|
1
|
|
|
from spike.model.naxsi_rules import NaxsiRules |
|
2
|
|
|
|
|
3
|
|
|
from . import TestsThatNeedsRules |
|
4
|
|
|
|
|
5
|
|
|
try: |
|
6
|
|
|
from urlparse import urlparse |
|
7
|
|
|
except ImportError: # python3 |
|
8
|
|
|
from urllib.parse import urlparse |
|
9
|
|
|
|
|
10
|
|
|
|
|
11
|
|
|
class FlaskrTestCase(TestsThatNeedsRules): |
|
12
|
|
|
def test_sandbox_rule(self): |
|
13
|
|
|
rv = self.app.get('/sandbox/rule') |
|
14
|
|
|
self.assertEqual(rv.status_code, 200) |
|
15
|
|
|
|
|
16
|
|
|
def test_sandbox_visualize(self): |
|
17
|
|
|
data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;', |
|
18
|
|
|
'visualise_rule': '1'} |
|
19
|
|
|
rv = self.app.post('/sandbox/rule', data=data) |
|
20
|
|
|
self.assertEqual(rv.status_code, 302) |
|
21
|
|
|
self.assertIn('https://regexper.com/#^POUET$', str(rv.data)) |
|
22
|
|
|
|
|
23
|
|
|
del data['visualise_rule'] |
|
24
|
|
|
data['explain_rule'] = 1 |
|
25
|
|
|
rv = self.app.post('/sandbox/rule', data=data) |
|
26
|
|
|
_rule = NaxsiRules('sqli', 'rx:^POUET$', 'BODY|URL|ARGS|$HEADERS_VAR:Cookie', '$SQL:8', '1005', "", "sqli") |
|
27
|
|
|
self.assertIn(str(_rule.explain()), str(rv.data).replace('\\', '')) |
|
28
|
|
|
|
|
29
|
|
|
def test_explain_rule(self): |
|
30
|
|
|
rv = self.app.get('/sandbox/explain_rule/') |
|
31
|
|
|
self.assertEqual(rv.status_code, 302) |
|
32
|
|
|
self.assertEqual(urlparse(rv.location).path, '/sandbox/') |
|
33
|
|
|
|
|
34
|
|
|
_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
|
|
|
|
|
35
|
|
|
rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True) |
|
36
|
|
|
self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data)) |
|
37
|
|
|
|
|
38
|
|
|
rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid)) |
|
39
|
|
|
self.assertEqual(rv.status_code, 200) |
|
40
|
|
|
self.assertIn(_rule.explain(), str(rv.data)) |
|
41
|
|
|
|
|
42
|
|
|
rv = self.app.get('/sandbox/explain_rule/?rule=lol') |
|
43
|
|
|
self.assertEqual(rv.status_code, 302) |
|
44
|
|
|
self.assertEqual(urlparse(rv.location).path, '/sandbox/') |
|
45
|
|
|
|
|
46
|
|
|
rv = self.app.post('/sandbox/explain_rule/', data={'rule': str(_rule)}) |
|
47
|
|
|
self.assertEqual(rv.status_code, 200) |
|
48
|
|
|
#self.assertIn(_rule.explain(), str(rv.data)) # FIXME this is broken |
|
|
|
|
|
|
49
|
|
|
|
|
50
|
|
|
def test_explain_nxlog(self): |
|
51
|
|
|
rv = self.app.get('/sandbox/explain_nxlog/') |
|
52
|
|
|
self.assertEqual(rv.status_code, 405) # we only accept POST there. |
|
53
|
|
|
|
|
54
|
|
|
rv = self.app.post('/sandbox/explain_nxlog/') |
|
55
|
|
|
self.assertEqual(rv.status_code, 302) |
|
56
|
|
|
|
|
57
|
|
|
rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'}) |
|
58
|
|
|
self.assertEqual(rv.status_code, 302) |
|
59
|
|
|
|
|
60
|
|
|
rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'}) |
|
61
|
|
|
self.assertEqual(rv.status_code, 302) |
|
62
|
|
|
|
|
63
|
|
|
nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&' |
|
64
|
|
|
nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&' |
|
65
|
|
|
nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,' |
|
66
|
|
|
nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"' |
|
67
|
|
|
|
|
68
|
|
|
rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog}) |
|
69
|
|
|
|
|
70
|
|
|
self.assertIn('performed a request to', str(rv.data)) |
|
|
|
|
|
nbs-system /
spike
Loading history...
This check looks for calls to members that are non-existent. These calls will fail.
The member could have been renamed or removed.