class ScalingTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def add_older_block(self, age, duration):
now = timezone.now()
before = now - datetime.timedelta(seconds=age)
unblock_at = before + datetime.timedelta(seconds=duration)
b = Block(cidr='1.2.3.4', who=self.user, source='test', why='test', unblock_at=unblock_at)
b.save()
b.added = before
b.save()
self.db.set_blocked(b, 'bgp1')
self.db.set_unblocked(b, 'bgp1')
return b
def test_get_last_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=10)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1)
def test_that_scaling_doesnt_break_with_manual_unblock(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=None)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=300, autoscale=True)
def scale_test(self, age, duration, new_duration, expected_duration):
b = self.add_older_block(age, duration)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=new_duration, autoscale=True)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(), expected_duration, places=1)
def test_block_scaled_short(self):
self.scale_test(
age=60*60,
duration=60*5,
new_duration=60*5,
expected_duration=60*10)
def test_block_scaled_medium(self):
self.scale_test(
age=60*60*24*4,
duration=60*60*24,
new_duration=60*60,
expected_duration=60*60*24)
class DBTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def test_non_existing_block_is_none(self):
b = self.db.get_block('1.2.3.4')
self.assertEqual(b, None)
def test_adding_a_block_works(self):
b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
self.assertEqual(str(b.cidr), '1.2.3.4/32')
def test_adding_a_block_twice_gets_the_same_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(b1.id, b2.id)
def test_blocking_changes_expected(self):
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_blocking_does_not_change_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
current = self.db.current().all()
self.assertEqual(len(current), 0)
def test_block_entry_changes_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_block_then_unblock_changes_current_but_not_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
self.db.set_unblocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 0)
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_block_queue_empty(self):
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_two_blockers(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 0)
def test_block_two_blockers_only_one(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
q = list(self.db.block_queue('bgp2'))
self.assertEqual(len(q), 1)
def test_block_two_blockers_doesnt_double_current(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_adding_a_block_adds_to_pending(self):
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
def test_blocking_removes_from_pending(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
self.db.set_blocked(b1, 'bgp1')
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
def test_unblock_now_removes_from_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
def test_unblock_now_moves_to_pending_removal(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1.refresh_from_db()
# it needs to be blocked on a host to be able to be pending unblock
self.db.set_blocked(b1, 'bgp1')
pending_removal = self.db.pending_removal().all()
self.assertEqual(len(pending_removal), 1)
def test_unblock_queue_empty(self):
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_queue_empty_before_expiration(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=30)
self.db.set_blocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_now_adds_to_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=1)
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_unblock_queue_exists_after_expiration(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=1)
self.db.set_blocked(b1, 'bgp1')
sleep(2)
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_set_unblocked_removes_from_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
self.db.set_unblocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_stats(self):
def check_counts(block_pending=0,
unblock_pending=0,
current=0,
expected=0):
stats = self.db.stats()
self.assertEqual(stats["block_pending"], block_pending)
self.assertEqual(stats["unblock_pending"], unblock_pending)
self.assertEqual(stats["current"], current)
self.assertEqual(stats["expected"], expected)
check_counts()
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
check_counts(block_pending=1, expected=1)
self.db.set_blocked(b1, 'bgp1')
check_counts(current=1, expected=1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
check_counts(current=1, expected=0, unblock_pending=1)
self.db.set_unblocked(b1, 'bgp1')
check_counts()
def test_source_stats(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1})
b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})
def test_whitelist(self):
WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()
self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)
self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)
def test_block_then_whitelist_then_unblock_works(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
self.db.unblock_now('1.2.3.4', self.user, 'testing')
@override_settings()
def test_prefixlen_too_small(self):
from django.conf import settings
settings.BHR['minimum_prefixlen'] = 24
self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)
settings.BHR['minimum_prefixlen'] = 32
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)
@override_settings()
def test_prefixlen_too_small_v6(self):
from django.conf import settings
settings.BHR['minimum_prefixlen_v6'] = 64
self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)
def test_source_blacklisted(self):
self.assertEqual(bool(is_source_blacklisted("test")), False)
SourceBlacklistEntry(who=self.user, why='test', source='test').save()
self.assertEqual(bool(is_source_blacklisted("test")), True)
def test_filter_local(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 1)
@override_settings()
def test_filter_local_unset(self):
from django.conf import settings
del settings.BHR['local_networks']
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
class DBTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def test_non_existing_block_is_none(self):
b = self.db.get_block('1.2.3.4')
self.assertEqual(b, None)
def test_adding_a_block_works(self):
b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
self.assertEqual(str(b.cidr), '1.2.3.4/32')
def test_adding_a_block_twice_gets_the_same_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(b1.id, b2.id)
def test_blocking_changes_expected(self):
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_blocking_does_not_change_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
current = self.db.current().all()
self.assertEqual(len(current), 0)
def test_block_entry_changes_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_block_then_unblock_changes_current_but_not_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
self.db.set_unblocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 0)
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_block_queue_empty(self):
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_two_blockers(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 0)
def test_block_two_blockers_only_one(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
q = list(self.db.block_queue('bgp2'))
self.assertEqual(len(q), 1)
def test_block_two_blockers_doesnt_double_current(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_adding_a_block_adds_to_pending(self):
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
def test_blocking_removes_from_pending(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
self.db.set_blocked(b1, 'bgp1')
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
def test_unblock_now_removes_from_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
def test_unblock_now_moves_to_pending_removal(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1.refresh_from_db()
#it needs to be blocked on a host to be able to be pending unblock
self.db.set_blocked(b1, 'bgp1')
pending_removal = self.db.pending_removal().all()
self.assertEqual(len(pending_removal), 1)
def test_unblock_queue_empty(self):
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_queue_empty_before_expiration(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=30)
self.db.set_blocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_now_adds_to_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_unblock_queue_exists_after_expiration(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
self.db.set_blocked(b1, 'bgp1')
sleep(2)
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_set_unblocked_removes_from_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
self.db.set_unblocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_stats(self):
def check_counts(block_pending=0, unblock_pending=0, current=0, expected=0):
stats = self.db.stats()
self.assertEqual(stats["block_pending"], block_pending)
self.assertEqual(stats["unblock_pending"], unblock_pending)
self.assertEqual(stats["current"], current)
self.assertEqual(stats["expected"], expected)
check_counts()
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
check_counts(block_pending=1, expected=1)
self.db.set_blocked(b1, 'bgp1')
check_counts(current=1, expected=1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
check_counts(current=1, expected=0, unblock_pending=1)
self.db.set_unblocked(b1, 'bgp1')
check_counts()
def test_source_stats(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1})
b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})
def test_whitelist(self):
WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()
self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)
self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)
def test_block_then_whitelist_then_unblock_works(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
self.db.unblock_now('1.2.3.4', self.user, 'testing')
@override_settings()
def test_prefixlen_too_small(self):
from django.conf import settings
settings.BHR['minimum_prefixlen'] = 24
self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)
settings.BHR['minimum_prefixlen'] = 32
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)
@override_settings()
def test_prefixlen_too_small_v6(self):
from django.conf import settings
settings.BHR['minimum_prefixlen_v6'] = 64
self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)
def test_source_blacklisted(self):
self.assertEqual(bool(is_source_blacklisted("test")), False)
SourceBlacklistEntry(who=self.user, why='test', source='test').save()
self.assertEqual(bool(is_source_blacklisted("test")), True)
def test_filter_local(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 1)
@override_settings()
def test_filter_local_unset(self):
from django.conf import settings
del settings.BHR['local_networks']
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
