improve test coverage

burpui/api/prefs.py

@@ -86,7 +86,7 @@ class PrefsUIHide(Resource):
                 db.session.add(hide)
                 try:
                     db.session.commit()
-                except:
+                except:  # pragma: no cover
                     db.session.rollback()
                     self.abort(500, 'Internal server error')
                 return hide, 201
@@ -115,7 +115,7 @@ class PrefsUIHide(Resource):
                 db.session.delete(hide)
                 try:
                     db.session.commit()
-                except:
+                except:  # pragma: no cover
                     db.session.rollback()
                     self.abort(500, 'Internal server error')
         return None, 204
@@ -172,7 +172,7 @@ class PrefsUI(Resource):
                 db.session.add(pref)
             try:
                 db.session.commit()
-            except:
+            except:  # pragma: no cover
                 db.session.rollback()
 
     def _update_prefs(self):
@@ -193,7 +193,7 @@ class PrefsUI(Resource):
                 if key == 'language':
                     self._user_language(temp)
                 sess[key] = temp
-            elif key in sess:
+            elif key in sess:  # pragma: no cover
                 del sess[key]
             ret[key] = temp
             self._store_prefs(key, temp)
@@ -258,7 +258,7 @@ class PrefsUI(Resource):
                             key=key
                         ).delete()
                         db.session.commit()
-                    except:
+                    except:  # pragma: no cover
                         db.session.rollback()
             ret[key] = sess.get(key)
 

burpui/misc/parser/burp1.py

@@ -33,9 +33,6 @@ class Parser(Doc):
         :type backend: :class:`burpui.misc.backend.burp1.Burp`
         """
         self.backend = backend
-        self.conf = getattr(backend, 'burpconfsrv', None)
-        self.confcli = getattr(backend, 'burpconfcli', None)
-        self.logger.info('Parser initialized with: {}'.format(self.conf))
         self.clients = []
         self._server_conf = {}
         self._client_conf = {}
@@ -50,6 +47,13 @@ class Parser(Doc):
         self.filescache = {}
         self._configs = {}
         self.root = None
+        if self.backend:
+            self.init_app()
+
+    def init_app(self, confsrv=None, confcli=None):
+        self.conf = confsrv or getattr(self.backend, 'burpconfsrv', None)
+        self.confcli = confcli or getattr(self.backend, 'burpconfcli', None)
+        self.logger.info('Parser initialized with: {}'.format(self.conf))
         if self.conf:
             self.root = os.path.dirname(self.conf)
         # first run to setup vars
@@ -86,13 +90,16 @@ class Parser(Doc):
                 conf.parse(True)
         return self._clients_conf
 
+    def _cleanup(self):
+        self._server_conf.clear()
+        self._client_conf.clear()
+        self._clients_conf.clear()
+
     def _refresh_cache(self, purge=False):
         """Force cache refresh"""
         # empty all the caches
         if purge:
-            self._server_conf.clear()
-            self._client_conf.clear()
-            self._clients_conf.clear()
+            self._cleanup()
         self._list_templates(True)
         self._list_clients(True)
 
@@ -150,6 +157,7 @@ class Parser(Doc):
 
     def _load_all_conf(self):
         """Load all configurations"""
+        self._cleanup()
         self._load_conf_srv()
         self._load_conf_cli()
         self._load_conf_clients()

tests/configs/test_api_prefs.cfg

@@ -44,9 +44,9 @@ bconfcli = /dev/null
 # burp server configuration file used for the setting page
 bconfsrv = /dev/null
 
-# Please DO NOT touch the following line
-# @salted@
-[BASIC]
-priority = toto
-toto = pbkdf2:sha1:1000$HT0gMoYz$7540515e58f4ba54305664275a14ca5281c5d465
-admin = pbkdf2:sha1:1000$Dgq3Nimi$5befb4cf4c3a7da2549679732908df5f0298b016
+## Please DO NOT touch the following line
+## @salted@
+#[BASIC]
+#priority = toto
+#toto = pbkdf2:sha1:1000$HT0gMoYz$7540515e58f4ba54305664275a14ca5281c5d465
+#admin = pbkdf2:sha1:1000$Dgq3Nimi$5befb4cf4c3a7da2549679732908df5f0298b016

tests/conftest.py

@@ -3,18 +3,23 @@
 import pytest
 import sys
 import os
+import tempfile
+import shutil
 
 sys.path.append('{0}/..'.format(os.path.join(os.path.dirname(os.path.realpath(__file__)))))
 
