/// <summary> /// Creates a new report from the response event args and unit test result. /// </summary> /// <param name="response"> The response event args.</param> /// <param name="unitTestResult"> The unit test result.</param> /// <returns> A HtmlUnitTestReport type.</returns> public HtmlUnitTestReport BuildReport(ResponseEventArgs response, UnitTestResult unitTestResult) { HtmlUnitTestReport report = this.BuildReport(response); report.ResponseDocument[0].SeverityLevel = unitTestResult.SeverityLevel.ToString(); report.ResponseDocument[0].SolutionId = unitTestResult.SolutionId.ToString(); //report.ResponseDocument[0].ReferenceId = unitTestResult.SolutionId.ToString(); return report; }
/// <summary> /// Checks for the unit test result. /// </summary> /// <returns> Returns a UnitTestResult.</returns> public UnitTestResult CheckTestResult() { UnitTestResult testResult = new UnitTestResult(); UnitTestSeverity statusCodeSL = UnitTestSeverity.Low; bool isSignatureFound = false; // check first the StatusCode result switch ( this.HttpResponseBuffer.StatusCode ) { case (int)HttpStatusCode.InternalServerError: statusCodeSL = UnitTestSeverity.High; break; case (int)HttpStatusCode.Found: statusCodeSL = UnitTestSeverity.Low; break; default: statusCodeSL = UnitTestSeverity.Low; break; } Uri responseUri = (Uri)this.HttpResponseBuffer.ResponseHeaderCollection["Response Uri"]; // if SL is Low, then check Html Source //if ( testResult.SeverityLevel == UnitTestSeverity.Low ) //{ // checks only bo, xss and sql switch ( this.TestToEvaluate.UnitTestDataType ) { case UnitTestDataContainer.HtmlFormTag: isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.HttpBody, this.TestToEvaluate.UnitTestDataType); break; case UnitTestDataContainer.PostDataHashtable: isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.HttpBody, this.TestToEvaluate.UnitTestDataType); break; case UnitTestDataContainer.NoPostData: isSignatureFound = ParseDataForSignature(responseUri.ToString(), this.TestToEvaluate.UnitTestDataType); break; case UnitTestDataContainer.Cookies: isSignatureFound = ParseDataForSignature(this.HttpResponseBuffer.CookieData, this.TestToEvaluate.UnitTestDataType); break; } #region Evaluate by test type // check which type of test switch ( this.TestToEvaluate.TestType ) { case UnitTestType.BufferOverflow: if ( statusCodeSL == UnitTestSeverity.High ) { // 3 Success testResult.SeverityLevel = UnitTestSeverity.High; testResult.SolutionId = 100; } break; case UnitTestType.DataTypes: if ( statusCodeSL == UnitTestSeverity.High ) { // 3 Success testResult.SeverityLevel = UnitTestSeverity.High; testResult.SolutionId = 101; } break; case UnitTestType.SqlInjection: if ( statusCodeSL == UnitTestSeverity.High ) { // 3 Success testResult.SeverityLevel = UnitTestSeverity.High; testResult.SolutionId = 102; } else { if ( isSignatureFound ) { statusCodeSL = UnitTestSeverity.Medium; // 2 medium testResult.SeverityLevel = UnitTestSeverity.Medium; testResult.SolutionId = 103; } } break; case UnitTestType.XSS: if ( statusCodeSL == UnitTestSeverity.High ) { // 3 Success testResult.SeverityLevel = UnitTestSeverity.High; testResult.SolutionId = 104; } else { if ( isSignatureFound ) { statusCodeSL = UnitTestSeverity.High; // 3 always high testResult.SeverityLevel = UnitTestSeverity.High; testResult.SolutionId = 105; } } break; } #endregion //} if ( statusCodeSL == UnitTestSeverity.Low ) { testResult.SeverityLevel = statusCodeSL; testResult.SolutionId = 200; } return testResult; }