def query_generator(pos):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
setattr(query, pos, "wrong")
plugin_runner = PluginsRunner(
"./tests/data/acl.yml", "./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",
query)
# with self.assertRaises(ExcaliburError):
try:
CheckSource(query, plugin_runner.ressources, plugin_runner.sources(query.signature if
query.signature else None,
query.project,
query.arguments if
query.arguments else None), None)()
CheckRequest(query, plugin_runner.ressources, None, None,)()
CheckArguments(query, plugin_runner.ressources, None, None,)()
CheckACL(query, None, None, plugin_runner.acl)()
except Exception as e:
self.assertTrue(isinstance(e, ExcaliburError))
return query
def test_failing_sources_names(self):
p = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sourcesnoplugins.yml",
"./tests/data/ressources.yml",
"tests.plugins")
with self.assertRaises(PluginRunnerError):
p.sources_names(self.query.project)
def test_keyerror_plugins(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourcesnoplugins.yml",
"./tests/data/ressources.yml",
"tests.plugins")
with self.assertRaises(PluginRunnerError):
plugin_runner.plugins(self.query.source, self.query.project)
def test_run_error(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner.run(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})
def test_check_source_ip_with_regexp(self):
plugin_runner2 = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourcesipregexp.yml",
"./tests/data/ressources.yml",
"tests.plugins")
try:
CheckSource(
self.query2, None,
plugin_runner2.sources(self.query2.project), None)()
except:
self.fail("Error test_check_source_ip_with_regexp")
def test_aggregate_data_with_list_dict(self):
self.response.content = '["item1", "item2"]'
self.attack = ExcaliburAttack(self.request, self.response)
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
response = self.attack.aggregate_data(newdata)
self.assertEqual(response.status_code, 200)
# self.assertEqual(
# json.loads(response.content.decode('utf-8')),
# ['item1', 'item2', {'key1': 'val1'}, {'key3': 'val3'},
# {'key2': 'val2'}])
items = [
'item1', 'item2', {
'key1': 'val1'
}, {
'key3': 'val3'
}, {
'key2': 'val2'
}
]
loaded_json = json.loads(response.content.decode('utf-8'))
not_found = lambda x: x[0] not in x[1]
not_found_list = [thing for thing in items \
if not_found([thing,loaded_json])]
self.assertEqual([], not_found_list)
def test_manage_errors(self):
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
self.assertEqual(newdata, {})
self.assertTrue(errors)
def setUp(self):
# Params of the deactivate method for uds
self.query = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action2",
request_method="GET"
)
# Files
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.data_ok = {'Plugin1': 'p1ok1', 'Plugin2': 'p2ok1'}
self.errors_raw = {'Plugin1': {
'error_message': 'error plugin 1 action 2 !',
'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'ressource': 'actions',
'parameters_index': 0,
'project': None},
'Plugin2': {
'error_message': 'error plugin 2 action 2 !',
'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception', 'ressource':
'actions',
'parameters_index': 0,
'project': None},
}
def test_aggregate_data_with_list_list(self):
self.response.content = '["item99", "item98"]'
self.attack = ExcaliburAttack(self.request, self.response)
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
response = self.attack.aggregate_data(newdata)
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content.decode('utf-8')).sort(), [
"item99", "item98", "item1", "item2", "item5", "item6",
"item3", "item4"
].sort())
def test_aggregate_data_with_404(self):
self.response.status_code = 404
self.response.content = '{"error":"404 not found"}'
self.attack = ExcaliburAttack(self.request, self.response)
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
response = self.attack.aggregate_data(newdata)
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content.decode('utf-8')), {
"key3": "val3",
"key2": "val2",
"key1": "val1"
})
def test_aggregate_data_dict_dict(self):
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
response = self.attack.aggregate_data(newdata)
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content.decode('utf-8')), {
"key3": "val3",
"key2": "val2",
"age": 18,
"name": "toto",
"key1": "prioritary"
})
