Package com.denimgroup.threadfix.framework.engine.full

Examples of com.denimgroup.threadfix.framework.engine.full.EndpointDatabase


    @Test
    public void assertDynamicXSSFindsEndpoint() {
        Scan scan = ParserUtils.getScan("SBIR/webform.xml");

        EndpointDatabase database = getWebFormDatabase(scan);

        assert database != null : "Database was null, can't continue";

        boolean foundBasicEndpoint = false;

        for (Finding finding : scan) {
            Integer genericId = finding.getChannelVulnerability().getGenericVulnerability().getId();
            if (genericId != null && genericId.equals(79)) {
                Set<Endpoint> endpointList = database.findAllMatches(ThreadFixInterface.toEndpointQuery(finding));
                if (!endpointList.isEmpty()) {
                    String path = finding.getSurfaceLocation().getPath();
                    if (path.endsWith("/WebForm1.aspx")) {
                        for (Endpoint endpoint : endpointList) {
                            if (endpoint.getFilePath().endsWith("WebForm1.aspx.cs")) {
View Full Code Here


    @Test
    public void testStaticDatabaseLookups() {
        Scan scan = ParserUtils.getScan("SBIR/contoso.fpr");

        EndpointDatabase database = ContosoUtilities.getContosoEndpointDatabase(scan);

        assert database != null : "Database was null, can't continue";

        for (Finding finding : scan) {

            System.out.println(finding);

            Set<Endpoint> endpointList = database.findAllMatches(ThreadFixInterface.toEndpointQuery(finding));
            if (!endpointList.isEmpty()) {
                String expected = getExpectedPath(finding);
                if (expected != null) {
                    Endpoint endpoint = endpointList.iterator().next();
View Full Code Here

    @Test
    public void testDynamicDatabaseLookups() {
        Scan scan = ParserUtils.getScan("SBIR/contoso.xml");

        EndpointDatabase database = getContosoEndpointDatabase(scan);

        assert database != null : "Database was null, can't continue";

        boolean succeededStudent = false, succeededCreate = false;

        for (Finding finding : scan) {
            Integer genericId = finding.getChannelVulnerability().getGenericVulnerability().getId();
            if (genericId != null && genericId.equals(79)) {
                Set<Endpoint> endpointList = database.findAllMatches(ThreadFixInterface.toEndpointQuery(finding));
                if (!endpointList.isEmpty()) {
                    String path = finding.getSurfaceLocation().getPath();
                    if (path.equals("/contoso/Student/Create")) {
                        for (Endpoint endpoint : endpointList) {
                            if (endpoint.getFilePath().endsWith("StudentController.cs")) {
View Full Code Here

  }
 
  @Test
  public void testPetClinicDynamicToStaticPathQueries() {
   
    EndpointDatabase db = getSpringEndpointDatabaseDynamic();
   
    for (String[] pair : dynamicToStaticTests) {
      String result = getStaticPath(db, pair[0]);
      assertTrue("Input: " + pair[0] + ", expected " + pair[1] + " but got " + result, result.equals(pair[1]));
    }
View Full Code Here

        return EndpointDatabaseFactory.getDatabase(file, FrameworkType.SPRING_MVC, new SpringPathCleaner("/petclinic", null));
    }

  @Test
  public void testHttpMethodRecognition() {
    EndpointDatabase db = getSpringEndpointDatabaseStatic();
   
    for (String[] httpMethodTest : httpMethodTests) {
      EndpointQuery query =
          EndpointQueryBuilder.start()
            .setDynamicPath(httpMethodTest[0])
            .setHttpMethod(httpMethodTest[1])
            .generateQuery();
     
      Endpoint result = db.findBestMatch(query);
     
      String currentQuery = httpMethodTest[0] + ": " + httpMethodTest[1];
     
      if (result == null) {
        assertTrue("No result was found, but line " + httpMethodTest[2] + " was expected for " + currentQuery,
View Full Code Here

  };

    // TODO add parameter stuff
    @Test
    public void testParameterRecognition() {
        EndpointDatabase db = getSpringEndpointDatabaseStatic();

        for (String[] httpMethodTest : parameterTests) {
            EndpointQuery query =
                    EndpointQueryBuilder.start()
                            .setDynamicPath(httpMethodTest[0])
                            .setParameter(httpMethodTest[1])
                            .generateQuery();

            Endpoint result = db.findBestMatch(query);

            String currentQuery = httpMethodTest[0] + ": " + httpMethodTest[1];

            if (result == null) {
                assertTrue("No result was found, but line " + httpMethodTest[2] + " was expected for " + currentQuery,
View Full Code Here

    );

    // TODO add parameter stuff
    @Test
    public void testCodePoints() {
        EndpointDatabase db = getSpringEndpointDatabaseStatic();

        EndpointQuery query = EndpointQueryBuilder.start()
                .setCodePoints(basicModelElements)
                .setStaticPath("java/org/springframework/samples/petclinic/repository/jpa/JpaOwnerRepositoryImpl.java")
                .generateQuery();

        Endpoint result = db.findBestMatch(query);

        assertTrue("Result was null!", result != null);
    }
View Full Code Here

 
  int petclinicStaticCount = 5, petclinicDynamicCount = 11;
 
  @Test
  public void testRootOnly() {
    EndpointDatabase testDatabase = EndpointDatabaseFactory.getDatabase(new File(TestConstants.PETCLINIC_SOURCE_LOCATION));

        assertTrue(testDatabase != null);
    assertTrue(testDatabase.getFrameworkType() == FrameworkType.SPRING_MVC);
    assertTrue(testDatabase.generateEndpoints().size() ==
        new SpringControllerMappings(new File(TestConstants.PETCLINIC_SOURCE_LOCATION)).generateEndpoints().size());
  }
View Full Code Here

TOP

Related Classes of com.denimgroup.threadfix.framework.engine.full.EndpointDatabase

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.