def test_add_tags(app):
tags = ["test", "tag", "three"]
test_scope = ScopeItem(target="127.0.0.1/8", blacklist=False)
db.session.add(test_scope)
ScopeItem.addTags(test_scope, tags)
for tag in test_scope.tags:
assert test_scope.is_tagged(tag)
def test_get_scope(app):
test_scope1 = ScopeItem(target="127.0.0.1/8", blacklist=False)
test_scope2 = ScopeItem(target="172.16.0.0/16", blacklist=True)
db.session.add(test_scope1)
db.session.add(test_scope2)
assert len(ScopeItem.getScope()) == 1
assert len(ScopeItem.getBlacklist()) == 1
def scope():
scope = ScopeItem.get_scope()
scopeSize = current_app.ScopeManager.get_scope_size()
# if it's zero, let's make sure the ScopeManager is up to date
if scopeSize == 0:
current_app.ScopeManager.update()
scopeSize = current_app.ScopeManager.get_scope_size()
# if it's zero again that's fine, we just had to check
newForm = forms.NewScopeForm()
delForm = forms.ScopeDeleteForm()
editForm = forms.ScopeToggleForm()
importForm = forms.ImportScopeForm()
addTagForm = forms.TagScopeForm()
addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()]
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.update()
flash('%s added!' % newTarget.target, 'success')
return redirect(url_for('admin.scope'))
return render_template(
"admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm,
editForm=editForm, newForm=newForm, importForm=importForm, addTagForm=addTagForm)
def blacklist():
scope = ScopeItem.getBlacklist()
blacklistSize = current_app.ScopeManager.get_blacklist_size()
newForm = forms.NewScopeForm()
delForm = forms.ScopeDeleteForm()
editForm = forms.ScopeToggleForm()
importForm = forms.ImportBlacklistForm()
addTagForm = forms.TagScopeForm()
addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()]
if newForm.validate_on_submit():
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.update()
flash(f"{newTarget.target} blacklisted!", "success")
return redirect(url_for("admin.blacklist"))
return render_template(
"admin/blacklist.html",
scope=scope,
blacklistSize=blacklistSize,
delForm=delForm,
editForm=editForm,
newForm=newForm,
importForm=importForm,
addTagForm=addTagForm,
)
def updateScanManager(self):
from app.models import ScopeItem
self.scanmanager = None
try:
scanrange = [IPNetwork(n.target) for n in ScopeItem.getScope()]
blacklistrange = [IPNetwork(n.target) for n in ScopeItem.getBlacklist()]
self.scanmanager = IPScanManager(scanrange, blacklistrange)
except Exception as e:
log("Scan manager could not be instantiated because there was no scope configured.", printm=True)
def test_export_items_tagged(runner):
scope_items = ["10.0.0.0/8,a", "192.168.5.0/28"]
blacklist_items = ["192.168.1.0/24,b"]
ScopeItem.import_scope_list(scope_items, False)
ScopeItem.import_scope_list(blacklist_items, True)
result = runner.invoke(export_items)
assert result.exit_code == 0
result_dict = json.loads(result.output)
assert len(result_dict["scope"]) == 2
assert result_dict["scope"][0]["tags"] == ["a"]
assert result_dict["scope"][1]["tags"] == []
assert len(result_dict["blacklist"]) == 1
assert result_dict["blacklist"][0]["blacklist"] is True
assert result_dict["blacklist"][0]["tags"] == ["b"]
def test_acceptable_targets(app):
scope_items = ["192.168.0.0/16"]
blacklist_items = ["192.168.1.0/24", "192.168.2.1/32"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
for s in blacklist_items:
item = ScopeItem(target=s, blacklist=True)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.is_acceptable_target("192.168.0.123")