def test_aggregate_data_with_dict_list(self):
self.attack = ExcaliburAttack(self.request, self.response)
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
response = self.attack.aggregate_data(newdata)
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content.decode('utf-8')), {
'name': 'toto',
'age': 18,
'Apogee': ['item3', 'item4'],
'Harpege': ['item1', 'item2'],
'Ldapuds': ['item5', 'item6'],
'key1': 'prioritary'
})
def process_response(self, request, response):
"""
use excalibur when optional "project" and "source" params
are in the url
"""
try:
# get all params for query
excalibur = ExcaliburAttack(request, response)
# get user
user = excalibur.get_request_user()
if user:
try:
excconf = ExcaliburConf()
except (AttributeError, ObjectDoesNotExist) as e:
raise ConfigurationLoaderError(str(e))
# run plugins
plugin_runner = PluginsRunner(
excconf.acl_conf.configuration,
excconf.sources_conf.configuration,
excconf.ressource_conf.configuration,
excconf.plugins_module,
raw_yaml_content=True,
check_signature=False if user.is_superuser else True)
newdata, errors = excalibur.make_and_run_query(plugin_runner)
if not errors:
response = excalibur.aggregate_data(newdata)
else:
response = excalibur.manage_errors(errors)
except ExcaliburError as e:
logger.error(e.message)
response = excalibur_exception_handler(e, response)
return response
def test_make_and_run_query(self):
plugin_runner = PluginsRunner(
self.excconf.acl_conf.configuration,
self.excconf.sources_conf.configuration,
self.excconf.ressource_conf.configuration,
self.excconf.plugins_module,
raw_yaml_content=True)
newdata, errors = self.attack.make_and_run_query(plugin_runner)
self.assertEqual(errors, {})
self.assertEqual(
newdata, {
'Harpege': {
'key1': 'val1'
},
'Ldapuds': {
'key3': 'val3'
},
'Apogee': {
'key2': 'val2'
}
})
def setUp(self):
# Params of the deactivate method for uds
self.query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(
source="etab1",
remote_ip="9.9.9.9",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
encodedzombie = base64.b64encode(b"testzombie1")
self.query3 = Query(
source="etab1",
remote_ip="127.0.0.1",
arguments={"login": encodedzombie, },
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
ressource="actions",
method="action1",
request_method="GET")
# Files
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",)
class RunnerWithProjectsTest(TestCase):
def setUp(self):
self.query = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET",
project="project1"
)
self.query2 = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action2",
request_method="GET",
project="project1"
)
self.query3 = Query(source=ALL_KEYWORD,
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET",
project="project1"
)
self.query4 = Query(source="etab1,etab2",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET",
project="project1"
)
self.plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources_projects.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.plugin_runner2 = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/query4_project.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.data_ok = {'Plugin1': 'p1ok1', 'Plugin2': 'p2ok1'}
self.errors_raw = {'Plugin1':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 1 action 2 !',
'ressource': 'actions',
'parameters_index': 0},
'Plugin2':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 2 action 2 !',
'ressource': 'actions',
'parameters_index': 0}}
self.raw_acl = """
project1:
etab1:
actions:
- action1
- action2
etab2:
actions:
- action1
project2:
etab1:
actions:
- action1
- action2
"""
self.raw_sources = """
project1:
sources:
etab1:
apikey: S3CR3T
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T
token: S3CR3T
Plugin2:
- spore: S3CR3T
token: S3CR3T
etab2:
apikey: S3CR3T2
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T2
token: S3CR3T2
Plugin2:
- spore: S3CR3T2
token: S3CR3T2
project2:
sources:
etab1:
apikey: S3CR3T
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T
token: S3CR3T
Plugin2:
- spore: S3CR3T
token: S3CR3T
"""
self.raw_ressources ="""
actions:
action1:
request method: GET
arguments:
login:
checks:
min length: 2
max length: 50
action2:
request method: GET
arguments:
login:
checks:
min length: 2
max length: 50
"""
def test_runner(self):
data, errors = self.plugin_runner(self.query)
self.assertEqual(data, self.data_ok)
self.assertEqual(errors, {})
