diff --git a/docker/tests/fixtures/baseline_plan_param_lc_a.yaml b/docker/tests/fixtures/baseline_plan_param_lc_a.yaml new file mode 100644 index 00000000000..427c62848e5 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_a.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_lc_c.yaml b/docker/tests/fixtures/baseline_plan_param_lc_c.yaml new file mode 100644 index 00000000000..975cd4562f0 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_c.yaml @@ -0,0 +1,29 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: + - id: 10001 + action: FAIL + customMessage: Custom message diff --git a/docker/tests/fixtures/baseline_plan_param_lc_d.yaml b/docker/tests/fixtures/baseline_plan_param_lc_d.yaml new file mode 100644 index 00000000000..549529aeedc --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_d.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: true +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_lc_j.yaml b/docker/tests/fixtures/baseline_plan_param_lc_j.yaml new file mode 100644 index 00000000000..ad3bd6f52e6 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_j.yaml @@ -0,0 +1,30 @@ +env: + contexts: + - excludePaths: [] + name: baseline + urls: + - https://example.com/ + parameters: + failOnError: true + progressToStdout: false +jobs: +- parameters: + enableTags: false + maxAlertsPerRule: 10 + type: passiveScan-config +- parameters: + maxDuration: 1 + url: https://example.com/ + type: spider +- parameters: + maxDuration: 1 + url: https://example.com/ + type: spiderAjax +- parameters: + maxDuration: 0 + type: passiveScan-wait +- parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] + type: outputSummary diff --git a/docker/tests/fixtures/baseline_plan_param_lc_m.yaml b/docker/tests/fixtures/baseline_plan_param_lc_m.yaml new file mode 100644 index 00000000000..0c35cb52f53 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_m.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 5 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_lc_plan-only.yaml b/docker/tests/fixtures/baseline_plan_param_lc_plan-only.yaml new file mode 100644 index 00000000000..427c62848e5 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_plan-only.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_lc_r.yaml b/docker/tests/fixtures/baseline_plan_param_lc_r.yaml new file mode 100644 index 00000000000..928dab1afa8 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_r.yaml @@ -0,0 +1,33 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] +- type: report + parameters: + template: traditional-html + reportDir: '' + reportFile: report.html + reportTitle: ZAP Scanning Report + reportDescription: '' diff --git a/docker/tests/fixtures/baseline_plan_param_lc_s.yaml b/docker/tests/fixtures/baseline_plan_param_lc_s.yaml new file mode 100644 index 00000000000..8ee307e221d --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_s.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Short + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_lc_u.yaml b/docker/tests/fixtures/baseline_plan_param_lc_u.yaml new file mode 100644 index 00000000000..975cd4562f0 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_u.yaml @@ -0,0 +1,29 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: + - id: 10001 + action: FAIL + customMessage: Custom message diff --git a/docker/tests/fixtures/baseline_plan_param_lc_w.yaml b/docker/tests/fixtures/baseline_plan_param_lc_w.yaml new file mode 100644 index 00000000000..d3d7713fe0f --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_w.yaml @@ -0,0 +1,33 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] +- type: report + parameters: + template: traditional-md + reportDir: '' + reportFile: report.md + reportTitle: ZAP Scanning Report + reportDescription: '' diff --git a/docker/tests/fixtures/baseline_plan_param_lc_x.yaml b/docker/tests/fixtures/baseline_plan_param_lc_x.yaml new file mode 100644 index 00000000000..0acb455907a --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_x.yaml @@ -0,0 +1,33 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] +- type: report + parameters: + template: traditional-xml + reportDir: '' + reportFile: report.xml + reportTitle: ZAP Scanning Report + reportDescription: '' diff --git a/docker/tests/fixtures/baseline_plan_param_lc_z.yaml b/docker/tests/fixtures/baseline_plan_param_lc_z.yaml new file mode 100644 index 00000000000..427c62848e5 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_lc_z.