FlaskrTestCase.test_explain_whitelist() - Code Metrics - Inspection of "Bump coverage" - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 7b0c38...43a11b )

by -

created 2016-03-30 16:44 UTC

FlaskrTestCase.test_explain_whitelist() A

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Metric	Value
dl	0
loc	10
rs	9.4285
cc	1

from spike.model.naxsi_rules import NaxsiRules

from tests import TestsThatNeedsRules


try:
    from urlparse import urlparse
except ImportError:  # python3
    from urllib.parse import urlparse


class FlaskrTestCase(TestsThatNeedsRules):
    def test_sandbox_rule(self):
        rv = self.app.get('/sandbox/rule')
        self.assertEqual(rv.status_code, 405)

        rv = self.app.post('/sandbox/rule')
        self.assertEqual(rv.status_code, 200)

    def test_sandbox_visualize(self):
        data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/rule', data=data)
        self.assertEqual(rv.status_code, 302)
        self.assertIn('https://regexper.com/#^POUET$', str(rv.data))

        del data['visualise_rule']
        data['explain_rule'] = 1
        rv = self.app.post('/sandbox/rule', data=data)
        _rule = NaxsiRules('sqli', 'rx:^POUET$', 'BODY|URL|ARGS|$HEADERS_VAR:Cookie', '$SQL:8', '1005', "", "sqli")
        self.assertIn(str(_rule.explain()), str(rv.data).replace('\\', ''))

    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

    def test_explain_nxlog(self):
        rv = self.app.get('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 405)  # we only accept POST there.

        rv = self.app.post('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
        self.assertEqual(rv.status_code, 302)

        nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
        nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
        nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
        nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})

        self.assertIn('performed a request to', str(rv.data))

    def test_explain_whitelist(self):
        rv = self.app.get('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:1000 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo|$URL:/bar.', str(rv.data))

        rv = self.app.get('/sandbox/explain_whitelist/',
                          data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Unknown fragment:', str(rv.data))


1			from spike.model.naxsi_rules import NaxsiRules
2
3			from tests import TestsThatNeedsRules
4
5
6			try:
7			from urlparse import urlparse
8			except ImportError: # python3
9			from urllib.parse import urlparse
10
11
12			class FlaskrTestCase(TestsThatNeedsRules):
13			def test_sandbox_rule(self):
14			rv = self.app.get('/sandbox/rule')
15			self.assertEqual(rv.status_code, 405)
16
17			rv = self.app.post('/sandbox/rule')
18			self.assertEqual(rv.status_code, 200)
19
20			def test_sandbox_visualize(self):
21			data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
22			'visualise_rule': '1'}
23			rv = self.app.post('/sandbox/rule', data=data)
24			self.assertEqual(rv.status_code, 302)
25			self.assertIn('https://regexper.com/#^POUET$', str(rv.data))
26
27			del data['visualise_rule']
28			data['explain_rule'] = 1
29			rv = self.app.post('/sandbox/rule', data=data)
30			_rule = NaxsiRules('sqli', 'rx:^POUET$', 'BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie', '$SQL:8', '1005', "", "sqli")
31			self.assertIn(str(_rule.explain()), str(rv.data).replace('\\', ''))
32
33			def test_explain_rule(self):
34			rv = self.app.get('/sandbox/explain_rule/')
35			self.assertEqual(rv.status_code, 302)
36			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
37
38			_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
			0 ignored issues – show Bug introduced 2016-03-17 16:43 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
39			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
40			self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))
41
42			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
43			self.assertEqual(rv.status_code, 200)
44			self.assertIn(_rule.explain(), str(rv.data))
45
46			rv = self.app.get('/sandbox/explain_rule/?rule=lol')
47			self.assertEqual(rv.status_code, 302)
48			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
49
50			data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;'
51			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
52			self.assertEqual(rv.status_code, 200)
53			_rule = NaxsiRules()
54			_rule.parse_rule(data)
55			self.assertIn(_rule.explain(), str(rv.data))
56
57			def test_explain_nxlog(self):
58			rv = self.app.get('/sandbox/explain_nxlog/')
59			self.assertEqual(rv.status_code, 405) # we only accept POST there.
60
61			rv = self.app.post('/sandbox/explain_nxlog/')
62			self.assertEqual(rv.status_code, 302)
63
64			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
65			self.assertEqual(rv.status_code, 302)
66
67			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
68			self.assertEqual(rv.status_code, 302)
69
70			nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
71			nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
72			nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
73			nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'
74
75			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})
76
77			self.assertIn('performed a request to', str(rv.data))
78
79			def test_explain_whitelist(self):
80			rv = self.app.get('/sandbox/explain_whitelist/',
81			data={'whitelist': 'BasicRule wl:1000 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
82			self.assertEqual(rv.status_code, 200)
83			self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo\|$URL:/bar.', str(rv.data))
84
85			rv = self.app.get('/sandbox/explain_whitelist/',
86			data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
87			self.assertEqual(rv.status_code, 200)
88			self.assertIn('Unknown fragment:', str(rv.data))
89

nbs-system / spike

Push — master ( 7b0c38...43a11b )

FlaskrTestCase.test_explain_whitelist() A

Complexity

Size

Duplication

Duplication Side-by-Side

Filter issues like