From f157d2283153c9135ea1a711e02746230b8f6854 Mon Sep 17 00:00:00 2001 From: Dmitry Maryushkin Date: Tue, 29 Oct 2024 13:22:05 +0300 Subject: [PATCH] Fix settings sha256sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- unittests/tools/test_mobsf_parser.py | 138 ---------------------- 2 files changed, 1 insertion(+), 139 deletions(-) delete mode 100644 unittests/tools/test_mobsf_parser.py diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 5f387ae715d..330b208b7c1 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -7ad5e28c5c96c6a3d40826bf32cea96c131825bd4eca857276b0458e26de36a3 +c239a174bffa016d3bb7016b877926fe2df8e6b9e09c622ce6386414f5fb684d diff --git a/unittests/tools/test_mobsf_parser.py b/unittests/tools/test_mobsf_parser.py deleted file mode 100644 index 31a40eb7841..00000000000 --- a/unittests/tools/test_mobsf_parser.py +++ /dev/null @@ -1,138 +0,0 @@ -from dojo.models import Engagement, Product, Test -from dojo.tools.mobsf.parser import MobSFParser -from unittests.dojo_test_case import DojoTestCase - - -class TestMobSFParser(DojoTestCase): - - def test_parse_file(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/report1.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(68, len(findings)) - item = findings[0] - self.assertEqual("android.permission.WRITE_EXTERNAL_STORAGE", item.title) - self.assertEqual("High", item.severity) - item = findings[2] - self.assertEqual("android.permission.INTERNET", item.title) - self.assertEqual("Info", item.severity) - item = findings[10] - self.assertEqual("This shared object does not have RELRO enabled", item.title) - self.assertEqual("High", item.severity) - self.assertEqual("lib/armeabi-v7a/libdivajni.so", item.file_path) - self.assertEqual(1, item.nb_occurences) - item = findings[17] - self.assertEqual("This shared object does not have a stack canary value added to the stack", item.title) - self.assertEqual("High", item.severity) - self.assertEqual(1, item.nb_occurences) - - def test_parse_file2(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/report2.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(1022, len(findings)) - item = findings[1] - self.assertEqual("Potential API Key found", item.title) - self.assertEqual("Info", item.severity) - - def test_parse_file_3_1_9_android(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/android.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - item = findings[1] - self.assertEqual("android.permission.ACCESS_GPS", item.title) - self.assertEqual("High", item.severity) - item = findings[4] - self.assertEqual("android.permission.ACCESS_LOCATION", item.title) - self.assertEqual("High", item.severity) - item = findings[7] - self.assertEqual("android.permission.READ_PHONE_STATE", item.title) - self.assertEqual("High", item.severity) - item = findings[70] - self.assertEqual("HTTPS Connection", item.title) - self.assertEqual("Info", item.severity) - self.assertEqual(1, item.nb_occurences) - - def test_parse_file_3_1_9_ios(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/ios.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(11, len(findings)) - item = findings[2] - self.assertEqual("NSLocationAlwaysUsageDescription", item.title) - self.assertEqual("High", item.severity) - item = findings[3] - self.assertEqual("NSLocationWhenInUseUsageDescription", item.title) - self.assertEqual("High", item.severity) - item = findings[10] - self.assertEqual("App is compiled with Automatic Reference Counting (ARC) flag. ARC is a compiler feature that provides automatic memory management of Objective-C objects and is an exploit mitigation mechanism against memory corruption vulnerabilities.", item.title) - self.assertEqual("Info", item.severity) - self.assertEqual(1, item.nb_occurences) - - def test_parse_file_mobsf_3_7_9(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/mobsf_3_7_9.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(2, len(findings)) - self.assertEqual(findings[0].title, "The binary may contain the following insecure API(s) _memcpy\n, _strlen\n") - self.assertEqual(findings[1].title, "The binary may use _malloc\n function instead of calloc") - self.assertEqual(findings[0].severity, "High") - self.assertEqual(findings[1].severity, "High") - - def test_parse_issue_9132(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/issue_9132.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(37, len(findings)) - - def test_parse_allsafe(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/allsafe.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(93, len(findings)) - - def test_parse_damnvulnrablebank(self): - test = Test() - engagement = Engagement() - engagement.product = Product() - test.engagement = engagement - testfile = open("unittests/scans/mobsf/damnvulnrablebank.json", encoding="utf-8") - parser = MobSFParser() - findings = parser.get_findings(testfile, test) - testfile.close() - self.assertEqual(80, len(findings))