// Example usage of CheckForTrace method
private static bool DoesTraceExistForUrl(TeamServerClient client, string applicationId, string url)
{
string conditions = "request.uri=~" + url;
var statusCode = client.CheckForTrace(applicationId, conditions);
return(statusCode == System.Net.HttpStatusCode.OK);
}
public void MarkTraceStatusByServer_VerifySuccess()
{
string json = @"{
""success"": true,
""messages"": [
""1 Vulnerability successfully marked as Reported""
]
}";
TraceMarkStatusRequest request = new TraceMarkStatusRequest();
request.Traces = new List <string> {
"traceId"
};
request.Note = "This is my note.";
request.Status = "";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.PutMessage("api/ng/orgId/servertraces/1/mark", JsonConvert.SerializeObject(request), null)).Returns(
PostUtil.GetPostResponse(System.Net.HttpStatusCode.OK, json)
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.MarkTraceStatus("orgId", 1, request);
Assert.IsTrue(response.Success);
}
public void MarkTraceStatus_VerifyException()
{
string json = @"{
""success"": false,
""messages"": [
""Forbidden access?""
]
}";
TraceMarkStatusRequest request = new TraceMarkStatusRequest();
request.Traces = new List <string> {
"traceId"
};
request.Note = "This is my note.";
request.Status = "";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.PutMessage("api/ng/orgId/orgtraces/mark", JsonConvert.SerializeObject(request), null)).Returns(
PostUtil.GetPostResponse(System.Net.HttpStatusCode.Forbidden, json)
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
try
{
var response = teamServerClient.MarkTraceStatus("orgId", request);
Assert.Fail();
}
catch (Exception e)
{
Assert.IsInstanceOfType(e, typeof(ForbiddenException));
}
}
public void TagTraces_VerifySuccess()
{
string json = @"{
""success"": true,
""messages"": [
""Tag successful""
]
}";
TagsServersResource request = new TagsServersResource();
request.TracesId = new List <string> {
"traceId1", "traceId2"
};
request.Tags = new List <string> {
"testTag", "anotherTag"
};
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.PutMessage("api/ng/orgId/tags/traces", JsonConvert.SerializeObject(request), null)).Returns(
PostUtil.GetPostResponse(System.Net.HttpStatusCode.OK, json)
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.TagTraces("orgId", request);
Assert.IsTrue(response.Success);
}
public void GetTagsByTraces_VerifyTags()
{
string json = @"{
""success"": true,
""messages"": [
""Unique tags for organization loaded successfully""
],
""tags"": [
""Infinite Scroll Test"",
""Different test too""
],
""totalLibraryHashes"": 0
}";
TagsTraceRequest request = new TagsTraceRequest();
request.TracesId = new List <string> {
"traceId1", "traceId2"
};
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.PostMessage("api/ng/orgId/tags/traces/bulk", JsonConvert.SerializeObject(request), null)).Returns(
PostUtil.GetPostResponse(System.Net.HttpStatusCode.OK, json)
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.GetTagsByTraces("orgId", request);
Assert.AreEqual(2, response.Tags.Count);
Assert.AreEqual("Infinite Scroll Test", response.Tags[0]);
Assert.AreEqual("Different test too", response.Tags[1]);
}
public void GetOrganizationInfo_VerifySuccess()
{
string json = @"{
""success"": true,
""messages"": [
""Organization Information loaded successfully""
],
""organization"": {
""name"": ""Test organization"",
""timezone"": ""EST"",
""superadmin"": false,
""organization_uuid"": ""0c2a726b-af04-47b6-8be9-844058fbcdbd"",
""date_format"": ""MM/dd/yyyy"",
""time_format"": ""hh:mm a"",
""creation_time"": 1531430241000,
""protection_enabled"": true,
