Add integration test suite for security headers scanner command.

7e29bd92 · Johan Bloemberg · a7b0a69a · 7e29bd92 · 7e29bd92
Verified Commit 7e29bd92 authored Oct 30, 2017 by Johan Bloemberg
Showing with 77 additions and 0 deletions

tests/scanners/integration/conftest.py tests/scanners/integration/conftest.py +26 -0

tests/scanners/integration/test_security_headers.py tests/scanners/integration/test_security_headers.py +51 -0

No files found.
--- a/tests/scanners/integration/conftest.py
+++ b/tests/scanners/integration/conftest.py
+"""Shared fixtures used by different tests."""
+import pytest
+
+from failmap_admin.organizations.models import Organization, Url
+from failmap_admin.scanners.models import Endpoint
+
+
+@pytest.fixture
+def faalonië():
+    """A testing organization complete with URL's and endpoints."""
+
+    faalonië = Organization(name='faalonië')
+    faalonië.save()
+
+    url = Url(url='www.faalonie.test')
+    url.save()
+    url.organization.add(faalonië)
+
+    endpoint = Endpoint(ip='127.0.0.1', protocol='https', url=url)
+    endpoint.save()
+
+    return {
+        'organization': faalonië,
+        'url': url,
+        'endpoint': endpoint,
+    }
--- a/tests/scanners/integration/test_security_headers.py
+++ b/tests/scanners/integration/test_security_headers.py
+"""Integration tests of scanner commands."""
+
+import json
+import os
+
+import pytest
+from django.core.management import call_command
+
+SECURITY_HEADERS = {
+    'X-XSS-Protection': '1',
+}
+
+TEST_ORGANIZATION = 'faalonië'
+NON_EXISTING_ORGANIZATION = 'faaloniet'
+
+
+def test_security_headers(responses, db, faalonië):
+    """Test running security headers scan."""
+
+    responses.add(responses.GET, 'https://' + faalonië['url'].url + ':443/', headers=SECURITY_HEADERS)
+
+    result = json.loads(call_command('scan-security-headers', '-v3', '-o', TEST_ORGANIZATION))
+
+    assert result[0]['status'] == 'success'
+
+
+def test_security_headers_all(responses, db, faalonië):
+    """Test defaulting to all organizations."""
+
+    responses.add(responses.GET, 'https://' + faalonië['url'].url + ':443/', headers=SECURITY_HEADERS)
+
+    result = json.loads(call_command('scan-security-headers', '-v3'))
+
+    assert result[0]['status'] == 'success'
+
+
+def test_security_headers_notfound(responses, db, faalonië):
+    """Test invalid organization."""
+
+    with pytest.raises(Exception):
+        call_command('scan-security-headers', '-v3', '-o', NON_EXISTING_ORGANIZATION)
+
+
+def test_security_headers(responses, db, faalonië):
+    """Test with failing endpoint."""
+
+    responses.add(responses.GET, 'https://' + faalonië['url'].url + ':443/', status=500)
+
+    result = json.loads(call_command('scan-security-headers', '-v3', '-o', TEST_ORGANIZATION))
+
+    assert result[0]['cause']['error'] == 'HTTPError'