Esempio n. 1
0
def stats(request):
    db = BHRDB()

    stats = db.stats()
    stats['sources'] = db.source_stats()

    return Response(stats)
Esempio n. 2
0
def stats(request):
    db = BHRDB()

    stats = db.stats()
    stats['sources'] = db.source_stats()

    return Response(stats)
Esempio n. 3
0
 def get_context_data(self, source, *args):
     all_blocks = BHRDB().expected()
     blocks = all_blocks.filter(source=source).order_by("-added")[:500]
     return {
         'source': source,
         'blocks': query_to_blocklist(blocks),
     }
Esempio n. 4
0
 def get_context_data(self, source, *args):
     all_blocks = BHRDB().expected()
     blocks = all_blocks.filter(source=source).order_by("-added")[:500]
     return {
         'source': source,
         'blocks': query_to_blocklist(blocks),
     }
Esempio n. 5
0
 def get_context_data(self, *args):
     all_blocks = BHRDB().expected()
     manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
     local_blocks = filter_local_networks(all_blocks)
     return {
         'manual_blocks': query_to_blocklist(manual_blocks),
         'local_blocks': query_to_blocklist(local_blocks),
     }
Esempio n. 6
0
 def get_context_data(self, *args):
     all_blocks = BHRDB().expected()
     manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
     local_blocks = filter_local_networks(all_blocks)
     return {
         'manual_blocks': query_to_blocklist(manual_blocks),
         'local_blocks': query_to_blocklist(local_blocks),
     }
Esempio n. 7
0
 def get_context_data(self, *args):
     all_blocks = BHRDB().expected()
     manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
     auto_blocks = all_blocks.filter(~Q(source="web") | Q(source="cli")).order_by("-added")[:50]
     return {
         'manual_blocks': query_to_blocklist(manual_blocks),
         'auto_blocks': query_to_blocklist(auto_blocks),
     }
Esempio n. 8
0
 def get_context_data(self, *args):
     all_blocks = BHRDB().expected()
     manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
     local_blocks = filter_local_networks(all_blocks)
     auto_blocks = all_blocks.filter(~Q(source="web") | Q(source="cli")).order_by("-added")[:50]
     return {
         'manual_blocks': query_to_blocklist(manual_blocks),
         'local_blocks': query_to_blocklist(local_blocks),
         'auto_blocks': query_to_blocklist(auto_blocks),
         'query': 'list',
     }
Esempio n. 9
0
 def get(self, request):
     # TODO: http://www.django-rest-framework.org/api-guide/filtering/ ?
     source = self.request.query_params.get('source', None)
     since = self.request.query_params.get('since', None)
     queryset = BHRDB().expected()
     if source:
         queryset = queryset.filter(source=source)
     if since:
         queryset = queryset.filter(added__gte=since).order_by('added')
     blocks = queryset.values_list('cidr', 'who__username', 'source', 'why', 'added', 'unblock_at')
     return respond_csv(blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
Esempio n. 10
0
 def get(self, request):
     #TODO: http://www.django-rest-framework.org/api-guide/filtering/ ?
     source = self.request.query_params.get('source', None)
     since = self.request.query_params.get('since', None)
     queryset = BHRDB().expected()
     if source:
         queryset = queryset.filter(source=source)
     if since:
         queryset = queryset.filter(added__gte=since).order_by('added')
     blocks = queryset.values_list('cidr','who__username','source','why', 'added', 'unblock_at')
     return respond_csv(blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
Esempio n. 11
0
    def get_queryset(self):
        ident = self.kwargs['ident']
        timeout = int(self.request.QUERY_PARAMS.get('timeout', 0))
        if not timeout:
            return BHRDB().block_queue(ident, limit=200)

        end = time.time() + timeout
        while time.time() < end:
            blocks = BHRDB().block_queue(ident, limit=200)
            if blocks:
                return blocks
            time.sleep(1.0)
        return blocks
Esempio n. 12
0
    def get_queryset(self):
        ident = self.kwargs['ident']
        timeout = int(self.request.query_params.get('timeout', 0))
        added_since = self.request.query_params.get('added_since', '2014-09-01')
        if not timeout:
            return BHRDB().block_queue(ident, limit=200, added_since=added_since)