""auto_license_protection"": false,
""auto_license_assessment"": false,
""is_superadmin"": false,
""server_environments"": []
},
""managed"": true
}";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/ng/orgId/organizations")).Returns(
new MemoryStream(Encoding.UTF8.GetBytes(json))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.GetOrganizationInfo("orgId");
Assert.IsTrue(response.Success);
Assert.AreEqual(response.Organization.name, "Test organization");
}
public void GetTraceUniqueTags_VerifyTags()
{
string json = @"{
""success"": true,
""messages"": [
""Unique tags for organization loaded successfully""
],
""tags"": [
""Infinite Scroll Test"",
""Another test too""
],
""totalLibraryHashes"": 0
}";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/ng/orgId/tags/traces")).Returns(
new MemoryStream(Encoding.UTF8.GetBytes(json))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.GetTracesUniqueTags("orgId");
Assert.AreEqual(2, response.Tags.Count);
Assert.AreEqual("Infinite Scroll Test", response.Tags[0]);
Assert.AreEqual("Another test too", response.Tags[1]);
}
static void Main(string[] args)
{
Console.WriteLine("SampleContrastClient Started. Reading configuration...");
string user = ConfigurationManager.AppSettings["TeamServerUserName"];
string serviceKey = ConfigurationManager.AppSettings["TeamServerServiceKey"];
string apiKey = ConfigurationManager.AppSettings["TeamServerApiKey"];
string url = ConfigurationManager.AppSettings["TeamServerUrl"];
using (TeamServerClient client = new TeamServerClient(user, serviceKey, apiKey, url))
{
Console.WriteLine("Connecting to Contrast Team Server: '{0}' as user: '******'", url, user);
var orgs = client.GetOrganizations();
Console.WriteLine("User is associated with {0} orgs. {1}", orgs.Count,
(orgs.Count > 0 ? "First Organization: " + orgs[0].name : string.Empty));
if( orgs.Count > 0 )
{
_organizationId = orgs[0].organization_uuid;
}
var defaultOrg = client.GetDefaultOrganization();
Console.WriteLine("User's default org is:{0}({1})", defaultOrg.name, defaultOrg.organization_uuid);
var servers = client.GetServers(_organizationId);
Console.WriteLine("Found {0} servers.", servers.Count);
var apps = client.GetApplications(_organizationId);
Console.WriteLine("Found {0} applications.", apps.Count);
if (apps.Count > 0)
{
string appId = apps[0].AppID;
string appName = apps[0].Name;
Console.WriteLine("Retrieving traces for the first application: {0} ({1}", appName, appId);
var traces = client.GetTraces(_organizationId, appId);
Console.WriteLine("Found {0} traces for application.", traces.Count);
if (traces.Count > 0)
{
WriteFirstTenTraces(traces);
//foreach (Trace trace in traces)
//{
// Console.WriteLine("Trace Exists:{0}", DoesTraceExistForUrl(client, appId, trace.Request.Uri));
//}
}
}
// DownloadAgentToDesktop(client);
}
Console.WriteLine("SampleContrastClient Finished.");
Console.ReadLine();
}
static void Main(string[] args)
{
Console.WriteLine("SampleContrastClient Started. Reading configuration...");
string user = ConfigurationManager.AppSettings["TeamServerUserName"];
string serviceKey = ConfigurationManager.AppSettings["TeamServerServiceKey"];
string apiKey = ConfigurationManager.AppSettings["TeamServerApiKey"];
string url = ConfigurationManager.AppSettings["TeamServerUrl"];
using (TeamServerClient client = new TeamServerClient(user, serviceKey, apiKey, url))
{
Console.WriteLine("Connecting to Contrast Team Server: '{0}' as user: '******'", url, user);
var orgs = client.GetOrganizations();
Console.WriteLine("User is associated with {0} orgs. {1}", orgs.Count,
(orgs.Count > 0 ? "First Organization: " + orgs[0].name : string.Empty));
