/// <summary>
/// Creates a new report from the response event args and unit test result.
/// </summary>
/// <param name="response"> The response event args.</param>
/// <param name="unitTestResult"> The unit test result.</param>
/// <returns> A HtmlUnitTestReport type.</returns>
public HtmlUnitTestReport BuildReport(ResponseEventArgs response, UnitTestResult unitTestResult)
{
HtmlUnitTestReport report = this.BuildReport(response);
report.ResponseDocument[0].SeverityLevel = unitTestResult.SeverityLevel.ToString();
report.ResponseDocument[0].SolutionId = unitTestResult.SolutionId.ToString();
//report.ResponseDocument[0].ReferenceId = unitTestResult.SolutionId.ToString();
return report;
}
/// <summary>
/// Checks for the unit test result.
/// </summary>
/// <returns> Returns a UnitTestResult.</returns>
public UnitTestResult CheckTestResult()
{
UnitTestResult testResult = new UnitTestResult();
UnitTestSeverity statusCodeSL = UnitTestSeverity.Low;
bool isSignatureFound = false;
// check first the StatusCode result
switch ( this.HttpResponseBuffer.StatusCode )
{
case (int)HttpStatusCode.InternalServerError:
statusCodeSL = UnitTestSeverity.High;
break;
case (int)HttpStatusCode.Found:
statusCodeSL = UnitTestSeverity.Low;
break;
default:
statusCodeSL = UnitTestSeverity.Low;
break;
}
Uri responseUri = (Uri)this.HttpResponseBuffer.ResponseHeaderCollection["Response Uri"];
// if SL is Low, then check Html Source
//if ( testResult.SeverityLevel == UnitTestSeverity.Low )
//{
// checks only bo, xss and sql
switch ( this.TestToEvaluate.UnitTestDataType )
{
case UnitTestDataContainer.HtmlFormTag:
isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.HttpBody, this.TestToEvaluate.UnitTestDataType);
break;
case UnitTestDataContainer.PostDataHashtable:
isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.HttpBody, this.TestToEvaluate.UnitTestDataType);
break;
case UnitTestDataContainer.NoPostData:
isSignatureFound = ParseDataForSignature(responseUri.ToString(), this.TestToEvaluate.UnitTestDataType);
break;
case UnitTestDataContainer.Cookies:
isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.CookieData, this.TestToEvaluate.UnitTestDataType);
break;
}
#region Evaluate by test type
// check which type of test
switch ( this.TestToEvaluate.TestType )
{
case UnitTestType.BufferOverflow:
if ( statusCodeSL == UnitTestSeverity.High )
{
// 3 Success
testResult.SeverityLevel = UnitTestSeverity.High;
testResult.SolutionId = 100;
}
break;
case UnitTestType.DataTypes:
if ( statusCodeSL == UnitTestSeverity.High )
{
// 3 Success
testResult.SeverityLevel = UnitTestSeverity.High;
testResult.SolutionId = 101;
}
break;
case UnitTestType.SqlInjection:
if ( statusCodeSL == UnitTestSeverity.High )
{
// 3 Success
testResult.SeverityLevel = UnitTestSeverity.High;
testResult.SolutionId = 102;
}
else
{
if ( isSignatureFound )
{
statusCodeSL = UnitTestSeverity.Medium;
// 2 medium
testResult.SeverityLevel = UnitTestSeverity.Medium;
testResult.SolutionId = 103;
}
}
break;
case UnitTestType.XSS:
if ( statusCodeSL == UnitTestSeverity.High )
{
// 3 Success
testResult.SeverityLevel = UnitTestSeverity.High;
testResult.SolutionId = 104;
}
else
{
if ( isSignatureFound )
{
statusCodeSL = UnitTestSeverity.High;
// 3 always high
testResult.SeverityLevel = UnitTestSeverity.High;
testResult.SolutionId = 105;
}
}
break;
}
#endregion
//}
if ( statusCodeSL == UnitTestSeverity.Low )
{
testResult.SeverityLevel = statusCodeSL;
testResult.SolutionId = 200;
}
return testResult;
}
