def test_get_scope(app):
test_scope1 = ScopeItem(target="127.0.0.1/8", blacklist=False)
test_scope2 = ScopeItem(target="172.16.0.0/16", blacklist=True)
db.session.add(test_scope1)
db.session.add(test_scope2)
assert len(ScopeItem.getScope()) == 1
assert len(ScopeItem.getBlacklist()) == 1
def blacklist():
scope = ScopeItem.getBlacklist()
blacklistSize = current_app.ScopeManager.get_blacklist_size()
newForm = forms.NewScopeForm()
delForm = forms.ScopeDeleteForm()
editForm = forms.ScopeToggleForm()
importForm = forms.ImportBlacklistForm()
addTagForm = forms.TagScopeForm()
addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()]
if newForm.validate_on_submit():
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.update()
flash(f"{newTarget.target} blacklisted!", "success")
return redirect(url_for("admin.blacklist"))
return render_template(
"admin/blacklist.html",
scope=scope,
blacklistSize=blacklistSize,
delForm=delForm,
editForm=editForm,
newForm=newForm,
importForm=importForm,
addTagForm=addTagForm,
)
def scope():
scope = ScopeItem.get_scope()
scopeSize = current_app.ScopeManager.get_scope_size()
# if it's zero, let's make sure the ScopeManager is up to date
if scopeSize == 0:
current_app.ScopeManager.update()
scopeSize = current_app.ScopeManager.get_scope_size()
# if it's zero again that's fine, we just had to check
newForm = forms.NewScopeForm()
delForm = forms.ScopeDeleteForm()
editForm = forms.ScopeToggleForm()
importForm = forms.ImportScopeForm()
addTagForm = forms.TagScopeForm()
addTagForm.tagname.choices = [(row.name, row.name) for row in Tag.query.all()]
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.update()
flash('%s added!' % newTarget.target, 'success')
return redirect(url_for('admin.scope'))
return render_template(
"admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm,
editForm=editForm, newForm=newForm, importForm=importForm, addTagForm=addTagForm)
def test_rescan_lifecycle(app):
scope_items = ["192.168.0.0/16"]
user = User(email="*****@*****.**")
db.session.add(user)
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_pending_rescans() == []
assert current_app.ScopeManager.get_dispatched_rescans() == []
assert current_app.ScopeManager.get_incomplete_scans() == []
r = RescanTask(target="192.168.123.45", user_id=user.id)
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 1
assert len(current_app.ScopeManager.get_incomplete_scans()) == 1
r.dispatchTask()
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
current_app.ScopeManager.update_dispatched_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 0
assert len(current_app.ScopeManager.get_dispatched_rescans()) == 1
assert len(current_app.ScopeManager.get_incomplete_scans()) == 1
r.completeTask("testscanid")
db.session.add(r)
current_app.ScopeManager.update_pending_rescans()
current_app.ScopeManager.update_dispatched_rescans()
assert len(current_app.ScopeManager.get_pending_rescans()) == 0
assert len(current_app.ScopeManager.get_dispatched_rescans()) == 0
assert len(current_app.ScopeManager.get_incomplete_scans()) == 0
def test_acceptable_targets(app):
scope_items = ["192.168.0.0/16"]
blacklist_items = ["192.168.1.0/24", "192.168.2.1/32"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
for s in blacklist_items:
item = ScopeItem(target=s, blacklist=True)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.is_acceptable_target("192.168.0.123")
assert current_app.ScopeManager.is_acceptable_target("192.168.2.2")
assert not current_app.ScopeManager.is_acceptable_target("192.168.1.234")
assert not current_app.ScopeManager.is_acceptable_target("192.168.2.1")
assert not current_app.ScopeManager.is_acceptable_target("192.0.2.34")
assert not current_app.ScopeManager.is_acceptable_target("example.com")
def test_add_tags(app):
tags = ["test", "tag", "three"]
test_scope = ScopeItem(target="127.0.0.1/8", blacklist=False)
db.session.add(test_scope)
ScopeItem.addTags(test_scope, tags)
for tag in test_scope.tags:
assert test_scope.is_tagged(tag)
def test_blacklist_update(app):
scope_items = ["10.0.0.0/8"]
blacklist_items = ["10.10.10.0/24"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
for s in blacklist_items:
item = ScopeItem(target=s, blacklist=True)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_blacklist_size(
) == network_lengths["/24"]
assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"]
assert (current_app.ScopeManager.get_effective_scope_size() ==
network_lengths["/8"] - network_lengths["/24"])
assert current_app.ScopeManager.is_acceptable_target("10.10.11.1")
assert not current_app.ScopeManager.is_acceptable_target("10.10.10.10")
def test_scope_update(app):
scope_items = ["10.0.0.0/8"]
for s in scope_items:
item = ScopeItem(target=s, blacklist=False)
db.session.add(item)
current_app.ScopeManager.update()
assert current_app.ScopeManager.get_scope_size() == network_lengths["/8"]
assert current_app.ScopeManager.is_acceptable_target("10.1.2.3")
def test_del_tags(app):
tags = ["test", "tags", "three"]
test_scope = ScopeItem(target="127.0.0.1/8", blacklist=False)
db.session.add(test_scope)
ScopeItem.addTags(test_scope, tags)
assert len([t.name for t in test_scope.tags]) == 3
test_scope.delTag(test_scope.tags[2])
assert len([t.name for t in test_scope.tags]) == 2
def importScope(scopetype=''):
if scopetype == 'blacklist':
importBlacklist = True