        end = time.time() + timeout
        while time.time() < end:
            blocks = BHRDB().block_queue(ident, limit=200, added_since=added_since)
            if list(blocks):
                return blocks
            time.sleep(1.0)
        return blocks
Esempio n. 13
0
 def validate_cidr(self, attrs, source):
     cidr = attrs[source]
     b = BHRDB().get_block(cidr)
     if not b:
         raise serializers.ValidationError("%s is not currently blocked" %
                                           cidr)
     return attrs
Esempio n. 14
0
 def validate_cidr(self, value):
     cidr = value
     b = BHRDB().get_block(cidr)
     if not b:
         raise serializers.ValidationError("%s is not currently blocked" %
                                           cidr)
     return cidr
Esempio n. 15
0
 def post(self, request):
     serializer = UnblockNowSerializer(data=request.DATA)
     if serializer.is_valid():
         d = serializer.data
         BHRDB().unblock_now(d['cidr'], request.user, d['why'])
         return Response({'status': 'ok'})
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Esempio n. 16
0
 def get(self, request):
     resp = []
     blocks = BHRDB().expected().values_list('cidr', 'who__username',
                                             'source', 'why', 'added',
                                             'unblock_at')
     return respond_csv(
         blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
Esempio n. 17
0
    def post(self, request):
        context = {"request": request}
        serializer = BlockRequestSerializer(data=request.data)
        if serializer.is_valid():
            b = BHRDB().add_block(who=request.user, **serializer.validated_data)
            return Response(BlockSerializer(b, context=context).data, status=status.HTTP_201_CREATED)

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Esempio n. 18
0
    def post(self, request):
        context = {"request": request}
        serializer = BlockRequestSerializer(data=request.data, many=True)
        created = []
        if serializer.is_valid():
            created = BHRDB().add_block_multi(who=request.user, blocks=serializer.validated_data)
            return Response(BlockSerializer(created, many=True, context=context).data, status=status.HTTP_201_CREATED)

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Esempio n. 19
0
 def set_blocked(self, request, pk=None):
     if not request.user.has_perm('bhr.add_blockentry'):
         raise PermissionDenied()
     block = self.get_object()
     serializer = SetBlockedSerializer(data=request.data)
     if serializer.is_valid():
         ident = serializer.validated_data['ident']
         BHRDB().set_blocked(block, ident)
         return Response({'status': 'ok'})
     else:
         return Response(serializer.errors,
                         status=status.HTTP_400_BAD_REQUEST)
Esempio n. 20
0
    def get(self, request):
        if self.request.GET:
            form = QueryBlockForm(self.request.GET)
        else:
            form = QueryBlockForm()

        if not form.is_valid():
            return render(self.request, "bhr/query.html", {"form": form})

        query = form.cleaned_data['query']
        blocks = BHRDB().get_history(query).prefetch_related("blockentry_set")
        return render(self.request, self.result_template_name, {"query": query, "form": form, "blocks": blocks})
Esempio n. 21
0
    def post(self, request):
        context = {"request": request}
        serializer = BlockRequestSerializer(data=request.data, many=True)
        created = []
        if serializer.is_valid():
            #FIXME: move this into BHRDB directly
            with transaction.atomic():
                for block in serializer.validated_data:
                    b = BHRDB().add_block(who=request.user, **block)
                    created.append(b)
            return Response(BlockSerializer(created, many=True, context=context).data, status=status.HTTP_201_CREATED)

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Esempio n. 22
0
def metrics(request):
    """Export metrics in a format that prometheus can understand"""
    db = BHRDB()

    stats = db.stats()
    source_stats = db.source_stats()
    now = int(1000 * time.time())

    out = []

    def add(k, v):
        out.append("bhr_{} {} {}\n".format(k, v, now))

    out.append('''
# HELP bhr_blocked_total total hosts blocked
# TYPE bhr_blocked_total gauge
''')

    add('blocked_total{type="current"}', stats["current"])
    add('blocked_total{type="expected"}', stats["expected"])

    out.append('''
# HELP bhr_pending_total total hosts pending
# TYPE bhr_pending_total gauge
''')
    add('pending_total{type="block"}', stats["block_pending"])
    add('pending_total{type="unblock"}', stats["unblock_pending"])

    out.append('''
# HELP bhr_blocked_total_by_source total hosts blocked by each source
# TYPE bhr_blocked_total_by_source gauge
''')
    for source, count in source_stats.items():
        add('blocked_total_by_source{source="%s"}' % source, count)

    resp = "".join(out)
    return HttpResponse(resp, content_type="text/plain")
Esempio n. 23
0
def metrics(request):
    """Export metrics in a format that prometheus can understand"""
    db = BHRDB()

    stats = db.stats()
    source_stats = db.source_stats()
    now = int(1000 * time.time())

    out = []
    def add(k, v):
        out.append("bhr_{} {} {}\n".format(k, v, now))

    out.append('''
# HELP bhr_blocked_total total hosts blocked
# TYPE bhr_blocked_total gauge
''')

    add('blocked_total{type="current"}', stats["current"])
    add('blocked_total{type="expected"}', stats["expected"])

    out.append('''
# HELP bhr_pending_total total hosts pending
# TYPE bhr_pending_total gauge
''')
    add('pending_total{type="block"}', stats["block_pending"])
    add('pending_total{type="unblock"}', stats["unblock_pending"])

    out.append('''
# HELP bhr_blocked_total_by_source total hosts blocked by each source
# TYPE bhr_blocked_total_by_source gauge
''')
    for source, count in source_stats.items():
        add('blocked_total_by_source{source="%s"}' % source, count)

    resp = "".join(out)
    return HttpResponse(resp, content_type="text/plain")
Esempio n. 24
0
 def setUp(self):
     self.db = BHRDB()
     self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
Esempio n. 25
0
class ScalingTests(TestCase):
    def setUp(self):
        self.db = BHRDB()
        self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')

    def add_older_block(self, age, duration):
        now = timezone.now()
        before = now - datetime.timedelta(seconds=age)
        unblock_at = before + datetime.timedelta(seconds=duration)
        b = Block(cidr='1.2.3.4',
                  who=self.user,
                  source='test',
                  why='test',
                  unblock_at=unblock_at)
        b.save()
        b.added = before
        b.save()
        self.db.set_blocked(b, 'bgp1')
        self.db.set_unblocked(b, 'bgp1')
        return b

    def test_get_last_block(self):
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=10)
        lb = self.db.get_last_block('1.2.3.4')

        self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1)

    def test_that_scaling_doesnt_break_with_manual_unblock(self):
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=None)
        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=300,
                               autoscale=True)

    def scale_test(self, age, duration, new_duration, expected_duration):
        b = self.add_older_block(age, duration)
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=new_duration,
                               autoscale=True)
        lb = self.db.get_last_block('1.2.3.4')
        self.assertAlmostEqual(lb.duration.total_seconds(),
                               expected_duration,
                               places=1)

    def test_block_scaled_short(self):
        self.scale_test(age=60 * 60,
                        duration=60 * 5,
                        new_duration=60 * 5,
                        expected_duration=60 * 10)

    def test_block_scaled_medium(self):
        self.scale_test(age=60 * 60 * 24 * 4,
                        duration=60 * 60 * 24,
                        new_duration=60 * 60,
                        expected_duration=60 * 60 * 24)
Esempio n. 26
0
class DBTests(TestCase):
    def setUp(self):
        self.db = BHRDB()
        self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')

    def test_non_existing_block_is_none(self):
        b = self.db.get_block('1.2.3.4')
        self.assertEqual(b, None)

    def test_adding_a_block_works(self):
        b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
        self.assertEqual(str(b.cidr), '1.2.3.4/32')

    def test_adding_a_block_twice_gets_the_same_block(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.assertEqual(b1.id, b2.id)

    def test_blocking_changes_expected(self):
        expected = self.db.expected().all()
        self.assertEqual(len(expected), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

    def test_blocking_does_not_change_current(self):
        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        current = self.db.current().all()
        self.assertEqual(len(current), 0)

    def test_block_entry_changes_current(self):
        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

    def test_block_then_unblock_changes_current_but_not_expected(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

        self.db.set_unblocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

    def test_block_queue_empty(self):
        q = list(self.db.block_queue('bgp1'))
        self.assertEqual(len(q), 0)

    def test_block_queue(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        q = list(self.db.block_queue('bgp1'))

        self.assertEqual(len(q), 1)
        self.assertEqual(str(q[0].cidr), '1.2.3.4/32')

        self.db.set_blocked(b1, 'bgp1')

        q = list(self.db.block_queue('bgp1'))

        self.assertEqual(len(q), 0)

    def test_block_two_blockers(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        for ident in 'bgp1', 'bgp2':
            q = list(self.db.block_queue(ident))
            self.assertEqual(len(q), 1)
            self.assertEqual(str(q[0].cidr), '1.2.3.4/32')

        self.db.set_blocked(b1, 'bgp1')
        self.db.set_blocked(b1, 'bgp2')

        for ident in 'bgp1', 'bgp2':
            q = list(self.db.block_queue(ident))
            self.assertEqual(len(q), 0)

