github-starred/burp-ui
2
0
Fork 0
mirror of https://github.com/ziirish/burp-ui.git synced 2026-05-15 14:16:08 -06:00
Code Issues 1 Projects Packages Wiki Activity Actions

use black to format the code

Browse source
This commit is contained in:
ziirish 2021-05-12 17:47:01 +02:00
parent 3dd7885bfb
commit 43253d8265
No known key found for this signature in database
GPG key ID: 72DB229A64B54E46
98 changed files with 10728 additions and 8599 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tests/conftest.py
View file

@ -13,14 +13,15 @@ PWD = os.path.dirname(os.path.realpath(__file__))
@pytest.fixture
def app():
conf = os.path.join(PWD, 'configs/test_api_prefs.cfg')
bui = BUIinit(conf, logfile='/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['SECRET_KEY'] = 'nyan'
bui.config['WTF_CSRF_ENABLED'] = False
conf = os.path.join(PWD, "configs/test_api_prefs.cfg")
bui = BUIinit(conf, logfile="/dev/null", gunicorn=False, unittest=True)
bui.config["TESTING"] = True
bui.config["SECRET_KEY"] = "nyan"
bui.config["WTF_CSRF_ENABLED"] = False
with bui.app_context():
from burpui.ext.sql import db
from burpui.models import lazy_loading
lazy_loading()
db.create_all()
db.session.commit()
@ -31,9 +32,9 @@ def app():
def parser(app):
tmpdir = tempfile.mkdtemp()
shutil.rmtree(tmpdir) # remove the dir since copytree will recreate it
shutil.copytree(os.path.join(PWD, 'burp'), tmpdir)
confsrv = os.path.join(tmpdir, 'burp-server.conf')
confcli = os.path.join(tmpdir, 'burp.conf')
shutil.copytree(os.path.join(PWD, "burp"), tmpdir)
confsrv = os.path.join(tmpdir, "burp-server.conf")
confcli = os.path.join(tmpdir, "burp.conf")
parser = Parser(app.client)
parser.init_app(confsrv, confcli)

18
tests/functional/test_live_server.py
View file

@ -10,14 +10,17 @@ from burpui import create_app
@pytest.fixture(scope="session")
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
bui = create_app(debug=12, logfile='/dev/null', gunicorn=False, unittest=True)
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)),
"../../share/burpui/etc/burpui.sample.cfg",
)
bui = create_app(debug=12, logfile="/dev/null", gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['DEBUG'] = False
bui.config['TESTING'] = True
bui.config['LOGIN_DISABLED'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['CFG'] = conf
bui.config["DEBUG"] = False
bui.config["TESTING"] = True
bui.config["LOGIN_DISABLED"] = True
bui.config["LIVESERVER_PORT"] = 5001
bui.config["CFG"] = conf
bui.login_manager.init_app(bui)
return bui
@ -25,6 +28,7 @@ def app():
def test_server_is_up_and_running(live_server):
import socket
import errno
try:
url = url_for("view.home", _external=True)
response = urlopen(url)

