def test_input_logged_request_should_have_set_data(self, user):
with capture_security_logs() as logged_data:
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_http_ok(self.get('/home/'))
assert_equal(len(logged_data.input_request[1].related_objects), 1)
assert_equal(list(logged_data.input_request[1].related_objects)[0], get_object_triple(user))
assert_equal(logged_data.input_request_finished[1].slug, 'user-home')
def test_output_logged_request_should_be_related_with_object(self, user):
with capture_security_logs() as logged_data:
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
responses.add(responses.GET, 'http://localhost', body='test')
assert_equal(self.get('/proxy/?url=http://localhost').content, b'test')
assert_equal(len(logged_data.output_request[0].related_objects), 1)
assert_equal(list(logged_data.output_request[0].related_objects)[0], get_object_triple(user))
def test_output_logged_request_should_be_related_with_object(self, user):
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
responses.add(responses.GET, 'http://test.cz', body='test')
assert_equal(self.get('/proxy/?url=http://test.cz').content, b'test')
assert_equal(InputLoggedRequest.objects.count(), 2)
assert_equal(OutputLoggedRequest.objects.count(), 1)
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(output_logged_request.related_objects.get().content_object, user)
def test_data_change_should_be_connected_with_logged_request(self, user):
assert_equal(InputLoggedRequest.objects.count(), 0)
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_equal(InputLoggedRequest.objects.count(), 1)
input_logged_request = InputLoggedRequest.objects.get()
assert_equal(
input_logged_request.input_logged_request_revisions.get().revision.version_set.get().content_type,
ContentType.objects.get_for_model(User)
)
def test_input_logged_request_should_have_right_status(self, user):
assert_http_ok(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.INFO)
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.INFO)
assert_raises(Exception, self.get, '/proxy/')
assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.ERROR)
assert_http_not_found(self.get('/404/'))
assert_equal(InputLoggedRequest.objects.first().status, InputLoggedRequest.WARNING)
def test_sensitive_replacement_should_be_changed(self, user):
assert_http_redirect(
self.post('/admin/login/',
data={
'username': '******',
'password': '******'
}))
input_logged_request = InputLoggedRequest.objects.get()
assert_equal(input_logged_request.request_headers['COOKIE'],
'(Filtered)')
def test_data_change_should_be_connected_with_logged_request(self, user):
assert_equal(InputLoggedRequest.objects.count(), 0)
assert_http_redirect(
self.post('/admin/login/',
data={
'username': '******',
'password': '******'
}))
assert_equal(InputLoggedRequest.objects.count(), 1)
input_logged_request = InputLoggedRequest.objects.get()
assert_equal(
input_logged_request.related_objects.get().object.version_set.get(
).content_type, ContentType.objects.get_for_model(User))
def test_output_logged_request_should_be_related_with_object(self, user):
assert_http_redirect(
self.post('/admin/login/',
data={
'username': '******',
'password': '******'
}))
responses.add(responses.GET, 'http://test.cz', body='test')
assert_equal(self.get('/proxy/?url=http://test.cz').content, b'test')
assert_equal(InputLoggedRequest.objects.count(), 2)
assert_equal(OutputLoggedRequest.objects.count(), 1)
output_logged_request = OutputLoggedRequest.objects.get()
assert_equal(
output_logged_request.related_objects.get().content_object, user)
def test_input_request_to_login_page_should_be_logged(self, user):
expected_input_request_started_data = {
'request_headers': {
'Content-Length': not_none_eq_obj,
'Content-Type': not_none_eq_obj,
'Cookie': '[Filtered]',
},
'request_body': (
'--BoUnDaRyStRiNg\r\n'
'Content-Disposition: form-data; name="username"\r\n'
'\r\n'
'test\r\n'
'--BoUnDaRyStRiNg\r\n'
'[Filtered]\n'
'--BoUnDaRyStRiNg--\r\n'
),
'user_id': None,
'method': 'POST',
'host': 'testserver',
'path': '/admin/login/',
'queries': {},
'is_secure': False,
'ip': '127.0.0.1',
'start': all_eq_obj,
'view_slug': 'admin:login',
}
expected_input_request_finished_data = {
**expected_input_request_started_data,
'stop': all_eq_obj,
'response_code': 302,
'response_headers': {
'Cache-Control': 'max-age=0, no-cache, no-store, must-revalidate, private',
'Content-Type': 'text/html; charset=utf-8',
'Expires': all_eq_obj,
'Location': '/accounts/profile/',
'Vary': 'Cookie',
'X-Frame-Options': 'DENY'
},
'response_body': '',
'user_id': user.pk,
}
with capture_security_logs() as logged_data:
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_length_equal(logged_data.input_request_started, 1)
assert_length_equal(logged_data.input_request_finished, 1)
assert_equal_log_data(logged_data.input_request_started[0], expected_input_request_started_data)
assert_equal_log_data(logged_data.input_request_finished[0], expected_input_request_finished_data)
def test_input_logged_request_should_have_right_status(self, user):
assert_http_ok(
self.post('/admin/login/',
data={
'username': '******',
'password': '******'
}))
assert_equal(InputLoggedRequest.objects.first().status,
LoggedRequestStatus.INFO)
assert_http_redirect(
self.post('/admin/login/',
data={
'username': '******',
'password': '******'
}))
assert_equal(InputLoggedRequest.objects.first().status,
LoggedRequestStatus.INFO)
assert_raises(Exception, self.get, '/proxy/')
assert_equal(InputLoggedRequest.objects.first().status,
LoggedRequestStatus.ERROR)
assert_http_not_found(self.get('/404/'))
assert_equal(InputLoggedRequest.objects.first().status,
LoggedRequestStatus.WARNING)
def test_throttling_configuration_should_be_changed_via_settings(self):
for _ in range(2):
assert_http_redirect(self.get('/admin/'))
assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_should_be_raised(self):
for _ in range(20):
assert_http_redirect(self.get('/admin/'))
assert_http_too_many_requests(self.get('/admin/'))
def test_sensitive_headers_should_be_hidden(self, user):
with capture_security_logs() as logged_data:
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
assert_equal(logged_data.input_request[0].request_headers['Cookie'], '[Filtered]')
def test_throttling_should_be_raised(self):
for _ in range(20):
assert_http_redirect(self.get('/admin/'))
assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_should_not_be_raised(self):
for _ in range(100):
assert_http_redirect(self.get('/admin/'))
def test_throttling_configuration_with_sql_backend_should_return_429(self):
for _ in range(2):
assert_http_redirect(self.get('/admin/'))
assert_http_too_many_requests(self.get('/admin/'))
def test_throttling_configuration_with_testing_backends_should_return_429(self):
for _ in range(2):
assert_http_redirect(self.get('/admin/'))
ElasticsearchInputRequestLog._index.refresh()
assert_http_too_many_requests(self.get('/admin/'))
def test_sensitive_replacement_should_be_changed(self, user):
assert_http_redirect(self.post('/admin/login/', data={'username': '******', 'password': '******'}))
input_logged_request = InputLoggedRequest.objects.get()
assert_equal(input_logged_request.request_headers['COOKIE'], '(Filtered)')
def test_throttling_configuration_should_be_changed_via_settings(self):
for _ in range(2):
assert_http_redirect(self.get('/admin/'))
assert_http_too_many_requests(self.get('/admin/'))
