Issues in test_sandbox.py (master) - Issues in master - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Issues (119)

tests/test_sandbox.py (1 issue)

Labels

Bug 1

Severity

Major 1

from spike.model.naxsi_rules import NaxsiRules

from tests import TestsThatNeedsRules

try:
    from urlparse import urlparse
except ImportError:  # python3
    from urllib.parse import urlparse


class FlaskrTestCase(TestsThatNeedsRules):
    def test_sandbox_visualize(self):
        data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        #self.assertEqual(rv.status_code, 302)
        #self.assertIn('https://regexper.com/#^POUET$', str(rv.data))

        data = {'rule': 'MainRule "str:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
                'visualise_rule': '1'}
        rv = self.app.post('/sandbox/explain_rule/', data=data)
        self.assertEqual(rv.status_code, 200)
        self.assertIn('The rule is not a regexp, so you can not visualize it.', str(rv.data))

    def test_explain_rule(self):
        rv = self.app.get('/sandbox/explain_rule/')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        _rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
        self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
        self.assertEqual(rv.status_code, 200)
        self.assertIn(_rule.explain(), str(rv.data))

        rv = self.app.get('/sandbox/explain_rule/?rule=lol')
        self.assertEqual(rv.status_code, 302)
        self.assertEqual(urlparse(rv.location).path, '/sandbox/')

        data = 'MainRule "rx:^POUET$" "msg: sqli"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        _rule = NaxsiRules()
        _rule.parse_rule(data)
        self.assertIn(_rule.explain(), str(rv.data))

        data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
        rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn('is an invalid element and thus can not be parsed.', str(rv.data))

    def test_explain_nxlog(self):
        rv = self.app.get('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 405)  # we only accept POST there.

        rv = self.app.post('/sandbox/explain_nxlog/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
        self.assertEqual(rv.status_code, 302)

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
        self.assertEqual(rv.status_code, 302)

        nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
        nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
        nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
        nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'

        rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})

        self.assertIn('performed a request to', str(rv.data))

    def test_explain_whitelist(self):
        rv = self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.get('/sandbox/explain_whitelist/')
        self.assertEqual(rv.status_code, 302)

        rv = self.app.get('/sandbox/explain_whitelist/?whitelist=13371337', follow_redirects=True)
        self.assertIn('Not rule with id 13371337', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo in $URL:/bar.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn('Unknown fragment:', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn('Illegal character in the whitelist id.', str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn("No &#39;BasicRule&#39; keyword", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo|$URL:/bar";'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo|$URL:/bar.", str(rv.data))

        rv = self.app.post('/sandbox/explain_whitelist/',
                           data={'whitelist': 'BasicRule wl:2 ;'})
        self.assertEqual(rv.status_code, 200)
        #self.assertIn("Whitelist the rule 2.", str(rv.data))