def test_runner_query4_one_requested_source_does_not_match(self):
with self.assertRaises(WrongSignatureError):
data, errors = self.plugin_runner(self.query4)
def test_runner_query4_one_requested_source(self):
"""
"""
data, errors = self.plugin_runner2(self.query4)
self.assertTrue(data["etab2|Plugin2"]=="p2ok1" and data["etab1|Plugin1"]=="p1ok1" and data["etab1|Plugin2"]=='p2ok1')
def test_runner_errors(self):
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources_projects_encoded_api_keys.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})
def test_runner_with_query_source_set_to_all(self):
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources_projects_encoded_api_keys.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query3)
self.assertTrue(data["etab1|Plugin1"]=="p1ok1" and data["etab1|Plugin2"]=='p2ok1')
self.assertTrue("etab2|Plugin2" not in data)
def test_query_source_set_to_all_and_multiple_etabs(self):
"""
Checks that with 'source==all', data are correctly returned from
multiple establishments
"""
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/source_set_to_all_and_multiple_etabs.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query3)
self.assertTrue(data["etab2|Plugin2"]=="p2ok1" and data["etab1|Plugin1"]=="p1ok1")
def test_request_set_to_all_and_checksignature_set_to_false(self):
"""
"""
plugin_runner = PluginsRunner(
"./tests/data/acl_three_etabs.yml",
"./tests/data/source_set_to_all_multiple_etabs_one_missing_api_key.yml",
"./tests/data/ressources.yml",
"tests.plugins",
check_signature=False
)
data, errors = plugin_runner(self.query3)
self.assertTrue(data["etab2|Plugin2"]=="p2ok1" and data["etab1|Plugin1"]=="p1ok1")
def test_query_source_set_to_all__multiple_etabs_multiple_ips(self):
"""
"""
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources_many_ip.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query3)
self.assertTrue(data["etab2|Plugin2"]=="p2ok1" and data["etab1|Plugin1"]=="p1ok1")
self.assertTrue("etab3|Plugin2" not in data)
def test_query_all_missing_ip_in_an_etab(self):
"""
"""
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources_all_with_apikey_matching_but_ip_not_authorized.yml",
"./tests/data/ressources.yml",
"tests.plugins")
with self.assertRaises(IPNotAuthorizedError):
data, errors = plugin_runner(self.query3)
# self.assertTrue(data["Plugin2"]=="p2ok1" and data["Plugin1"]=="p1ok1")
def test_query_source_set_to_all_and_multiple_etabs_with_errors(self):
"""
Checks that with 'source==all', but ip does not match
errors are raised
NEEDS IP_CHECK TO BE REENABLED
"""
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/source_set_to_all_and_multiple_etabs.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query3)
# self.assertTrue(data["Plugin2"]=="p2ok1" and data["Plugin1"]=="p1ok1")
def test_sources_names(self):
self.assertEqual(self.plugin_runner.sources_names(self.query.project),
['etab1', 'etab2'])
self.assertEqual(self.plugin_runner.sources_names("project2"),
['etab1'])
def test_failing_sources_names(self):
p = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sourcesnoplugins.yml",
"./tests/data/ressources.yml",
"tests.plugins")
with self.assertRaises(PluginRunnerError):
p.sources_names(self.query.project)
def test_runner_with_raw_yaml(self):
plugin_runner = PluginsRunner(
self.raw_acl,
self.raw_sources,
self.raw_ressources,
"tests.plugins",
raw_yaml_content=True)
data, errors = plugin_runner(self.query)
self.assertEqual(data, self.data_ok)
self.assertEqual(errors, {})
def test_runner_with_raw_yaml_errors(self):
plugin_runner = PluginsRunner(
self.raw_acl,
self.raw_sources,
self.raw_ressources,
"tests.plugins",
raw_yaml_content=True)
data, errors = plugin_runner(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})
class CheckTest(TestCase):
"""
Unit test for check method
Warning : "Params" of the setUp method need to be valid with
your yaml files
"""
def setUp(self):
# Params of the deactivate method for uds
self.query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(
source="etab1",
remote_ip="9.9.9.9",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
encodedzombie = base64.b64encode(b"testzombie1")
self.query3 = Query(
source="etab1",
remote_ip="127.0.0.1",
arguments={"login": encodedzombie, },
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
ressource="actions",
method="action1",
