STRLCPY/tsunami-security-scanner

Add tests for RemoteVulnDetector helper methods for matching remote plugins with services.
```
PiperOrigin-RevId: 464607972
Change-Id: I89f7bd4eb19ecaa07bb3e0a7c7897dbfb480d95d
```
John Y. Kim committed with Copybara-Service 2 years ago

8a56c33d

1 parent 1888fb5a

Total 1 files

■ ■ ■ ■ ■ ■

plugin/src/test/java/com/google/tsunami/plugin/PluginManagerTest.java

		skipped 16 lines
17	17
18	18		import static com.google.common.truth.Truth.assertThat;
19	19		import static com.google.common.truth.Truth8.assertThat;
	20	+	import static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;
20	21
21	22		import com.google.common.collect.ImmutableList;
	23	+	import com.google.common.collect.Lists;
22	24		import com.google.inject.AbstractModule;
23	25		import com.google.inject.Guice;
24	26		import com.google.inject.multibindings.MapBinder;
		skipped 15 lines
40	42		import com.google.tsunami.plugin.testing.FakeVulnDetectorBootstrapModule2;
41	43		import com.google.tsunami.proto.DetectionReportList;
42	44		import com.google.tsunami.proto.FingerprintingReport;
	45	+	import com.google.tsunami.proto.MatchedPlugin;
43	46		import com.google.tsunami.proto.NetworkService;
44	47		import com.google.tsunami.proto.ReconnaissanceReport;
45	48		import com.google.tsunami.proto.Software;
46	49		import com.google.tsunami.proto.TargetInfo;
	50	+	import com.google.tsunami.proto.TargetServiceName;
	51	+	import com.google.tsunami.proto.TargetSoftware;
47	52		import com.google.tsunami.proto.TransportProtocol;
	53	+	import java.util.List;
48	54		import java.util.Optional;
49	55		import org.junit.Test;
50	56		import org.junit.runner.RunWith;
		skipped 420 lines
471	477		.containsExactly(FakeRemoteVulnDetector.class, FakeRemoteVulnDetector.class);
472	478		}
473	479
	480	+	@Test
	481	+	public void
	482	+	getVulnDetectors_whenRemoteDetectorServiceNameFilterHasMatchingService_returnsMatchedService() {
	483	+	NetworkService httpService =
	484	+	NetworkService.newBuilder()
	485	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 80))
	486	+	.setTransportProtocol(TransportProtocol.TCP)
	487	+	.setServiceName("http")
	488	+	.build();
	489	+	NetworkService httpsService =
	490	+	NetworkService.newBuilder()
	491	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 443))
	492	+	.setTransportProtocol(TransportProtocol.TCP)
	493	+	.setServiceName("https")
	494	+	.build();
	495	+	NetworkService noNameService =
	496	+	NetworkService.newBuilder()
	497	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 12345))
	498	+	.setTransportProtocol(TransportProtocol.TCP)
	499	+	.build();
	500	+	ReconnaissanceReport fakeReconnaissanceReport =
	501	+	ReconnaissanceReport.newBuilder()
	502	+	.setTargetInfo(TargetInfo.getDefaultInstance())
	503	+	.addNetworkServices(httpService)
	504	+	.addNetworkServices(httpsService)
	505	+	.addNetworkServices(noNameService)
	506	+	.build();
	507	+	PluginManager pluginManager =
	508	+	Guice.createInjector(
	509	+	new FakePortScannerBootstrapModule(),
	510	+	new FakeServiceFingerprinterBootstrapModule(),
	511	+	FakeFilteringRemoteDetector.getModule())
	512	+	.getInstance(PluginManager.class);
	513	+
	514	+	ImmutableList<PluginMatchingResult<VulnDetector>> vulnDetectors =
	515	+	pluginManager.getVulnDetectors(fakeReconnaissanceReport);
	516	+
	517	+	assertThat(vulnDetectors).hasSize(1);
	518	+	ImmutableList<MatchedPlugin> matchedResult =
	519	+	((FakeFilteringRemoteDetector) vulnDetectors.get(0).tsunamiPlugin()).getMatchedPlugins();
	520	+	assertThat(matchedResult).isNotEmpty();
	521	+	assertThat(matchedResult.get(0).getPlugin())
	522	+	.isEqualTo(FakeFilteringRemoteDetector.getHttpServiceDefinition());
	523	+	assertThat(matchedResult.get(0).getServicesList()).containsExactly(httpService, noNameService);
	524	+	}
	525	+
	526	+	@Test
	527	+	public void getVulnDetectors_whenRemoteDetectorWithServiceNameHasNoMatch_returnsNoServices() {
	528	+	NetworkService httpsService =