if (orgs.Count > 0)
{
_organizationId = orgs[0].organization_uuid;
}
var defaultOrg = client.GetDefaultOrganization();
Console.WriteLine("User's default org is:{0}({1})", defaultOrg.name, defaultOrg.organization_uuid);
var servers = client.GetServers(_organizationId);
Console.WriteLine("Found {0} servers.", servers.Count);
var apps = client.GetApplications(_organizationId);
Console.WriteLine("Found {0} applications.", apps.Count);
if (apps.Count > 0)
{
string appId = apps[0].AppID;
string appName = apps[0].Name;
Console.WriteLine("Retrieving traces for the first application: {0} ({1}", appName, appId);
var traces = client.GetTraces(_organizationId, appId);
Console.WriteLine("Found {0} traces for application.", traces.Count);
if (traces.Count > 0)
{
WriteFirstTenTraces(traces);
//foreach (Trace trace in traces)
//{
// Console.WriteLine("Trace Exists:{0}", DoesTraceExistForUrl(client, appId, trace.Request.Uri));
//}
}
}
// DownloadAgentToDesktop(client);
}
Console.WriteLine("SampleContrastClient Finished.");
Console.ReadLine();
}
public void GetTraces_Config_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string configTraceJson = @"[{
""uuid"" : ""DW0P-4SKO-JEAK-TDOO"",
""status"" : ""Reported"",
""platform"" : """",
""language"" : "".NET"",
""title"" : ""Application Displays Detailed Error Messages in \\web.config"",
""likelihood"" : ""High"",
""impact"" : ""Low"",
""confidence"" : ""High"",
""request"" : {
""port"" : 0,
""headers"" : [ ],
""parameters"" : [ ],
""links"" : [ ]
},
""events"" : [ ],
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/traces/c744888c-96e2-4e1d-926d-c3d715cedeeb/DW0P-4SKO-JEAK-TDOO""
}, {
""rel"" : ""application"",
""href"" : ""https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb""
} ],
""trace-id"" : 259676,
""total-traces-received"" : 1,
""last-time-seen"" : 1424268996169,
""first-time-seen"" : 1424268996169,
""sub-status"" : """",
""sub-title"" : ""in \\web.config"",
""reported-to-bug-tracker"" : false,
""rule-name"" : ""custom-errors-off"",
""severity"" : ""Medium""
}]";
DateTime expectedDate = new DateTime(1970, 1, 1).AddMilliseconds(1424268996169);
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/traces/" + appId)).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(configTraceJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var traces = teamServerClient.GetTraces("orgId", appId);
Assert.AreEqual(1, traces.Count);
Trace trace = traces[0];
Assert.AreEqual("259676", trace.TraceId);
Assert.AreEqual("Application Displays Detailed Error Messages in \\web.config", trace.Title);
Assert.AreEqual(0, trace.Request.Parameters.Count);
Assert.AreEqual(expectedDate, trace.FirstTimeSeen);
}
// Example usage of GetAgent method
private static void DownloadAgentToDesktop(TeamServerClient client)
{
string filename = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory) + "\\dotnetagent.zip";
using (var agentStream = client.GetAgent(AgentType.DotNet, _organizationId))
{
using (var fs = new System.IO.FileStream(filename, System.IO.FileMode.Create, System.IO.FileAccess.Write))
{
agentStream.CopyTo(fs);
}
}
}
public void GetApplications_PropertiesMatchExpected()
{
string json = @"[{
""name"" : ""MyTestApp"",
""path"" : ""/MyTestApp"",
""language"" : "".NET"",
""license"" : ""Enterprise"",
""views"" : 0,
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574""
}, {
""rel"" : ""traces"",
""href"" : ""https://localhost/Contrast/api/traces/91ce4b14-353c-4e0e-8bab-663895cff574""
}, {
""rel"" : ""servers"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574/servers""
}, {