request_method="GET")
# Files
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",)
"""
Check Source
"""
def test_check_source(self):
""" test check sources """
try:
CheckSource(
self.query, None,
self.plugin_runner.sources(self.query.project), None)()
except:
self.fail("Error check source")
def test_check_source_not_found(self):
""" test check sources """
query1 = Query(
source="etabnull",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
with self.assertRaises(SourceNotFoundError):
CheckSource(query1,
None,
self.plugin_runner.sources(query1.project), None)()
def test_check_source_ip_not_authorized(self):
""" test check sources """
with self.assertRaises(IPNotAuthorizedError):
CheckSource(
self.query2,
None,
self.plugin_runner.sources(self.query2.project), None)()
def test_check_source_ip_with_regexp(self):
plugin_runner2 = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourcesipregexp.yml",
"./tests/data/ressources.yml",
"tests.plugins")
try:
CheckSource(
self.query2, None,
plugin_runner2.sources(self.query2.project), None)()
except:
self.fail("Error test_check_source_ip_with_regexp")
def test_check_source_signature_error(self):
""" test check sources """
query3 = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="ERROR",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
with self.assertRaises(WrongSignatureError):
CheckSource(
query3,
None,
self.plugin_runner.sources(query3.project),
None)()
"""
Check ACL
"""
def test_check_acl(self):
""" test check acl """
try:
CheckACL(self.query, None, None, self.plugin_runner.acl)()
except Exception as e:
self.fail("Error check acl")
def test_check_acl_no_matched(self):
""" test check acl """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="actionull",
request_method="GET"
)
with self.assertRaises(NoACLMatchedError):
CheckACL(query, None, None, self.plugin_runner.acl)()
query2 = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET",
project="keyerror"
)
with self.assertRaises(NoACLMatchedError):
CheckACL(query2, None, None, self.plugin_runner.acl)()
query3 = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="wrongmethod",
request_method="GET",
project="project1"
)
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",
query3)
with self.assertRaises(NoACLMatchedError):
CheckACL(query3, None, None, plugin_runner.acl)()
"""
Check Request
"""
def test_check_request(self):
""" test check request """
try:
CheckRequest(
self.query, self.plugin_runner.ressources, None, None)()
except:
self.fail("error check request")
def test_check_request_ressource_not_found(self):
""" test check request """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="ressourcenull",
method="action1",
request_method="GET"
)
with self.assertRaises(RessourceNotFoundError):
CheckRequest(query, self.plugin_runner.ressources, None, None)()
def test_check_request_method_not_found(self):
""" test check request """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="methodnull",
request_method="GET"
)
with self.assertRaises(MethodNotFoundError):
CheckRequest(query, self.plugin_runner.ressources, None, None)()
def test_check_request_method_not_specified(self):
""" test check request """
error = None
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="POST"
)
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/sources.yml",
"./tests/data/ressourcewithoutrequestmethod.yml",
"tests.plugins",
query)
try:
CheckRequest(query, plugin_runner.ressources, None, None)()
except Exception as e:
error = e
self.assertTrue(not error)
def test_check_request_method_http_error(self):
""" test check request """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GETnull"
)
with self.assertRaises(HTTPMethodError):
CheckRequest(query, self.plugin_runner.ressources, None, None)()
def test_check_request_args_error(self):
""" test check request """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments="argumentsnull",
ressource="actions",
method="action1",
request_method="GET"
)
query2 = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments="argumentsnull",
ressource="actions",
method="action2",
request_method="GET"
)
with self.assertRaises(ArgumentError):
CheckRequest(query, self.plugin_runner.ressources, None, None)()
