def __init__(self, app, config=None): self.app = app # merging user's defined configurations with the default one px_config = PxConfig(config) logger = px_config.logger if not px_config.app_id: logger.error( 'Unable to initialize module, missing mandatory configuration: app_id' ) raise ValueError('PX App ID is missing') if not px_config.auth_token: logger.error( 'Unable to initialize module, missing mandatory configuration: auth_token' ) raise ValueError('PX Auth Token is missing') if not px_config.cookie_key: logger.error( 'Unable to initialize module, missing mandatory configuration: px_cookie' ) raise ValueError('PX Cookie Key is missing') self.reverse_proxy_prefix = px_config.app_id[2:].lower() self._config = px_config self._request_verifier = PxRequestVerifier(px_config) px_activities_client.init_activities_configuration(px_config)
def setUpClass(cls): cls.config = PxConfig({'app_id': 'PXfake_app_id'}) cls.headers = { 'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content-length': '100' }
def setUpClass(cls): cls.cookie_key = 'Pyth0nS3crE7K3Y' cls.config = PxConfig({'app_id': 'app_id', 'cookie_key': cls.cookie_key}) cls.headers = {'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100', 'path': '/fake_app_id/init.js'}
def test_verify_cookie_high_score(self): config = self.config self.headers['cookie'] = '_px3=bf46ceff75278ae166f376cbf741a7639060581035dd4e93641892c905dd0d67:EGFGcwQ2rum7KRmQCeSXBAUt1+25mj2DFJYi7KJkEliF3cBspdXtD2X03Csv8N8B6S5Bte/4ccCcETkBNDVxTw==:1000:x9x+oI6BISFhlKEERpf8HpZD2zXBCW9lzVfuRURHaAnbaMnpii+XjPEd7a7EGGUSMch5ramy3y+KOxyuX3F+LbGYwvn3OJb+u40zU+ixT1w5N15QltX+nBMhC7izC1l8QtgMuG/f3Nts5ebnec9j2V7LS5Y1/5b73rd9s7AMnug=' builder = EnvironBuilder(headers=self.headers) env = builder.get_environ() request = Request(env) ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'})) verified = px_cookie_validator.verify(ctx, config) self.assertTrue(verified) self.assertEqual('none', ctx.s2s_call_reason) del self.headers['cookie']
def test_verify_whitelist(self): config = PxConfig({ 'app_id': 'PXfake_app_id', 'whitelist_routes': ['whitelisted'] }) builder = EnvironBuilder(headers=self.headers, path='/whitelisted') env = builder.get_environ() request = Request(env) context = PxContext(request, config) response = self.request_handler.verify_request(context, request) self.assertEqual(response, True)
def setUpClass(cls): cls.config = PxConfig({ 'app_id': 'PXfake_app_id', 'module_mode': px_constants.MODULE_MODE_BLOCKING }) cls.headers = { 'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100' } cls.request_handler = PxRequestVerifier(cls.config)
def test_verify_no_cookie(self): config = self.config builder = EnvironBuilder(headers= self.headers) env = builder.get_environ() request = Request(env) ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'})) verified = px_cookie_validator.verify(ctx, config) self.assertFalse(verified) self.assertEqual('no_cookie', ctx.s2s_call_reason)
def test_verify_valid_cookie(self): config = self.config self.headers['cookie'] = '_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA=' builder = EnvironBuilder(headers=self.headers) env = builder.get_environ() request = Request(env) ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'})) verified = px_cookie_validator.verify(ctx, config) self.assertTrue(verified) self.assertEqual('none', ctx.s2s_call_reason) del self.headers['cookie']
def test_handle_verification_failed(self): config = PxConfig({ 'app_id': 'PXfake_app_id', 'whitelist_routes': ['whitelisted'] }) builder = EnvironBuilder(headers=self.headers, path='/whitelisted') env = builder.get_environ() request = Request(env) context = PxContext(request, config) context.score = 100 response = self.request_handler.handle_verification(context, request) self.assertEqual(response.status, '403 Forbidden')
def test_prepare_risk_body(self): config = PxConfig({'app_id': 'app_id', 'enrich_custom_parameters': self.enrich_custom_parameters}) builder = EnvironBuilder(headers=self.headers, path='/') env = builder.get_environ() request = Request(env) context = PxContext(request, config) context.s2s_call_reason = 'no_cookie' body = px_api.prepare_risk_body(context, config) self.assertEqual(body['additional'].get('custom_param1'), '1') self.assertEqual(body['additional'].get('custom_param2'), '5') self.assertFalse(body['additional'].get('custom'))