65
tests/functional/test_prefs_api.py
View file

@ -4,66 +4,83 @@ from flask import url_for
def login(client, username, password):
url = url_for('view.login')
return client.post(url, data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
url = url_for("view.login")
return client.post(
url,
data=dict(username=username, password=password, language="en"),
follow_redirects=True,
)
def logout(client):
return client.get('view.logout', follow_redirects=True)
return client.get("view.logout", follow_redirects=True)
def test_prefs_hide(client, app):
login(client, 'admin', 'admin')
URL = url_for('api.prefs_ui_hide')
login(client, "admin", "admin")
URL = url_for("api.prefs_ui_hide")
response = client.get(URL)
assert response.json == []
response = client.put(URL, data=dict(name='test', agent=None))
response = client.put(URL, data=dict(name="test", agent=None))
assert response.status_code == 201
assert response.json == {'client': 'test', 'server': None}
assert response.json == {"client": "test", "server": None}
response = client.put(URL, data=dict(name='test', agent=None))
response = client.put(URL, data=dict(name="test", agent=None))
assert response.status_code == 200
response = client.delete(URL, data=dict(name='test', agent=None))
response = client.delete(URL, data=dict(name="test", agent=None))
assert response.status_code == 204
response = client.get(URL)
assert response.json == []
app.config['WITH_SQL'] = False
app.config["WITH_SQL"] = False
response = client.get(URL)
assert response.json == []
response = client.put(URL, data=dict(name='test', agent=None))
response = client.put(URL, data=dict(name="test", agent=None))
assert response.status_code == 200
assert response.json == []
app.config['WITH_SQL'] = True
app.config["WITH_SQL"] = True
logout(client)
def test_prefs(client, app):
login(client, 'admin', 'admin')
URL = url_for('api.prefs_ui')
login(client, "admin", "admin")
URL = url_for("api.prefs_ui")
response = client.get(URL)
assert response.json == {'language': 'en', 'dateFormat': None, 'pageLength': None, 'timezone': None}
assert response.json == {
"language": "en",
"dateFormat": None,
"pageLength": None,
"timezone": None,
}
response = client.put(URL, data=dict(language='fr', dateFormat='llll', pageLength=25, timezone='UTC'))
response = client.put(
URL, data=dict(language="fr", dateFormat="llll", pageLength=25, timezone="UTC")
)
assert response.status_code == 201
assert response.json == {'language': 'fr', 'dateFormat': 'llll', 'pageLength': 25, 'timezone': 'UTC'}
assert response.json == {
"language": "fr",
"dateFormat": "llll",
"pageLength": 25,
"timezone": "UTC",
}
response = client.post(URL, data=dict(language='en'))
response = client.post(URL, data=dict(language="en"))
assert response.status_code == 200
assert response.json == {'language': 'en'}
assert response.json == {"language": "en"}
response = client.delete(URL, data=dict(pageLength=25))
assert response.status_code == 200
assert response.json == {'language': 'en', 'dateFormat': 'llll', 'pageLength': None, 'timezone': 'UTC'}
assert response.json == {
"language": "en",
"dateFormat": "llll",
"pageLength": None,
"timezone": "UTC",
}
logout(client)

86
tests/unit/test_acl.py
View file

@ -8,73 +8,101 @@ from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test6.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "../configs/test6.cfg"
)
bui = create_app(conf, False, "/dev/null", gunicorn=False, unittest=True)
bui.config["TESTING"] = True
bui.config["LIVESERVER_PORT"] = 5001
bui.config["WTF_CSRF_ENABLED"] = False
bui.client.port = 9999
return bui
def login(client, username, password, headers=None):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), headers=headers, follow_redirects=True)