assert current_app.ScopeManager.is_acceptable_target("192.168.2.2")
assert not current_app.ScopeManager.is_acceptable_target("192.168.1.234")
assert not current_app.ScopeManager.is_acceptable_target("192.168.2.1")
assert not current_app.ScopeManager.is_acceptable_target("192.0.2.34")
assert not current_app.ScopeManager.is_acceptable_target("example.com")
def test_rescan_lifecycle(app):
scope_items = ["192.168.0.0/16"]
user = User(email="*****@*****.**")
db.session.add(user)
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_pending_rescans() == []
assert current_app.ScopeManager.get_dispatched_rescans() == []
assert current_app.ScopeManager.get_incomplete_scans() == []
r = RescanTask(target="192.168.123.45", user_id=user.id)
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 1
assert len(current_app.ScopeManager.get_incomplete_scans()) == 1
r.dispatchTask()
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
current_app.ScopeManager.update_dispatched_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 0
assert len(current_app.ScopeManager.get_dispatched_rescans()) == 1
assert len(current_app.ScopeManager.get_incomplete_scans()) == 1
r.completeTask("testscanid")
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
current_app.ScopeManager.update_dispatched_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 0
assert len(current_app.ScopeManager.get_dispatched_rescans()) == 0
assert len(current_app.ScopeManager.get_incomplete_scans()) == 0
def importScope(scopetype=''):
if scopetype == 'blacklist':
importBlacklist = True
importForm = forms.ImportBlacklistForm()
elif scopetype == 'scope':
importBlacklist = False
importForm = forms.ImportScopeForm()
else:
abort(404)
if importForm.validate_on_submit():
successImports = []
alreadyExists = []
failedImports = []
newScopeItems = importForm.scope.data.split('\n')
for item in newScopeItems:
item = item.strip()
fail, exist, success = ScopeItem.importScope(item, importBlacklist)
failedImports = failedImports + fail
alreadyExists = alreadyExists + exist
successImports = successImports + success
db.session.commit()
current_app.ScopeManager.update()
if len(successImports) > 0:
flash('%s targets added to %s!' % (len(successImports), scopetype), 'success')
if len(alreadyExists) > 0:
flash('%s targets already existed!' % len(alreadyExists), 'info')
if len(failedImports) > 0:
flash('%s targets failed to import!' % len(failedImports), 'danger')
for item in failedImports:
flash('%s' % item, 'danger')
else:
for field, errors in importForm.errors.items():
for error in errors:
flash(error, 'danger')
return redirect(url_for('admin.%s' % scopetype))
def export_items():
result = {
"timestamp":
datetime.utcnow().isoformat(),
"scope": [{
"target": item.target,
"blacklist": item.blacklist,
"tags": item.get_tag_names(),
} for item in ScopeItem.getScope()],
"blacklist": [{
"target": item.target,
"blacklist": item.blacklist,
"tags": item.get_tag_names(),
} for item in ScopeItem.getBlacklist()],
}
print(json.dumps(result, indent=2))
def updateScanManager(self):
from app.models import ScopeItem
self.scanmanager = None
try:
self.scanmanager = IPScanManager([IPNetwork(n.target) for n in ScopeItem.getScope()], [IPNetwork(n.target) for n in ScopeItem.getBlacklist()])
except Exception as e:
print("Scan manager could not be instantiated because there was no scope configured.")
