def __init__(self, app, config=None):
self.app = app
# merging user's defined configurations with the default one
px_config = PxConfig(config)
logger = px_config.logger
if not px_config.app_id:
logger.error(
'Unable to initialize module, missing mandatory configuration: app_id'
)
raise ValueError('PX App ID is missing')
if not px_config.auth_token:
logger.error(
'Unable to initialize module, missing mandatory configuration: auth_token'
)
raise ValueError('PX Auth Token is missing')
if not px_config.cookie_key:
logger.error(
'Unable to initialize module, missing mandatory configuration: px_cookie'
)
raise ValueError('PX Cookie Key is missing')
self.reverse_proxy_prefix = px_config.app_id[2:].lower()
self._config = px_config
self._request_verifier = PxRequestVerifier(px_config)
px_activities_client.init_activities_configuration(px_config)
def setUpClass(cls):
cls.config = PxConfig({'app_id': 'PXfake_app_id'})
cls.headers = {
'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content-length': '100'
}
def setUpClass(cls):
cls.cookie_key = 'Pyth0nS3crE7K3Y'
cls.config = PxConfig({'app_id': 'app_id',
'cookie_key': cls.cookie_key})
cls.headers = {'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content_length': '100',
'path': '/fake_app_id/init.js'}
def test_verify_cookie_high_score(self):
config = self.config
self.headers['cookie'] = '_px3=bf46ceff75278ae166f376cbf741a7639060581035dd4e93641892c905dd0d67:EGFGcwQ2rum7KRmQCeSXBAUt1+25mj2DFJYi7KJkEliF3cBspdXtD2X03Csv8N8B6S5Bte/4ccCcETkBNDVxTw==:1000:x9x+oI6BISFhlKEERpf8HpZD2zXBCW9lzVfuRURHaAnbaMnpii+XjPEd7a7EGGUSMch5ramy3y+KOxyuX3F+LbGYwvn3OJb+u40zU+ixT1w5N15QltX+nBMhC7izC1l8QtgMuG/f3Nts5ebnec9j2V7LS5Y1/5b73rd9s7AMnug='
builder = EnvironBuilder(headers=self.headers)
env = builder.get_environ()
request = Request(env)
ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'}))
verified = px_cookie_validator.verify(ctx, config)
self.assertTrue(verified)
self.assertEqual('none', ctx.s2s_call_reason)
del self.headers['cookie']
def test_verify_whitelist(self):
config = PxConfig({
'app_id': 'PXfake_app_id',
'whitelist_routes': ['whitelisted']
})
builder = EnvironBuilder(headers=self.headers, path='/whitelisted')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
response = self.request_handler.verify_request(context, request)
self.assertEqual(response, True)
def setUpClass(cls):
cls.config = PxConfig({
'app_id': 'PXfake_app_id',
'module_mode': px_constants.MODULE_MODE_BLOCKING
})
cls.headers = {
'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content_length': '100'
}
cls.request_handler = PxRequestVerifier(cls.config)
def test_verify_no_cookie(self):
config = self.config
builder = EnvironBuilder(headers= self.headers)
env = builder.get_environ()
request = Request(env)
ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'}))
verified = px_cookie_validator.verify(ctx, config)
self.assertFalse(verified)
self.assertEqual('no_cookie', ctx.s2s_call_reason)
def test_verify_valid_cookie(self):
config = self.config
self.headers['cookie'] = '_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA='
builder = EnvironBuilder(headers=self.headers)
env = builder.get_environ()
request = Request(env)
ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'}))
verified = px_cookie_validator.verify(ctx, config)
self.assertTrue(verified)
self.assertEqual('none', ctx.s2s_call_reason)
del self.headers['cookie']
def test_handle_verification_failed(self):
config = PxConfig({
'app_id': 'PXfake_app_id',
'whitelist_routes': ['whitelisted']
})
builder = EnvironBuilder(headers=self.headers, path='/whitelisted')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
context.score = 100
response = self.request_handler.handle_verification(context, request)
self.assertEqual(response.status, '403 Forbidden')
def test_prepare_risk_body(self):
config = PxConfig({'app_id': 'app_id', 'enrich_custom_parameters': self.enrich_custom_parameters})
builder = EnvironBuilder(headers=self.headers, path='/')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
context.s2s_call_reason = 'no_cookie'
body = px_api.prepare_risk_body(context, config)
self.assertEqual(body['additional'].get('custom_param1'), '1')
self.assertEqual(body['additional'].get('custom_param2'), '5')
self.assertFalse(body['additional'].get('custom'))
def test_constructor(self):
config_dict = {
'app_id': 'PXfake_app_id',
'debug_mode': True,
'module_mode': px_constants.MODULE_MODE_BLOCKING