return client.post(
url_for("view.login"),
data=dict(username=username, password=password, language="en"),
headers=headers,
follow_redirects=True,
)
def logout(client):
return client.get(url_for('view.logout'), follow_redirects=True)
return client.get(url_for("view.logout"), follow_redirects=True)
def test_login_ko(client):
rv = login(client, 'admin', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
rv = login(client, "admin", "toto")
assert "Wrong username or password" in rv.data.decode("utf-8")
logout(client)
def test_config_render(client):
login(client, 'admin', 'admin')
response = client.get(url_for('view.settings'))
assert 'Burp Server Configuration' in response.data.decode('utf-8')
login(client, "admin", "admin")
response = client.get(url_for("view.settings"))
assert "Burp Server Configuration" in response.data.decode("utf-8")
logout(client)
def test_admin_api(client):
login(client, 'admin', 'admin')
response = client.get(url_for('api.auth_users'))
response2 = client.get(url_for('api.auth_backends'))
assert sorted(response.json, key=lambda k: k['name']) == sorted([{'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'}, {'id': 'user1', 'name': 'user1', 'backend': 'BASIC:AUTH'}], key=lambda k: k['name'])
assert sorted(response2.json, key=lambda k: k['name']) == sorted([{'add': True, 'del': True, 'name': 'BASIC:AUTH', 'description': 'Uses the Burp-UI configuration file to load its rules.', 'priority': 100, 'type': 'authentication', 'mod': True}], key=lambda k: k['name'])
login(client, "admin", "admin")
response = client.get(url_for("api.auth_users"))
response2 = client.get(url_for("api.auth_backends"))
assert sorted(response.json, key=lambda k: k["name"]) == sorted(
[
{"id": "admin", "name": "admin", "backend": "BASIC:AUTH"},
{"id": "user1", "name": "user1", "backend": "BASIC:AUTH"},
],
key=lambda k: k["name"],
)
assert sorted(response2.json, key=lambda k: k["name"]) == sorted(
[
{
"add": True,
"del": True,
"name": "BASIC:AUTH",
"description": "Uses the Burp-UI configuration file to load its rules.",
"priority": 100,
"type": "authentication",
"mod": True,
}
],
key=lambda k: k["name"],
)
def test_change_password(client):
login(client, 'user1', 'password')
response = client.post(url_for('api.auth_users', name='user1'), data={'backend': 'BASIC:AUTH', 'old_password': 'plop', 'password': 'toto'}, headers={'X-Language': 'en'})
login(client, "user1", "password")
response = client.post(
url_for("api.auth_users", name="user1"),
data={"backend": "BASIC:AUTH", "old_password": "plop", "password": "toto"},
headers={"X-Language": "en"},
)
assert response.status_code == 200
def test_config_render_ko(client):
login(client, 'user1', 'password')
response = client.get(url_for('view.settings'))
login(client, "user1", "password")
response = client.get(url_for("view.settings"))
assert response.status_code == 403
logout(client)
def test_cli_settings_ko(client):
login(client, 'user1', 'password')
response = client.get(url_for('api.client_settings', client='toto'))
login(client, "user1", "password")
response = client.get(url_for("api.client_settings", client="toto"))
assert response.status_code == 403
logout(client)
def test_api_403(client):
response = client.get(url_for('api.client_settings', client='toto'), headers={'X-From-UI': True})
response = client.get(
url_for("api.client_settings", client="toto"), headers={"X-From-UI": True}
)
assert response.status_code == 403
def test_api_401(client):
response = client.get(url_for('api.client_settings', client='toto'))
response = client.get(url_for("api.client_settings", client="toto"))
assert response.status_code == 401