def import_scope(scopetype=""):
if scopetype == "blacklist":
importBlacklist = True
importForm = forms.ImportBlacklistForm()
elif scopetype == "scope":
importBlacklist = False
importForm = forms.ImportScopeForm()
else:
return abort(404)
if importForm.validate_on_submit():
newScopeItems = importForm.scope.data.split("\n")
fail, exist, success = ScopeItem.import_scope_list(
newScopeItems, importBlacklist
)
db.session.commit()
current_app.ScopeManager.update()
if success:
flash(f"{len(success)} targets added to {scopetype}!", "success")
if exist:
flash(f"{len(exist)} targets already existed!", "info")
if fail:
flash(f"{len(fail)} targets failed to import!", "danger")
for item in fail:
flash(f"{item}", "danger")
else:
for field, errors in importForm.errors.items():
for error in errors:
flash(error, "danger")
return redirect(url_for(f"admin.{scopetype}"))
def test_scope_update(app):
scope_items = ["10.0.0.0/8"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"]
assert current_app.ScopeManager.is_acceptable_target("10.1.2.3")
def updateBlacklist(self):
from app.models import ScopeItem
newBlacklistSize = 0
for item in ScopeItem.getBlacklist():
newItem = ipaddress.ip_network(item.target, False)
self.blacklist.append(newItem)
newBlacklistSize += newItem.num_addresses
self.blacklistSize = newBlacklistSize
def updateScope(self):
from app.models import ScopeItem
newScopeSize = 0
for item in ScopeItem.getScope():
newItem = ipaddress.ip_network(item.target, False)
self.scope.append(newItem)
newScopeSize += newItem.num_addresses
self.scopeSize = newScopeSize
def test_blacklist_update(app):
scope_items = ["10.0.0.0/8"]
blacklist_items = ["10.10.10.0/24"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
for s in blacklist_items:
item = ScopeItem(target=s, blacklist=True)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_blacklist_size(
) == network_lengths["/24"]
assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"]
assert (current_app.ScopeManager.get_effective_scope_size() ==
network_lengths["/8"] - network_lengths["/24"])
assert current_app.ScopeManager.is_acceptable_target("10.10.11.1")
assert not current_app.ScopeManager.is_acceptable_target("10.10.10.10")
def get_target_tags(target: str) -> list:
overlap = ScopeItem.get_overlapping_ranges(target)
tags = []
for scope in overlap:
tags.extend(scope.get_tag_names())
return list(
set(tags)
) # make it a set for only uniques, then make it a list to serialize to JSON
def import_scope(scope_file: typing.TextIO, blacklist: bool):
if not scope_file:
return {"failed": 0, "existed": 0, "successful": 0}
addresses = scope_file.readlines()
fail, exist, success = ScopeItem.import_scope_list(addresses, blacklist)
db.session.commit()
return {"failed": fail, "existed": exist, "successful": success}
def update_blacklist(self):
from app.models import ScopeItem
self.blacklist = [
IPNetwork(item.target, False) for item in ScopeItem.getBlacklist()
]
self.blacklist_set = IPSet(self.blacklist)
self.blacklistSize = self.blacklist_set.size
def update_scope(self):
from app.models import ScopeItem
self.scope = [
IPNetwork(item.target, False) for item in ScopeItem.getScope()
]
self.scope_set = IPSet(self.scope)
self.scopeSize = self.scope_set.size
def blacklist():
scope = ScopeItem.getBlacklist()
blacklistSize = current_app.ScopeManager.getBlacklistSize()
newForm = NewScopeForm()
delForm = ScopeDeleteForm()
editForm = ScopeToggleForm()
importForm = ImportBlacklistForm()
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.updateBlacklist()
flash('%s blacklisted!' % newTarget.target, 'success')
return redirect(url_for('admin.blacklist'))
return render_template("admin/blacklist.html", scope=scope, blacklistSize=blacklistSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def test_import_items_no_flags(runner):
with runner.isolated_filesystem():
scope_file = mock_scope_file()
result = runner.invoke(import_items, [scope_file])
assert result.exit_code == 0
imported_scope = [item.target for item in ScopeItem.getScope()]
assert DEFAULT_SCOPE_ITEMS == imported_scope
result_dict = json.loads(result.output)
assert len(result_dict["scope"]) == len(DEFAULT_SCOPE_ITEMS)
def test_import_items_blacklist_flag(runner):
with runner.isolated_filesystem():
scope_file = mock_scope_file()
result = runner.invoke(import_items, ["--blacklist", scope_file])
assert result.exit_code == 0
imported_blacklist = [item.target for item in ScopeItem.getBlacklist()]
