From 24bd8556bf6289c7ea8e8c8ed7a07aed3d6fbb23 Mon Sep 17 00:00:00 2001 From: Dom Whewell Date: Wed, 13 Dec 2023 18:51:49 +0000 Subject: [PATCH] Blacked --- bbot/modules/postman.py | 7 +- .../module_tests/test_module_postman.py | 503 ++++++++++-------- 2 files changed, 289 insertions(+), 221 deletions(-) diff --git a/bbot/modules/postman.py b/bbot/modules/postman.py index f474bfc813..0f4872118b 100644 --- a/bbot/modules/postman.py +++ b/bbot/modules/postman.py @@ -1,5 +1,6 @@ from bbot.modules.templates.subdomain_enum import subdomain_enum_apikey + class postman(subdomain_enum_apikey): watched_events = ["DNS_NAME"] produced_events = ["URL_UNVERIFIED"] @@ -19,7 +20,7 @@ class postman(subdomain_enum_apikey): async def handle_event(self, event): query = self.make_query(event) self.verbose(f"Search for any postman workspaces, collections, requests belonging to {query}") - for url in (await self.query(query)): + for url in await self.query(query): self.emit_event(url, "URL_UNVERIFIED", source=event) async def query(self, query): @@ -66,8 +67,8 @@ async def query(self, query): id = item.get("id", "") interesting_urls.append(f"{self.base_url}/workspace/{id}") interesting_urls.append(f"{self.base_url}/workspace/{id}/globals") - for c_id in workspace['dependencies']['collections']: - interesting_urls.append(f'https://www.postman.com/_api/collection/{c_id}') + for c_id in workspace["dependencies"]["collections"]: + interesting_urls.append(f"https://www.postman.com/_api/collection/{c_id}") requests = await self.search_collections(r_id) for r_id in requests: interesting_urls.append(f"{self.base_url}/request/{r_id}") diff --git a/bbot/test/test_step_2/module_tests/test_module_postman.py b/bbot/test/test_step_2/module_tests/test_module_postman.py index 2cae4cbf9e..4dfaff030c 100644 --- a/bbot/test/test_step_2/module_tests/test_module_postman.py +++ b/bbot/test/test_step_2/module_tests/test_module_postman.py @@ -3,7 +3,6 @@ class TestPostman(ModuleTestBase): config_overrides = { - "modules": {"postman": {"api_key": "asdf"}}, "omit_event_types": [], "scope_report_distance": 1, } @@ -13,240 +12,308 @@ async def setup_before_prep(self, module_test): url="https://www.postman.com/_api/ws/proxy", json={ "data": { - "workspace": [ - { - "score": 348.87827, - "normalizedScore": None, - "document": { - "isPublisherVerified": False, - "publisherType": "user", - "watcherCount": 1, - "curatedInList": [], - "apiCount": 0, - "creatorId": "19863351", - "description": "", - "forkCount": 0, - "isblacklisted": "False", - "createdAt": "2022-03-15T08:08:47", - "publisherId": "19863351", - "publisherHandle": "joint-operations-cosmonaut-61183650", - "publisherLogo": "", - "isPublic": True, - "id": "58d3317b-7c43-49a8-9484-5e3b42c62a25", - "categories": [], - "universaltags": "", - "slug": "testapi", - "views": 655, - "updatedAt": "2022-03-15T08:08:47", - "summary": "", - "entityType": "workspace", - "visibilityStatus": "public", + { + "score": 499.22498, + "normalizedScore": 8.43312276976538, + "document": { + "isPublisherVerified": False, + "publisherType": "user", + "curatedInList": [], + "publisherId": "20346597", + "publisherHandle": "", + "publisherLogo": "", + "isPublic": True, + "customHostName": "", + "id": "20346597-8c1b9aba-f6ef-4f23-9f3a-8431f3567ac1", + "workspaces": [ + { + "visibilityStatus": "public", + "name": "SageCollection", + "id": "f68e0a1e-74a3-4139-bb22-48028d712814", + "slug": "sagecollection", + } + ], + "collectionForkLabel": "", + "method": "POST", + "entityType": "request", + "url": "https://api.accounting.sage.com/v3.1/contact_persons", + "isBlacklisted": False, + "warehouse__updated_at_collection": "2023-12-11 02:00:00", + "isPrivateNetworkEntity": False, + "warehouse__updated_at_request": "2023-12-11 02:00:00", + "publisherName": "Aftab Sipahi", + "name": "Returns a single Contact Person that has been created.", + "privateNetworkMeta": "", + "privateNetworkFolders": [], + "documentType": "request", + "collection": { + "id": "20346597-d88a6492-942b-46cb-9c17-ca4aac5c8f9e", + "name": "Sage Accounting API - Contacts", "tags": [], - "isBlacklisted": False, - "forkLabel": "", - "isPrivateNetworkEntity": False, - "publisherName": "Guypech", - "isDomainNonTrivial": False, - "name": "TestAPI", - "dependencyCount": 3, - "collectionCount": 2, - "privateNetworkMeta": "", - "warehouse__updated_at": "2023-12-04 03:00:00", - "privateNetworkFolders": [], - "documentType": "workspace", + "forkCount": 0, + "watcherCount": 0, + "views": 31, + "apiId": "", + "apiName": "", }, }, - ], - "collection": [], - "request": [], - "api": [], - "flow": [], - "team": [], - }, - "meta": { - "queryText": "vulnweb.com", - "total": { - "collection": 2, - "request": 105, - "workspace": 0, - "api": 0, - "team": 0, - "user": 0, - "flow": 0, - "apiDefinition": 0, - "privateNetworkFolder": 0, - }, - "state": "AQ4", - "spellCorrection": { - "count": { - "all": 107, - "workspace": 0, - "api": 0, - "team": 0, - "collection": 2, - "flow": 0, - "request": 105, - }, - "correctedQueryText": None, - }, - "featureFlags": { - "enabledPublicResultCuration": True, - "boostByPopularity": True, - "reRankPostNormalization": True, }, }, }, ) module_test.httpx_mock.add_response( - url="https://www.postman.com/_api/workspace/58d3317b-7c43-49a8-9484-5e3b42c62a25", + url="https://www.postman.com/_api/list/collection?workspace=f68e0a1e-74a3-4139-bb22-48028d712814", json={ - "model_id": "58d3317b-7c43-49a8-9484-5e3b42c62a25", - "meta": {"model": "workspace", "action": "find"}, - "data": { - "id": "58d3317b-7c43-49a8-9484-5e3b42c62a25", - "name": "TestAPI", - "description": None, - "summary": "", - "createdBy": "19863351", - "updatedBy": "19863351", - "team": None, - "createdAt": "2022-03-15T08:08:47.000Z", - "updatedAt": "2022-03-15T08:08:47.000Z", - "visibilityStatus": "public", - "profileInfo": { - "slug": "testapi", - "profileType": "user", - "profileId": "19863351", - "publicHandle": "https://www.postman.com/joint-operations-cosmonaut-61183650", - "publicImageURL": "https://res.cloudinary.com/postman/image/upload/t_user_profile_300/v1/user/default-2", - "publicName": "Guypech", - "isVerified": False, - }, - "user": "19863351", - "type": "personal", - "dependencies": { - "collections": [ - "19863351-a0cbf84c-7cca-4db7-a3dc-2c58c929af69", - "19863351-9b276682-45a7-4f82-bbe7-eff8ed0316fc", + "data": [ + { + "id": "23500452-0b0b9c23-bd02-4d8c-89be-5c5548dd8454", + "name": "Xeropayroll", + "folders_order": [], + "order": ["029c93f7-cbdf-4629-9227-99eef840d74f"], + "attributes": { + "permissions": { + "userCanUpdate": False, + "userCanDelete": False, + "userCanShare": False, + "userCanCreateMock": False, + "userCanCreateMonitor": False, + "anybodyCanView": True, + "teamCanView": True, + }, + "fork": None, + "parent": {"type": "workspace", "id": "de00a340-c5aa-4858-816f-64299ece98fd"}, + "flags": {"isArchived": False, "isFavorite": False}, + }, + "folders": [], + "requests": [ + { + "id": "23500452-029c93f7-cbdf-4629-9227-99eef840d74f", + "name": "New Request", + "method": "POST", + "collection": "23500452-0b0b9c23-bd02-4d8c-89be-5c5548dd8454", + "folder": None, + "responses_order": [], + "responses": [], + } ], - "globals": ["49d301eb-2f27-4021-8b90-5ce7942dfaf8"], }, - "members": {"users": {"19863351": {"id": "19863351"}}}, - }, - }, - ) - module_test.httpx_mock.add_response( - url="https://www.postman.com/_api/collection/19863351-a0cbf84c-7cca-4db7-a3dc-2c58c929af69", - json={ - "model_id": "a0cbf84c-7cca-4db7-a3dc-2c58c929af69", - "meta": { - "model": "collection", - "populate": False, - "changeset": False, - "action": "find", - "favorite": False, - }, - "data": { - "owner": "19863351", - "lastUpdatedBy": "19863351", - "lastRevision": 24003664197, - "team": None, - "id": "a0cbf84c-7cca-4db7-a3dc-2c58c929af69", - "name": "rest.vulnweb.com (Basic Authentication)", - "description": None, - "variables": None, - "auth": { - "type": "basic", - "basic": [ - {"key": "password", "value": "123456", "type": "string"}, - {"key": "username", "value": "admin", "type": "string"}, + { + "id": "23500452-1f619dd1-b4bb-408c-bbec-df75f55424d5", + "name": "Xero OAuth 2.0", + "folders_order": [], + "order": [ + "8e4c61c0-0547-4c25-a395-c435b1e5892b", + "19572fa2-ae18-4419-b113-7fb786cb03be", + "c880274e-a9cc-4e41-a61c-666c39f09e65", + "12c98dc3-b0cb-4b9b-8664-b03f4b318554", ], - }, - "events": [ - { - "listen": "prerequest", - "script": { - "id": "15de99b6-ac31-4a98-a009-704149f0102e", - "type": "text/javascript", - "exec": [""], + "attributes": { + "permissions": { + "userCanUpdate": False, + "userCanDelete": False, + "userCanShare": False, + "userCanCreateMock": False, + "userCanCreateMonitor": False, + "anybodyCanView": True, + "teamCanView": True, }, + "fork": None, + "parent": {"type": "workspace", "id": "de00a340-c5aa-4858-816f-64299ece98fd"}, + "flags": {"isArchived": False, "isFavorite": False}, }, - { - "listen": "test", - "script": { - "id": "dd6437b0-2a4f-44e9-a4f5-e72fc7714dd7", - "type": "text/javascript", - "exec": [""], + "folders": [], + "requests": [ + { + "id": "23500452-12c98dc3-b0cb-4b9b-8664-b03f4b318554", + "name": "Refresh token", + "method": "POST", + "collection": "23500452-1f619dd1-b4bb-408c-bbec-df75f55424d5", + "folder": None, + "responses_order": [], + "responses": [], }, + { + "id": "23500452-19572fa2-ae18-4419-b113-7fb786cb03be", + "name": "Connections", + "method": "GET", + "collection": "23500452-1f619dd1-b4bb-408c-bbec-df75f55424d5", + "folder": None, + "responses_order": [], + "responses": [], + }, + { + "id": "23500452-8e4c61c0-0547-4c25-a395-c435b1e5892b", + "name": "Get