# Not required anymore, when there is no arguments entry,
# no checks are made
# plugin_runner = PluginsRunner(
# "./tests/data/acl.yml",
# "./tests/data/sources.yml",
# "./tests/data/ressourceswrongcheck.yml",
# "tests.plugins",
# self.query)
#
# with self.assertRaises(ArgumentError):
# CheckRequest(query2,plugin_runner.ressources)()
"""
Check arguments
"""
def test_check_arguments(self):
""" test check arguments """
try:
# DecodeArguments(self.query,
# self.plugin_runner.ressources)()
CheckArguments(
self.query, self.plugin_runner.ressources, None, None)()
except:
self.fail("error check arguments")
def test_check_arguments_error(self):
""" test check arguments """
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
with self.assertRaises(ArgumentError):
# DecodeArguments(self.query,
# self.plugin_runner.ressources)()
CheckArguments(query, self.plugin_runner.ressources, None, None)()
query2 = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="wrong ressource",
method="action1",
request_method="GET"
)
with self.assertRaises(ArgumentError):
CheckArguments(query2, self.plugin_runner.ressources, None, None)()
def test_check_value_in(self):
check_arguments = CheckArguments(self.query,
self.plugin_runner.ressources,
None,
None)
r = check_arguments.check_value_in("yes", ["yes", "no"])
self.assertTrue(r)
r = check_arguments.check_value_in("not", ["yes", "no"])
self.assertFalse(r)
def test_check_matches_re(self):
check_arguments = CheckArguments(self.query,
self.plugin_runner.ressources,
None,
None)
regex = "^[a-zA-Z0-9_.-]+@[a-zA-Z0-9_.-]+\.[a-zA-Z]{2,4}$"
r = check_arguments.check_matches_re("*****@*****.**",
regex)
self.assertTrue(r)
regex2 = "^[a-zA-Z0-9_.-]+@[a-zA-Z0-9_.-]+\.[a-zA-Z]{2,4}$"
r = check_arguments.check_matches_re("wrongmail",
regex2)
self.assertFalse(r)
def test_check_not_exist(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswrongcheck.yml",
"tests.plugins", )
with self.assertRaises(ArgumentCheckMethodNotFoundError):
CheckArguments(self.query, plugin_runner.ressources, None, None)()
"""
Check all
"""
def test_check_all(self):
try:
self.plugin_runner(self.query)
except:
self.fail("error check all")
def test_signature_not_required(self):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",
check_signature=False)
except Exception as e:
error = "error"
self.assertTrue(not error)
def test_signature_explicitely_required(self):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
arguments={"login": "******", },
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
ressource="actions",
method="action1",
request_method="GET"
)
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",
check_signature=True)
except Exception as e:
error = "error"
self.assertTrue(not error)
def test_encode_base64(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithencodingrequired.yml",
"tests.plugins")
CheckArguments(self.query3, plugin_runner.ressources, None, None)()
self.assertEqual(self.query3.arguments["login"], "testzombie1")
def test_encode_base64_attribute_error(self):
with self.assertRaises(DecodeAlgorithmNotFoundError):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithundecodableencoding.yml",
"tests.plugins")
CheckArguments(self.query3, plugin_runner.ressources, None, None)()
def test_encode_base64_key_error(self):
try:
encodedzombie = base64.b64encode(b"testzombie1")
query = Query(
source="etab1",
remote_ip="127.0.0.1",
arguments={"login": encodedzombie, },
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
ressource="actions",
method="action1",
request_method="GET")
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data//noargressources.yml",
"tests.plugins")
CheckArguments(query, plugin_runner.ressources, None, None)()
except Exception as e:
self.assertTrue(isinstance(e, ExcaliburError))
def test_all_error_raised(self):
module = import_module('excalibur.exceptions')
message = "message sublime"
def str_caller(e):
exception_class = getattr(module, e)
exception_instance = exception_class(message)
errorList = ['ExcaliburInternalError',
'ExcaliburClientError',
'ExcaliburError']
if exception_instance.__class__.__name__ not in errorList:
exceptionName = exception_instance.__class__.__name__
self.assertEqual('%s : %s' % (exceptionName, message),
exception_instance.__str__())
else:
self.assertEqual(message, exception_instance.__str__())
[str_caller(error)
for error in dir(module) if not error.startswith('_')]
def test_key_errors(self):
"""
KeyErrors should not be explicitly raised,
they should instead be caught, and raise
ExcaliburErrors.
