Merge "Adding additional fields to debug log"
This commit is contained in:
commit
fc1c207040
|
@ -24,7 +24,7 @@ def cors(test):
|
|||
:returns: Signal if cors vulnerability is found, other wise None
|
||||
:rtype: :class:`syntribos.signal.SynSignal, None`
|
||||
"""
|
||||
|
||||
check_name = "HEADER_CORS"
|
||||
strength = 1.0
|
||||
slug = "HEADER_CORS{0}_WILDCARD"
|
||||
cors_type = ""
|
||||
|
@ -42,4 +42,5 @@ def cors(test):
|
|||
return None
|
||||
|
||||
slug = slug.format(cors_type)
|
||||
return syntribos.signal.SynSignal(text=text, slug=slug, strength=strength)
|
||||
return syntribos.signal.SynSignal(text=text, slug=slug, strength=strength,
|
||||
check_name=check_name)
|
||||
|
|
|
@ -30,6 +30,7 @@ def check_fail(exception):
|
|||
:returns: Signal with exception details
|
||||
:rtype: :class:`syntribos.signal.SynSignal`
|
||||
"""
|
||||
check_name = "HTTP_CHECK_FAIL"
|
||||
|
||||
def uncamel(string):
|
||||
string = re.sub("(.)([A-Z][a-z]+)", r"\1_\2", string)
|
||||
|
@ -69,7 +70,8 @@ def check_fail(exception):
|
|||
tags.update(["INVALID_REQUEST", "CLIENT_FAIL"])
|
||||
|
||||
return syntribos.signal.SynSignal(
|
||||
text=text, slug=slug, strength=1.0, tags=list(tags), data=data)
|
||||
text=text, slug=slug, strength=1.0, tags=list(tags), data=data,
|
||||
check_name=check_name)
|
||||
|
||||
|
||||
def check_status_code(response):
|
||||
|
@ -80,7 +82,7 @@ def check_status_code(response):
|
|||
:returns: Signal with status code details
|
||||
:rtype: :class:`syntribos.signal.SynSignal`
|
||||
"""
|
||||
|
||||
check_name = "HTTP_STATUS_CODE"
|
||||
codes = httplib.responses
|
||||
|
||||
data = {
|
||||
|
@ -123,7 +125,8 @@ def check_status_code(response):
|
|||
slug = (slug + "_{code}").format(code=data["status_code"])
|
||||
|
||||
return syntribos.signal.SynSignal(
|
||||
text=text, slug=slug, strength=1, tags=tags, data=data)
|
||||
text=text, slug=slug, strength=1, tags=tags, data=data,
|
||||
check_name=check_name)
|
||||
|
||||
|
||||
def check_content_type(response):
|
||||
|
@ -135,6 +138,7 @@ def check_content_type(response):
|
|||
:rtype: :class:`syntribos.signal.SynSignal`
|
||||
"""
|
||||
|
||||
check_name = "HTTP_CONTENT_TYPE"
|
||||
# LOOKUP MAPS
|
||||
known_subtypes = ["xml", "json", "javascript", "html", "plain"]
|
||||
known_suffixes = ["xml", "json"] # RFC6838
|
||||
|
@ -180,4 +184,4 @@ def check_content_type(response):
|
|||
data = {"raw_type": raw_type, "fuzzy_type": fuzzy_type}
|
||||
|
||||
return syntribos.signal.SynSignal(
|
||||
text=text, slug=slug, strength=1.0, data=data)
|
||||
text=text, slug=slug, strength=1.0, data=data, check_name=check_name)
|
||||
|
|
|
@ -112,7 +112,7 @@ def log_http_transaction(log, level=logging.DEBUG):
|
|||
|
||||
# Make the request and time its execution
|
||||
response = None
|
||||
elapsed = None
|
||||
no_resp_time = None
|
||||
signals = syntribos.signal.SignalHolder()
|
||||
|
||||
try:
|
||||
|
@ -130,10 +130,12 @@ def log_http_transaction(log, level=logging.DEBUG):
|
|||
raise exc
|
||||
|
||||
if len(signals) > 0 and response is None:
|
||||
no_resp_time = time() - start
|
||||
log.log(level,
|
||||
'Request failed, elapsed time....: {0:.5f} sec.\n'.
|
||||
format(no_resp_time))
|
||||
return (response, signals)
|
||||
|
||||
elapsed = time() - start
|
||||
|
||||
# requests lib 1.0.0 renamed body to data in the request object
|
||||
request_body = ''
|
||||
if 'body' in dir(response.request):
|
||||
|
@ -152,14 +154,27 @@ def log_http_transaction(log, level=logging.DEBUG):
|
|||
request_params = response.request.params
|
||||
elif '?' in request_url:
|
||||
request_url, request_params = request_url.split('?')