	529	+	NetworkService.newBuilder()
	530	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 443))
	531	+	.setTransportProtocol(TransportProtocol.TCP)
	532	+	.setServiceName("https")
	533	+	.build();
	534	+	ReconnaissanceReport fakeReconnaissanceReport =
	535	+	ReconnaissanceReport.newBuilder()
	536	+	.setTargetInfo(TargetInfo.getDefaultInstance())
	537	+	.addNetworkServices(httpsService)
	538	+	.build();
	539	+	PluginManager pluginManager =
	540	+	Guice.createInjector(
	541	+	new FakePortScannerBootstrapModule(),
	542	+	new FakeServiceFingerprinterBootstrapModule(),
	543	+	FakeFilteringRemoteDetector.getModule())
	544	+	.getInstance(PluginManager.class);
	545	+
	546	+	ImmutableList<PluginMatchingResult<VulnDetector>> vulnDetectors =
	547	+	pluginManager.getVulnDetectors(fakeReconnaissanceReport);
	548	+
	549	+	assertThat(vulnDetectors).hasSize(1);
	550	+	ImmutableList<MatchedPlugin> matchedResult =
	551	+	((FakeFilteringRemoteDetector) vulnDetectors.get(0).tsunamiPlugin()).getMatchedPlugins();
	552	+	assertThat(matchedResult.get(0).getServicesList()).isEmpty();
	553	+	}
	554	+
	555	+	@Test
	556	+	public void
	557	+	getVulnDetectors_whenRemoteDetectorSoftwareFilterHasMatchingService_returnsMatchedService() {
	558	+	NetworkService wordPressService =
	559	+	NetworkService.newBuilder()
	560	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 80))
	561	+	.setTransportProtocol(TransportProtocol.TCP)
	562	+	.setServiceName("http")
	563	+	.setSoftware(Software.newBuilder().setName("WordPress"))
	564	+	.build();
	565	+	NetworkService jenkinsService =
	566	+	NetworkService.newBuilder()
	567	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 443))
	568	+	.setTransportProtocol(TransportProtocol.TCP)
	569	+	.setServiceName("https")
	570	+	.setSoftware(Software.newBuilder().setName("Jenkins"))
	571	+	.build();
	572	+	NetworkService noNameService =
	573	+	NetworkService.newBuilder()
	574	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 12345))
	575	+	.setTransportProtocol(TransportProtocol.TCP)
	576	+	.build();
	577	+	ReconnaissanceReport fakeReconnaissanceReport =
	578	+	ReconnaissanceReport.newBuilder()
	579	+	.setTargetInfo(TargetInfo.getDefaultInstance())
	580	+	.addNetworkServices(wordPressService)
	581	+	.addNetworkServices(jenkinsService)
	582	+	.addNetworkServices(noNameService)
	583	+	.build();
	584	+	PluginManager pluginManager =
	585	+	Guice.createInjector(
	586	+	new FakePortScannerBootstrapModule(),
	587	+	new FakeServiceFingerprinterBootstrapModule(),
	588	+	FakeFilteringRemoteDetector.getModule())
	589	+	.getInstance(PluginManager.class);
	590	+
	591	+	ImmutableList<PluginMatchingResult<VulnDetector>> vulnDetectors =
	592	+	pluginManager.getVulnDetectors(fakeReconnaissanceReport);
	593	+
	594	+	assertThat(vulnDetectors).hasSize(1);
	595	+	ImmutableList<MatchedPlugin> matchedResult =
	596	+	((FakeFilteringRemoteDetector) vulnDetectors.get(0).tsunamiPlugin()).getMatchedPlugins();
	597	+	assertThat(matchedResult).hasSize(2);
	598	+	assertThat(matchedResult.get(1).getPlugin())
	599	+	.isEqualTo(FakeFilteringRemoteDetector.getJenkinsServiceDefinition());
	600	+	assertThat(matchedResult.get(1).getServicesList())
	601	+	.containsExactly(jenkinsService, noNameService);
	602	+	}
	603	+
	604	+	@Test
	605	+	public void
	606	+	getVulnDetectors_whenRemoteDetectorWithSoftwareFilterHasNoMatchingService_returnsNoServices() {
	607	+	NetworkService wordPressService =
	608	+	NetworkService.newBuilder()
	609	+	.setNetworkEndpoint(NetworkEndpointUtils.forIpAndPort("1.1.1.1", 443))
	610	+	.setTransportProtocol(TransportProtocol.TCP)
	611	+	.setServiceName("https")
	612	+	.setSoftware(Software.newBuilder().setName("WordPress"))
	613	+	.build();
	614	+	ReconnaissanceReport fakeReconnaissanceReport =
	615	+	ReconnaissanceReport.newBuilder()
	616	+	.setTargetInfo(TargetInfo.getDefaultInstance())
	617	+	.addNetworkServices(wordPressService)
	618	+	.build();
	619	+	PluginManager pluginManager =
