migrate all tests to pytest and make them work with the latest werkzeug version

parent e0a61cd6
Pipeline #1753 failed with stages
in 8 minutes and 39 seconds
......@@ -2,9 +2,9 @@ trio==0.13.0
Flask==1.1.1
Flask-Login==0.4.1
Flask-Bower==1.3.0
Flask-Babel==0.12.2
Flask-WTF==0.14.2
flask-restx==0.1.1
Flask-Babel==1.0.0
Flask-WTF==0.14.3
flask-restx==0.2.0
Flask-Caching==1.8.0
Flask-Session==0.3.1
WTForms==2.2.1
......@@ -14,4 +14,4 @@ tzlocal==2.0.0
pyOpenSSL==19.1.0
configobj==5.0.6
async_generator
Click==7.0
Click==7.1.1
......@@ -249,7 +249,7 @@ test_requires = [
'pytest',
'pytest-cov',
'pytest-flask',
'Flask-Testing',
'pytest-mock',
'nose',
'coverage',
'mock',
......
import os
import pytest
from flask import url_for
from urllib.request import urlopen
from burpui import create_app
@pytest.fixture(scope="session")
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
bui = create_app(debug=12, logfile='/dev/null', gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['DEBUG'] = False
bui.config['TESTING'] = True
bui.config['LOGIN_DISABLED'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['CFG'] = conf
bui.login_manager.init_app(bui)
return bui
def test_server_is_up_and_running(live_server):
import socket
import errno
try:
url = url_for("view.home", _external=True)
response = urlopen(url)
assert response.code == 200
except socket.error as exp:
if exp.errno != errno.ECONNRESET:
raise
This diff is collapsed.
import os
import pytest
from flask import url_for
from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test6.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
bui.client.port = 9999
return bui
def login(client, username, password, headers=None):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), headers=headers, follow_redirects=True)
def logout(client):
return client.get(url_for('view.logout'), follow_redirects=True)
def test_login_ko(client):
rv = login(client, 'admin', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
logout(client)
def test_config_render(client):
login(client, 'admin', 'admin')
response = client.get(url_for('view.settings'))
assert 'Burp Server Configuration' in response.data.decode('utf-8')
logout(client)
def test_admin_api(client):
login(client, 'admin', 'admin')
response = client.get(url_for('api.auth_users'))
response2 = client.get(url_for('api.auth_backends'))
assert sorted(response.json, key=lambda k: k['name']) == sorted([{'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'}, {'id': 'user1', 'name': 'user1', 'backend': 'BASIC:AUTH'}], key=lambda k: k['name'])
assert sorted(response2.json, key=lambda k: k['name']) == sorted([{'add': True, 'del': True, 'name': 'BASIC:AUTH', 'description': 'Uses the Burp-UI configuration file to load its rules.', 'priority': 100, 'type': 'authentication', 'mod': True}], key=lambda k: k['name'])
def test_change_password(client):
login(client, 'user1', 'password')
response = client.post(url_for('api.auth_users', name='user1'), data={'backend': 'BASIC:AUTH', 'old_password': 'plop', 'password': 'toto'}, headers={'X-Language': 'en'})
assert response.status_code == 200
def test_config_render_ko(client):
login(client, 'user1', 'password')
response = client.get(url_for('view.settings'))
assert response.status_code == 403
logout(client)
def test_cli_settings_ko(client):
login(client, 'user1', 'password')
response = client.get(url_for('api.client_settings', client='toto'))
assert response.status_code == 403
logout(client)
def test_api_403(client):
response = client.get(url_for('api.client_settings', client='toto'), headers={'X-From-UI': True})
assert response.status_code == 403
def test_api_401(client):
response = client.get(url_for('api.client_settings', client='toto'))
assert response.status_code == 401
import os
import pytest
from flask import url_for
from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
bui = create_app(logfile='/dev/null', gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['TESTING'] = True
bui.config['LOGIN_DISABLED'] = True
bui.config['CFG'] = conf
bui.config['SECRET_KEY'] = 'nyan'
bui.login_manager.init_app(bui)
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
def test_no_clients(client):