"""
"""
Generate queries with wrong values and launches checks
"""
def query_generator(pos):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
setattr(query, pos, "wrong")
plugin_runner = PluginsRunner(
"./tests/data/acl.yml", "./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins",
query)
# with self.assertRaises(ExcaliburError):
try:
CheckSource(query, plugin_runner.ressources, plugin_runner.sources(query.signature if
query.signature else None,
query.project,
query.arguments if
query.arguments else None), None)()
CheckRequest(query, plugin_runner.ressources, None, None,)()
CheckArguments(query, plugin_runner.ressources, None, None,)()
CheckACL(query, None, None, plugin_runner.acl)()
except Exception as e:
self.assertTrue(isinstance(e, ExcaliburError))
return query
query_generator_by_arg = lambda pos: query_generator(pos)
[query_generator_by_arg(attr) for attr in dir(self.query)
if attr.startswith("_Query") and attr not in ["_Query__remote_ip"]]
def test_check_not_implemented(self):
c = Check()
self.assertRaises(NotImplementedError, c.check)
def test_multiple_api_keys(self):
error = "no_error_yet"
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourceswithmultipleapikeys.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
try:
plugin_runner(self.query)
except Exception as e:
error = "error"
self.assertTrue(error == "no_error_yet")
def test_multiple_api_keys_project_depth_and_etab_set_to_all(self):
error = "no_error_yet"
plugin_runner = PluginsRunner(
"./tests/data/acl_projects.yml",
"./tests/data/source_project_multiple_api_keys.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
query = Query(
source=ALL_KEYWORD,
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET",
project="project1"
)
try:
result = plugin_runner(query)
except Exception as e:
error = "error"
self.assertTrue(error == "no_error_yet")
def test_no_apikey_specified(self):
error = "no_error_yet"
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourceswithnoapikey.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
try:
plugin_runner(self.query)
except Exception as e:
error = "error"
self.assertTrue(error == "no_error_yet")
def test_no_ip_required(self):
error = "no_error_yet"
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourceswithnoip.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
try:
plugin_runner(self.query)
except Exception as e:
error = "error"
self.assertTrue(error == "no_error_yet")
def test_no_ip_specified(self):
error = "no_error_yet"
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourceswithnoip.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
try:
plugin_runner(self.query)
except Exception as e:
error = "error"
self.assertTrue(error == "no_error_yet")
def test_ressources_arguments_not_present(self):
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithnoarguments.yml",
"tests.plugins",
check_signature=False)
plugin_runner(self.query)
except Exception as e:
error = e
self.assertTrue(not error)
def test_ressources_arguments_empty_and_one_argument_provided(self):
with self.assertRaises(ArgumentError):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", "uselessarg": "useless"},
ressource="actions",
method="action1",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithemptyargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(query)
def test_optional_ressource_argument(self):
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(self.query)
except Exception as e:
error = e
self.assertTrue(not error)
def test_optional_ressource_argument_and_matching_request_arg(self):
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(self.query)
except Exception as e:
error = e
self.assertTrue(not error)
def test_encode_base64_runner(self):
error = None
try:
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithencodingrequired.yml",
"tests.plugins",
check_signature=True)
plugin_runner(self.query3)
except Exception as e:
error = e
self.assertTrue(not error)
def test_optional_ressourcearg_matching_reqarg_and_exceeding_arg(self):
with self.assertRaises(ArgumentError):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={
"login": "******", "uselessarg": "useless",
"exceedingarg": "exceeding"},
ressource="actions",
method="action1",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False,
)
plugin_runner(query)
def test_ressources_arguments_empty_and_no_argument_provided(self):
error = "no_error_yet"
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="azertyuiop12345",
arguments={},
ressource="actions",
method="action1",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithemptyargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(query)
self.assertTrue(error == "no_error_yet")
def test_signature_not_in_generated_signatures(self):
with self.assertRaises(WrongSignatureError):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="azertyuiop12345",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourceswithmultipleapikeys.yml",
"./tests/data/ressources.yml",
"tests.plugins"
)
plugin_runner(query)
def test_checks_with_optional_args_and_bad_argument_value(self):
with self.assertRaises(ArgumentError):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", "uselessarg": "a"},
ressource="actions",
method="action2",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(query)
def test_checks_with_optional_args_and_no_arg(self):
error = None
try:
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******"},
ressource="actions",
