FlaskrTestCase.test_explain_rule() - Code Metrics - Inspection of "Even more coverage and bugfixes" - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 3f857f...2fa2ab )

by -

created 2016-04-01 16:34 UTC

FlaskrTestCase.test_explain_rule() B

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Metric	Value
dl	0
loc	28
rs	8.8571
cc	1

from spike.model.naxsi_rules import NaxsiRules

from tests import TestsThatNeedsRules


try:
    from urlparse import urlparse
except ImportError:  # python3
    from urllib.parse import urlparse


class FlaskrTestCase(TestsThatNeedsRules):
    def test_sandbox_visualize(self):
        data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        self.assertEqual(rv.status_code, 302)
        self.assertIn('https://regexper.com/#^POUET$', str(rv.data))

        data = {'rule': 'MainRule "str:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',

                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        self.assertEqual(rv.status_code, 200)
        self.assertIn('The rule is not a regexp, so you can not visualize it.', str(rv.data))

    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

        data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('&#39;lol:^POUET$&#39; is an invalid element and thus can not be parsed.', str(rv.data))

    def test_explain_nxlog(self):
        rv = self.app.get('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 405)  # we only accept POST there.

        rv = self.app.post('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
        self.assertEqual(rv.status_code, 302)

        nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
        nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
        nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
        nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})

        self.assertIn('performed a request to', str(rv.data))

    def test_explain_whitelist(self):
        rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')

        self.assertEqual(rv.status_code, 302)

        rv = self.app.get('/sandbox/explain_whitelist/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.get('/sandbox/explain_whitelist/?whitelist=13371337', follow_redirects=True)
        self.assertIn('Not rule with id 13371337', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo|$URL:/bar.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Unknown fragment:', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("No &#39;BasicRule&#39; keyword", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2 ;'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2.", str(rv.data))


1			from spike.model.naxsi_rules import NaxsiRules
2
3			from tests import TestsThatNeedsRules
4
5
6			try:
7			from urlparse import urlparse
8			except ImportError: # python3
9			from urllib.parse import urlparse
10
11
12			class FlaskrTestCase(TestsThatNeedsRules):
13			def test_sandbox_visualize(self):
14			data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
15			'visualise_rule': '1'}
16			rv = self.app.post('/sandbox/explain_rule/', data=data)
17			self.assertEqual(rv.status_code, 302)
18			self.assertIn('https://regexper.com/#^POUET$', str(rv.data))
19
20			data = {'rule': 'MainRule "str:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
			0 ignored issues – show Coding Style introduced 2016-04-01 16:35 UTC by Report Bug Copy Issue Report This line is too long as per the coding-style (121/120). This check looks for lines that are too long. You can specify the maximum line length. Loading history...
21			'visualise_rule': '1'}
22			rv = self.app.post('/sandbox/explain_rule/', data=data)
23			self.assertEqual(rv.status_code, 200)
24			self.assertIn('The rule is not a regexp, so you can not visualize it.', str(rv.data))
25
26			def test_explain_rule(self):
27			rv = self.app.get('/sandbox/explain_rule/')
28			self.assertEqual(rv.status_code, 302)
29			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
30
31			_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
			0 ignored issues – show Bug introduced 2016-03-17 16:43 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
32			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
33			self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))
34
35			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
36			self.assertEqual(rv.status_code, 200)
37			self.assertIn(_rule.explain(), str(rv.data))
38
39			rv = self.app.get('/sandbox/explain_rule/?rule=lol')
40			self.assertEqual(rv.status_code, 302)
41			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
42
43			data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
44			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
45			self.assertEqual(rv.status_code, 200)
46			_rule = NaxsiRules()
47			_rule.parse_rule(data)
48			self.assertIn(_rule.explain(), str(rv.data))
49
50			data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
51			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
52			self.assertEqual(rv.status_code, 200)
53			self.assertIn(''lol:^POUET$' is an invalid element and thus can not be parsed.', str(rv.data))
54
55			def test_explain_nxlog(self):
56			rv = self.app.get('/sandbox/explain_nxlog/')
57			self.assertEqual(rv.status_code, 405) # we only accept POST there.
58
59			rv = self.app.post('/sandbox/explain_nxlog/')
60			self.assertEqual(rv.status_code, 302)
61
62			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
63			self.assertEqual(rv.status_code, 302)
64
65			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
66			self.assertEqual(rv.status_code, 302)
67
68			nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
69			nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
70			nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
71			nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'
72
73			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})
74
75			self.assertIn('performed a request to', str(rv.data))
76
77			def test_explain_whitelist(self):
78			rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')
			0 ignored issues – show Coding Style introduced 2016-03-31 14:38 UTC by Report Bug Copy Issue Report Exactly one space required after assignment rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet') ^ Loading history...
79			self.assertEqual(rv.status_code, 302)
80
81			rv = self.app.get('/sandbox/explain_whitelist/')
82			self.assertEqual(rv.status_code, 302)
83
84			rv = self.app.get('/sandbox/explain_whitelist/?whitelist=13371337', follow_redirects=True)
85			self.assertIn('Not rule with id 13371337', str(rv.data))
86
87			rv = self.app.post('/sandbox/explain_whitelist/',
88			data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
89			self.assertEqual(rv.status_code, 200)
90			self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo\|$URL:/bar.', str(rv.data))
91
92			rv = self.app.post('/sandbox/explain_whitelist/',
93			data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
94			self.assertEqual(rv.status_code, 200)
95			self.assertIn('Unknown fragment:', str(rv.data))
96
97			rv = self.app.post('/sandbox/explain_whitelist/',
98			data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
99			self.assertEqual(rv.status_code, 200)
100			self.assertIn('Illegal character in the whitelist id.', str(rv.data))
101
102			rv = self.app.post('/sandbox/explain_whitelist/',
103			data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
104			self.assertEqual(rv.status_code, 200)
105			self.assertIn('Illegal character in the whitelist id.', str(rv.data))
106
107			rv = self.app.post('/sandbox/explain_whitelist/',
108			data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
109			self.assertEqual(rv.status_code, 200)
110			self.assertIn("No 'BasicRule' keyword", str(rv.data))
111
112			rv = self.app.post('/sandbox/explain_whitelist/',
113			data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
114			self.assertEqual(rv.status_code, 200)
115			self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
116
117			rv = self.app.post('/sandbox/explain_whitelist/',
118			data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
119			self.assertEqual(rv.status_code, 200)
120			self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
121
122			rv = self.app.post('/sandbox/explain_whitelist/',
123			data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
124			self.assertEqual(rv.status_code, 200)
125			self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
126
127			rv = self.app.post('/sandbox/explain_whitelist/',
128			data={'whitelist': 'BasicRule wl:2 ;'})
129			self.assertEqual(rv.status_code, 200)
130			self.assertIn("Whitelist the rule 2.", str(rv.data))
131

nbs-system / spike

Push — master ( 3f857f...2fa2ab )

FlaskrTestCase.test_explain_rule() B

Complexity

Size

Duplication

Duplication Side-by-Side

Filter issues like