1			from spike.model.naxsi_rules import NaxsiRules
2
3			from tests import TestsThatNeedsRules
4
5			try:
6			from urlparse import urlparse
7			except ImportError: # python3
8			from urllib.parse import urlparse
9
10
11			class FlaskrTestCase(TestsThatNeedsRules):
12			def test_sandbox_visualize(self):
13			data = {'rule': 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
14			'visualise_rule': '1'}
15			rv = self.app.post('/sandbox/explain_rule/', data=data)
16			#self.assertEqual(rv.status_code, 302)
17			#self.assertIn('https://regexper.com/#^POUET$', str(rv.data))
18
19			data = {'rule': 'MainRule "str:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;',
20			'visualise_rule': '1'}
21			rv = self.app.post('/sandbox/explain_rule/', data=data)
22			self.assertEqual(rv.status_code, 200)
23			self.assertIn('The rule is not a regexp, so you can not visualize it.', str(rv.data))
24
25			def test_explain_rule(self):
26			rv = self.app.get('/sandbox/explain_rule/')
27			self.assertEqual(rv.status_code, 302)
28			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
29
30			_rule = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
			0 ignored issues – show Bug introduced 2016-03-17 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
31			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid + 1), follow_redirects=True)
32			self.assertIn('Not rule with id {0}'.format(_rule.sid + 1), str(rv.data))
33
34			rv = self.app.get('/sandbox/explain_rule/?rule={0}'.format(_rule.sid))
35			self.assertEqual(rv.status_code, 200)
36			self.assertIn(_rule.explain(), str(rv.data))
37
38			rv = self.app.get('/sandbox/explain_rule/?rule=lol')
39			self.assertEqual(rv.status_code, 302)
40			self.assertEqual(urlparse(rv.location).path, '/sandbox/')
41
42			data = 'MainRule "rx:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
43			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
44			self.assertEqual(rv.status_code, 200)
45			_rule = NaxsiRules()
46			_rule.parse_rule(data)
47			self.assertIn(_rule.explain(), str(rv.data))
48
49			data = 'MainRule "lol:^POUET$" "msg: sqli" "mz:BODY\|URL\|ARGS\|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005 ;'
50			rv = self.app.post('/sandbox/explain_rule/', data={'rule': data})
51			self.assertEqual(rv.status_code, 200)
52			#self.assertIn('is an invalid element and thus can not be parsed.', str(rv.data))
53
54			def test_explain_nxlog(self):
55			rv = self.app.get('/sandbox/explain_nxlog/')
56			self.assertEqual(rv.status_code, 405) # we only accept POST there.
57
58			rv = self.app.post('/sandbox/explain_nxlog/')
59			self.assertEqual(rv.status_code, 302)
60
61			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': '1234, lol'})
62			self.assertEqual(rv.status_code, 302)
63
64			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': 'ip=1234'})
65			self.assertEqual(rv.status_code, 302)
66
67			nxlog = '2013/11/10 07:36:19 [error] 8278#0: *5932 NAXSI_FMT: ip=X.X.X.X&server=Y.Y.Y.Y&'
68			nxlog += 'uri=/phpMyAdmin-2.8.2/scripts/setup.php&learning=0&vers=0.52&total_processed=472&total_blocked=204&'
69			nxlog += 'block=0&cscore0=$UWA&score0=8&zone0=HEADERS&id0=42000227&var_name0=user-agent, client: X.X.X.X,'
70			nxlog += 'server: blog.memze.ro, request: "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1", host: "X.X.X.X"'
71
72			rv = self.app.post('/sandbox/explain_nxlog/', data={'nxlog': nxlog})
73
74			self.assertIn('performed a request to', str(rv.data))
75
76			def test_explain_whitelist(self):
77			rv = self.app.get('/sandbox/explain_whitelist/?whitelist=pouet')
78			self.assertEqual(rv.status_code, 302)
79
80			rv = self.app.get('/sandbox/explain_whitelist/')
81			self.assertEqual(rv.status_code, 302)
82
83			rv = self.app.get('/sandbox/explain_whitelist/?whitelist=13371337', follow_redirects=True)
84			self.assertIn('Not rule with id 13371337', str(rv.data))
85
86			rv = self.app.post('/sandbox/explain_whitelist/',
87			data={'whitelist': 'BasicRule wl:0 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
88			self.assertEqual(rv.status_code, 200)
89			self.assertIn('Whitelist all rules if matching in $ARGS_VAR:foo in $URL:/bar.', str(rv.data))
90
91			rv = self.app.post('/sandbox/explain_whitelist/',
92			data={'whitelist': 'BasicRule wl:1000 "lol:pouet";'})
93			self.assertEqual(rv.status_code, 200)
94			#self.assertIn('Unknown fragment:', str(rv.data))
95
96			rv = self.app.post('/sandbox/explain_whitelist/',
97			data={'whitelist': 'BasicRule wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
98			self.assertEqual(rv.status_code, 200)
99			#self.assertIn('Illegal character in the whitelist id.', str(rv.data))
100
101			rv = self.app.post('/sandbox/explain_whitelist/',
102			data={'whitelist': 'BasicRule negative wl:AAA "mz:$ARGS_VAR:foo\|$URL:/bar";'})
103			self.assertEqual(rv.status_code, 200)
104			#self.assertIn('Illegal character in the whitelist id.', str(rv.data))
105
106			rv = self.app.post('/sandbox/explain_whitelist/',
107			data={'whitelist': 'wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
108			self.assertEqual(rv.status_code, 200)
109			#self.assertIn("No 'BasicRule' keyword", str(rv.data))
110
111			rv = self.app.post('/sandbox/explain_whitelist/',
112			data={'whitelist': 'BasicRule wl:2 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
113			self.assertEqual(rv.status_code, 200)
114			#self.assertIn("Whitelist the rule 2 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
115
116			rv = self.app.post('/sandbox/explain_whitelist/',
117			data={'whitelist': 'BasicRule wl:2,3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
118			self.assertEqual(rv.status_code, 200)
119			#self.assertIn("Whitelist the rule 2, the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
120
121			rv = self.app.post('/sandbox/explain_whitelist/',
122			data={'whitelist': 'BasicRule wl:2,-3 "mz:$ARGS_VAR:foo\|$URL:/bar";'})
123			self.assertEqual(rv.status_code, 200)
124			#self.assertIn("Whitelist the rule 2, except the rule 3 if matching in $ARGS_VAR:foo\|$URL:/bar.", str(rv.data))
125
126			rv = self.app.post('/sandbox/explain_whitelist/',
127			data={'whitelist': 'BasicRule wl:2 ;'})
128			self.assertEqual(rv.status_code, 200)
129			#self.assertIn("Whitelist the rule 2.", str(rv.data))
130

nbs-system / spike

Issues (119)

tests/test_sandbox.py (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like