Package net.continuumsecurity.web.steps

Source Code of net.continuumsecurity.web.steps.InfrastructureSteps

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package net.continuumsecurity.web.steps;

import net.continuumsecurity.Config;
import net.continuumsecurity.Utils;
import net.continuumsecurity.scanner.PortResult;
import net.continuumsecurity.scanner.PortScanner;
import net.continuumsecurity.utils.SSLTester;
import org.apache.log4j.Logger;
import org.jbehave.core.annotations.*;
import org.jbehave.core.model.ExamplesTable;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.*;

public class InfrastructureSteps {
    Logger log = Logger.getLogger(WebApplicationSteps.class);
    SSLTester sslTester;
    String targetHost;
    PortScanner portScanner;
    List<PortResult> portScanResults;
    List<Integer> selectedPorts;
    List<Integer> expectedPorts;

    @Given("SSL tests have been run on the secure base Url")
    public void runSSLTestsOnSecureBaseUrl() throws IOException {
        if (sslTester == null) {
            sslTester = new SSLTester();
            URL url = new URL(Config.getBaseSecureUrl());
            int port = url.getPort();
            if (port == -1) port = 443;
            sslTester.test(url.getHost(), port);
        }
    }

    @Then("the service must not support SSL compression")
    public void sslServiceNotVulnerableToCRIME() {
        assertThat(sslTester.isVulnCRIME(), is(false));
    }

    @Then("the service must not be vulnerable to the BEAST attack")
    public void sslServiceNotVulnerableToBEAST() {
        assertThat(sslTester.isVulnBEAST(), is(false));
    }

    @Then("the minimum ciphers strength must be 128 bit")
    public void sslMinimum128bitCiphers() {
        assertThat(sslTester.getMinEncryptionStrength(), greaterThanOrEqualTo(3));
    }

    @Then("SSL version $version must not be supported")
    public void sslNoV2(String disallowVersion) {
        boolean isSupported = false;
        for (String version : sslTester.getSupportedProtocols()) {
            if (version.contains("SSLv"+disallowVersion)) {
                isSupported = true;
                break;
            }
        }
        assertThat(isSupported, equalTo(false));
    }

    @Then("$protocol should be supported")
    public void sslSupportProtocol(@Named("protocol") String protocol) {
        boolean found = false;
        for (String version : sslTester.getSupportedProtocols()) {
            if (version.contains(protocol)) {
                found = true;
            }
        }
        assertThat(sslTester.getSupportedProtocols().toString(), found, equalTo(true));
    }

    @Then("$cipher ciphers must not be supported")
    public void sslNoCipher(@Named("cipher") String cipher) {
        assertThat(sslTester.getSupportedCiphers().toString(), Utils.mapOfStringListContainsString(sslTester.getSupportedCiphers(), cipher), is(false));
    }

    @Then("the service should be patched against the Heartbleed (CVE-2014-0160) vulnerability")
    public void checkHeartbleed() {
        assertThat("Vulnerable protocols: "+sslTester.getHeartbleedDetails(), sslTester.isVulnHeartbleed(), is(false));
    }

    //@Then("a $cipherType cipher should be supported")
    @Then("a $cipher cipher must be enabled")
    public void sslSupportAtLeastOneCipher(@Named("cipher") String cipher) {
        assertThat(sslTester.getSupportedCiphers().toString(), Utils.mapOfStringListContainsString(sslTester.getSupportedCiphers(), cipher), is(true));
    }

    @Given("the target host from the base URL")
    public void setTargetHostFromBaseURL() throws MalformedURLException {
        targetHost = new URL(Config.getBaseUrl()).getHost();
    }

    @When("TCP ports from $from to $to are scanned using $threads threads and a timeout of $timeout milliseconds")
    public void scanPorts(int from, int to, int threads, int timeout) throws ExecutionException, InterruptedException {
        portScanner = new PortScanner(targetHost,from,to,threads,timeout);
        portScanResults = portScanner.scan();
    }

    @When("the $state ports are selected")
    public void selectOpenPorts(String state) {
        selectedPorts = new ArrayList<Integer>();
        for (PortResult result : portScanResults) {
            if (result.getState().equals(PortResult.PortState.fromString(state))) {
                selectedPorts.add(result.getPort());
            }
        }
    }

    @Then("only the following ports should be open: $portsTable")
    public void checkOpenPorts(ExamplesTable portsTable) {
        expectedPorts = new ArrayList<Integer>();
        for (Map<String,String> row : portsTable.getRows()) {
             expectedPorts.add(Integer.parseInt(row.get("port")));
        }
        assertThat("Only the expected ports are open",selectedPorts, hasItems(expectedPorts.toArray(new Integer[expectedPorts.size()])));
    }



}
TOP

Related Classes of net.continuumsecurity.web.steps.InfrastructureSteps

  • net.continuumsecurity.runner.ConfigurationStoryRunner
  • net.continuumsecurity.runner.StoryRunner
  • net.continuumsecurity.scanner.PortScanner
  • net.continuumsecurity.utils.SSLTester
  • java.net.URL
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.