-from burpui import create_app as BUIinit
+from burpui import create_app as BUIinit  # noqa
+from burpui.misc.parser.burp1 import Parser  # noqa
 
+PWD = os.path.dirname(os.path.realpath(__file__))
 
 @pytest.fixture
 def app():
-    conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test_api_prefs.cfg')
+    conf = os.path.join(PWD, 'configs/test_api_prefs.cfg')
     bui = BUIinit(conf, logfile='/dev/null', gunicorn=False, unittest=True)
     bui.config['TESTING'] = True
     bui.config['SECRET_KEY'] = 'nyan'
+    bui.config['WTF_CSRF_ENABLED'] = False
     with bui.app_context():
         from burpui.ext.sql import db
         from burpui.models import lazy_loading
@@ -22,3 +27,16 @@ def app():
         db.create_all()
         db.session.commit()
     yield bui
+
+@pytest.fixture
+def parser(app):
+    tmpdir = tempfile.mkdtemp()
+    shutil.copytree(os.path.join(PWD, 'burp'), tmpdir)
+    confsrv = os.path.join(tmpdir, 'burp-server.conf')
+    confcli = os.path.join(tmpdir, 'burp.conf')
+    parser = Parser(app)
+    parser.init_app(confsrv, confcli)
+
+    yield parser
+
+    shutil.rmtree(tmpdir)

tests/functional/test_prefs_api.py

@@ -0,0 +1,71 @@
+#!/usr/bin/env python
+# -*- coding: utf8 -*-
+import pytest
+
+from flask import url_for
+
+
+def login(client, username, password):
+    url = url_for('view.login')
+    return client.post(url, data=dict(
+        username=username,
+        password=password,
+        language='en'
+    ), follow_redirects=True)
+
+
+def logout(client):
+    return client.get('view.logout', follow_redirects=True)
+
+
+def test_prefs_hide(client, app):
+    rv = login(client, 'admin', 'admin')
+    URL = url_for('api.prefs_ui_hide')
+
+    response = client.get(URL)
+    assert response.json == []
+
+    response = client.put(URL, data=dict(name='test', agent=None))
+    assert response.status_code == 201
+    assert response.json == {'client': 'test', 'server': None}
+
+    response = client.put(URL, data=dict(name='test', agent=None))
+    assert response.status_code == 200
+
+    response = client.delete(URL, data=dict(name='test', agent=None))
+    assert response.status_code == 204
+
+    response = client.get(URL)
+    assert response.json == []
+
+    app.config['WITH_SQL'] = False
+    response = client.get(URL)
+    assert response.json == []
+    response = client.put(URL, data=dict(name='test', agent=None))
+    assert response.status_code == 200
+    assert response.json == []
+    app.config['WITH_SQL'] = True
+
+    rv = logout(client)
+
+
+def test_prefs(client, app):
+    rv = login(client, 'admin', 'admin')
+    URL = url_for('api.prefs_ui')
+
+    response = client.get(URL)
+    assert response.json == {'language': 'en', 'dateFormat': None, 'pageLength': None}
+
+    response = client.put(URL, data=dict(language='fr', dateFormat='llll', pageLength=25))
+    assert response.status_code == 201
+    assert response.json == {'language': 'fr', 'dateFormat': 'llll', 'pageLength': 25}
+
+    response = client.post(URL, data=dict(language='en'))
+    assert response.status_code == 200
+    assert response.json == {'language': 'en'}
+
+    response = client.delete(URL, data=dict(pageLength=25))
+    assert response.status_code == 200
+    assert response.json == {'language': 'en', 'dateFormat': 'llll', 'pageLength': None}
+
+    rv = logout(client)

tests/legacy/test_burpui.py

@@ -12,7 +12,7 @@ from flask_testing import LiveServerTestCase, TestCase
 from mock import patch
 from flask import url_for, session
 