}
config = PxConfig(config_dict)
self.assertEqual(config._monitor_mode, 1)
self.assertEqual(config.debug_mode, True)
self.assertEqual(config.server_host,
'sapi-pxfake_app_id.perimeterx.net')
self.assertEqual(config.collector_host,
'collector-pxfake_app_id.perimeterx.net')
def test_verify_hmac_validation(self):
config = self.config
cookie_value = '774958bcc232343ea1a876b92ababf47086d8a4d95165bbd6f98b55d7e61afd2a05:ow3Er5dskpt8ZZ11CRiDMAueEi3ozJTqMBnYzsSM7/8vHTDA0so6ekhruiTrXa/taZINotR5PnTo78D5zM2pWw==:1000:uQ3Tdt7D3mSO5CuHDis3GgrnkGMC+XAghbHuNOE9x4H57RAmtxkTcNQ1DaqL8rx79bHl0iPVYlOcRmRgDiBCUoizBdUCjsSIplofPBLIl8WpfHDDtpxPKzz9I2rUEbFFjiTY3rPGob2PUvTsDXTfPUeHnzKqbNTO8z7H6irFnUE='
self.headers['cookie'] = '_px3=' + cookie_value
builder = EnvironBuilder(headers=self.headers)
env = builder.get_environ()
request = Request(env)
ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'}))
verified = px_cookie_validator.verify(ctx, config)
self.assertFalse(verified)
self.assertEqual('cookie_validation_failed', ctx.s2s_call_reason)
self.assertEqual('', ctx.px_orig_cookie)
del self.headers['cookie']
def test_verify_expired_cookie(self):
config = self.config
cookie_value = '0d67bdf4a58c524b55b9cf0f703e4f0f3cbe23a10bd2671530d3c7e0cfa509eb:HOiYSw11ICB2A+HYx+C+l5Naxcl7hMeEo67QNghCQByyHlhWZT571ZKfqV98JFWg7TvbV9QtlrQtXakPYeIEjQ==:1000:+kuXS/iJUoEqrm8Fo4K0cTebsc4YQZu+f5bRGX0lC1T+l0g1gzRUuKiCtWTar28Y0wjch1ZQvkNy523Pxr07agVi/RL0SUktmEl59qGor+m4FLewZBVdcgx/Ya9kU0riis98AAR0zdTpTtoN5wpNbmztIpOZ0YejeD0Esk3vagU='
self.headers['cookie'] = '_px3=' + cookie_value
builder = EnvironBuilder(headers=self.headers)
env = builder.get_environ()
request = Request(env)
ctx = PxContext(request, PxConfig({'app_id': 'fake_app_id'}))
verified = px_cookie_validator.verify(ctx, config)
self.assertFalse(verified)
self.assertEqual('cookie_expired', ctx.s2s_call_reason)
self.assertEqual('', ctx.px_orig_cookie)
del self.headers['cookie']
def test_send_risk_request(self):
config = PxConfig({'app_id': 'app_id',
'enrich_custom_parameters': self.enrich_custom_parameters,
'auth_token': 'auth'})
builder = EnvironBuilder(headers=self.headers, path='/test_path')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
uuid_val = str(uuid.uuid4())
response = ResponseMock({'score': 100, 'uuid': uuid_val, 'action': 'c'})
with mock.patch('perimeterx.px_httpc.send', return_value=response):
response = px_api.send_risk_request(context, config)
self.assertEqual({'action': 'c', 'score': 100, 'uuid': uuid_val}, response)
def test_handle_monitor(self):
config = PxConfig({
'app_id': 'PXfake_app_id',
'auth_token': '',
'module_mode': px_constants.MODULE_MODE_MONITORING
})
request_handler = PxRequestVerifier(config)
builder = EnvironBuilder(headers=self.headers, path='/')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, request_handler.config)
context.score = 100
response = request_handler.handle_verification(context, request)
self.assertEqual(response, True)
def test_prepare_risk_body(self):
config = PxConfig({
'app_id':
'app_id',
'enrich_custom_parameters':
self.enrich_custom_parameters
})
additional = {}
px_utils.prepare_custom_params(config, additional)
self.assertEqual(additional.get('custom_param1'), '1')
self.assertEqual(additional.get('custom_param2'), '2')
self.assertEqual(additional.get('custom_param10'), '10')
self.assertFalse(additional.get('custom_param11'))
self.assertFalse(additional.get('custom'))
def test_testing_mode_handling(self):
config = PxConfig({
'app_id': 'fake_app_id'
})
headers = {'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content_length': '100',
'cookie': '_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA='}
builder = EnvironBuilder(headers=headers)
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
data, headers, status = px_testing_mode_handler.testing_mode_handling(context, config, {})
response_json = '{"vid": "", "ip": "127.0.0.1", "decoded_px_cookie": "", "is_made_s2s_api_call": false, "http_method": "GET", "px_cookie_hmac": "", "uuid": "", "http_version": "1.1", "hostname": "localhost", "risk_rtt": 0, "score": -1, "pxde": {}, "module_mode": 0, "pxde_verified": false, "cookie_origin": "cookie", "s2s_call_reason": "none", "sensitive_route": false, "px_cookies": {"_px3": "bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA="}, "uri": "/", "full_url": "http://localhost/", "headers": {"Remote-Addr": "127.0.0.1", "Host": "localhost", "X-Forwarded-For": "127.0.0.1"}, "block_action": "", "user_agent": "", "block_reason": ""}'