""rel"" : ""sitemap-activity"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574/sitemap/activity""
}, {
""rel"" : ""reset-application"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574""
} ],
""app-id"" : ""91ce4b14-353c-4e0e-8bab-663895cff574"",
""application-code"" : null,
""group-name"" : null,
""platform-version"" : null,
""platform-vulnerabilities"" : [ ],
""last-seen"" : 1416352488000
}]";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/applications/")).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(json))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var apps = teamServerClient.GetApplications("orgId");
Assert.AreEqual(1, apps.Count);
ContrastApplication app = apps[0];
Assert.AreEqual("91ce4b14-353c-4e0e-8bab-663895cff574", app.AppID);
Assert.AreEqual("MyTestApp", app.Name);
}
public void GetLibraries_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string libraryJson = "[ { \"libraryId\" : 127302, \"filename\" : \"log4net.dll\", \"sha1\" : \"08D926E9EFE56C69A370A30737E3346F86F7FB77\", \"url\" : \"file:/C:\\\\inetpub\\\\wwwroot\\\\MyTestApp\\\\bin\\\\log4net.dll\", \"version\" : \"1.2.13.0\", \"profiled\" : false, \"common\" : false, \"sponsored\" : false, \"links\" : [ { \"rel\" : \"self\", \"href\" : \"https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb/libraries/127302\" }, { \"rel\" : \"cves\", \"href\" : \"https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb/libraries/127302/cves\" }, { \"rel\" : \"servers\", \"href\" : \"https://localhost/Contrast/api/servers/libraries/127302\" } ], \"lines-of-code\" : 4515, \"internal-date\" : \"2013-11-17\", \"external-date\" : \"2014-11-04\", \"class-count\" : 289, \"used-class-count\" : 0, \"cve-count\" : 0} ]";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/applications/arbitraryId/libraries")).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(libraryJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var libs = teamServerClient.GetLibraries("orgId", appId);
Assert.AreEqual(1, libs.Count);
Library lib = libs[0];
Assert.AreEqual("127302", lib.LibraryId);
Assert.AreEqual("log4net.dll", lib.FileName);
}
public void DeleteTags_VerifyBaseResponse()
{
string json = @"{
""success"": true,
""messages"": [
""Delete successful""
],
""totalLibraryHashes"": 0
}";
TagRequest request = new TagRequest();
request.Tag = "none";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.DeleteMessage("api/ng/orgId/tags/trace/traceId", JsonConvert.SerializeObject(request))).Returns(
PostUtil.GetPostResponse(System.Net.HttpStatusCode.OK, json)
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var response = teamServerClient.DeleteTraceTag("orgId", "traceId", "none");
Assert.IsTrue(response.Success);
Assert.AreEqual(1, response.Messages.Count);
}
public void GetLibraries_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string libraryJson = "[ { \"libraryId\" : 127302, \"filename\" : \"log4net.dll\", \"sha1\" : \"08D926E9EFE56C69A370A30737E3346F86F7FB77\", \"url\" : \"file:/C:\\\\inetpub\\\\wwwroot\\\\MyTestApp\\\\bin\\\\log4net.dll\", \"version\" : \"1.2.13.0\", \"profiled\" : false, \"common\" : false, \"sponsored\" : false, \"links\" : [ { \"rel\" : \"self\", \"href\" : \"https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb/libraries/127302\" }, { \"rel\" : \"cves\", \"href\" : \"https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb/libraries/127302/cves\" }, { \"rel\" : \"servers\", \"href\" : \"https://localhost/Contrast/api/servers/libraries/127302\" } ], \"lines-of-code\" : 4515, \"internal-date\" : \"2013-11-17\", \"external-date\" : \"2014-11-04\", \"class-count\" : 289, \"used-class-count\" : 0, \"cve-count\" : 0} ]";