183
tests/unit/test_api.py
View file

@ -8,145 +8,164 @@ from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
bui = create_app(logfile='/dev/null', gunicorn=False, unittest=True)
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "../configs/test2.cfg"
)
bui = create_app(logfile="/dev/null", gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['TESTING'] = True
bui.config['LOGIN_DISABLED'] = True
bui.config['CFG'] = conf
bui.config['SECRET_KEY'] = 'nyan'
bui.config["TESTING"] = True
bui.config["LOGIN_DISABLED"] = True
bui.config["CFG"] = conf
bui.config["SECRET_KEY"] = "nyan"
bui.login_manager.init_app(bui)
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
return client.post(
url_for("view.login"),
data=dict(username=username, password=password, language="en"),
follow_redirects=True,
)
def test_no_clients(client):
response = client.get(url_for('api.clients_stats'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.clients_stats"))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500
def test_server_config_parsing(client, app):
login(client, 'admin', 'admin')
response = client.get(url_for('api.server_settings'))
asse = dict((
(
u'results',
{
u'common': [],
u'boolean': [],
u'integer': [],
u'multi': [],
u'pair': [],
u'includes': [],
u'includes_ext': [],
u'hierarchy': [{u'children': [], u'title': u'null', u'dir': u'/dev', u'full': u'/dev/null', u'name': u'null', u'parent': None}],
u'raw': '',
}
),
(u'boolean', app.client.get_parser_attr('boolean_srv')),
(u'string', app.client.get_parser_attr('string_srv')),
(u'integer', app.client.get_parser_attr('integer_srv')),
(u'multi', app.client.get_parser_attr('multi_srv')),
(u'pair', app.client.get_parser_attr('pair_associations')),
(u'advanced', app.client.get_parser_attr('advanced_type')),
(u'server_doc', app.client.get_parser_attr('doc')),
(u'suggest', app.client.get_parser_attr('values')),
(u'placeholders', app.client.get_parser_attr('placeholders')),
(u'defaults', app.client.get_parser_attr('defaults'))))
login(client, "admin", "admin")
response = client.get(url_for("api.server_settings"))
asse = dict(
(
(
u"results",
{
u"common": [],
u"boolean": [],
u"integer": [],
u"multi": [],
u"pair": [],
u"includes": [],
u"includes_ext": [],
u"hierarchy": [
{
u"children": [],
u"title": u"null",
u"dir": u"/dev",
u"full": u"/dev/null",
u"name": u"null",
u"parent": None,
}
],
u"raw": "",
},
),
(u"boolean", app.client.get_parser_attr("boolean_srv")),
(u"string", app.client.get_parser_attr("string_srv")),
(u"integer", app.client.get_parser_attr("integer_srv")),
(u"multi", app.client.get_parser_attr("multi_srv")),
(u"pair", app.client.get_parser_attr("pair_associations")),
(u"advanced", app.client.get_parser_attr("advanced_type")),
(u"server_doc", app.client.get_parser_attr("doc")),
(u"suggest", app.client.get_parser_attr("values")),
(u"placeholders", app.client.get_parser_attr("placeholders")),
(u"defaults", app.client.get_parser_attr("defaults")),
)
)
assert response.json == asse
def test_client_config_parsing(client, app):
login(client, 'admin', 'admin')
response = client.get(url_for('api.client_settings', client='toto'))
asse = dict((
(
u'results',
{
u'common': [],
u'boolean': [],
u'integer': [],
u'multi': [],
u'includes': [],
u'includes_ext': [],
u'hierarchy': [],
u'templates': [],
u'raw': None,
}
),
(u'boolean', app.client.get_parser_attr('boolean_cli')),
(u'string', app.client.get_parser_attr('string_cli')),
(u'integer', app.client.get_parser_attr('integer_cli')),
(u'multi', app.client.get_parser_attr('multi_cli')),
(u'server_doc', app.client.get_parser_attr('doc')),
(u'suggest', app.client.get_parser_attr('values')),
(u'placeholders', app.client.get_parser_attr('placeholders')),
(u'defaults', app.client.get_parser_attr('defaults'))))
login(client, "admin", "admin")
response = client.get(url_for("api.client_settings", client="toto"))
asse = dict(
(
(
u"results",
{
u"common": [],
u"boolean": [],
u"integer": [],
u"multi": [],
u"includes": [],
u"includes_ext": [],
u"hierarchy": [],
u"templates": [],
u"raw": None,
},
),
(u"boolean", app.client.get_parser_attr("boolean_cli")),
(u"string", app.client.get_parser_attr("string_cli")),
(u"integer", app.client.get_parser_attr("integer_cli")),
(u"multi", app.client.get_parser_attr("multi_cli")),
(u"server_doc", app.client.get_parser_attr("doc")),
(u"suggest", app.client.get_parser_attr("values")),
(u"placeholders", app.client.get_parser_attr("placeholders")),
(u"defaults", app.client.get_parser_attr("defaults")),
)
)
assert response.json == asse
def test_restore(client):
response = client.post(url_for('api.restore', name='dummy', backup=1), data=dict(strip=False))
response = client.post(
url_for("api.restore", name="dummy", backup=1), data=dict(strip=False)
)
assert response.status_code == 400
def test_running_clients(client):
response = client.get(url_for('api.running_clients'))
response = client.get(url_for("api.running_clients"))
assert response.json == []
def test_live_rendering(client):
response = client.get(url_for('api.counters', client='toto'))
response = client.get(url_for("api.counters", client="toto"))
assert response.status_code == 404
response = client.get(url_for('api.counters'))
response = client.get(url_for("api.counters"))
assert response.status_code == 400
def test_servers_json(client):
response = client.get(url_for('api.servers_stats'))
response = client.get(url_for("api.servers_stats"))
assert response.json == []
def test_live(client):
response = client.get(url_for('api.live'))
response = client.get(url_for("api.live"))
assert response.json == []
def test_running(client):
response = client.get(url_for('api.running_backup'))
response = client.get(url_for("api.running_backup"))
assert response.json == dict(running=False)
def test_client_tree(client):
response = client.get(url_for('api.client_tree', name='toto', backup=1))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.client_tree", name="toto", backup=1))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500
def test_clients_report_json(client):
response = client.get(url_for('api.clients_report'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.clients_report"))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500
def test_client_stat_json(client):
response = client.get(url_for('api.client_stats', name='toto'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.client_stats", name="toto"))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500
response = client.get(url_for('api.client_stats', name='toto', backup=1))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.client_stats", name="toto", backup=1))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500
def test_client_json(client):
response = client.get(url_for('api.client_report', name='toto'))
assert response.json['message'] == 'Cannot contact burp server at 127.0.0.1:9999'
response = client.get(url_for("api.client_report", name="toto"))
assert response.json["message"] == "Cannot contact burp server at 127.0.0.1:9999"
assert response.status_code == 500