assert DEFAULT_SCOPE_ITEMS == imported_blacklist
result_dict = json.loads(result.output)
assert len(result_dict["blacklist"]) == len(DEFAULT_SCOPE_ITEMS)
def test_import_scope(app):
fails, exists, succeeds = ScopeItem.import_scope_list(
scopefile.split(), False)
assert len(fails) == 1
assert len(exists) == 1
assert len(succeeds) == 4
item = ScopeItem.query.filter_by(target="127.0.0.1/32").first()
tags = [t.name for t in item.tags]
assert len(tags) == 3
assert "one" in tags
assert "four" not in tags
def update_scan_manager(self):
from app.models import ScopeItem
self.scanmanager = None
try:
scanrange = [IPNetwork(n.target) for n in ScopeItem.getScope()]
blacklistrange = [
IPNetwork(n.target) for n in ScopeItem.getBlacklist()
]
self.scanmanager = IPScanManager(
scanrange, blacklistrange,
current_app.config["CONSISTENT_SCAN_CYCLE"])
except Exception as e:
if self.scanmanager is None or self.scanmanager.get_total() == 0:
log(
"Scan manager could not be instantiated because there was no scope configured.",
printm=True,
)
else:
raise e
def test_import_scope(app):
result = ScopeItem.import_scope_list(scopefile.split(), False)
assert len(result["fail"]) == 1
assert result["exist"] == 1
assert result["success"] == 5
item = ScopeItem.query.filter_by(target="127.0.0.1/32").first()
tags = [t.name for t in item.tags]
assert len(tags) == 3
assert "one" in tags
assert "four" not in tags
item = ScopeItem.query.filter_by(target="10.12.13.14/32").first()
assert len(item.tags) == 0
def scope():
scope = ScopeItem.getScope()
scopeSize = current_app.ScopeManager.getScopeSize()
if scopeSize == 0: # if it's zero, let's update the app's scopemanager
current_app.ScopeManager.update()
scopeSize = current_app.ScopeManager.getScopeSize() # if it's zero again that's fine, we just had to check
newForm = NewScopeForm()
delForm = ScopeDeleteForm()
editForm = ScopeToggleForm()
importForm = ImportScopeForm()
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.updateScope()
flash('%s added!' % newTarget.target, 'success')
return redirect(url_for('admin.scope'))
return render_template("admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def update_blacklist(self):
from app.models import ScopeItem
newBlacklist = []
newBlacklistSet = IPSet()
for item in ScopeItem.getBlacklist():
newItem = ipaddress.ip_network(item.target, False)
newSetItem = IPNetwork(item.target, False)
newBlacklist.append(newItem)
newBlacklistSet.add(newSetItem)
self.blacklist = newBlacklist
self.blacklist_set = newBlacklistSet
self.blacklistSize = len(self.blacklist_set)
def update_scope(self):
from app.models import ScopeItem
newScope = []
newScopeSet = IPSet()
for item in ScopeItem.getScope():
newItem = ipaddress.ip_network(item.target, False)
newSetItem = IPNetwork(item.target, False)
newScope.append(newItem)
newScopeSet.add(newSetItem)
self.scope = newScope
self.scope_set = newScopeSet
self.scopeSize = len(self.scope_set)
def importScope(scopetype=''):
if scopetype == 'blacklist':
importBlacklist = True
importForm = ImportBlacklistForm()
elif scopetype == 'scope':
importBlacklist = False
importForm = ImportScopeForm()
else:
abort(404)
if importForm.validate_on_submit():
successImport = []
alreadyExists = []
failedImport = []
newScopeItems = importForm.scope.data.split('\n')
for item in newScopeItems:
item = item.strip()
if '/' not in item:
item = item + '/32'
try:
target = ipaddress.ip_network(item, False)
except ValueError as e:
failedImport.append(
item) # this item couldn't be validated as an ip network
continue
exists = ScopeItem.query.filter_by(
target=target.with_prefixlen).first()
if exists:
alreadyExists.append(target.with_prefixlen
) # this range is already a scope item
continue
newTarget = ScopeItem(target=target.with_prefixlen,
blacklist=importBlacklist)
db.session.add(newTarget)
successImport.append(newTarget.target)
db.session.commit()
current_app.ScopeManager.update()
if len(successImport) > 0:
flash('%s targets added to %s!' % (len(successImport), scopetype),
'success')
if len(alreadyExists) > 0:
flash('%s targets already existed!' % len(alreadyExists), 'info')
if len(failedImport) > 0:
flash('%s targets failed to import!' % len(failedImport), 'danger')
for item in failedImport:
flash('%s' % item, 'danger')
return redirect(url_for('admin.%s' % scopetype))
else:
for field, errors in importForm.errors.items():
for error in errors:
flash(error, 'danger')
return redirect(url_for('admin.%s' % scopetype))
