def test_input_logged_request_should_have_set_data(self, user): with capture_security_logs() as logged_data: assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_http_ok(self.get('/home/')) assert_equal(len(logged_data.input_request[1].related_objects), 1) assert_equal(list(logged_data.input_request[1].related_objects)[0], get_object_triple(user)) assert_equal(logged_data.input_request_finished[1].slug, 'user-home')
def test_output_logged_request_should_be_related_with_object(self, user): with capture_security_logs() as logged_data: assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) responses.add(responses.GET, 'http://localhost', body='test') assert_equal(self.get('/proxy/?url=http://localhost').content, b'test') assert_equal(len(logged_data.output_request[0].related_objects), 1) assert_equal(list(logged_data.output_request[0].related_objects)[0], get_object_triple(user))
def test_output_logged_request_should_be_related_with_object(self, user): assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) responses.add(responses.GET, 'http://test.cz', body='test') assert_equal(self.get('/proxy/?url=http://test.cz').content, b'test') assert_equal(InputLoggedRequest.objects.count(), 2) assert_equal(OutputLoggedRequest.objects.count(), 1) output_logged_request = OutputLoggedRequest.objects.get() assert_equal(output_logged_request.related_objects.get().content_object, user)
def test_data_change_should_be_connected_with_logged_request(self, user): assert_equal(InputLoggedRequest.objects.count(), 0) assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_equal(InputLoggedRequest.objects.count(), 1) input_logged_request = InputLoggedRequest.objects.get() assert_equal( input_logged_request.input_logged_request_revisions.get().revision.version_set.get().content_type, ContentType.objects.get_for_model(User) )
def test_input_logged_request_should_have_right_status(self, user): assert_http_ok(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.INFO) assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.INFO) assert_raises(Exception, self.get, '/proxy/') assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.ERROR) assert_http_not_found(self.get('/404/')) assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.WARNING)
def test_sensitive_replacement_should_be_changed(self, user): assert_http_redirect( self.post('/admin/login/', data={ 'username': '******', 'password': '******' })) input_logged_request = InputLoggedRequest.objects.get() assert_equal(input_logged_request.request_headers['COOKIE'], '(Filtered)')
def test_data_change_should_be_connected_with_logged_request(self, user): assert_equal(InputLoggedRequest.objects.count(), 0) assert_http_redirect( self.post('/admin/login/', data={ 'username': '******', 'password': '******' })) assert_equal(InputLoggedRequest.objects.count(), 1) input_logged_request = InputLoggedRequest.objects.get() assert_equal( input_logged_request.related_objects.get().object.version_set.get( ).content_type, ContentType.objects.get_for_model(User))
def test_output_logged_request_should_be_related_with_object(self, user): assert_http_redirect( self.post('/admin/login/', data={ 'username': '******', 'password': '******' })) responses.add(responses.GET, 'http://test.cz', body='test') assert_equal(self.get('/proxy/?url=http://test.cz').content, b'test') assert_equal(InputLoggedRequest.objects.count(), 2) assert_equal(OutputLoggedRequest.objects.count(), 1) output_logged_request = OutputLoggedRequest.objects.get() assert_equal( output_logged_request.related_objects.get().content_object, user)
def test_input_request_to_login_page_should_be_logged(self, user): expected_input_request_started_data = { 'request_headers': { 'Content-Length': not_none_eq_obj, 'Content-Type': not_none_eq_obj, 'Cookie': '[Filtered]', }, 'request_body': ( '--BoUnDaRyStRiNg\r\n' 'Content-Disposition: form-data; name="username"\r\n' '\r\n' 'test\r\n' '--BoUnDaRyStRiNg\r\n' '[Filtered]\n' '--BoUnDaRyStRiNg--\r\n' ), 'user_id': None, 'method': 'POST', 'host': 'testserver', 'path': '/admin/login/', 'queries': {}, 'is_secure': False, 'ip': '127.0.0.1', 'start': all_eq_obj, 'view_slug': 'admin:login', } expected_input_request_finished_data = { **expected_input_request_started_data, 'stop': all_eq_obj, 'response_code': 302, 'response_headers': { 'Cache-Control': 'max-age=0, no-cache, no-store, must-revalidate, private', 'Content-Type': 'text/html; charset=utf-8', 'Expires': all_eq_obj, 'Location': '/accounts/profile/', 'Vary': 'Cookie', 'X-Frame-Options': 'DENY' }, 'response_body': '', 'user_id': user.pk, } with capture_security_logs() as logged_data: assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_length_equal(logged_data.input_request_started, 1) assert_length_equal(logged_data.input_request_finished, 1) assert_equal_log_data(logged_data.input_request_started[0], expected_input_request_started_data) assert_equal_log_data(logged_data.input_request_finished[0], expected_input_request_finished_data)
def test_input_logged_request_should_have_right_status(self, user): assert_http_ok( self.post('/admin/login/', data={ 'username': '******', 'password': '******' })) assert_equal(InputLoggedRequest.objects.first().status, LoggedRequestStatus.INFO) assert_http_redirect( self.post('/admin/login/', data={ 'username': '******', 'password': '******' })) assert_equal(InputLoggedRequest.objects.first().status, LoggedRequestStatus.INFO) assert_raises(Exception, self.get, '/proxy/') assert_equal(InputLoggedRequest.objects.first().status, LoggedRequestStatus.ERROR) assert_http_not_found(self.get('/404/')) assert_equal(InputLoggedRequest.objects.first().status, LoggedRequestStatus.WARNING)
def test_throttling_configuration_should_be_changed_via_settings(self): for _ in range(2): assert_http_redirect(self.get('/admin/')) assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_should_be_raised(self): for _ in range(20): assert_http_redirect(self.get('/admin/')) assert_http_too_many_requests(self.get('/admin/'))
def test_sensitive_headers_should_be_hidden(self, user): with capture_security_logs() as logged_data: assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) assert_equal(logged_data.input_request[0].request_headers['Cookie'], '[Filtered]')
def test_throttling_should_be_raised(self): for _ in range(20): assert_http_redirect(self.get('/admin/')) assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_should_not_be_raised(self): for _ in range(100): assert_http_redirect(self.get('/admin/'))
def test_throttling_configuration_with_sql_backend_should_return_429(self): for _ in range(2): assert_http_redirect(self.get('/admin/')) assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_configuration_with_testing_backends_should_return_429(self): for _ in range(2): assert_http_redirect(self.get('/admin/')) ElasticsearchInputRequestLog._index.refresh() assert_http_too_many_requests(self.get('/admin/'))
def test_sensitive_replacement_should_be_changed(self, user): assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'})) input_logged_request = InputLoggedRequest.objects.get() assert_equal(input_logged_request.request_headers['COOKIE'], '(Filtered)')
def test_throttling_configuration_should_be_changed_via_settings(self): for _ in range(2): assert_http_redirect(self.get('/admin/')) assert_http_too_many_requests(self.get('/admin/'))