17
tests/unit/test_basic_auth.py
View file

@ -9,26 +9,29 @@ from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "../configs/test2.cfg"
)
_, logfile = tempfile.mkstemp()
bui = create_app(conf, 1, logfile, gunicorn=False, unittest=True)
bui.config['DEBUG'] = False
bui.config["DEBUG"] = False
return bui
def test_auth_required(client):
response = client.get(url_for('api.about'))
response = client.get(url_for("api.about"))
assert response.status_code == 200
response = client.get(url_for('api.counters'))
response = client.get(url_for("api.counters"))
assert response.status_code == 401
def test_auth_valid(client):
import base64
response = client.get(
url_for('api.live'),
url_for("api.live"),
headers={
'Authorization': 'Basic ' + base64.b64encode(b'admin:admin').decode('utf-8')
}
"Authorization": "Basic " + base64.b64encode(b"admin:admin").decode("utf-8")
},
)
assert response.status_code == 200

91
tests/unit/test_config.py
View file

@ -1,6 +1,7 @@
import os
import pytest
import configobj
# import validate
from tempfile import mkstemp
@ -30,7 +31,7 @@ hi ha ho
def test_config_init():
casters = ['string_lower_list', 'force_string', 'boolean_or_string']
casters = ["string_lower_list", "force_string", "boolean_or_string"]
fd, tmpfile = mkstemp()
os.write(fd, TEST_CONFIG)
os.close(fd)
@ -43,26 +44,26 @@ def test_config_init():
with pytest.raises(configobj.ConfigObjError):
BUIConfig(wrong, defaults={})
assert config.safe_get('backend', section='Global') == 'something'
assert config.safe_get('timeout', 'integer', 'Global') == 12
assert config.safe_get("backend", section="Global") == "something"
assert config.safe_get("timeout", "integer", "Global") == 12
config.default_section('Production')
config.default_section("Production")
assert config.safe_get('duplicate') == 'cat'
assert config.safe_get('duplicate', section='Global') == 'nyan'
assert config.safe_get('run', 'boolean_or_string') is True
assert config.safe_get('sql', 'boolean_or_string') == 'none'
assert config.safe_get("duplicate") == "cat"
assert config.safe_get("duplicate", section="Global") == "nyan"
assert config.safe_get("run", "boolean_or_string") is True
assert config.safe_get("sql", "boolean_or_string") == "none"
array = config.safe_get('array', 'string_lower_list')
assert array[1] == 'values'
assert array[0] == 'some'
assert isinstance(config.safe_get('array'), list)
array = config.safe_get("array", "string_lower_list")
assert array[1] == "values"
assert array[0] == "some"
assert isinstance(config.safe_get("array"), list)
assert config.safe_get('array', 'force_string') == 'some,VALUES'
assert config.safe_get("array", "force_string") == "some,VALUES"
for cast in casters:
# safe_get is safe and shouldn't raise any exception
assert config.safe_get('i iz not in ze config!', cast) is None
assert config.safe_get("i iz not in ze config!", cast) is None
os.unlink(tmpfile)
os.unlink(wrong)
@ -74,14 +75,14 @@ def test_config_reload():
os.close(fd)
config = BUIConfig(tmpfile)
assert 'last' not in config.options.get('Production', {})
assert "last" not in config.options.get("Production", {})
with open(tmpfile, 'a') as cfg:
with open(tmpfile, "a") as cfg:
print("last = ohai", file=cfg)
config.mtime = -1
assert 'last' in config.options.get('Production', {})
assert config.options.get('Production', {}).get('last') == 'ohai'
assert "last" in config.options.get("Production", {})