started", + "method": "GET", + "collection": "23500452-1f619dd1-b4bb-408c-bbec-df75f55424d5", + "folder": None, + "responses_order": [], + "responses": [], + }, + { + "id": "23500452-c880274e-a9cc-4e41-a61c-666c39f09e65", + "name": "Invoices", + "method": "GET", + "collection": "23500452-1f619dd1-b4bb-408c-bbec-df75f55424d5", + "folder": None, + "responses_order": [], + "responses": [], + }, + ], + }, + { + "id": "23500452-5b9d0a79-d876-4179-8c83-a67407565aed", + "name": "staffology", + "folders_order": [], + "order": ["5a802c60-9cab-4cde-a205-d005f0402893", "e9429383-ac36-4e9b-8ce0-4f7972bb1863"], + "attributes": { + "permissions": { + "userCanUpdate": False, + "userCanDelete": False, + "userCanShare": False, + "userCanCreateMock": False, + "userCanCreateMonitor": False, + "anybodyCanView": True, + "teamCanView": True, + }, + "fork": None, + "parent": {"type": "workspace", "id": "de00a340-c5aa-4858-816f-64299ece98fd"}, + "flags": {"isArchived": False, "isFavorite": False}, }, - ], - "remote_id": "0", - "remoteLink": None, - "folders_order": [ - "077fba92-ddc6-42ed-a2b8-903a2126e43c", - "725ad3a1-1c38-420b-8532-1222245c2f04", - "2dcc7c45-18f8-47ca-8aa2-618afd7f502e", - ], - "order": ["933c9652-4a3a-4c64-a1f2-a641f859dbfe"], - "createdAt": "2022-03-15T09:02:24.000Z", - "updatedAt": "2022-03-15T09:02:25.000Z", - }, - }, - ) - module_test.httpx_mock.add_response( - url="https://www.postman.com/_api/request/19863351-b821d8fa-fecf-4c46-bee9-8c555fcd9a9f", - json={ - "model_id": "ca6302b4-f157-4a8f-bebc-c4bc16148bde", - "meta": {"model": "request", "populate": False, "changeset": False, "action": "find"}, - "data": { - "owner": "23500452", - "lastUpdatedBy": "23500452", - "lastRevision": 27990084357, - "folder": "109642a4-a152-49ef-97bd-b648d9b62438", - "collection": "f214d635-d0e0-40e7-b7c6-01684346444f", - "id": "ca6302b4-f157-4a8f-bebc-c4bc16148bde", - "name": "createEmployee", - "dataMode": "raw", - "data": None, - "auth": None, - "events": None, - "rawModeData": '{\r\n "email": "dustin@gmail.com",\r\n "first_name": "Dustin",\r\n "last_name": "Henderson",\r\n "work_start_date": "2022-07-22", \r\n "send_email": "True",\r\n "date_of_birth": "1994-05-20",\r\n "gender": "Male",\r\n "marital_status": "Married",\r\n "nationality": "Canadian",\r\n "country": "CA",\r\n "state": "Quebec",\r\n "post_code": "G0H",\r\n "street_first": "ABC",\r\n "street_second": "XYZ",\r\n "city": "Montreal",\r\n "position_title":"staff"\r\n}', - "descriptionFormat": None, - "description": None, - "variables": None, - "headers": "Accept: application/json\nX-Auth-Token: 898e56c53fc72149ca5cfdb9ed00d496cb62a5dc28a4f32781504114e3ab34ff6ab8d08649a44986\n", - "method": "POST", - "pathVariables": {}, - "url": "https://njclabs.sage.hr/api/employees", - "preRequestScript": None, - "tests": None, - "currentHelper": None, - "helperAttributes": None, - "queryParams": [], - "headerData": [ - { - "key": "Accept", - "value": "application/json", - "description": None, - "type": "text", - "enabled": True, - }, - { - "key": "X-Auth-Token", - "value": "898e56c53fc72149ca5cfdb9ed00d496cb62a5dc28a4f32781504114e3ab34ff6ab8d08649a44986", - "description": None, - "type": "text", - "enabled": True, + "folders": [], + "requests": [ + { + "id": "23500452-5a802c60-9cab-4cde-a205-d005f0402893", + "name": "create employee", + "method": "POST", + "collection": "23500452-5b9d0a79-d876-4179-8c83-a67407565aed", + "folder": None, + "responses_order": [], + "responses": [], + }, + { + "id": "23500452-e9429383-ac36-4e9b-8ce0-4f7972bb1863", + "name": "Get