|
1
|
|
|
from time import strftime, localtime |
|
2
|
|
|
import re |
|
3
|
|
|
|
|
4
|
|
|
from spike import create_app |
|
5
|
|
|
from spike.model import db |
|
6
|
|
|
from spike.model.naxsi_rules import NaxsiRules |
|
7
|
|
|
|
|
8
|
|
|
try: |
|
9
|
|
|
from urlparse import urlparse |
|
10
|
|
|
except ImportError: # python3 |
|
11
|
|
|
from urllib.parse import urlparse |
|
12
|
|
|
|
|
13
|
|
|
import unittest |
|
14
|
|
|
|
|
15
|
|
|
|
|
16
|
|
|
class FlaskrTestCase(unittest.TestCase): |
|
17
|
|
|
def setUp(self): |
|
18
|
|
|
app = create_app() |
|
19
|
|
|
db.init_app(app) |
|
20
|
|
|
app.config['TESTING'] = True |
|
21
|
|
|
self.app = app.test_client() |
|
22
|
|
|
self.created_rules = list() |
|
23
|
|
|
|
|
24
|
|
|
def tearDown(self): |
|
25
|
|
|
self.__delete_rule() |
|
26
|
|
|
|
|
27
|
|
|
def __create_rule(self): |
|
28
|
|
|
""" |
|
29
|
|
|
|
|
30
|
|
|
:return int: The id of the new rule |
|
31
|
|
|
""" |
|
32
|
|
|
current_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
33
|
|
|
current_sid = 1337 if current_sid is None else current_sid.sid + 1 |
|
34
|
|
|
|
|
35
|
|
|
db.session.add(NaxsiRules(u'POUET', 'str:test', u'BODY', u'$SQL:8', current_sid, u'WEB_APPS', |
|
36
|
|
|
u'f hqewifueiwf hueiwhf uiewh fiewh fhw', '1', True, 1457101045)) |
|
37
|
|
|
self.created_rules.append(current_sid) |
|
38
|
|
|
return current_sid |
|
39
|
|
|
|
|
40
|
|
|
def __delete_rule(self, sid=None): |
|
41
|
|
|
if sid: |
|
42
|
|
|
db.session.delete(NaxsiRules.query.filter(sid == NaxsiRules.sid).first()) |
|
43
|
|
|
for sid in self.created_rules: |
|
44
|
|
|
_rule = NaxsiRules.query.filter(sid == NaxsiRules.sid).first() |
|
45
|
|
|
if _rule: |
|
46
|
|
|
db.session.delete(_rule) |
|
47
|
|
|
|
|
48
|
|
|
def test_index(self): |
|
49
|
|
|
rv = self.app.get('/', follow_redirects=True) |
|
50
|
|
|
self.assertEqual(rv.status_code, 200) |
|
51
|
|
|
self.assertIn('<title>SPIKE! - WAF Rules Builder</title>', rv.data) |
|
52
|
|
|
self.assertTrue(re.search(r'<h2>Naxsi - Rules \( \d+ \)</h2>', rv.data) is not None) |
|
53
|
|
|
|
|
54
|
|
|
def test_view(self): |
|
55
|
|
|
_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
56
|
|
|
rv = self.app.get('/rules/view/%d' % _rule.sid) |
|
57
|
|
|
self.assertEqual(rv.status_code, 200) |
|
58
|
|
|
|
|
59
|
|
|
rv = self.app.get('/rules/view/%d' % (_rule.sid + 1)) |
|
60
|
|
|
self.assertEqual(urlparse(rv.location).path, '/rules/') |
|
61
|
|
|
|
|
62
|
|
|
def test_new_rule(self): |
|
63
|
|
|
data = { |
|
64
|
|
|
'msg': 'this is a test message', |
|
65
|
|
|
'detection': 'DETECTION', |
|
66
|
|
|
'mz': 'BODY', |
|
67
|
|
|
'custom_mz_val': '', |
|
68
|
|
|
'negative': 'checked', |
|
69
|
|
|
'score_$SQL': 8, |
|
70
|
|
|
'score': '$SQL', |
|
71
|
|
|
'rmks': 'this is a test remark', |
|
72
|
|
|
'ruleset': 'WEB_APPS' |
|
73
|
|
|
} |
|
74
|
|
|
rv = self.app.post('/rules/new', data=data, follow_redirects=True) |
|
75
|
|
|
_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
76
|
|
|
|
|
77
|
|
|
self.assertIn(('<li> - OK: created %d : %s</li>' % (_rule.sid, _rule.msg)), rv.data) |
|
78
|
|
|
self.assertEqual(_rule.msg, data['msg']) |
|
79
|
|
|
self.assertEqual(_rule.detection, 'str:' + data['detection']) |
|
80
|
|
|
self.assertEqual(_rule.mz, data['mz']) |
|
81
|
|
|
self.assertEqual(_rule.score, data['score'] + ':' + str(data['score_$SQL'])) |
|
82
|
|
|
self.assertEqual(_rule.rmks, data['rmks']) |
|
83
|
|
|
self.assertEqual(_rule.ruleset, data['ruleset']) |
|
84
|
|
|
|
|
85
|
|
|
rv = self.app.get('/rules/new') |
|
86
|
|
|
self.assertEqual(rv.status_code, 200) |
|
87
|
|
|
|
|
88
|
|
|
self.__delete_rule(_rule.sid) |
|
89
|
|
|
|
|