response = client.get(url_for('api.clients_stats'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
def test_server_config_parsing(client, app):
login(client, 'admin', 'admin')
response = client.get(url_for('api.server_settings'))
asse = dict((
(
u'results',
{
u'common': [],
u'boolean': [],
u'integer': [],
u'multi': [],
u'pair': [],
u'includes': [],
u'includes_ext': [],
u'hierarchy': [{u'children': [], u'title': u'null', u'dir': u'/dev', u'full': u'/dev/null', u'name': u'null', u'parent': None}],
u'raw': '',
}
),
(u'boolean', app.client.get_parser_attr('boolean_srv')),
(u'string', app.client.get_parser_attr('string_srv')),
(u'integer', app.client.get_parser_attr('integer_srv')),
(u'multi', app.client.get_parser_attr('multi_srv')),
(u'pair', app.client.get_parser_attr('pair_associations')),
(u'advanced', app.client.get_parser_attr('advanced_type')),
(u'server_doc', app.client.get_parser_attr('doc')),
(u'suggest', app.client.get_parser_attr('values')),
(u'placeholders', app.client.get_parser_attr('placeholders')),
(u'defaults', app.client.get_parser_attr('defaults'))))
assert response.json == asse
def test_client_config_parsing(client, app):
login(client, 'admin', 'admin')
response = client.get(url_for('api.client_settings', client='toto'))
asse = dict((
(
u'results',
{
u'common': [],
u'boolean': [],
u'integer': [],
u'multi': [],
u'includes': [],
u'includes_ext': [],
u'hierarchy': [],
u'templates': [],
u'raw': None,
}
),
(u'boolean', app.client.get_parser_attr('boolean_cli')),
(u'string', app.client.get_parser_attr('string_cli')),
(u'integer', app.client.get_parser_attr('integer_cli')),
(u'multi', app.client.get_parser_attr('multi_cli')),
(u'server_doc', app.client.get_parser_attr('doc')),
(u'suggest', app.client.get_parser_attr('values')),
(u'placeholders', app.client.get_parser_attr('placeholders')),
(u'defaults', app.client.get_parser_attr('defaults'))))
assert response.json == asse
def test_restore(client):
response = client.post(url_for('api.restore', name='dummy', backup=1), data=dict(strip=False))
assert response.status_code == 400
def test_running_clients(client):
response = client.get(url_for('api.running_clients'))
assert response.json == []
def test_live_rendering(client):
response = client.get(url_for('api.counters', client='toto'))
assert response.status_code == 404
response = client.get(url_for('api.counters'))
assert response.status_code == 400
def test_servers_json(client):
response = client.get(url_for('api.servers_stats'))
assert response.json == []
def test_live(client):
response = client.get(url_for('api.live'))
assert response.json == []
def test_running(client):
response = client.get(url_for('api.running_backup'))
assert response.json == dict(running=False)
def test_client_tree(client):
response = client.get(url_for('api.client_tree', name='toto', backup=1))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
def test_clients_report_json(client):
response = client.get(url_for('api.clients_report'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
def test_client_stat_json(client):
response = client.get(url_for('api.client_stats', name='toto'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
response = client.get(url_for('api.client_stats', name='toto', backup=1))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
def test_client_json(client):
response = client.get(url_for('api.client_report', name='toto'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
assert response.status_code == 500
import os
import pytest
import tempfile
from flask import url_for
from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
_, logfile = tempfile.mkstemp()
bui = create_app(conf, 1, logfile, gunicorn=False, unittest=True)
bui.config['DEBUG'] = False
return bui
def test_auth_required(client):
response = client.get(url_for('api.about'))
assert response.status_code == 200
response = client.get(url_for('api.counters'))
assert response.status_code == 401
def test_auth_valid(client):
import base64
response = client.get(
url_for('api.live'),
headers={
'Authorization': 'Basic ' + base64.b64encode(b'admin:admin').decode('utf-8')
}
)
assert response.status_code == 200
import os
import pytest
from flask import url_for