-sys.path.append('{0}/..'.format(os.path.join(os.path.dirname(os.path.realpath(__file__)))))
+sys.path.append('{0}/../..'.format(os.path.join(os.path.dirname(os.path.realpath(__file__)))))
 
 from burpui import create_app as BUIinit
 
@@ -29,7 +29,7 @@ def mock_redis_client(**kwargs):
 class BurpuiLiveTestCase(LiveServerTestCase):
 
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../share/burpui/etc/burpui.sample.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
         bui = BUIinit(debug=12, logfile='/dev/null', gunicorn=False, unittest=True)
         bui.setup(conf, True)
         bui.config['DEBUG'] = False
@@ -68,7 +68,7 @@ class BurpuiAPIBasicHTTPTestCase(TestCase):
         os.unlink(self.logfile)
 
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test2.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
         _, self.logfile = tempfile.mkstemp()
         bui = BUIinit(conf, 1, self.logfile, gunicorn=False, unittest=True)
         bui.config['DEBUG'] = False
@@ -100,7 +100,7 @@ class BurpuiAPITestCase(TestCase):
         print ('\nTest 3 Finished!\n')
 
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test2.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test2.cfg')
         bui = BUIinit(logfile='/dev/null', gunicorn=False, unittest=True)
         bui.setup(conf, True)
         bui.config['TESTING'] = True
@@ -256,7 +256,7 @@ class BurpuiRoutesTestCase(TestCase):
 
     def create_app(self):
         with patch('socket.socket'):
-            conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test4.cfg')
+            conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test4.cfg')
             bui = BUIinit(conf, logfile='/dev/null', gunicorn=False, unittest=True)
             bui.setup(conf, True)
             bui.config['TESTING'] = True
@@ -297,7 +297,7 @@ class BurpuiLoginTestCase(TestCase):
         ), follow_redirects=True)
 
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../share/burpui/etc/burpui.sample.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../../share/burpui/etc/burpui.sample.cfg')
         bui = BUIinit(conf, False, '/dev/null', gunicorn=False, unittest=True)
         bui.config['TESTING'] = True
         bui.config['LIVESERVER_PORT'] = 5001
@@ -342,7 +342,7 @@ class BurpuiACLTestCase(TestCase):
         return self.client.get(url_for('view.logout'), follow_redirects=True)
 
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test6.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test6.cfg')
         bui = BUIinit(conf, False, '/dev/null', gunicorn=False, unittest=True)
         bui.config['TESTING'] = True
         bui.config['LIVESERVER_PORT'] = 5001
@@ -463,7 +463,7 @@ class BurpuiRedisTestCase(TestCase):
     @patch('redis.StrictRedis', mockredis.mock_strict_redis_client)
     @patch('redis.Redis', mock_redis_client)
     def create_app(self):
-        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'configs/test8.cfg')
+        conf = os.path.join(os.path.dirname(os.path.realpath(__file__)), '../configs/test8.cfg')
         bui = BUIinit(conf, False, '/dev/null', gunicorn=False, unittest=True)
         bui.config['TESTING'] = True
         bui.config['LIVESERVER_PORT'] = 5001

tests/test_prefs_api.py

@@ -1,22 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf8 -*-
-import pytest
-
-from flask import url_for
-
-def login(client, username, password):
-    url = url_for('view.login')
-    return client.post(url, data=dict(
-        username=username,
-        password=password,
-        language='en'
-    ), follow_redirects=True)
-
-
-def test_prefs_hide(client):
-    rv = login(client, 'admin', 'admin')
-    URL = url_for('api.prefs_ui_hide')
-    response = client.get(URL)
-    assert response.json == []
-    response = client.put(URL, data=dict(name='test', agent=None))
-    assert response.json == {'client': 'test', 'server': None}