90
|
|
|
def test_del_rule(self): |
|
91
|
|
|
old_sid = self.__create_rule() |
|
92
|
|
|
|
|
93
|
|
|
db.session.add(NaxsiRules(u'PIF', 'str:test', u'BODY', u'$SQL:8', old_sid + 1, u'WEB_APPS', |
|
94
|
|
|
u'f hqewifueiwf hueiwhf uiewh fiewh fhw', '1', True, 1457101045)) |
|
95
|
|
|
rv = self.app.get('/rules/del/%d' % (old_sid + 1)) |
|
96
|
|
|
self.assertEqual(rv.status_code, 302) |
|
97
|
|
|
|
|
98
|
|
|
_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
99
|
|
|
self.assertEqual(_rule.sid, old_sid) |
|
100
|
|
|
|
|
101
|
|
|
rv = self.app.get('/rules/del/%d' % (_rule.sid + 1)) |
|
102
|
|
|
self.assertEqual(rv.status_code, 302) |
|
103
|
|
|
|
|
104
|
|
|
self.__delete_rule() |
|
105
|
|
|
|
|
106
|
|
|
def test_plain_rule(self): |
|
107
|
|
|
_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
108
|
|
|
rv = self.app.get('/rules/plain/%d' % _rule.sid) |
|
109
|
|
|
self.assertEqual(rv.status_code, 200) |
|
110
|
|
|
rdate = strftime("%F - %H:%M", localtime(float(str(_rule.timestamp)))) |
|
111
|
|
|
rmks = "# ".join(_rule.rmks.strip().split("\n")) |
|
112
|
|
|
detect = _rule.detection.lower() if _rule.detection.startswith("str:") else _rule.detection |
|
113
|
|
|
negate = 'negative' if _rule.negative == 1 else '' |
|
114
|
|
|
expected = """ |
|
115
|
|
|
# |
|
116
|
|
|
# sid: %s | date: %s |
|
117
|
|
|
# |
|
118
|
|
|
# %s |
|
119
|
|
|
# |
|
120
|
|
|
MainRule %s "%s" "msg:%s" "mz:%s" "s:%s" id:%s ; |
|
121
|
|
|
|
|
122
|
|
|
""" % (_rule.sid, rdate, rmks, negate, detect, _rule.msg, _rule.mz, _rule.score, _rule.sid) |
|
123
|
|
|
self.assertEqual(expected, rv.data) |
|
124
|
|
|
|
|
125
|
|
|
def test_deact_rule(self): |
|
126
|
|
|
rv = self.app.get('/rules/deact/') |
|
127
|
|
|
self.assertEqual(rv.status_code, 404) |
|
128
|
|
|
|
|
129
|
|
|
last_insert = self.__create_rule() |
|
130
|
|
|
non_existent_sid = last_insert + 1 |
|
131
|
|
|
|
|
132
|
|
|
rv = self.app.get('/rules/deact/%d' % last_insert) # deactivate |
|
133
|
|
|
self.assertEqual(rv.status_code, 200) |
|
134
|
|
|
_rule = NaxsiRules.query.filter(NaxsiRules.sid == last_insert).first() |
|
135
|
|
|
self.assertEqual(_rule.active, 0) |
|
136
|
|
|
|
|
137
|
|
|
rv = self.app.get('/rules/deact/%d' % last_insert) # activate |
|
138
|
|
|
self.assertEqual(rv.status_code, 200) |
|
139
|
|
|
_rule = NaxsiRules.query.filter(NaxsiRules.sid == last_insert).first() |
|
140
|
|
|
self.assertEqual(_rule.active, 1) |
|
141
|
|
|
|
|
142
|
|
|
rv = self.app.get('/rules/deact/%d' % non_existent_sid) |
|
143
|
|
|
self.assertEqual(rv.status_code, 302) |
|
144
|
|
|
|
|
145
|
|
|
self.__delete_rule() |
|
146
|
|
|
|
|
147
|
|
|
def test_search_rule(self): |
|
148
|
|
|
rv = self.app.get('/rules/search/') |
|
149
|
|
|
self.assertEqual(rv.status_code, 302) |
|
150
|
|
|
|
|
151
|
|
|
rv = self.app.get('/rules/search/?s=a') |
|
152
|
|
|
self.assertEqual(rv.status_code, 302) |
|
153
|
|
|
|
|
154
|
|
|
rv = self.app.get('/rules/search/?s="OR 1=1;--') |
|
155
|
|
|
self.assertEqual(rv.status_code, 200) |
|
156
|
|
|
self.assertIn('<input type="text" name="s" size="20" value=""OR 1=1;--"', rv.data) |
|
157
|
|
|
self.assertIn('<p><strong>Search: OR 11--</strong></p>', rv.data) # filtered data |
|
158
|
|
|
|
|
159
|
|
|
rv = self.app.get('/rules/search/?s=1337') # get rule by id |
|
160
|
|
|
self.assertEqual(rv.status_code, 200) |
|
161
|
|
|
|
|
162
|
|
|
def test_edit_rule(self): |
|
163
|
|
|
non_nxistent_sid = self.__create_rule() + 1 |
|
164
|
|
|
rv = self.app.get('/rules/edit/%d' % non_nxistent_sid) |
|
165
|
|
|
self.assertEqual(rv.status_code, 302) |
|
166
|
|
|
|
|
167
|
|
|
self.__delete_rule() |
|
168
|
|
|
|
nbs-system /
spike