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_uc_i.yaml b/docker/tests/fixtures/baseline_plan_param_uc_i.yaml new file mode 100644 index 00000000000..427c62848e5 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_uc_i.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_param_uc_j.yaml b/docker/tests/fixtures/baseline_plan_param_uc_j.yaml new file mode 100644 index 00000000000..da55ac4ee17 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_uc_j.yaml @@ -0,0 +1,33 @@ +env: + contexts: + - excludePaths: [] + name: baseline + urls: + - https://example.com/ + parameters: + failOnError: true + progressToStdout: false +jobs: +- parameters: + enableTags: false + maxAlertsPerRule: 10 + type: passiveScan-config +- parameters: + maxDuration: 1 + url: https://example.com/ + type: spider +- parameters: + maxDuration: 0 + type: passiveScan-wait +- parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] + type: outputSummary +- parameters: + reportDescription: '' + reportDir: '' + reportFile: report.json + reportTitle: ZAP Scanning Report + template: traditional-json + type: report diff --git a/docker/tests/fixtures/baseline_plan_param_uc_p.yaml b/docker/tests/fixtures/baseline_plan_param_uc_p.yaml new file mode 100644 index 00000000000..427c62848e5 --- /dev/null +++ b/docker/tests/fixtures/baseline_plan_param_uc_p.yaml @@ -0,0 +1,26 @@ +env: + contexts: + - name: baseline + urls: + - https://example.com/ + excludePaths: [] + parameters: + failOnError: true + progressToStdout: false +jobs: +- type: passiveScan-config + parameters: + enableTags: false + maxAlertsPerRule: 10 +- type: spider + parameters: + url: https://example.com/ + maxDuration: 1 +- type: passiveScan-wait + parameters: + maxDuration: 0 +- type: outputSummary + parameters: + format: Long + summaryFile: {SUMMARY_FILE} + rules: [] diff --git a/docker/tests/fixtures/baseline_plan_supported.yaml b/docker/tests/fixtures/baseline_plan_param_uc_t.yaml similarity index 75% rename from docker/tests/fixtures/baseline_plan_supported.yaml rename to docker/tests/fixtures/baseline_plan_param_uc_t.yaml index 787c2798bfb..59d38d01cfa 100644 --- a/docker/tests/fixtures/baseline_plan_supported.yaml +++ b/docker/tests/fixtures/baseline_plan_param_uc_t.yaml @@ -2,7 +2,6 @@ env: contexts: - name: baseline urls: - - https://example.com/path - https://example.com/ excludePaths: [] parameters: @@ -16,16 +15,12 @@ jobs: - type: spider parameters: url: https://example.com/ - maxDuration: 5 -- type: spiderAjax - parameters: - url: https://example.com/ - maxDuration: 5 + maxDuration: 1 - type: passiveScan-wait parameters: maxDuration: 10 - type: outputSummary parameters: - format: Short + format: Long summaryFile: {SUMMARY_FILE} rules: [] diff --git a/docker/tests/test_zap_baseline_plan.py b/docker/tests/test_zap_baseline_plan.py index fc6efb5d83b..f7513e503ab 100644 --- a/docker/tests/test_zap_baseline_plan.py +++ b/docker/tests/test_zap_baseline_plan.py @@ -4,12 +4,15 @@ import tempfile import unittest from pathlib import Path -from unittest.mock import patch +from unittest.mock import Mock, patch import yaml class TestZapBaselinePlan(unittest.TestCase): + target = "https://example.com/" + config_content = "10001\tFAIL\tignore\tCustom message\n" + def load_module(self): docker_dir = Path(__file__).resolve().parents[1] module_path = docker_dir / "zap-baseline.py" @@ -31,21 +34,16 @@ def load_fixture_plan(self, fixture_name, summary_file): raw = raw.replace("{SUMMARY_FILE}", summary_file) return yaml.safe_load(raw) - def test_plan_only_supported_options(self): + def generate_plan(self, args, config_content=None, url_content=None): zap_baseline = self.load_module() - target = "https://example.com/path" with tempfile.TemporaryDirectory() as home_dir: summary_file = os.path.join(home_dir, "zap_out.json") plan_path = os.path.join(home_dir, "zap.yaml") - args = [ - "--plan-only", - "-t", target, - "-m", "5", - "-j", - "-T", "10", - "-s" - ] + + if config_content is not None: + config_path = os.path.join(home_dir, "config.conf") + Path(config_path).write_text(config_content, encoding="utf-8") original_cwd = os.getcwd() os.chdir(home_dir) @@ -54,30 +52,105 @@ def test_plan_only_supported_options(self): with patch.object(zap_baseline, "check_zap_client_version"): with