-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathScannerTest.java
More file actions
162 lines (146 loc) · 7.17 KB
/
Copy pathScannerTest.java
File metadata and controls
162 lines (146 loc) · 7.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
package vulnerabilities;
import dev.aikido.agent_api.background.Endpoint;
import dev.aikido.agent_api.background.cloud.api.events.DetectedAttack;
import dev.aikido.agent_api.context.Context;
import dev.aikido.agent_api.storage.AttackQueue;
import dev.aikido.agent_api.storage.ServiceConfigStore;
import dev.aikido.agent_api.vulnerabilities.Detector;
import dev.aikido.agent_api.vulnerabilities.Scanner;
import dev.aikido.agent_api.vulnerabilities.Vulnerabilities;
import dev.aikido.agent_api.vulnerabilities.sql_injection.SQLInjectionException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import utils.EmptySampleContextObject;
import java.util.*;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import static utils.EmptyAPIResponses.emptyAPIResponse;
import static utils.EmptyAPIResponses.setEmptyConfigWithEndpointList;
class ScannerTest {
public static class SampleContextObject2 extends EmptySampleContextObject {
public SampleContextObject2(String ip) {
super("SELECT * FRO");
this.remoteAddress = ip;
}
}
public static class SampleContextObject3 extends EmptySampleContextObject {
public SampleContextObject3(String route) {
super("SELECT * FRO");
this.route = route;
this.url = "http://localhost:5050" + route;
}
}
@BeforeEach
void setUp() throws InterruptedException {
AttackQueue.clear();
Context.set(new EmptySampleContextObject("SELECT * FRO"));
setEmptyConfigWithEndpointList(List.of(
new Endpoint(
/* method */ "*", /* route */ "/api2/*",
/* rlm params */ 0, 0,
/* Allowed IPs */ List.of(), /* graphql */ false,
/* forceProtectionOff */ true, /* rlm */ false
),
new Endpoint(
/* method */ "*", /* route */ "/api3/*",
/* rlm params */ 0, 0,
/* Allowed IPs */ List.of(), /* graphql */ false,
/* forceProtectionOff */ false, /* rlm */ false
)
));
}
@AfterEach
void cleanup() {
Context.set(null);
AttackQueue.clear();
ServiceConfigStore.updateFromAPIResponse(emptyAPIResponse);
}
@Test
void testScanForGivenVulnerability_ContextIsNull() {
Vulnerabilities.Vulnerability mockVulnerability = mock(Vulnerabilities.Vulnerability.class);
Detector mockDetector = mock(Detector.class);
when(mockVulnerability.getDetector()).thenReturn(mockDetector);
Context.set(null);
Scanner.scanForGivenVulnerability(mockVulnerability, "operation", new String[]{"arg1"});
// Verify that no interactions occur when context is null
verify(mockDetector, times(1)).returnEarly(new String[]{"arg1"}); // Verify returnEarly is called once
verifyNoMoreInteractions(mockDetector); // Verify no other methods are
}
@Test
void testScanSafeSQLCode() throws InterruptedException {
ServiceConfigStore.updateBlocking(true);
// Safe :
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT", "postgresql"});
// Argument-mismatch, safe :
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM"});
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
// Unsafe :
AttackQueue.clear();
assertThrows(SQLInjectionException.class, () -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
DetectedAttack.DetectedAttackEvent attackEvent = (DetectedAttack.DetectedAttackEvent) AttackQueue.get();
assertEquals("SELECT * FRO", attackEvent.attack().payload());
assertEquals("PostgreSQL", attackEvent.attack().metadata().get("dialect"));
assertEquals("SELECT * FROM", attackEvent.attack().metadata().get("sql"));
}
@Test
void testScanSafeSQLCodeButBlockingFalse() {
ServiceConfigStore.updateBlocking(false);
// Safe :
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT", "postgresql"});
// Argument-mismatch, safe :
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM"});
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
// Unsafe :
assertDoesNotThrow(() -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
}
@Test
void testForceProtectionOff() {
ServiceConfigStore.updateBlocking(true);
// Thread cache does not force any protection off :
assertThrows(SQLInjectionException.class, () -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
// Set to protection forced off route :
Context.set(new SampleContextObject3("/api2/test/2/4"));
assertDoesNotThrow(() -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
Context.set(new SampleContextObject3("/api2/"));
assertDoesNotThrow(() -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
// Set to IP where route exists but protection is not forced off :
Context.set(new SampleContextObject3("/api3/test"));
assertThrows(SQLInjectionException.class, () -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
}
@Test
void testDoesNotRunWithContextNull() {
ServiceConfigStore.updateBlocking(true);
Context.set(null);
assertDoesNotThrow(() -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
}
@Test
void TestStillThrowsWithConfigStoreEmptyButBlockingEnabled() {
ServiceConfigStore.updateFromAPIResponse(emptyAPIResponse);
ServiceConfigStore.updateBlocking(true);
assertThrows(SQLInjectionException.class, () -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
}
@Test
void TestDoesNotThrowWithEmptyAPIResponse() {
ServiceConfigStore.updateFromAPIResponse(emptyAPIResponse);
assertDoesNotThrow(() -> {
Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
});
}
}