FlaskrTestCase.test_sandbox_visualize() - Code Metrics - Inspection of "Refactor a bit the warnings" - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d10f0c...96f109 )

by -

created 2016-03-31 16:14 UTC

FlaskrTestCase.test_sandbox_visualize() A

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Metric	Value
cc	1
dl	0
loc	12
rs	9.4285

from spike.model.naxsi_rules import NaxsiRules

from tests import TestsThatNeedsRules


try:
    from urlparse import urlparse
except ImportError:  # python3
    from urllib.parse import urlparse


class FlaskrTestCase(TestsThatNeedsRules):
    def test_sandbox_visualize(self):
        data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        self.assertEqual(rv.status_code, 302)
        self.assertIn('https://regexper.com/#^POUET$', str(rv.data))

        del data['visualise_rule']
        data['explain_rule'] = 1
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        _rule = NaxsiRules('sqli', 'rx:^POUET$', 'BODY|URL|ARGS|$HEADERS_VAR:Cookie', '$SQL:8', '1005', "", "sqli")
        self.assertIn(str(_rule.explain()), str(rv.data).replace('\\', ''))

    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

    def test_explain_nxlog(self):
        rv = self.app.get('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 405)  # we only accept POST there.

        rv = self.app.post('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
        self.assertEqual(rv.status_code, 302)

        nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
        nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
        nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
        nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})

        self.assertIn('performed a request to', str(rv.data))

    def test_explain_whitelist(self):
        rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')

        self.assertEqual(rv.status_code, 302)

        rv = self.app.get('/sandbox/explain_whitelist/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo|$URL:/bar.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Unknown fragment:', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("No &#39;BasicRule&#39; keyword", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:2 ;'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn("Whitelist the rule 2.", str(rv.data))


1			from spike.model.naxsi_rules import NaxsiRules
2
3			from tests import TestsThatNeedsRules
4
5
6			try:
7			from urlparse import urlparse
8			except ImportError: # python3
9			from urllib.parse import urlparse
10
11
12			class FlaskrTestCase(TestsThatNeedsRules):
13			def test_sandbox_visualize(self):
14			data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
15			'visualise_rule': '1'}
16			rv = self.app.post('/sandbox/explain_rule/', data=data)
17			self.assertEqual(rv.status_code, 302)
18			self.assertIn('https://regexper.com/#^POUET$', str(rv.data))
19
20			del data['visualise_rule']
21			data['explain_rule'] = 1
22			rv = self.app.post('/sandbox/explain_rule/', data=data)
23			_rule = NaxsiRules('sqli', 'rx:^POUET$', 'BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie', '$SQL:8', '1005', "", "sqli")
24			self.assertIn(str(_rule.explain()), str(rv.data).replace('\\', ''))
25
26			def test_explain_rule(self):
27			rv = self.app.get('/sandbox/explain_rule/')
28			self.assertEqual(rv.status_code, 302)
29			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
30
31			_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
			0 ignored issues – show Bug introduced 2016-03-17 16:43 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
32			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
33			self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))
34
35			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
36			self.assertEqual(rv.status_code, 200)
37			self.assertIn(_rule.explain(), str(rv.data))
38
39			rv = self.app.get('/sandbox/explain_rule/?rule=lol')
40			self.assertEqual(rv.status_code, 302)
41			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
42
43			data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
44			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
45			self.assertEqual(rv.status_code, 200)
46			_rule = NaxsiRules()
47			_rule.parse_rule(data)
48			self.assertIn(_rule.explain(), str(rv.data))
49
50			def test_explain_nxlog(self):
51			rv = self.app.get('/sandbox/explain_nxlog/')
52			self.assertEqual(rv.status_code, 405) # we only accept POST there.
53
54			rv = self.app.post('/sandbox/explain_nxlog/')
55			self.assertEqual(rv.status_code, 302)
56
57			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
58			self.assertEqual(rv.status_code, 302)
59
60			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
61			self.assertEqual(rv.status_code, 302)
62
63			nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
64			nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
65			nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
66			nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'
67
68			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})
69
70			self.assertIn('performed a request to', str(rv.data))
71
72			def test_explain_whitelist(self):
73			rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')
			0 ignored issues – show Coding Style introduced 2016-03-31 14:38 UTC by Report Bug Copy Issue Report Exactly one space required after assignment rv =self.app.get('/sandbox/explain_whitelist/?whitelist=pouet') ^ Loading history...
74			self.assertEqual(rv.status_code, 302)
75
76			rv = self.app.get('/sandbox/explain_whitelist/')
77			self.assertEqual(rv.status_code, 302)
78
79			rv = self.app.post('/sandbox/explain_whitelist/',
80			data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
81			self.assertEqual(rv.status_code, 200)
82			self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo\|$URL:/bar.', str(rv.data))
83
84			rv = self.app.post('/sandbox/explain_whitelist/',
85			data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
86			self.assertEqual(rv.status_code, 200)
87			self.assertIn('Unknown fragment:', str(rv.data))
88
89			rv = self.app.post('/sandbox/explain_whitelist/',
90			data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
91			self.assertEqual(rv.status_code, 200)
92			self.assertIn('Illegal character in the whitelist id.', str(rv.data))
93
94			rv = self.app.post('/sandbox/explain_whitelist/',
95			data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
96			self.assertEqual(rv.status_code, 200)
97			self.assertIn('Illegal character in the whitelist id.', str(rv.data))
98
99			rv = self.app.post('/sandbox/explain_whitelist/',
100			data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
101			self.assertEqual(rv.status_code, 200)
102			self.assertIn("No 'BasicRule' keyword", str(rv.data))
103
104			rv = self.app.post('/sandbox/explain_whitelist/',
105			data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
106			self.assertEqual(rv.status_code, 200)
107			self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
108
109			rv = self.app.post('/sandbox/explain_whitelist/',
110			data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
111			self.assertEqual(rv.status_code, 200)
112			self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
113
114			rv = self.app.post('/sandbox/explain_whitelist/',
115			data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
116			self.assertEqual(rv.status_code, 200)
117			self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
118
119			rv = self.app.post('/sandbox/explain_whitelist/',
120			data={'whitelist': 'BasicRule wl:2 ;'})
121			self.assertEqual(rv.status_code, 200)
122			self.assertIn("Whitelist the rule 2.", str(rv.data))
123

nbs-system / spike

Push — master ( d10f0c...96f109 )

FlaskrTestCase.test_sandbox_visualize() A

Complexity

Size

Duplication

Duplication Side-by-Side

Filter issues like