patch.object(zap_baseline, "running_in_docker", return_value=False): with patch.object(zap_baseline.Path, "home", return_value=Path(home_dir)): - with self.assertRaises(SystemExit) as exc: - zap_baseline.main(args) + urlopen_patch = patch.object( + zap_baseline, + "urlopen", + return_value=Mock(read=lambda: url_content.encode("utf-8")) + ) + if url_content is not None: + with urlopen_patch: + with self.assertRaises(SystemExit) as exc: + zap_baseline.main(args) + else: + with self.assertRaises(SystemExit) as exc: + zap_baseline.main(args) self.assertEqual(0, exc.exception.code) finally: os.chdir(original_cwd) self.assertTrue(os.path.exists(plan_path)) generated_plan = yaml.safe_load(Path(plan_path).read_text(encoding="utf-8")) - expected_plan = self.load_fixture_plan("baseline_plan_supported.yaml", summary_file) - self.assertEqual(expected_plan, generated_plan) + return generated_plan, summary_file + + def assert_plan_matches_fixture(self, args, fixture_name, config_content=None, url_content=None): + generated_plan, summary_file = self.generate_plan( + args, + config_content=config_content, + url_content=url_content, + ) + expected_plan = self.load_fixture_plan(fixture_name, summary_file) + self.assertEqual(expected_plan, generated_plan) + + def test_param_plan_only(self): + args = ["--plan-only", "-t", self.target] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_plan-only.yaml") + + def test_param_c(self): + args = ["--plan-only", "-t", self.target, "-c", "config.conf"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_c.yaml", config_content=self.config_content) + + def test_param_u(self): + args = ["--plan-only", "-t", self.target, "-u", "https://config.example.com/rules.conf"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_u.yaml", url_content=self.config_content) + + def test_param_m(self): + args = ["--plan-only", "-t", self.target, "-m", "5"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_m.yaml") + + def test_param_r(self): + args = ["--plan-only", "-t", self.target, "-r", "report.html"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_r.yaml") + + def test_param_w(self): + args = ["--plan-only", "-t", self.target, "-w", "report.md"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_w.yaml") + + def test_param_x(self): + args = ["--plan-only", "-t", self.target, "-x", "report.xml"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_x.yaml") + + def test_param_J(self): + args = ["--plan-only", "-t", self.target, "-J", "report.json"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_j.yaml") + + def test_param_a(self): + args = ["--plan-only", "-t", self.target, "-a"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_a.yaml") + + def test_param_d(self): + args = ["--plan-only", "-t", self.target, "-d"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_d.yaml") + + def test_param_P(self): + args = ["--plan-only", "-t", self.target, "-P", "12345"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_p.yaml") + + def test_param_I(self): + args = ["--plan-only", "-t", self.target, "-I"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_i.yaml") + + def test_param_j(self): + args = ["--plan-only", "-t", self.target, "-j"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_j.yaml") + + def test_param_s(self): + args = ["--plan-only", "-t", self.target, "-s"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_s.yaml") + + def test_param_T(self): + args = ["--plan-only", "-t", self.target, "-T", "10"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_uc_t.yaml") + + def test_param_z(self): + args = ["--plan-only", "-t", self.target, "-z", "-config aaa=bbb"] + self.assert_plan_matches_fixture(args, "baseline_plan_param_lc_z.yaml") def test_plan_only_unsupported_option(self): zap_baseline = self.load_module() - target = "https://example.com/" + args = ["--plan-only", "-t", self.target, "-D", "5"] with tempfile.TemporaryDirectory() as home_dir: plan_path = os.path.join(home_dir, "zap.yaml") - - args = [ - "--plan-only", - "-t", target, - "-D", "5" - ] - original_cwd = os.getcwd() os.chdir(home_dir) try: @@ -97,11 +170,7 @@ def test_plan_only_unsupported_option(self): def test_plan_only_requires_mounted_workdir_in_docker(self): zap_baseline = self.load_module() - target = "https://example.com/" - args = [ - "--plan-only", - "-t", target, - ] + args = ["--plan-only", "-t", self.target] real_exists = os.path.exists