from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
bui.client.port = 9999
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
def test_config_render(client):
login(client, 'admin', 'admin')
response = client.get(url_for('view.settings'))
assert 'Burp Server Configuration' in response.data.decode('utf-8')
def test_login_ok(client):
rv = login(client, 'admin', 'admin')
assert 'Logged in successfully' in rv.data.decode('utf-8')
def test_login_ko(client):
rv = login(client, 'admin', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
def test_login_no_user(client):
rv = login(client, 'toto', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
import os
import pytest
import mockredis
from flask import url_for
from burpui.app import create_app
class MyMockRedis(mockredis.MockRedis):
def setex(self, name, time, value):
return super(MyMockRedis, self).set(name, value, ex=time)
def mock_redis_client(**kwargs):
return MyMockRedis()
@pytest.fixture()
def app(mocker):
mocker.patch('redis.StrictRedis', mockredis.mock_strict_redis_client)
mocker.patch('redis.Redis', mock_redis_client)
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test8.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
bui.config['LOGIN_DISABLED'] = False
bui.client.port = 9999
with bui.app_context():
from burpui.app import create_db
from burpui.ext.sql import db
from burpui.models import Session, Task # noqa
bui.config['WITH_SQL'] = True
create_db(bui, True)
db.create_all()
db.session.commit()
yield bui
if os.path.exists('this-file-should-not-exist'):
os.rmdir('this-file-should-not-exist')
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en',
remember=False
), follow_redirects=True)
def logout(client):
return client.get(url_for('view.logout'), follow_redirects=True)
def test_login_and_revoke_session(client):
login(client, 'admin', 'admin')
response = client.get(url_for('api.admin_me'))
assert response.json == {'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'}
sess = client.get(url_for('api.user_sessions'))
assert len(sess.json) > 0
assert "uuid" in sess.json[0]
delete = client.delete(url_for('api.user_sessions', id=sess.json[0]['uuid']))
assert delete.status_code == 201
logout(client)
response = client.get(url_for('api.admin_me'))
assert response.status_code == 401
def test_current_session(app):
# with self.app.test_client() as c:
# with c.session_transaction() as sess:
# sess['authenticated'] = True
from burpui.sessions import session_manager
from burpui.ext.sql import db
from burpui.models import Session
from datetime import datetime
session_manager.store_session('toto')
assert session_manager.session_expired() is False
sess = Session.query.filter_by(uuid=session_manager.get_session_id()).first()
sess.timestamp = datetime.utcfromtimestamp(0)
db.session.commit()
assert session_manager.session_expired() is True
import os
import pytest
import mockredis
from flask import url_for
from burpui.app import create_app
def mock_status(query='\n', timeout=None, agent=None):
answers = {
'': ['testclient 2 i 0'],
'\n': ['testclient 2 i 0'],
}
return answers.get(query, [])
@pytest.fixture
def app(mocker):
mocker.patch('socket.socket')
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test4.cfg')
bui = create_app(conf, logfile='/dev/null', gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['SECRET_KEY'] = 'toto'
bui.config['WTF_CSRF_ENABLED'] = False
bui.login_manager.init_app(bui)
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
def test_get_clients(client, mocker):
mocker.patch('burpui.misc.backend.burp1.Burp.status', side_effect=mock_status)
login(client, 'admin', 'admin')
response = client.get(url_for('api.clients_stats'))
assert sorted(response.json, key=lambda k: k['name']) == sorted([{u'state': u'idle', u'last': u'never', u'name': u'testclient', u'phase': None, u'percent': 0, u'labels': []}], key=lambda k: k['name'])
# def test_live_monitor(self):
# with patch('burpui.misc.backend.burp1.Burp.status', side_effect=mock_status):
# response = self.client.get(url_for('view.live_monitor'), follow_redirects=True)
# assert 'Sorry, there are no running backups' in response.data.decode('utf-8')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment