def perform_scan(url: str, permitted_domains: List[str]) -> ScanResult:
scan_data = {
'live': False,
'landing_page_url': url,
}
try:
page, soup = request_and_scrape_page(url)
except requests.exceptions.RequestException:
# Connection timed out, an invalid HTTP response was returned, or
# a network problem occurred.
# Catch the base class exception for these cases.
scan_data['http_status_200_ok'] = False
return ScanResult(**scan_data)
http_response_data = parse_page_data(page)
scan_data.update(http_response_data)
content_data = parse_soup_data(soup)
scan_data.update(content_data)
assets = extract_assets(soup, page.url)
asset_results = parse_assets(assets, [tldextract.extract(page.url).registered_domain] + permitted_domains)
scan_data.update(asset_results)
pshtt_results = inspect_domains([url_to_domain(page.url)], {'timeout': 10})
https_data = parse_pshtt_data(pshtt_results[0])
scan_data.update(https_data)
return ScanResult(**scan_data)
def test_is_equal_to_compares_only_scan_attributes__same_result(self):
"""Test is_equal_to does not compare pk, _state, etc."""
result1 = ScanResult(live=True, hsts=True, hsts_max_age=True,
securedrop=self.securedrop)
result2 = ScanResult(live=True, hsts=True, hsts_max_age=True,
securedrop=self.securedrop)
self.assertTrue(result1.is_equal_to(result2))
def test_save_associates_results(self):
result = ScanResult(
live=True,
hsts=True,
hsts_max_age=True,
securedrop=None,
landing_page_url=self.securedrop.landing_page_url,
)
result.save()
self.assertEqual(result.securedrop, self.securedrop)
def test_securedrop_can_get_most_recent_scan(self):
result1 = ScanResult(live=True, hsts=True, hsts_max_age=True,
securedrop=self.securedrop, landing_page_url=self.securedrop.landing_page_url)
result1.save()
result2 = ScanResult(live=True, hsts=False, hsts_max_age=True,
securedrop=self.securedrop, landing_page_url=self.securedrop.landing_page_url)
result2.save()
securedrop = DirectoryEntry.objects.get(id=self.securedrop.pk)
most_recent = securedrop.results.latest()
self.assertEqual(most_recent.grade, 'C')
def test_save_associates_results(self):
landing_page_url = 'https://www.something.org'
result = ScanResult(
live=True,
hsts=True,
hsts_max_age=True,
securedrop=None,
landing_page_url=landing_page_url,
)
result.save()
securedrop = DirectoryEntryFactory(
landing_page_url=landing_page_url,
onion_address='https://notreal.onion',
)
securedrop.save()
result.refresh_from_db()
self.assertEqual(result.securedrop, securedrop)
def test_is_equal_to_compares_only_scan_attributes__new_result(self):
result1 = ScanResult(live=True, hsts=True, hsts_max_age=True, securedrop=self.securedrop)
result2 = ScanResult(live=False, securedrop=self.securedrop)
self.assertFalse(result1.is_equal_to(result2))
def test_result_string_representation(self):
result1 = ScanResult(live=True, hsts=True, hsts_max_age=True,
securedrop=self.securedrop, landing_page_url=self.securedrop.landing_page_url)
self.assertIn(result1.landing_page_url, result1.__str__())
def test_a_down_instance_gets_a_null_grade(self):
result = ScanResult(live=False, securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, '?')
def test_an_instance_with_cache_control_nostore_not_set_gets_a_B(self):
result = ScanResult(live=True, cache_control_nostore_set=False,
hsts_max_age=True, securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, 'B')
def test_an_instance_with_expires_not_set_gets_a_C(self):
result = ScanResult(live=True, expires_set=False,
securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, 'C')
def test_an_instance_showing_server_version_in_headers_gets_a_D(self):
result = ScanResult(live=True, no_server_version=False,
securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, 'D')
def test_an_instance_using_a_subdomain_gets_a_D(self):
result = ScanResult(live=True, subdomain=True, securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, 'D')
def test_an_instance_using_cookies_gets_an_F(self):
result = ScanResult(live=True, no_cookies=False, securedrop=self.securedrop)
result.save()
self.assertEqual(result.grade, 'F')
def test_grade_computed_on_save(self):
result = ScanResult(live=True, hsts=True, hsts_max_age=True,
securedrop=self.securedrop)
self.assertEqual(result.grade, '?')
result.save()
self.assertEqual(result.grade, 'A')