self.assertEqual(data, response_json)
def test_verify(self):
config = PxConfig({'app_id': 'app_id',
'enrich_custom_parameters': self.enrich_custom_parameters,
'auth_token': 'auth'})
builder = EnvironBuilder(headers=self.headers, path='/test_path')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
uuid_val = str(uuid.uuid4())
data_enrichment = {'timestamp': 10033200222}
response = {'score': 100, 'uuid': uuid_val, 'action': 'c', 'data_enrichment': data_enrichment}
with mock.patch('perimeterx.px_api.send_risk_request', return_value=response):
api_response = px_api.verify(context, config)
self.assertEqual('s2s_high_score', context.block_reason)
self.assertEqual('c', context.block_action)
self.assertTrue(api_response)
self.assertEqual(data_enrichment, context.pxde)
def test_bypass_monitor_header_configured_but_missing(self):
config = PxConfig({
'app_id': 'PXfake_app_id',
'auth_token': '',
'module_mode': px_constants.MODULE_MODE_MONITORING,
'bypass_monitor_header': 'x-px-block'
})
headers = {
'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content_length': '100'
}
request_handler = PxRequestVerifier(config)
builder = EnvironBuilder(headers=headers, path='/')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, request_handler.config)
context.score = 100
response = request_handler.handle_verification(context, request)
self.assertEqual(response, True)
def test_specific_enforced_routes_with_unenforced_route(self):
config = PxConfig({
'app_id': 'PXfake_app_id',
'auth_token': '',
'module_mode': px_constants.MODULE_MODE_BLOCKING,
'enforced_specific_routes': ['/profile'],
})
headers = {
'X-FORWARDED-FOR': '127.0.0.1',
'remote-addr': '127.0.0.1',
'content_length': '100'
}
request_handler = PxRequestVerifier(config)
builder = EnvironBuilder(headers=headers, path='/')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, request_handler.config)
context.score = 100
response = request_handler.verify_request(context, request)
self.assertEqual(response, True)
def test_handle_ratelimit(self):
px_blocker = PXBlocker()
vid = 'bf619be8-94be-458a-b6b1-ee81f154c282'
px_uuid = '8712cef7-bcfa-4bb6-ae99-868025e1908a'
config = PxConfig({'app_id': 'PXfake_app_id'})
builder = EnvironBuilder(headers=self.headers,
path='/fake_app_id/init.js')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, self.config)
context.vid = vid
context.uuid = px_uuid
context.block_action = 'r'
message, _, _ = px_blocker.handle_blocking(context, config)
blocking_message = None
working_dir = os.path.dirname(os.path.realpath(__file__))
with open(working_dir + '/px_blocking_messages/ratelimit.txt',
'r') as myfile:
blocking_message = myfile.read()
self.assertEqual(message, blocking_message)
def test_is_static_file(self):
config = PxConfig({'app_id': 'fake_app_id'})
headers = {
'X-FORWARDED-FOR':
'127.0.0.1',
'remote-addr':
'127.0.0.1',
'content_length':
'100',
'cookie':
'_px3=bd078865fa9627f626d6f7d6828ab595028d2c0974065ab6f6c5a9f80c4593cd:OCIluokZHHvqrWyu8zrWSH8Vu7AefCjrd4CMx/NXsX58LzeV40EZIlPG4gsNMoAYzH88s/GoZwv+DpQa76C21A==:1000:zwT+Rht/YGDNWKkzHtJAB7IiI00u4fOePL/3xWMs1nZ93lzW1XvAMGR2hLlHBmOv8O0CpylEQOZZTK1uQMls6O28Y8aQnTo5DETLkrbhpwCVeNjOcf8GVKTckITwuHfXbEcfHbdtb68s1+jHv1+vt/w/6HZqTzanaIsvFVp8vmA='
}
builder = EnvironBuilder(headers=headers, path='/sample.css')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
self.assertTrue(px_utils.is_static_file(context))
builder = EnvironBuilder(headers=headers, path='/sample.html')
env = builder.get_environ()
request = Request(env)
context = PxContext(request, config)
self.assertFalse(px_utils.is_static_file(context))
def test_send(self):
with requests_mock.mock() as m:
config = PxConfig({'app_id': 'PXfake_app_id'})
full_url = 'this_url.com/uri'
method = 'POST'
body = 'content to post'
headers = {'content-type': 'application/json'}
m.post('https://' + full_url)
response = px_httpc.send(full_url=full_url,
config=config,
method=method,
body=body,
headers=headers)
m.called
m.get('https://' + full_url)
method = 'GET'
response = px_httpc.send(full_url=full_url,
config=config,
method=method,
body=body,
headers=headers)
self.assertEqual(m.call_count, 2)
def setUpClass(cls):
config = PxConfig({'app_id': 'fake_app_id', 'cookie_key': 'test_key'})
cls.config = config
def setUpClass(cls):
config = PxConfig({'app_id': 'fake_app_id'})
cls.px_cookie = PxCookie(config)
cls.config = config