var mockSdkHttpClient = new Mock<IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/applications/arbitraryId/libraries")).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(libraryJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var libs = teamServerClient.GetLibraries("orgId", appId);
Assert.AreEqual(1, libs.Count);
Library lib = libs[0];
Assert.AreEqual("127302", lib.LibraryId);
Assert.AreEqual("log4net.dll", lib.FileName);
}
public void GetTraces_DataFlow_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string dataFlowTraceJson = @"[{
""uuid"" : ""S17L-WMVW-GYBY-Z00Z"",
""status"" : ""Reported"",
""platform"" : """",
""language"" : "".NET"",
""title"" : ""Cross-Site Scripting from \""input\"" Parameter on \""CharArrayVuln0.aspx\"" page"",
""likelihood"" : ""High"",
""impact"" : ""Medium"",
""confidence"" : ""High"",
""request"" : {
""protocol"" : ""http"",
""version"" : ""1.1"",
""uri"" : ""/MyTestApp/propagators/carray/CharArrayVuln0.aspx"",
""queryString"" : ""input=sourceTaintedData"",
""method"" : ""GET"",
""port"" : 80,
""headers"" : [ {
""name"" : ""Connection"",
""value"" : ""keep-alive""
}, {
""name"" : ""Accept"",
""value"" : ""text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8""
}, {
""name"" : ""Accept-Encoding"",
""value"" : ""gzip, deflate""
}, {
""name"" : ""Accept-Language"",
""value"" : ""en-US,en;q=0.5""
}, {
""name"" : ""Cookie"",
""value"" : ""ASP.NET_SessionId=tlspmetl2k4155htm41jkkjn""
}, {
""name"" : ""Host"",
""value"" : ""localhost""
}, {
""name"" : ""Referer"",
""value"" : ""http://localhost/MyTestApp/default.aspx""
}, {
""name"" : ""User-Agent"",
""value"" : ""Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0""
} ],
""parameters"" : [ ],
""links"" : [ ]
},
""events"" : [ {
""eventId"" : 567243,
""type"" : ""Creation"",
""codeContext"" : null
}, {
""eventId"" : 567244,
""type"" : ""O2R"",
""codeContext"" : null
}, {
""eventId"" : 567245,
""type"" : ""P2R"",
""codeContext"" : null
}, {
""eventId"" : 567246,
""type"" : ""Trigger"",
""codeContext"" : null
} ],
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/traces/c744888c-96e2-4e1d-926d-c3d715cedeeb/S17L-WMVW-GYBY-Z00Z""
}, {
""rel"" : ""application"",
""href"" : ""https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb""
} ],
""trace-id"" : 259779,
""total-traces-received"" : 1,
""last-time-seen"" : 1424269052776,
""first-time-seen"" : 1424269052776,
""sub-status"" : """",
""sub-title"" : ""from \""input\"" Parameter on \""CharArrayVuln0.aspx\"" page"",
""reported-to-bug-tracker"" : false,
""rule-name"" : ""reflected-xss"",
""severity"" : ""High""
}]";
var mockSdkHttpClient = new Mock<IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/traces/" + appId)).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(dataFlowTraceJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var traces = teamServerClient.GetTraces("orgId", appId);
Assert.AreEqual(1, traces.Count);
Trace trace = traces[0];
Assert.AreEqual("259779", trace.TraceId);
Assert.AreEqual("Cross-Site Scripting from \"input\" Parameter on \"CharArrayVuln0.aspx\" page", trace.Title);
Assert.AreEqual(8, trace.Request.Headers.Count);
Assert.AreEqual(2, trace.Links.Count);
}
public void Constructor_InvalidUrl_ArgumentExceptionThrown()
{
var tsClient = new TeamServerClient("arbitraryUser", "arbitraryServiceKey", "arbitraryApiKey",
"invalidUrlValue");
}
public void Constructor_ValidUrl_NoException()
{
var tsClient = new TeamServerClient("arbitraryUser", "arbitraryServiceKey", "arbitraryApiKey",
"http://localhost/Contrast");
}
// Example usage of DoesTraceExist method
