: diff --git a/unittests/test_jira_import_and_pushing_api.py b/unittests/test_jira_import_and_pushing_api.py index 2f0c1050bda..b90dd76af37 100644 --- a/unittests/test_jira_import_and_pushing_api.py +++ b/unittests/test_jira_import_and_pushing_api.py @@ -428,8 +428,6 @@ def test_groups_create_edit_update_finding(self): self.assert_jira_issue_count_in_test(test_id, 1) self.assert_jira_group_issue_count_in_test(test_id, 1) - # print(finding_details) - # no way to set finding group easily via API yet Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json['id'])) diff --git a/unittests/test_notifications.py b/unittests/test_notifications.py index 941b648753d..f7d1dd90bae 100644 --- a/unittests/test_notifications.py +++ b/unittests/test_notifications.py @@ -42,23 +42,16 @@ def test_merge_notifications_list(self): global_personal_notifications = Notifications.objects.get(id=global_personal_notifications.id) - # print(vars(global_personal_notifications)) - personal_product_notifications.product_added = ['mail'] personal_product_notifications.test_added = ['mail', 'alert'] personal_product_notifications.scan_added = None - # print(vars(personal_product_notifications)) personal_product_notifications.save() personal_product_notifications = Notifications.objects.get(id=personal_product_notifications.id) - # print(vars(personal_product_notifications)) - merged_notifications = Notifications.merge_notifications_list([global_personal_notifications, personal_product_notifications]) - # print(vars(merged_notifications)) - self.assertEqual('alert' in merged_notifications.product_added, True) self.assertEqual('mail' in merged_notifications.product_added, True) self.assertEqual('slack' in merged_notifications.product_added, False) diff --git a/unittests/test_search_parser.py b/unittests/test_search_parser.py index 9e4d221fc54..aca60500c39 100644 --- a/unittests/test_search_parser.py +++ b/unittests/test_search_parser.py @@ -26,8 +26,6 @@ def test_parse_query(self): self.assertEqual(keywords[2], "space inside") operators, keywords = parse_search_query("tag:anchore word tags:php") - # print(operators) - # print(keywords) self.assertEqual(len(operators), 2) self.assertEqual(len(operators["tag"]), 1) diff --git a/unittests/tools/test_checkmarx_one_parser.py b/unittests/tools/test_checkmarx_one_parser.py index bc234f8e7bb..42bad759231 100644 --- a/unittests/tools/test_checkmarx_one_parser.py +++ b/unittests/tools/test_checkmarx_one_parser.py @@ -1,9 +1,12 @@ import datetime +import logging from dojo.models import Test from dojo.tools.checkmarx_one.parser import CheckmarxOneParser from unittests.dojo_test_case import DojoTestCase +logger = logging.getLogger(__name__) + class TestCheckmarxOneParser(DojoTestCase): @@ -125,7 +128,7 @@ def test_sca_finding(finding): findings = parser.get_findings(testfile, Test()) self.assertEqual(146, len(findings)) for index in range(len(findings)): - print(index, findings[index]) + logger.debug(index, findings[index]) with self.subTest(i=0): for finding in findings: self.assertIsNotNone(finding.title) diff --git a/unittests/tools/test_dependency_check_parser.py b/unittests/tools/test_dependency_check_parser.py index f72db048a46..678c6d28a4c 100644 --- a/unittests/tools/test_dependency_check_parser.py +++ b/unittests/tools/test_dependency_check_parser.py @@ -1,3 +1,4 @@ +import logging from datetime import datetime, timezone from os import path @@ -7,6 +8,8 @@ from dojo.tools.dependency_check.parser import DependencyCheckParser from unittests.dojo_test_case import DojoTestCase +logger = logging.getLogger(__name__) + class TestFile: def read(self): @@ -279,7 +282,7 @@ def test_parse_file_pr6439(self): # test also different component_name formats with self.subTest(i=0): - print(items[0]) + logger.debug(items[0]) # identifier -> package url java + 2 relateddependencies self.assertEqual(items[0].title, "org.apache.activemq:activemq-broker:5.16.5 | CVE-2015-3208") self.assertEqual(items[0].component_name, "org.apache.activemq:activemq-broker") diff --git a/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py b/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py index 330b35431cd..7b511521058 100644 --- a/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py +++ b/unittests/tools/test_jfrog_xray_api_summary_artifact_parser.py @@ -34,7 +34,6 @@ def test_parse_file_with_one_vuln(self): self.assertIsNone(item.mitigation) self.assertEqual("artifact1", item.component_name) self.assertIsNotNone(item.tags) - print(item.tags) self.assertEqual("1.0", item.component_version) self.assertEqual("artifact_path/artifact1/1.0/", item.file_path[:28]) self.assertIsNone(item.severity_justification)