	620	+	Guice.createInjector(
	621	+	new FakePortScannerBootstrapModule(),
	622	+	new FakeServiceFingerprinterBootstrapModule(),
	623	+	FakeFilteringRemoteDetector.getModule())
	624	+	.getInstance(PluginManager.class);
	625	+
	626	+	ImmutableList<PluginMatchingResult<VulnDetector>> vulnDetectors =
	627	+	pluginManager.getVulnDetectors(fakeReconnaissanceReport);
	628	+
	629	+	assertThat(vulnDetectors).hasSize(1);
	630	+	ImmutableList<MatchedPlugin> matchedResult =
	631	+	((FakeFilteringRemoteDetector) vulnDetectors.get(0).tsunamiPlugin()).getMatchedPlugins();
	632	+	assertThat(matchedResult).hasSize(2);
	633	+	assertThat(matchedResult.get(0).getServicesCount()).isEqualTo(0);
	634	+	assertThat(matchedResult.get(1).getServicesCount()).isEqualTo(0);
	635	+	}
	636	+
474	637		@PluginInfo(
475	638		type = PluginType.SERVICE_FINGERPRINT,
476	639		name = "NoAnnotationFingerprinter",
		skipped 100 lines
577	740		@Override
578	741		protected void configurePlugin() {
579	742		registerPlugin(FakeSoftwareFilteringDetector.class);
	743	+	}
	744	+	}
	745	+	}
	746	+
	747	+	@PluginInfo(
	748	+	type = PluginType.REMOTE_VULN_DETECTION,
	749	+	name = "FakeFilteringRemoteDetector",
	750	+	version = "v0.1",
	751	+	description = "A fake RemoteVulnDetector.",
	752	+	author = "fake",
	753	+	bootstrapModule =
	754	+	FakeFilteringRemoteDetector.FakeFilteringRemoteDetectorBootstrapModule.class)
	755	+	private static final class FakeFilteringRemoteDetector implements RemoteVulnDetector {
	756	+
	757	+	private final List<MatchedPlugin> matchedPlugins;
	758	+
	759	+	FakeFilteringRemoteDetector() {
	760	+	matchedPlugins = Lists.newArrayList();
	761	+	}
	762	+
	763	+	public ImmutableList<MatchedPlugin> getMatchedPlugins() {
	764	+	return ImmutableList.copyOf(matchedPlugins);
	765	+	}
	766	+
	767	+	@Override
	768	+	public DetectionReportList detect(
	769	+	TargetInfo targetInfo, ImmutableList<NetworkService> matchedServices) {
	770	+	return null;
	771	+	}
	772	+
	773	+	@Override
	774	+	public ImmutableList<com.google.tsunami.proto.PluginDefinition> getAllPlugins() {
	775	+	return ImmutableList.of(getHttpServiceDefinition(), getJenkinsServiceDefinition());
	776	+	}
	777	+
	778	+	@Override
	779	+	public void addMatchedPluginToDetect(MatchedPlugin plugin) {
	780	+	matchedPlugins.add(plugin);
	781	+	}
	782	+
	783	+	static com.google.tsunami.proto.PluginDefinition getHttpServiceDefinition() {
	784	+	return com.google.tsunami.proto.PluginDefinition.newBuilder()
	785	+	.setInfo(
	786	+	com.google.tsunami.proto.PluginInfo.newBuilder()
	787	+	.setType(com.google.tsunami.proto.PluginInfo.PluginType.VULN_DETECTION)
	788	+	.setName("FakeHttpServiceVuln")
	789	+	.setVersion("v0.1")
	790	+	.setDescription("A fake VulnDetector.")
	791	+	.setAuthor("fake"))
	792	+	.setTargetServiceName(TargetServiceName.newBuilder().addValue("http"))
	793	+	.build();
	794	+	}
	795	+
	796	+	static com.google.tsunami.proto.PluginDefinition getJenkinsServiceDefinition() {
	797	+	return com.google.tsunami.proto.PluginDefinition.newBuilder()
	798	+	.setInfo(
	799	+	com.google.tsunami.proto.PluginInfo.newBuilder()
	800	+	.setType(com.google.tsunami.proto.PluginInfo.PluginType.VULN_DETECTION)
	801	+	.setName("FakeJenkinsVuln")
	802	+	.setVersion("v0.1")
	803	+	.setDescription("A fake VulnDetector")
	804	+	.setAuthor("fake"))
	805	+	.setTargetSoftware(TargetSoftware.newBuilder().setName("Jenkins"))
	806	+	.build();
	807	+	}
	808	+
	809	+	static FakeFilteringRemoteDetectorBootstrapModule getModule() {
	810	+	return new FakeFilteringRemoteDetectorBootstrapModule();
	811	+	}
	812	+
	813	+	private static final class FakeFilteringRemoteDetectorBootstrapModule
	814	+	extends PluginBootstrapModule {
	815	+	@Override
	816	+	protected void configurePlugin() {
	817	+	registerPlugin(FakeFilteringRemoteDetector.class);
580	818		}
581	819		}
582	820		}
		skipped 25 lines

Add tests for RemoteVulnDetector helper methods for matching remote plugins with services.