Skip to content

Add TestGetCertInfo tests for get_cert_info() in ssl.py #1489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Raavi29 wants to merge 21 commits into
base: master
Choose a base branch
from
+102 −5
Open

Add TestGetCertInfo tests for get_cert_info() in ssl.py #1489

Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
7bb8c7b
Add unit tests for is_weak_hash_algo in ssl module
Raavi29 Mar 25, 2026
2722012
Move test file to mirror package structure (tests/core/lib/test_ssl.py)
Raavi29 Mar 25, 2026
b30c0bf
Fix header comment path and remove unused import
Raavi29 Mar 25, 2026
b69e332
Add tests for nettacker/core/ip.py - 61 tests, 83% coverage
Raavi29 Mar 25, 2026
f0832f4
Merge branch 'master' of https://github.com/OWASP/Nettacker
Raavi29 Apr 1, 2026
5aaf8f1
Add TestGetCertInfo tests for get_cert_info() in ssl.py
Raavi29 Apr 1, 2026
b226ae6
Fix pre-commit formatting: isort, ruff, ruff-format
Raavi29 Apr 1, 2026
1938893
Use runtime-generated certificate instead of hardcoded fixture
Raavi29 Apr 2, 2026
3b49f96
Remove misplaced tests/test_ip.py - already exists at tests/core/test…
Raavi29 Apr 2, 2026
6bde988
Ensure GPG signing on branch
Raavi29 Apr 4, 2026
7167746
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 4, 2026
495dfb1
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 10, 2026
a52d537
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 15, 2026
7e21bed
fix: use module-scoped fixture and fix misleading docstring in test_s…
Raavi29 Apr 17, 2026
c13e83b
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 17, 2026
f38288e
fix: normalize line endings in test_ssl.py
Raavi29 Apr 17, 2026
a7984fc
fix: use exact equality check to resolve CodeQL URL substring sanitiz…
Raavi29 Apr 17, 2026
ca9dea2
fix: correct subject assertion to match full certificate subject string
Raavi29 Apr 17, 2026
f14c68f
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 19, 2026
6f5d318
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 23, 2026
8638eb3
Merge branch 'master' into add-cert-info-tests-v2
Raavi29 Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 102 additions & 5 deletions tests/core/lib/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@
from unittest.mock import patch

import pytest
from OpenSSL import crypto

from nettacker.core.lib.ssl import (
SslEngine,
SslLibrary,
create_tcp_socket,
get_cert_info,
is_weak_cipher_suite,
is_weak_hash_algo,
is_weak_ssl_version,
Expand Down Expand Up @@ -152,27 +154,27 @@ class Substeps:
}


@pytest.fixture
@pytest.fixture(scope="module")
def ssl_engine():
return SslEngine()


@pytest.fixture
@pytest.fixture(scope="module")
def ssl_library():
return SslLibrary()


@pytest.fixture
@pytest.fixture(scope="module")
def substeps():
return Substeps()


@pytest.fixture
@pytest.fixture(scope="module")
def responses():
return Responses()


@pytest.fixture
@pytest.fixture(scope="module")
def connection_params():
return {"HOST": "example.com", "PORT": 80, "TIMEOUT": 60}

Expand Down Expand Up @@ -572,3 +574,98 @@ def test_response_conditions_matched_none_response(self, ssl_engine, substeps):
result = ssl_engine.response_conditions_matched(substeps.ssl_weak_version_vuln, None)

assert result == []


class TestGetCertInfo:
"""
Tests for get_cert_info(cert).

Uses a runtime-generated self-signed certificate so tests never rely on a hardcoded certificate that could expire. Certificate is created fresh for each test run using
pyOpenSSL with a 10-year validity window.
"""

@pytest.fixture(scope="module")
def self_signed_cert_pem(self):
"""Generate a fresh self-signed certificate valid for 10 years."""
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
cert = crypto.X509()
cert.get_subject().C = "US"
cert.get_subject().CN = "test.example.com"
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
cert.sign(k, "sha256")
return crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode()

def test_returns_dict(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert isinstance(result, dict)

def test_required_keys_present(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
expected_keys = [
"expired",
"self_signed",
"issuer",
"subject",
"signing_algo",
"weak_signing_algo",
"activation_date",
"expiration_date",
"not_activated",
"expiring_soon",
]
for key in expected_keys:
assert key in result, f"Missing key: {key}"

def test_self_signed_is_true(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert result["self_signed"] is True

def test_not_expired(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert result["expired"] is False

def test_subject_contains_cn(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert result["subject"] == "C=US, CN=test.example.com"

def test_signing_algo_is_string(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert isinstance(result["signing_algo"], str)

def test_activation_date_format(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert len(result["activation_date"]) == 10
assert result["activation_date"][4] == "-"
assert result["activation_date"][7] == "-"

def test_expiration_date_format(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert len(result["expiration_date"]) == 10
assert result["expiration_date"][4] == "-"
assert result["expiration_date"][7] == "-"

def test_weak_signing_algo_false_for_sha256(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert result["weak_signing_algo"] is False

def test_weak_signing_algo_mocked_true(self, self_signed_cert_pem):
with patch("nettacker.core.lib.ssl.is_weak_hash_algo", return_value=True):
result = get_cert_info(self_signed_cert_pem)
assert result["weak_signing_algo"] is True

def test_weak_signing_algo_mocked_false(self, self_signed_cert_pem):
with patch("nettacker.core.lib.ssl.is_weak_hash_algo", return_value=False):
result = get_cert_info(self_signed_cert_pem)
assert result["weak_signing_algo"] is False

def test_not_activated_is_bool(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert isinstance(result["not_activated"], bool)

def test_expiring_soon_is_bool(self, self_signed_cert_pem):
result = get_cert_info(self_signed_cert_pem)
assert isinstance(result["expiring_soon"], bool)
Loading