assert config.options.get("Production", {}).get("last") == "ohai"
os.unlink(tmpfile)
@ -94,22 +95,22 @@ def test_config_sections():
with open(tmpfile) as cfg:
lines = [x.rstrip() for x in cfg.readlines()]
assert '[Unknown]' not in lines
assert '[Test]' not in lines
assert "[Unknown]" not in lines
assert "[Test]" not in lines
assert not config.lookup_section('Unknown')
assert not config.lookup_section("Unknown")
with open(tmpfile) as cfg:
lines = [x.rstrip() for x in cfg.readlines()]
assert '[Unknown]' in lines
assert lines[-1] == '[Unknown]'
assert "[Unknown]" in lines
assert lines[-1] == "[Unknown]"
assert not config.lookup_section('Test')
assert not config.lookup_section("Test")
with open(tmpfile) as cfg:
lines = [x.rstrip() for x in cfg.readlines()]
assert '[Test]' in lines
assert lines[-1] != '[Test]'
assert "[Test]" in lines
assert lines[-1] != "[Test]"
assert config.lookup_section('Production')
assert config.lookup_section("Production")
os.unlink(tmpfile)
@ -122,13 +123,13 @@ def test_config_rename_section():
with open(tmpfile) as cfg:
lines = [x.rstrip() for x in cfg.readlines()]
assert '[Production2]' not in lines
assert "[Production2]" not in lines
assert not config.rename_section('Unknown', 'Test')
assert config.rename_section('Production', 'Production2')
assert not config.rename_section("Unknown", "Test")
assert config.rename_section("Production", "Production2")
with open(tmpfile) as cfg:
lines = [x.rstrip() for x in cfg.readlines()]
assert '[Production2]' in lines
assert "[Production2]" in lines
os.unlink(tmpfile)
@ -139,17 +140,17 @@ def test_config_rename_option():
os.close(fd)
config = BUIConfig(tmpfile)
config.default_section('Global')
config.default_section("Global")
with pytest.raises(KeyError):
config.rename_option('unknown', 'yeah', 'Global')
config.rename_option("unknown", "yeah", "Global")
with pytest.raises(ValueError):
config.rename_option('test', 'truc', 'Unknown')
config.rename_option("test", "truc", "Unknown")
assert 'back' not in config.options.get('Global', {})
assert not config.rename_option('backend', 'backend', 'Global')
assert config.rename_option('backend', 'back', 'Global')
assert config.safe_get('back') == 'something'
assert "back" not in config.options.get("Global", {})
assert not config.rename_option("backend", "backend", "Global")
assert config.rename_option("backend", "back", "Global")
assert config.safe_get("back") == "something"
os.unlink(tmpfile)
@ -160,11 +161,11 @@ def test_config_move_option():
os.close(fd)
config = BUIConfig(tmpfile)
assert 'New' not in config.options
assert 'backend' not in config.options.get('New', {})
assert not config.move_option('backend', 'Global', 'Global')
assert config.move_option('backend', 'Global', 'New')
assert config.safe_get('backend', section='New') == 'something'
assert "New" not in config.options
assert "backend" not in config.options.get("New", {})
assert not config.move_option("backend", "Global", "Global")
assert config.move_option("backend", "Global", "New")
assert config.safe_get("backend", section="New") == "something"
os.unlink(tmpfile)
@ -175,7 +176,7 @@ def test_config_safe_get():
os.close(fd)
config = BUIConfig(tmpfile)
assert config.safe_get('timeout', 'idontknow', 'Global') == '12'
assert config.safe_get('test', section='hahaha') is None
assert config.safe_get("timeout", "idontknow", "Global") == "12"
assert config.safe_get("test", section="hahaha") is None
os.unlink(tmpfile)