method="action2",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(query)
except Exception as e:
error = e
self.assertTrue(error is None)
def test_missing_args(self):
with self.assertRaises(ArgumentError):
query = Query(
source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
ressource="actions",
method="action2",
request_method="GET"
)
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressourceswithoptionalargs.yml",
"tests.plugins",
check_signature=False)
plugin_runner(query)
class PluginsTest(TestCase):
def setUp(self):
# Params of the deactivate method for uds
self.query = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action2",
request_method="GET"
)
# Files
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.data_ok = {'Plugin1': 'p1ok1', 'Plugin2': 'p2ok1'}
self.errors_raw = {'Plugin1':
{'error_message': 'error plugin 1 action 2 !',
'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'ressource': 'actions',
'parameters_index': 0},
'Plugin2':
{'error_message': 'error plugin 2 action 2 !',
'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception', 'ressource':
'actions',
'parameters_index': 0}
}
def test_run(self):
data, errors = self.plugin_runner.run(self.query)
self.assertEqual(data, self.data_ok)
self.assertEqual(errors, {})
def test_run_error(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner.run(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})
def test_keyerror_plugins(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sourcesnoplugins.yml",
"./tests/data/ressources.yml",
"tests.plugins")
with self.assertRaises(PluginRunnerError):
plugin_runner.plugins(self.query.source, self.query.project)
def test_plugins_module(self):
self.assertEqual(self.plugin_runner.plugins_module, "tests.plugins")
def test_query(self):
self.assertEqual(self.query.__str__(),
"project:None,source:etab1,remote_ip:127.0.0.1,\
signature:c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10,arguments:{'login': '******'},\
ressource:actions,method:action1,request_method:GET")
def setUp(self):
self.query = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action2",
request_method="GET"
)
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.data_ok = {'Plugin1': 'p1ok1', 'Plugin2': 'p2ok1'}
self.errors_raw = {'Plugin1':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 1 action 2 !',
'ressource': 'actions',
'parameters_index': 0},
'Plugin2':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 2 action 2 !',
'ressource': 'actions',
'parameters_index': 0}
}
self.raw_acl = """
etab1:
actions:
- action1
- action2
etab2:
actions:
- action1
"""
self.raw_sources = """
etab1:
apikey: S3CR3T
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T
token: S3CR3T
Plugin2:
- spore: S3CR3T
token: S3CR3T
Plugin3:
- spore: S3CR3T
token: S3CR3T
etab2:
apikey: S3CR3T2
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T2
token: S3CR3T2
Plugin2:
- spore: S3CR3T2
token: S3CR3T2
"""
self.raw_ressources ="""
class RunnerTest(TestCase):
def setUp(self):
self.query = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action1",
request_method="GET"
)
self.query2 = Query(source="etab1",
remote_ip="127.0.0.1",
signature="c08b3ff9dff7c5f08a1abdfabfbd24279e82dd10",
arguments={"login": "******", },
ressource="actions",
method="action2",
request_method="GET"
)
self.plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
self.data_ok = {'Plugin1': 'p1ok1', 'Plugin2': 'p2ok1'}
self.errors_raw = {'Plugin1':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 1 action 2 !',
'ressource': 'actions',
'parameters_index': 0},
'Plugin2':
{'method': 'action2',
'source': 'etab1',
'arguments': {'login': '******'},
'error': 'Exception',
'error_message': 'error plugin 2 action 2 !',
'ressource': 'actions',
'parameters_index': 0}
}
self.raw_acl = """
etab1:
actions:
- action1
- action2
etab2:
actions:
- action1
"""
self.raw_sources = """
etab1:
apikey: S3CR3T
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T
token: S3CR3T
Plugin2:
- spore: S3CR3T
token: S3CR3T
Plugin3:
- spore: S3CR3T
token: S3CR3T
etab2:
apikey: S3CR3T2
ip:
- 127.0.0.1
plugins:
Plugin1:
- spore: S3CR3T2
token: S3CR3T2
Plugin2:
- spore: S3CR3T2
token: S3CR3T2
"""
self.raw_ressources ="""
actions:
action1:
request method: GET
arguments:
login:
checks:
min length: 2
max length: 50
action2:
request method: GET
arguments:
login:
checks:
min length: 2
max length: 50
"""
def test_runner(self):
data, errors = self.plugin_runner(self.query)
self.assertEqual(data, self.data_ok)
self.assertEqual(errors, {})
def test_runner_errors(self):
plugin_runner = PluginsRunner(
"./tests/data/acl.yml",
"./tests/data/sources.yml",
"./tests/data/ressources.yml",
"tests.plugins")
data, errors = plugin_runner(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})
def test_sources_names(self):
self.assertEqual(
self.plugin_runner.sources_names(), ['etab1', 'etab2'])
def test_runner_with_raw_yaml(self):
plugin_runner = PluginsRunner(
self.raw_acl,
self.raw_sources,
self.raw_ressources,
"tests.plugins",
raw_yaml_content=True)
data, errors = plugin_runner(self.query)
self.assertEqual(data, self.data_ok)
self.assertEqual(errors, {})
def test_runner_with_raw_yaml_errors(self):
plugin_runner = PluginsRunner(
self.raw_acl,
self.raw_sources,
self.raw_ressources,
"tests.plugins",
raw_yaml_content=True)
data, errors = plugin_runner(self.query2)
self.assertEqual(errors, self.errors_raw)
self.assertEqual(data, {})