    def test_block_two_blockers_only_one(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.db.set_blocked(b1, 'bgp1')

        q = list(self.db.block_queue('bgp1'))
        self.assertEqual(len(q), 0)

        q = list(self.db.block_queue('bgp2'))
        self.assertEqual(len(q), 1)

    def test_block_two_blockers_doesnt_double_current(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.db.set_blocked(b1, 'bgp1')
        self.db.set_blocked(b1, 'bgp2')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

    def test_adding_a_block_adds_to_pending(self):
        pending = self.db.pending().all()
        self.assertEqual(len(pending), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        pending = self.db.pending().all()
        self.assertEqual(len(pending), 1)

    def test_blocking_removes_from_pending(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        pending = self.db.pending().all()
        self.assertEqual(len(pending), 1)

        self.db.set_blocked(b1, 'bgp1')

        pending = self.db.pending().all()
        self.assertEqual(len(pending), 0)

    def test_unblock_now_removes_from_expected(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 0)

    def test_unblock_now_moves_to_pending_removal(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        b1.refresh_from_db()

        # it needs to be blocked on a host to be able to be pending unblock
        self.db.set_blocked(b1, 'bgp1')

        pending_removal = self.db.pending_removal().all()
        self.assertEqual(len(pending_removal), 1)

    def test_unblock_queue_empty(self):
        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_unblock_queue_empty_before_expiration(self):
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=30)
        self.db.set_blocked(b1, 'bgp1')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_unblock_now_adds_to_unblock_queue(self):
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=1)
        self.db.set_blocked(b1, 'bgp1')

        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

    def test_unblock_queue_exists_after_expiration(self):
        b1 = self.db.add_block('1.2.3.4',
                               self.user,
                               'test',
                               'testing',
                               duration=1)
        self.db.set_blocked(b1, 'bgp1')
        sleep(2)
        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

    def test_set_unblocked_removes_from_unblock_queue(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')
        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

        self.db.set_unblocked(b1, 'bgp1')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_stats(self):
        def check_counts(block_pending=0,
                         unblock_pending=0,
                         current=0,
                         expected=0):
            stats = self.db.stats()
            self.assertEqual(stats["block_pending"], block_pending)
            self.assertEqual(stats["unblock_pending"], unblock_pending)
            self.assertEqual(stats["current"], current)
            self.assertEqual(stats["expected"], expected)

        check_counts()

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        check_counts(block_pending=1, expected=1)

        self.db.set_blocked(b1, 'bgp1')
        check_counts(current=1, expected=1)

        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        check_counts(current=1, expected=0, unblock_pending=1)

        self.db.set_unblocked(b1, 'bgp1')
        check_counts()

    def test_source_stats(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.assertEqual(self.db.source_stats(), {"test": 1})

        b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
        b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
        self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})

    def test_whitelist(self):
        WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()

        self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
        self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)

        self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
        self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
        self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)

    def test_block_then_whitelist_then_unblock_works(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
        self.db.unblock_now('1.2.3.4', self.user, 'testing')

    @override_settings()
    def test_prefixlen_too_small(self):
        from django.conf import settings
        settings.BHR['minimum_prefixlen'] = 24
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
        self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)

        settings.BHR['minimum_prefixlen'] = 32
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)

    @override_settings()
    def test_prefixlen_too_small_v6(self):
        from django.conf import settings
        settings.BHR['minimum_prefixlen_v6'] = 64
        self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
        self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)

    def test_source_blacklisted(self):
        self.assertEqual(bool(is_source_blacklisted("test")), False)
        SourceBlacklistEntry(who=self.user, why='test', source='test').save()
        self.assertEqual(bool(is_source_blacklisted("test")), True)

    def test_filter_local(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)

        b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 1)

    @override_settings()
    def test_filter_local_unset(self):
        from django.conf import settings
        del settings.BHR['local_networks']
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)

        b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)
Esempio n. 27
0
 def setUp(self):
     self.db = BHRDB()
     self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
Esempio n. 28
0
class ScalingTests(TestCase):
    def setUp(self):
        self.db = BHRDB()
        self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')

    def add_older_block(self, age, duration):
        now = timezone.now()
        before = now - datetime.timedelta(seconds=age)
        unblock_at = before + datetime.timedelta(seconds=duration)
        b = Block(cidr='1.2.3.4', who=self.user, source='test', why='test', unblock_at=unblock_at)
        b.save()
        b.added = before
        b.save()
        self.db.set_blocked(b, 'bgp1')
        self.db.set_unblocked(b, 'bgp1')
        return b