41
tests/unit/test_login.py
View file

@ -8,39 +8,42 @@ from burpui.app import create_app
@pytest.fixture
def app():
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)),
"../../share/burpui/etc/burpui.sample.cfg",
)
bui = create_app(conf, False, "/dev/null", gunicorn=False, unittest=True)
bui.config["TESTING"] = True
bui.config["LIVESERVER_PORT"] = 5001
bui.config["WTF_CSRF_ENABLED"] = False
bui.client.port = 9999
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
return client.post(
url_for("view.login"),
data=dict(username=username, password=password, language="en"),
follow_redirects=True,
)
def test_config_render(client):
login(client, 'admin', 'admin')
response = client.get(url_for('view.settings'))
assert 'Burp Server Configuration' in response.data.decode('utf-8')
login(client, "admin", "admin")
response = client.get(url_for("view.settings"))
assert "Burp Server Configuration" in response.data.decode("utf-8")
def test_login_ok(client):
rv = login(client, 'admin', 'admin')
assert 'Logged in successfully' in rv.data.decode('utf-8')
rv = login(client, "admin", "admin")
assert "Logged in successfully" in rv.data.decode("utf-8")
def test_login_ko(client):
rv = login(client, 'admin', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
rv = login(client, "admin", "toto")
assert "Wrong username or password" in rv.data.decode("utf-8")
def test_login_no_user(client):
rv = login(client, 'toto', 'toto')
assert 'Wrong username or password' in rv.data.decode('utf-8')
rv = login(client, "toto", "toto")
assert "Wrong username or password" in rv.data.decode("utf-8")

16
tests/unit/test_parser.py
View file

@ -6,15 +6,15 @@ from burpui.misc.parser.utils import OptionMulti, OptionInt
def test_confsrv(parser):
confsrv = parser.server_conf
stdout = confsrv.get('stdout')
keep = confsrv.get('keep')
keep_raw = confsrv.get_raw('keep')
port = confsrv.get('port')
port_raw = confsrv.get_raw('port')
stdout = confsrv.get("stdout")
keep = confsrv.get("keep")
keep_raw = confsrv.get_raw("keep")
port = confsrv.get("port")
port_raw = confsrv.get_raw("port")
assert stdout == 0
assert keep == [3, 2]
assert isinstance(keep_raw, OptionMulti)
assert keep_raw.dump() == 'keep := 3\nkeep = 2'
assert keep_raw.dump() == "keep := 3\nkeep = 2"
assert port == 4971
assert isinstance(port_raw, OptionInt)
# assert port_raw.dump() == 'port = 4971\nmax_children = 5'
@ -24,8 +24,8 @@ def test_save_conf(parser):
(tmp, tmp_dest) = tempfile.mkstemp()
os.close(tmp)
confsrv = parser.server_conf
confsrv['stdout'] = 1
confsrv["stdout"] = 1
confsrv.store(confsrv.default, tmp_dest, True)
with open(tmp_dest) as conf:
assert 'stdout = 1\n' in conf.readlines()
assert "stdout = 1\n" in conf.readlines()
os.unlink(tmp_dest)