employee", + "method": "GET", + "collection": "23500452-5b9d0a79-d876-4179-8c83-a67407565aed", + "folder": None, + "responses_order": [], + "responses": [], + }, + ], + }, + { + "id": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "name": "sageHR", + "folders_order": [ + "809fc5b8-8332-4801-b0ee-6c4f1e020bc3", + "109642a4-a152-49ef-97bd-b648d9b62438", + "3d5762c5-362f-4355-a2bc-606796bb35d2", + ], + "order": [], + "attributes": { + "permissions": { + "userCanUpdate": False, + "userCanDelete": False, + "userCanShare": False, + "userCanCreateMock": False, + "userCanCreateMonitor": False, + "anybodyCanView": True, + "teamCanView": True, + }, + "fork": None, + "parent": {"type": "workspace", "id": "de00a340-c5aa-4858-816f-64299ece98fd"}, + "flags": {"isArchived": False, "isFavorite": False}, }, - ], - "pathVariableData": [], - "protocolProfileBehavior": {"disableBodyPruning": True}, - "dataDisabled": False, - "responses_order": [], - "createdAt": "2022-11-30T15:11:24.000Z", - "updatedAt": "2022-11-30T16:52:57.000Z", - "dataOptions": {"raw": {"language": "json"}}, - }, + "folders": [ + { + "id": "23500452-109642a4-a152-49ef-97bd-b648d9b62438", + "name": "employee", + "folder": None, + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folders_order": [], + "order": [ + "ca8eff3b-c809-43db-a46c-89ab878133f6", + "ca6302b4-f157-4a8f-bebc-c4bc16148bde", + ], + "folders": [], + "requests": [ + { + "id": "23500452-ca6302b4-f157-4a8f-bebc-c4bc16148bde", + "name": "createEmployee", + "method": "POST", + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folder": "23500452-109642a4-a152-49ef-97bd-b648d9b62438", + "responses_order": [], + "responses": [], + }, + { + "id": "23500452-ca8eff3b-c809-43db-a46c-89ab878133f6", + "name": "getallEmployees", + "method": "GET", + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folder": "23500452-109642a4-a152-49ef-97bd-b648d9b62438", + "responses_order": [], + "responses": [], + }, + ], + }, + { + "id": "23500452-3d5762c5-362f-4355-a2bc-606796bb35d2", + "name": "timesheet--Timeclocking", + "folder": None, + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folders_order": [], + "order": ["f5f4ff14-3ccb-4100-be32-8277e4f7286a"], + "folders": [], + "requests": [ + { + "id": "23500452-f5f4ff14-3ccb-4100-be32-8277e4f7286a", + "name": "enter clock time", + "method": "POST", + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folder": "23500452-3d5762c5-362f-4355-a2bc-606796bb35d2", + "responses_order": [], + "responses": [], + } + ], + }, + { + "id": "23500452-809fc5b8-8332-4801-b0ee-6c4f1e020bc3", + "name": "LeaveManagement", + "folder": None, + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folders_order": [], + "order": [ + "63dec2de-4215-44e7-99cc-23645c4110e9", + "a9b00e60-5da1-4800-af76-fce8798a7c0c", + ], + "folders": [], + "requests": [ + { + "id": "23500452-63dec2de-4215-44e7-99cc-23645c4110e9", + "name": "create new timeoff request", + "method": "POST", + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folder": "23500452-809fc5b8-8332-4801-b0ee-6c4f1e020bc3", + "responses_order": [], + "responses": [], + }, + { + "id": "23500452-a9b00e60-5da1-4800-af76-fce8798a7c0c", + "name": "List Timeoff Policies", + "method": "GET", + "collection": "23500452-f214d635-d0e0-40e7-b7c6-01684346444f", + "folder": "23500452-809fc5b8-8332-4801-b0ee-6c4f1e020bc3", + "responses_order": [], + "responses": [], + }, + ], + }, + ], + "requests": [], + }, + ] }, )