    def test_get_last_block(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=10)
        lb = self.db.get_last_block('1.2.3.4')

        self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1)

    def test_that_scaling_doesnt_break_with_manual_unblock(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=None)
        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=300, autoscale=True)

    def scale_test(self, age, duration, new_duration, expected_duration):
        b = self.add_older_block(age, duration)
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=new_duration, autoscale=True)
        lb = self.db.get_last_block('1.2.3.4')
        self.assertAlmostEqual(lb.duration.total_seconds(), expected_duration, places=1)

    def test_block_scaled_short(self):
        self.scale_test(
            age=60*60,
            duration=60*5,
            new_duration=60*5,
            expected_duration=60*10)

    def test_block_scaled_medium(self):
        self.scale_test(
            age=60*60*24*4,
            duration=60*60*24,
            new_duration=60*60,
            expected_duration=60*60*24)
Esempio n. 29
0
 def get_context_data(self, *args):
     blocks = BHRDB().expected().values('id', 'cidr', 'who__username',
                                        'source', 'why', 'added',
                                        'unblock_at')
     return {'blocks': blocks}
Esempio n. 30
0
def stats(request):
    stats = BHRDB().stats()
    return Response(stats)
Esempio n. 31
0
 def post(self, request):
     ids = request.DATA['ids']
     BHRDB().set_unblocked_multi(ids)
     return Response({'status': 'ok'})
Esempio n. 32
0
 def post(self, request, ident):
     ids = request.data['ids']
     BHRDB().set_blocked_multi(ident, ids)
     return Response({'status': 'ok'})
Esempio n. 33
0
 def get_queryset(self):
     ident = self.kwargs['ident']
     return BHRDB().unblock_queue(ident)[:200]
Esempio n. 34
0
 def get_context_data(self, *args):
     db = BHRDB()
     return {
         'stats': db.stats(),
         'source_stats': db.source_stats(),
     }
Esempio n. 35
0
 def form_valid(self, form):
     block_request = form.cleaned_data
     block_request['cidr'] = str(block_request['cidr'])
     BHRDB().add_block(who=self.request.user, source='web', **block_request)
     return redirect(reverse("query") + "?query=" + block_request["cidr"])
Esempio n. 36
0
def bhlistpub(request):
    resp = []
    blocks = BHRDB().expected().values_list('cidr', 'added', 'unblock_at')
    return respond_csv(blocks, ["cidr", "added", "unblock_at"])
Esempio n. 37
0
 def get_context_data(self, *args):
     db = BHRDB()
     return {
         'stats': db.stats(),
         'source_stats': db.source_stats(),
     }
Esempio n. 38
0
class DBTests(TestCase):
    def setUp(self):
        self.db = BHRDB()
        self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')

    def test_non_existing_block_is_none(self):
        b = self.db.get_block('1.2.3.4')
        self.assertEqual(b, None)

    def test_adding_a_block_works(self):
        b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
        self.assertEqual(str(b.cidr), '1.2.3.4/32')

    def test_adding_a_block_twice_gets_the_same_block(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.assertEqual(b1.id, b2.id)

    def test_blocking_changes_expected(self):
        expected = self.db.expected().all()
        self.assertEqual(len(expected), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

    def test_blocking_does_not_change_current(self):
        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        current = self.db.current().all()
        self.assertEqual(len(current), 0)

    def test_block_entry_changes_current(self):
        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

    def test_block_then_unblock_changes_current_but_not_expected(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

        self.db.set_unblocked(b1, 'bgp1')

        current = self.db.current().all()
        self.assertEqual(len(current), 0)

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

    def test_block_queue_empty(self):
        q = list(self.db.block_queue('bgp1'))
        self.assertEqual(len(q), 0)

    def test_block_queue(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        q = list(self.db.block_queue('bgp1'))

        self.assertEqual(len(q), 1)
        self.assertEqual(str(q[0].cidr), '1.2.3.4/32')

        self.db.set_blocked(b1, 'bgp1')

        q = list(self.db.block_queue('bgp1'))

        self.assertEqual(len(q), 0)

    def test_block_two_blockers(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        for ident in 'bgp1', 'bgp2':
            q = list(self.db.block_queue(ident))
            self.assertEqual(len(q), 1)
            self.assertEqual(str(q[0].cidr), '1.2.3.4/32')