53
tests/unit/test_redis.py
View file

@ -18,53 +18,55 @@ def mock_redis_client(**kwargs):
@pytest.fixture()
def app(mocker):
mocker.patch('redis.StrictRedis', mockredis.mock_strict_redis_client)
mocker.patch('redis.Redis', mock_redis_client)
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test8.cfg')
bui = create_app(conf, False, '/dev/null', gunicorn=False, unittest=True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['WTF_CSRF_ENABLED'] = False
bui.config['LOGIN_DISABLED'] = False
mocker.patch("redis.StrictRedis", mockredis.mock_strict_redis_client)
mocker.patch("redis.Redis", mock_redis_client)
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "../configs/test8.cfg"
)
bui = create_app(conf, False, "/dev/null", gunicorn=False, unittest=True)
bui.config["TESTING"] = True
bui.config["LIVESERVER_PORT"] = 5001
bui.config["WTF_CSRF_ENABLED"] = False
bui.config["LOGIN_DISABLED"] = False
bui.client.port = 9999
with bui.app_context():
from burpui.app import create_db
from burpui.ext.sql import db
from burpui.models import Session, Task # noqa
bui.config['WITH_SQL'] = True
bui.config["WITH_SQL"] = True
create_db(bui, True)
db.create_all()
db.session.commit()
yield bui
if os.path.exists('this-file-should-not-exist'):
os.rmdir('this-file-should-not-exist')
if os.path.exists("this-file-should-not-exist"):
os.rmdir("this-file-should-not-exist")
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en',
remember=False
), follow_redirects=True)
return client.post(
url_for("view.login"),
data=dict(username=username, password=password, language="en", remember=False),
follow_redirects=True,
)
def logout(client):
return client.get(url_for('view.logout'), follow_redirects=True)
return client.get(url_for("view.logout"), follow_redirects=True)
def test_login_and_revoke_session(client):
login(client, 'admin', 'admin')
response = client.get(url_for('api.admin_me'))
assert response.json == {'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'}
sess = client.get(url_for('api.user_sessions'))
login(client, "admin", "admin")
response = client.get(url_for("api.admin_me"))
assert response.json == {"id": "admin", "name": "admin", "backend": "BASIC:AUTH"}
sess = client.get(url_for("api.user_sessions"))
assert len(sess.json) > 0
assert "uuid" in sess.json[0]
delete = client.delete(url_for('api.user_sessions', id=sess.json[0]['uuid']))
delete = client.delete(url_for("api.user_sessions", id=sess.json[0]["uuid"]))
assert delete.status_code == 201
logout(client)
response = client.get(url_for('api.admin_me'))
response = client.get(url_for("api.admin_me"))
assert response.status_code == 401
@ -77,7 +79,8 @@ def test_current_session(app):
from burpui.ext.sql import db
from burpui.models import Session
from datetime import datetime
session_manager.store_session('toto')
session_manager.store_session("toto")
assert session_manager.session_expired() is False
sess = Session.query.filter_by(uuid=session_manager.get_session_id()).first()
sess.timestamp = datetime.utcfromtimestamp(0)

53
tests/unit/test_routes.py
View file

@ -6,41 +6,56 @@ from flask import url_for
from burpui.app import create_app
def mock_status(query='\n', timeout=None, agent=None):
def mock_status(query="\n", timeout=None, agent=None):
answers = {
'': ['testclient 2 i 0'],
'\n': ['testclient 2 i 0'],
"": ["testclient 2 i 0"],
"\n": ["testclient 2 i 0"],
}
return answers.get(query, [])
@pytest.fixture
def app(mocker):
mocker.patch('socket.socket')
conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test4.cfg')
bui = create_app(conf, logfile='/dev/null', gunicorn=False, unittest=True)
mocker.patch("socket.socket")
conf = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "../configs/test4.cfg"
)
bui = create_app(conf, logfile="/dev/null", gunicorn=False, unittest=True)
bui.setup(conf, True)
bui.config['TESTING'] = True
bui.config['LIVESERVER_PORT'] = 5001
bui.config['SECRET_KEY'] = 'toto'
bui.config['WTF_CSRF_ENABLED'] = False
bui.config["TESTING"] = True
bui.config["LIVESERVER_PORT"] = 5001
bui.config["SECRET_KEY"] = "toto"
bui.config["WTF_CSRF_ENABLED"] = False
bui.login_manager.init_app(bui)
return bui
def login(client, username, password):
return client.post(url_for('view.login'), data=dict(
username=username,
password=password,
language='en'
), follow_redirects=True)
return client.post(
url_for("view.login"),
data=dict(username=username, password=password, language="en"),
follow_redirects=True,
)
def test_get_clients(client, mocker):
mocker.patch('burpui.misc.backend.burp1.Burp.status', side_effect=mock_status)
login(client, 'admin', 'admin')
response = client.get(url_for('api.clients_stats'))
assert sorted(response.json, key=lambda k: k['name']) == sorted([{'state': 'idle', 'last': 'never', 'last_attempt': 'never', 'name': 'testclient', 'phase': None, 'percent': 0, 'labels': []}], key=lambda k: k['name'])
mocker.patch("burpui.misc.backend.burp1.Burp.status", side_effect=mock_status)
login(client, "admin", "admin")
response = client.get(url_for("api.clients_stats"))
assert sorted(response.json, key=lambda k: k["name"]) == sorted(
[
{
"state": "idle",
"last": "never",
"last_attempt": "never",
"name": "testclient",
"phase": None,
"percent": 0,
"labels": [],
}
],
key=lambda k: k["name"],
)
# def test_live_monitor(self):