|
||||
|
||||
req_body_len = 0
|
||||
req_header_len = 0
|
||||
if response.request.headers:
|
||||
req_header_len = len(response.request.headers)
|
||||
if response.request.body:
|
||||
req_body_len = len(response.request.body)
|
||||
|
||||
logline = ''.join([
|
||||
'\n{0}\nREQUEST SENT\n{0}\n'.format('-' * 12),
|
||||
'request method..: {0}\n'.format(response.request.method),
|
||||
'request url.....: {0}\n'.format(compress(request_url)),
|
||||
'request params..: {0}\n'.format(compress(request_params)),
|
||||
'request headers.: {0}\n'.format(compress(
|
||||
'request method.......: {0}\n'.format(response.request.method),
|
||||
'request url..........: {0}\n'.format(compress(request_url)),
|
||||
'request params.......: {0}\n'.format(compress
|
||||
(request_params)),
|
||||
'request headers size.: {0}\n'.format(req_header_len),
|
||||
'request headers......: {0}\n'.format(compress(
|
||||
response.request.headers)),
|
||||
'request body....: {0}\n'.format(compress(request_body))])
|
||||
'request body size....: {0}\n'.format(req_body_len),
|
||||
'request body.........: {0}\n'.format(compress
|
||||
(request_body))])
|
||||
|
||||
try:
|
||||
log.log(level, _safe_decode(logline))
|
||||
except Exception as exception:
|
||||
|
@ -170,8 +185,10 @@ def log_http_transaction(log, level=logging.DEBUG):
|
|||
logline = ''.join([
|
||||
'\n{0}\nRESPONSE RECEIVED\n{0}\n'.format('-' * 17),
|
||||
'response status..: {0}\n'.format(response),
|
||||
'response time....: {0}\n'.format(elapsed),
|
||||
'response headers.: {0}\n'.format(response.headers),
|
||||
'response time....: {0}\n'.format
|
||||
(response.elapsed.total_seconds()),
|
||||
'response size....: {0}\n'.format(len(response.content)),
|
||||
'response body....: {0}\n'.format(response.content),
|
||||
'-' * 79])
|
||||
try:
|
||||
|
|
|
@ -160,8 +160,11 @@ class Runner(object):
|
|||
for test in test_class.get_test_cases(file_path,
|
||||
req_str):
|
||||
if test:
|
||||
cls.run_test(test, result, CONF.dry_run)
|
||||
|
||||
test_time = cls.run_test(test, result,
|
||||
CONF.dry_run)
|
||||
test_time = "Test run time: {} sec.".format(
|
||||
test_time)
|
||||
LOG.debug(test_time)
|
||||
cls.print_result(result, start_time)
|
||||
else:
|
||||
cls.print_tests(CONF.list_tests)
|
||||
|
@ -180,6 +183,7 @@ class Runner(object):
|
|||
:param bool dry_run: (OPTIONAL) Only print out test names
|
||||
"""
|
||||
suite = unittest.TestSuite()
|
||||
test_start_time = time.time()
|
||||
|
||||
suite.addTest(test("run_test_case"))
|
||||
if dry_run:
|
||||
|
@ -187,6 +191,9 @@ class Runner(object):
|
|||
print(test)
|
||||
else:
|
||||
suite.run(result)
|
||||
test_end_time = time.time() - test_start_time
|
||||
test_end_time = '%.5f' % test_end_time
|
||||
return test_end_time
|
||||
|
||||
@classmethod
|
||||
def print_result(cls, result, start_time):
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import logging
|
||||
import string as t_string
|
||||
import unittest
|
||||
|
||||
|
@ -23,6 +24,7 @@ from syntribos.clients.http import client
|
|||
from syntribos.clients.http import parser
|
||||
from syntribos.signal import SignalHolder
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
ALLOWED_CHARS = "().-_{0}{1}".format(t_string.ascii_letters, t_string.digits)
|
||||
|
||||
|
@ -162,6 +164,16 @@ class BaseTestCase(unittest.TestCase):
|
|||
tags="EXCEPTION_RAISED")[0]
|
||||
raise sig.data["exception"]
|
||||
|
||||
@classmethod
|
||||
def tearDown(cls):
|
||||
get_slugs = [sig.slug for sig in cls.test_signals]
|
||||
get_checks = [sig.check_name for sig in cls.test_signals]
|
||||
|
||||
test_signals_used = "Signals: " + str(get_slugs)
|
||||
LOG.debug(test_signals_used)
|
||||
test_checks_used = "Checks used: " + str(get_checks)
|
||||
LOG.debug(test_checks_used)
|
||||
|
||||
def run_test_case(self):
|
||||
"""This kicks off the test(s) for a given TestCase class
|
||||
|
||||
|
|
Loading…
Reference in New Issue