        self.db.set_blocked(b1, 'bgp1')
        self.db.set_blocked(b1, 'bgp2')

        for ident in 'bgp1', 'bgp2':
            q = list(self.db.block_queue(ident))
            self.assertEqual(len(q), 0)

    def test_block_two_blockers_only_one(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.db.set_blocked(b1, 'bgp1')

        q = list(self.db.block_queue('bgp1'))
        self.assertEqual(len(q), 0)

        q = list(self.db.block_queue('bgp2'))
        self.assertEqual(len(q), 1)

    def test_block_two_blockers_doesnt_double_current(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.db.set_blocked(b1, 'bgp1')
        self.db.set_blocked(b1, 'bgp2')

        current = self.db.current().all()
        self.assertEqual(len(current), 1)

    def test_adding_a_block_adds_to_pending(self):
        pending = self.db.pending().all()
        self.assertEqual(len(pending), 0)

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        pending = self.db.pending().all()
        self.assertEqual(len(pending), 1)

    def test_blocking_removes_from_pending(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        pending = self.db.pending().all()
        self.assertEqual(len(pending), 1)

        self.db.set_blocked(b1, 'bgp1')

        pending = self.db.pending().all()
        self.assertEqual(len(pending), 0)

    def test_unblock_now_removes_from_expected(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 1)

        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        expected = self.db.expected().all()
        self.assertEqual(len(expected), 0)

    def test_unblock_now_moves_to_pending_removal(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        b1.refresh_from_db()

        #it needs to be blocked on a host to be able to be pending unblock
        self.db.set_blocked(b1, 'bgp1')

        pending_removal = self.db.pending_removal().all()
        self.assertEqual(len(pending_removal), 1)

    def test_unblock_queue_empty(self):
        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_unblock_queue_empty_before_expiration(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=30)
        self.db.set_blocked(b1, 'bgp1')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_unblock_now_adds_to_unblock_queue(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
        self.db.set_blocked(b1, 'bgp1')

        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

    def test_unblock_queue_exists_after_expiration(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
        self.db.set_blocked(b1, 'bgp1')
        sleep(2)
        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

    def test_set_unblocked_removes_from_unblock_queue(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        self.db.set_blocked(b1, 'bgp1')
        self.db.unblock_now('1.2.3.4', self.user, 'testing')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 1)

        self.db.set_unblocked(b1, 'bgp1')

        q = self.db.unblock_queue('bgp1')
        self.assertEqual(len(q), 0)

    def test_stats(self):
        def check_counts(block_pending=0, unblock_pending=0, current=0, expected=0):
            stats = self.db.stats()
            self.assertEqual(stats["block_pending"], block_pending)
            self.assertEqual(stats["unblock_pending"], unblock_pending)
            self.assertEqual(stats["current"], current)
            self.assertEqual(stats["expected"], expected)

        check_counts()

        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
        check_counts(block_pending=1, expected=1)

        self.db.set_blocked(b1, 'bgp1')
        check_counts(current=1, expected=1)

        self.db.unblock_now('1.2.3.4', self.user, 'testing')
        check_counts(current=1, expected=0, unblock_pending=1)

        self.db.set_unblocked(b1, 'bgp1')
        check_counts()

    def test_source_stats(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')

        self.assertEqual(self.db.source_stats(), {"test": 1})

        b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
        b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
        self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})

    def test_whitelist(self):
        WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()

        self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
        self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)

        self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
        self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
        self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)

    def test_block_then_whitelist_then_unblock_works(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
        self.db.unblock_now('1.2.3.4', self.user, 'testing')

    @override_settings()
    def test_prefixlen_too_small(self):
        from django.conf import settings
        settings.BHR['minimum_prefixlen'] = 24
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
        self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)

        settings.BHR['minimum_prefixlen'] = 32
        self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)

    @override_settings()
    def test_prefixlen_too_small_v6(self):
        from django.conf import settings
        settings.BHR['minimum_prefixlen_v6'] = 64
        self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
        self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)

    def test_source_blacklisted(self):
        self.assertEqual(bool(is_source_blacklisted("test")), False)
        SourceBlacklistEntry(who=self.user, why='test', source='test').save()
        self.assertEqual(bool(is_source_blacklisted("test")), True)

    def test_filter_local(self):
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)

        b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 1)

    @override_settings()
    def test_filter_local_unset(self):
        from django.conf import settings
        del settings.BHR['local_networks']
        b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)

        b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
        local = filter_local_networks(self.db.expected())
        self.assertEqual(len(local), 0)