importForm = ImportBlacklistForm()
elif scopetype == 'scope':
importBlacklist = False
importForm = ImportScopeForm()
else:
abort(404)
if importForm.validate_on_submit():
successImport = []
alreadyExists = []
failedImport = []
newScopeItems = importForm.scope.data.split('\n')
for item in newScopeItems:
item = item.strip()
if '/' not in item:
item = item + '/32'
try:
target = ipaddress.ip_network(item, False)
except ValueError as e:
failedImport.append(
item) # this item couldn't be validated as an ip network
continue
exists = ScopeItem.query.filter_by(
target=target.with_prefixlen).first()
if exists:
alreadyExists.append(target.with_prefixlen
) # this range is already a scope item
continue
newTarget = ScopeItem(target=target.with_prefixlen,
blacklist=importBlacklist)
db.session.add(newTarget)
successImport.append(newTarget.target)
db.session.commit()
current_app.ScopeManager.update()
if len(successImport) > 0:
flash('%s targets added to %s!' % (len(successImport), scopetype),
'success')
if len(alreadyExists) > 0:
flash('%s targets already existed!' % len(alreadyExists), 'info')
if len(failedImport) > 0:
flash('%s targets failed to import!' % len(failedImport), 'danger')
for item in failedImport:
flash('%s' % item, 'danger')
return redirect(url_for('admin.%s' % scopetype))
else:
for field, errors in importForm.errors.items():
for error in errors:
flash(error, 'danger')
return redirect(url_for('admin.%s' % scopetype))
def blacklist():
scope = ScopeItem.getBlacklist()
blacklistSize = current_app.ScopeManager.getBlacklistSize()
newForm = NewScopeForm()
delForm = ScopeDeleteForm()
editForm = ScopeToggleForm()
importForm = ImportBlacklistForm()
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.updateBlacklist()
flash('%s blacklisted!' % newTarget.target, 'success')
return redirect(url_for('admin.blacklist'))
return render_template("admin/blacklist.html", scope=scope, blacklistSize=blacklistSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def importScope(file, blacklist, verbose):
failedImports = []
alreadyExists = []
successImports = []
with open(file, 'r') as scope:
for line in scope.readlines():
line = line.strip()
if '/' not in line:
line = line + '/32'
try:
isValid = ipaddress.ip_network(
line, False
) # False will mask out hostbits for us, ip_network for eventual ipv6 compat
except ValueError as e:
failedImports.append(
line
) # if we hit this ValueError it means that the input couldn't be a CIDR range
continue
item = ScopeItem.query.filter_by(
target=isValid.with_prefixlen).first(
) # We only want scope items with masked out host bits
if item:
alreadyExists.append(isValid.with_prefixlen)
continue
else:
newTarget = ScopeItem(target=isValid.with_prefixlen,
blacklist=blacklist)
db.session.add(newTarget)
successImports.append(isValid.with_prefixlen)
db.session.commit()
print(
"%s successfully imported.\n%s already existed.\n%s failed to import."
% (len(successImports), len(alreadyExists), len(failedImports)))
if verbose:
print("\nSuccessful Imports:")
for i in successImports:
print("[+] %s" % i)
print("\nAlready Existed:")
for i in alreadyExists:
print("[-] %s" % i)
print("\nFailed Imports:")
for i in failedImports:
print("[!] %s" % i)
def scope():
scope = ScopeItem.getScope()
scopeSize = current_app.ScopeManager.getScopeSize()
if scopeSize == 0: # if it's zero, let's update the app's scopemanager
current_app.ScopeManager.update()
scopeSize = current_app.ScopeManager.getScopeSize() # if it's zero again that's fine, we just had to check
newForm = NewScopeForm()
delForm = ScopeDeleteForm()
editForm = ScopeToggleForm()
importForm = ImportScopeForm()
if newForm.validate_on_submit():
if '/' not in newForm.target.data:
newForm.target.data = newForm.target.data + '/32'
target = ipaddress.ip_network(newForm.target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=False)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.updateScope()
flash('%s added!' % newTarget.target, 'success')
return redirect(url_for('admin.scope'))
return render_template("admin/scope.html", scope=scope, scopeSize=scopeSize, delForm=delForm, editForm=editForm, newForm=newForm, importForm=importForm)
def blacklist():
render = {
"scope": ScopeItem.getBlacklist(),
"blacklistSize": current_app.ScopeManager.get_blacklist_size(),
"effectiveScopeSize": current_app.ScopeManager.get_effective_scope_size(),
"newForm": forms.NewScopeForm(),
"delForm": forms.ScopeDeleteForm(),
"editForm": forms.ScopeToggleForm(),
"importForm": forms.ImportScopeForm(),
"addTagForm": forms.TagScopeForm(),
}
render["addTagForm"].tagname.choices = [
(row.name, row.name) for row in Tag.query.all()
]
if render["newForm"].validate_on_submit():
target = ipaddress.ip_network(render["newForm"].target.data, False)
newTarget = ScopeItem(target=target.with_prefixlen, blacklist=True)
db.session.add(newTarget)
db.session.commit()
current_app.ScopeManager.update()
flash(f"{newTarget.target} blacklisted.", "success")
return redirect(url_for("admin.blacklist"))
return render_template("admin/blacklist.html", **render)
def test_new_scope(app):
test_scope = ScopeItem(target="10.0.0.0/8", blacklist=False)
assert not test_scope.blacklist
assert test_scope.target == "10.0.0.0/8"
def test_ip6_scope(app):
test_scope = ScopeItem(target="2001:db8::/32", blacklist=False)
assert not test_scope.blacklist
assert test_scope.target == "2001:db8::/32"