private static bool DoesTraceExist(TeamServerClient client, string traceUuid, string organizationId)
{
var traces = client.GetTracesByUuid(organizationId, traceUuid)?.Traces;
return(traces != null && traces.Count > 0);
}
public void GetTraces_Config_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string configTraceJson = @"[{
""uuid"" : ""DW0P-4SKO-JEAK-TDOO"",
""status"" : ""Reported"",
""platform"" : """",
""language"" : "".NET"",
""title"" : ""Application Displays Detailed Error Messages in \\web.config"",
""likelihood"" : ""High"",
""impact"" : ""Low"",
""confidence"" : ""High"",
""request"" : {
""port"" : 0,
""headers"" : [ ],
""parameters"" : [ ],
""links"" : [ ]
},
""events"" : [ ],
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/traces/c744888c-96e2-4e1d-926d-c3d715cedeeb/DW0P-4SKO-JEAK-TDOO""
}, {
""rel"" : ""application"",
""href"" : ""https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb""
} ],
""trace-id"" : 259676,
""total-traces-received"" : 1,
""last-time-seen"" : 1424268996169,
""first-time-seen"" : 1424268996169,
""sub-status"" : """",
""sub-title"" : ""in \\web.config"",
""reported-to-bug-tracker"" : false,
""rule-name"" : ""custom-errors-off"",
""severity"" : ""Medium""
}]";
DateTime expectedDate = new DateTime(1970, 1, 1).AddMilliseconds(1424268996169);
var mockSdkHttpClient = new Mock<IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/traces/" + appId)).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(configTraceJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var traces = teamServerClient.GetTraces("orgId", appId);
Assert.AreEqual(1, traces.Count);
Trace trace = traces[0];
Assert.AreEqual("259676", trace.TraceId);
Assert.AreEqual("Application Displays Detailed Error Messages in \\web.config", trace.Title);
Assert.AreEqual(0, trace.Request.Parameters.Count);
Assert.AreEqual(expectedDate, trace.FirstTimeSeen);
}
public void Constructor_ValidUrl_NoException()
{
var tsClient = new TeamServerClient("arbitraryUser", "arbitraryServiceKey", "arbitraryApiKey",
"http://localhost/Contrast");
}
// Example usage of CheckForTrace method
private static bool DoesTraceExistForUrl( TeamServerClient client, string applicationId, string url )
{
string conditions = "request.uri=~" + url;
var statusCode = client.CheckForTrace(applicationId, conditions);
return (statusCode == System.Net.HttpStatusCode.OK);
}
public void Constructor_InvalidUrl_ArgumentExceptionThrown()
{
var tsClient = new TeamServerClient("arbitraryUser", "arbitraryServiceKey", "arbitraryApiKey",
"invalidUrlValue");
}
public void GetTraces_DataFlow_PropertiesMatchExpected()
{
string appId = "arbitraryId";
string dataFlowTraceJson = @"[{
""uuid"" : ""S17L-WMVW-GYBY-Z00Z"",
""status"" : ""Reported"",
""platform"" : """",
""language"" : "".NET"",
""title"" : ""Cross-Site Scripting from \""input\"" Parameter on \""CharArrayVuln0.aspx\"" page"",
""likelihood"" : ""High"",
""impact"" : ""Medium"",
""confidence"" : ""High"",
""request"" : {
""protocol"" : ""http"",
""version"" : ""1.1"",
""uri"" : ""/MyTestApp/propagators/carray/CharArrayVuln0.aspx"",
""queryString"" : ""input=sourceTaintedData"",
""method"" : ""GET"",
""port"" : 80,
""headers"" : [ {
""name"" : ""Connection"",
""value"" : ""keep-alive""
}, {
""name"" : ""Accept"",
""value"" : ""text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8""
}, {
""name"" : ""Accept-Encoding"",
""value"" : ""gzip, deflate""
}, {
""name"" : ""Accept-Language"",
""value"" : ""en-US,en;q=0.5""
}, {
""name"" : ""Cookie"",
""value"" : ""ASP.NET_SessionId=tlspmetl2k4155htm41jkkjn""
}, {
""name"" : ""Host"",