def test_constructor(self): config_dict = { 'app_id': 'PXfake_app_id', 'debug_mode': True, 'module_mode': px_constants.MODULE_MODE_BLOCKING } config = PxConfig(config_dict) self.assertEqual(config._monitor_mode, 1) self.assertEqual(config.debug_mode, True) self.assertEqual(config.server_host, 'sapi-pxfake_app_id.perimeterx.net') self.assertEqual(config.collector_host, 'collector-pxfake_app_id.perimeterx.net')
def test_verify_hmac_validation(self): config = self.config cookie_value = '774958bcc232343ea1a876b92ababf47086d8a4d95165bbd6f98b55d7e61afd2a05:ow3Er5dskpt8ZZ11CRiDMAueEi3ozJTqMBnYzsSM7/8vHTDA0so6ekhruiTrXa/taZINotR5PnTo78D5zM2pWw==:1000:uQ3Tdt7D3mSO5CuHDis3GgrnkGMC+XAghbHuNOE9x4H57RAmtxkTcNQ1DaqL8rx79bHl0iPVYlOcRmRgDiBCUoizBdUCjsSIplofPBLIl8WpfHDDtpxPKzz9I2rUEbFFjiTY3rPGob2PUvTsDXTfPUeHnzKqbNTO8z7H6irFnUE=' self.headers['cookie'] = '_px3=' + cookie_value builder = EnvironBuilder(headers=self.headers) env = builder.get_environ() request = Request(env) ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'})) verified = px_cookie_validator.verify(ctx, config) self.assertFalse(verified) self.assertEqual('cookie_validation_failed', ctx.s2s_call_reason) self.assertEqual('', ctx.px_orig_cookie) del self.headers['cookie']
def test_verify_expired_cookie(self): config = self.config cookie_value = '0d67bdf4a58c524b55b9cf0f703e4f0f3cbe23a10bd2671530d3c7e0cfa509eb:HOiYSw11ICB2A+HYx+C+l5Naxcl7hMeEo67QNghCQByyHlhWZT571ZKfqV98JFWg7TvbV9QtlrQtXakPYeIEjQ==:1000:+kuXS/iJUoEqrm8Fo4K0cTebsc4YQZu+f5bRGX0lC1T+l0g1gzRUuKiCtWTar28Y0wjch1ZQvkNy523Pxr07agVi/RL0SUktmEl59qGor+m4FLewZBVdcgx/Ya9kU0riis98AAR0zdTpTtoN5wpNbmztIpOZ0YejeD0Esk3vagU=' self.headers['cookie'] = '_px3=' + cookie_value builder = EnvironBuilder(headers=self.headers) env = builder.get_environ() request = Request(env) ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'})) verified = px_cookie_validator.verify(ctx, config) self.assertFalse(verified) self.assertEqual('cookie_expired', ctx.s2s_call_reason) self.assertEqual('', ctx.px_orig_cookie) del self.headers['cookie']
def test_send_risk_request(self): config = PxConfig({'app_id': 'app_id', 'enrich_custom_parameters': self.enrich_custom_parameters, 'auth_token': 'auth'}) builder = EnvironBuilder(headers=self.headers, path='/test_path') env = builder.get_environ() request = Request(env) context = PxContext(request, config) uuid_val = str(uuid.uuid4()) response = ResponseMock({'score': 100, 'uuid': uuid_val, 'action': 'c'}) with mock.patch('perimeterx.px_httpc.send', return_value=response): response = px_api.send_risk_request(context, config) self.assertEqual({'action': 'c', 'score': 100, 'uuid': uuid_val}, response)
def test_handle_monitor(self): config = PxConfig({ 'app_id': 'PXfake_app_id', 'auth_token': '', 'module_mode': px_constants.MODULE_MODE_MONITORING }) request_handler = PxRequestVerifier(config) builder = EnvironBuilder(headers=self.headers, path='/') env = builder.get_environ() request = Request(env) context = PxContext(request, request_handler.config) context.score = 100 response = request_handler.handle_verification(context, request) self.assertEqual(response, True)
def test_prepare_risk_body(self): config = PxConfig({ 'app_id': 'app_id', 'enrich_custom_parameters': self.enrich_custom_parameters }) additional = {} px_utils.prepare_custom_params(config, additional) self.assertEqual(additional.get('custom_param1'), '1') self.assertEqual(additional.get('custom_param2'), '2') self.assertEqual(additional.get('custom_param10'), '10') self.assertFalse(additional.get('custom_param11')) self.assertFalse(additional.get('custom'))
def test_testing_mode_handling(self): config = PxConfig({ 'app_id': 'fake_app_id' }) headers = {'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100', 'cookie': '_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA='} builder = EnvironBuilder(headers=headers) env = builder.get_environ() request = Request(env) context = PxContext(request, config) data, headers, status = px_testing_mode_handler.testing_mode_handling(context, config, {}) response_json = '{"vid": "", "ip": "127.0.0.1", "decoded_px_cookie": "", "is_made_s2s_api_call": false, "http_method": "GET", "px_cookie_hmac": "", "uuid": "", "http_version": "1.1", "hostname": "localhost", "risk_rtt": 0, "score": -1, "pxde": {}, "module_mode": 0, "pxde_verified": false, "cookie_origin": "cookie", "s2s_call_reason": "none", "sensitive_route": false, "px_cookies": {"_px3": "bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA="}, "uri": "/", "full_url": "http://localhost/", "headers": {"Remote-Addr": "127.0.0.1", "Host": "localhost", "X-Forwarded-For": "127.0.0.1"}, "block_action": "", "user_agent": "", "block_reason": ""}' self.assertEqual(data, response_json)
