|
1
|
|
|
from spike.model.naxsi_rules import NaxsiRules |
|
2
|
|
|
from spike.model.naxsi_rulesets import NaxsiRuleSets |
|
3
|
|
|
|
|
4
|
|
|
try: |
|
5
|
|
|
from urlparse import urlparse |
|
6
|
|
|
except ImportError: # python3 |
|
7
|
|
|
from urllib.parse import urlparse |
|
8
|
|
|
|
|
9
|
|
|
from spike import create_app |
|
10
|
|
|
from spike.model import db, rulesets_seeds |
|
11
|
|
|
from time import time |
|
12
|
|
|
import unittest |
|
13
|
|
|
import random |
|
14
|
|
|
import string |
|
15
|
|
|
|
|
16
|
|
|
|
|
17
|
|
|
class FlaskrTestCase(unittest.TestCase): |
|
18
|
|
|
def setUp(self): |
|
19
|
|
|
app = create_app('../config.cfg') |
|
20
|
|
|
db.init_app(app) |
|
21
|
|
|
app.config['TESTING'] = True |
|
22
|
|
|
self.app = app.test_client() |
|
23
|
|
|
|
|
24
|
|
|
def test_index(self): |
|
25
|
|
|
rv = self.app.get('/rulesets', follow_redirects=False) |
|
26
|
|
|
self.assertEqual(rv.status_code, 301) |
|
27
|
|
|
self.assertEqual(urlparse(rv.location).path, '/rulesets/') |
|
28
|
|
|
|
|
29
|
|
|
rv = self.app.get('/rulesets/', follow_redirects=False) |
|
30
|
|
|
self.assertEqual(rv.status_code, 200) |
|
31
|
|
|
|
|
32
|
|
|
def test_plain(self): |
|
33
|
|
|
rv = self.app.get('/rulesets/plain', follow_redirects=False) |
|
34
|
|
|
self.assertEqual(rv.status_code, 301) |
|
35
|
|
|
|
|
36
|
|
|
rv = self.app.get('/rulesets/plain', follow_redirects=True) |
|
37
|
|
|
for seed in rulesets_seeds: |
|
38
|
|
|
self.assertIn(seed, str(rv.data)) |
|
39
|
|
|
|
|
40
|
|
|
rv = self.app.get('/rulesets/plain/1', follow_redirects=True) |
|
41
|
|
|
self.assertTrue(any(i for i in rulesets_seeds if i in str(rv.data))) |
|
42
|
|
|
|
|
43
|
|
|
rv = self.app.get('/rulesets/plain/123456789', follow_redirects=True) |
|
44
|
|
|
self.assertEqual(rv.data, b'') |
|
45
|
|
|
|
|
46
|
|
|
self.assertTrue(True) |
|
47
|
|
|
|
|
48
|
|
|
def test_view(self): |
|
49
|
|
|
_rid = NaxsiRuleSets.query.filter().first() |
|
|
|
|
|
|
50
|
|
|
rv = self.app.get('/rulesets/view/%d' % _rid.id, follow_redirects=False) |
|
51
|
|
|
self.assertEqual(rv.status_code, 200) |
|
52
|
|
|
|
|
53
|
|
|
_nonexistent_rid = _rid.id + 1 |
|
54
|
|
|
rv = self.app.get('/rulesets/view/%d' % _nonexistent_rid, follow_redirects=False) |
|
55
|
|
|
self.assertEqual(rv.status_code, 200) |
|
56
|
|
|
|
|
57
|
|
|
def test_new(self): |
|
58
|
|
|
rname = next(iter(rulesets_seeds)) |
|
59
|
|
|
rv = self.app.post('/rulesets/new', data={'rname': rname}) |
|
60
|
|
|
self.assertEqual(rv.status_code, 302) |
|
61
|
|
|
self.assertEqual(urlparse(rv.location).path, '/rulesets/') |
|
62
|
|
|
|
|
63
|
|
|
random_name = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16)) |
|
64
|
|
|
rv = self.app.post('/rulesets/new', data={'rname': random_name}) |
|
65
|
|
|
self.assertEqual(rv.status_code, 302) |
|
66
|
|
|
_rule = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == random_name).first() |
|
|
|
|
|
|
67
|
|
|
self.assertEqual(_rule.name, random_name) |
|
68
|
|
|
db.session.delete(_rule) |
|
69
|
|
|
db.session.commit() |
|
70
|
|
|
|
|
71
|
|
View Code Duplication |
def test_del(self): |
|
|
|
|
|
|
72
|
|
|
random_name = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16)) |
|
73
|
|
|
db.session.add(NaxsiRuleSets(random_name, "naxsi-ruleset: %s" % random_name, int(time()))) |
|
74
|
|
|
db.session.commit() |
|
75
|
|
|
_rid = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == random_name).first().id |
|
|
|
|
|
|
76
|
|
|
|
|
77
|
|
|
_nonexistent_rid = _rid + 1 |
|
78
|
|
|
rv = self.app.post('/rulesets/del/%d' % _nonexistent_rid) |
|
79
|
|
|
self.assertEqual(rv.status_code, 302) |
|
80
|
|
|
|
|
81
|
|
|
rv = self.app.post('/rulesets/del/%d' % _rid) |
|
82
|
|
|
self.assertEqual(rv.status_code, 302) |
|
83
|
|
|
_rule = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == random_name).first() |
|
|
|
|
|
|
84
|
|
|
self.assertEqual(_rule, None) |
|
85
|
|
|
|
|
86
|
|
View Code Duplication |
def test_select(self): |
|
|
|
|
|
|
87
|
|
|
current_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first() |
|
|
|
|
|
|
88
|
|
|
current_sid = 1337 if current_sid is None else current_sid.sid + 1 |
|
89
|
|
|
|
|
90
|
|
|
db.session.add(NaxsiRules(u'POUET', 'str:test', u'BODY', u'$SQL:8', current_sid, u'WEB_APPS', |
|
91
|
|
|
u'f hqewifueiwf hueiwhf uiewh fiewh fhw', '1', True, 1457101045)) |
|
92
|
|
|
db.session.commit() |
|
93
|
|
|
|
|
94
|
|
|
_ruleset = NaxsiRules.query.first().ruleset |
|
|
|
|
|
|
95
|
|
|
rv = self.app.get('/rulesets/select/%s' % _ruleset) |
|
96
|
|
|
self.assertEqual(rv.status_code, 200) |
|
97
|
|
|
self.assertIn(_ruleset, str(rv.data)) |
|
98
|
|
|
|
|
99
|
|
|
random_name = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16)) |
|
100
|
|
|
rv = self.app.get('/rulesets/select/%s' % random_name) |
|
101
|
|
|
self.assertEqual(rv.status_code, 200) |
|
102
|
|
|
|
|
103
|
|
|
db.session.delete(NaxsiRules.query.filter(current_sid == NaxsiRules.sid).first()) |
|
|
|
|
|
|
104
|
|
|
|
nbs-system /
spike
jvoisin
Julien (jvoisin) Voisin
bui
Loading history...
This check looks for calls to members that are non-existent. These calls will fail.
The member could have been renamed or removed.