""value"" : ""localhost""
}, {
""name"" : ""Referer"",
""value"" : ""http://localhost/MyTestApp/default.aspx""
}, {
""name"" : ""User-Agent"",
""value"" : ""Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0""
} ],
""parameters"" : [ ],
""links"" : [ ]
},
""events"" : [ {
""eventId"" : 567243,
""type"" : ""Creation"",
""codeContext"" : null
}, {
""eventId"" : 567244,
""type"" : ""O2R"",
""codeContext"" : null
}, {
""eventId"" : 567245,
""type"" : ""P2R"",
""codeContext"" : null
}, {
""eventId"" : 567246,
""type"" : ""Trigger"",
""codeContext"" : null
} ],
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/traces/c744888c-96e2-4e1d-926d-c3d715cedeeb/S17L-WMVW-GYBY-Z00Z""
}, {
""rel"" : ""application"",
""href"" : ""https://localhost/Contrast/api/applications/c744888c-96e2-4e1d-926d-c3d715cedeeb""
} ],
""trace-id"" : 259779,
""total-traces-received"" : 1,
""last-time-seen"" : 1424269052776,
""first-time-seen"" : 1424269052776,
""sub-status"" : """",
""sub-title"" : ""from \""input\"" Parameter on \""CharArrayVuln0.aspx\"" page"",
""reported-to-bug-tracker"" : false,
""rule-name"" : ""reflected-xss"",
""severity"" : ""High""
}]";
var mockSdkHttpClient = new Mock <IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/traces/" + appId)).Returns(
new MemoryStream(Encoding.Unicode.GetBytes(dataFlowTraceJson))
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var traces = teamServerClient.GetTraces("orgId", appId);
Assert.AreEqual(1, traces.Count);
Trace trace = traces[0];
Assert.AreEqual("259779", trace.TraceId);
Assert.AreEqual("Cross-Site Scripting from \"input\" Parameter on \"CharArrayVuln0.aspx\" page", trace.Title);
Assert.AreEqual(8, trace.Request.Headers.Count);
Assert.AreEqual(2, trace.Links.Count);
}
// Example usage of GetAgent method
private static void DownloadAgentToDesktop(TeamServerClient client)
{
string filename = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory) + "\\dotnetagent.zip";
using (var agentStream = client.GetAgent(AgentType.DotNet, _organizationId))
{
using (var fs = new System.IO.FileStream(filename, System.IO.FileMode.Create, System.IO.FileAccess.Write))
{
agentStream.CopyTo(fs);
}
}
}
public void GetApplications_PropertiesMatchExpected()
{
string json = @"[{
""name"" : ""MyTestApp"",
""path"" : ""/MyTestApp"",
""language"" : "".NET"",
""license"" : ""Enterprise"",
""views"" : 0,
""links"" : [ {
""rel"" : ""self"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574""
}, {
""rel"" : ""traces"",
""href"" : ""https://localhost/Contrast/api/traces/91ce4b14-353c-4e0e-8bab-663895cff574""
}, {
""rel"" : ""servers"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574/servers""
}, {
""rel"" : ""sitemap-activity"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574/sitemap/activity""
}, {
""rel"" : ""reset-application"",
""href"" : ""https://localhost/Contrast/api/applications/91ce4b14-353c-4e0e-8bab-663895cff574""
} ],
""app-id"" : ""91ce4b14-353c-4e0e-8bab-663895cff574"",
""application-code"" : null,
""group-name"" : null,
""platform-version"" : null,
""platform-vulnerabilities"" : [ ],
""last-seen"" : 1416352488000
}]";
var mockSdkHttpClient = new Mock<IContrastRestClient>();
mockSdkHttpClient.Setup(client => client.GetResponseStream("api/orgId/applications/")).Returns(
new MemoryStream( Encoding.Unicode.GetBytes(json) )
);
var teamServerClient = new TeamServerClient(mockSdkHttpClient.Object);
var apps = teamServerClient.GetApplications("orgId");
Assert.AreEqual(1, apps.Count);
ContrastApplication app = apps[0];
Assert.AreEqual("91ce4b14-353c-4e0e-8bab-663895cff574", app.AppID);
Assert.AreEqual("MyTestApp", app.Name);
}