def test_verify(self): config = PxConfig({'app_id': 'app_id', 'enrich_custom_parameters': self.enrich_custom_parameters, 'auth_token': 'auth'}) builder = EnvironBuilder(headers=self.headers, path='/test_path') env = builder.get_environ() request = Request(env) context = PxContext(request, config) uuid_val = str(uuid.uuid4()) data_enrichment = {'timestamp': 10033200222} response = {'score': 100, 'uuid': uuid_val, 'action': 'c', 'data_enrichment': data_enrichment} with mock.patch('perimeterx.px_api.send_risk_request', return_value=response): api_response = px_api.verify(context, config) self.assertEqual('s2s_high_score', context.block_reason) self.assertEqual('c', context.block_action) self.assertTrue(api_response) self.assertEqual(data_enrichment, context.pxde)
def test_bypass_monitor_header_configured_but_missing(self): config = PxConfig({ 'app_id': 'PXfake_app_id', 'auth_token': '', 'module_mode': px_constants.MODULE_MODE_MONITORING, 'bypass_monitor_header': 'x-px-block' }) headers = { 'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100' } request_handler = PxRequestVerifier(config) builder = EnvironBuilder(headers=headers, path='/') env = builder.get_environ() request = Request(env) context = PxContext(request, request_handler.config) context.score = 100 response = request_handler.handle_verification(context, request) self.assertEqual(response, True)
def test_specific_enforced_routes_with_unenforced_route(self): config = PxConfig({ 'app_id': 'PXfake_app_id', 'auth_token': '', 'module_mode': px_constants.MODULE_MODE_BLOCKING, 'enforced_specific_routes': ['/profile'], }) headers = { 'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100' } request_handler = PxRequestVerifier(config) builder = EnvironBuilder(headers=headers, path='/') env = builder.get_environ() request = Request(env) context = PxContext(request, request_handler.config) context.score = 100 response = request_handler.verify_request(context, request) self.assertEqual(response, True)
def test_handle_ratelimit(self): px_blocker = PXBlocker() vid = 'bf619be8-94be-458a-b6b1-ee81f154c282' px_uuid = '8712cef7-bcfa-4bb6-ae99-868025e1908a' config = PxConfig({'app_id': 'PXfake_app_id'}) builder = EnvironBuilder(headers=self.headers, path='/fake_app_id/init.js') env = builder.get_environ() request = Request(env) context = PxContext(request, self.config) context.vid = vid context.uuid = px_uuid context.block_action = 'r' message, _, _ = px_blocker.handle_blocking(context, config) blocking_message = None working_dir = os.path.dirname(os.path.realpath(__file__)) with open(working_dir + '/px_blocking_messages/ratelimit.txt', 'r') as myfile: blocking_message = myfile.read() self.assertEqual(message, blocking_message)
def test_is_static_file(self): config = PxConfig({'app_id': 'fake_app_id'}) headers = { 'X-FORWARDED-FOR': '127.0.0.1', 'remote-addr': '127.0.0.1', 'content_length': '100', 'cookie': '_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA=' } builder = EnvironBuilder(headers=headers, path='/sample.css') env = builder.get_environ() request = Request(env) context = PxContext(request, config) self.assertTrue(px_utils.is_static_file(context)) builder = EnvironBuilder(headers=headers, path='/sample.html') env = builder.get_environ() request = Request(env) context = PxContext(request, config) self.assertFalse(px_utils.is_static_file(context))
def test_send(self): with requests_mock.mock() as m: config = PxConfig({'app_id': 'PXfake_app_id'}) full_url = 'this_url.com/uri' method = 'POST' body = 'content to post' headers = {'content-type': 'application/json'} m.post('https://' + full_url) response = px_httpc.send(full_url=full_url, config=config, method=method, body=body, headers=headers) m.called m.get('https://' + full_url) method = 'GET' response = px_httpc.send(full_url=full_url, config=config, method=method, body=body, headers=headers) self.assertEqual(m.call_count, 2)
def setUpClass(cls): config = PxConfig({'app_id': 'fake_app_id', 'cookie_key': 'test_key'}) cls.config = config
def setUpClass(cls): config = PxConfig({'app_id': 'fake_app_id'}) cls.px_cookie = PxCookie(config) cls.config = config