def test_url_to_domain_schema_without_query(self): test_url = "example.com" expected_url = "example.com" info("Requested URL: {}".format(test_url)) result = url_helper.url_to_domain(test_url) assert_type(result, str, "Check if returned result is of correct type") assert_equal(result, expected_url, "Check if method returned correct url")
def test_verify_api_unauthorized(self): api_key = token_hex(6) info("Requested api key: {}".format(api_key)) with allure.step( "[STEP] Check if proper exception is raised: {}".format( Unauthorized)): with pytest.raises(Unauthorized): security.verify_api(apikey=api_key, required_scopes=None)
def test_get_ip_details_empty_ip(self): ip_body = {"ip": ""} info("Requested ip body: {}".format(ip_body)) with allure.step( "[STEP] Check if proper exception is raised: {}".format( BadRequest)): with pytest.raises(BadRequest, match="Wrong IP"): get_ip_details(ip_body)
def test_search_newest(self, urlscan_data): url = urlscan_data[0] info("Requested URL: {}".format(url)) r, date = search_newest(url) assert_type(r, dict, "Check if returned search data is valid dict") assert_not_empty(r, "Check if returned search data is not empty") assert_type(date, datetime, "Check if returned search data is valid datetime object")
def test_lookup_url_exception(self): url = None info("Requested empty url") assert_exception(lookup_url, SafeBrowsingException, "Check if empty url throws Exception", args=url)
def test_get_entropy(self): string = "ab" info("Checked string - {}".format(string)) e = get_entropy(string) info("Calculated entropy: {}".format(e)) assert_true(e > 0, "Check if calculated entropy is bigger than 0") assert_equal(e, 1, "Check if calculated entropy is equal to predicted one")
def test_get_cert_results(self): domain = "example.com" info("Requested domain - {}".format(domain)) l = get_results(domain) assert_type( l, dict, "Check if returned object with certificate details is proper dict") assert_not_empty(l, "Check if cert details dict is not empty")
def test_get_cert_results_empty(self): domain = "http://." info("Requested domain - {}".format(domain)) l = get_results(domain) assert_none( l, "Check if returned object with unexisting certificate details is empty/None" )
def test_get_urlscan_details_wrong_url(self): url = token_hex(32) url_body = {"url": url} info("Requested url body: {}".format(url_body)) resp = get_crtsh_details(url_body) assert_type(resp, Response, "Check if returned result is of correct type") assert_equal(resp.status_code, 202, "Check if correct status code was returned")
def urlscan_data(): search_url = "example.com" wait(5) info("Requested url - {}".format(search_url)) uid = submit(search_url) info("Submited search with id {}".format(uid), pre=True) r = results(uid, wait_time=120) newest = search_newest(search_url) yield search_url, uid, r, newest
def test_submit_google_url(self): url = "google.com" info("Requested url - {}".format(url)) assert_exception( submit, UrlscanException, "Check if submit with google.com throws UrlscanException", args=url)
def test_get_ip_details_bad_body(self): ip_body = {"tmp": 1} info("Requested ip body: {}".format(ip_body)) with allure.step( "[STEP] Check if proper exception is raised: {}".format( BadRequest)): with pytest.raises(BadRequest, match="'ip' is a required property"): get_ip_details(ip_body)
def test_verify_entropy_malicious(self): malicious_url = "abcdefghijklmnoprstukv/!$#%^#$#@" info("Requested URL: {}".format(malicious_url)) result = uv.verify_entropy(malicious_url) assert_type(result, bool, "Check if returned result is of correct type") assert_equal(result, True, "Check if method returned correct verdict")
def test_verify_entropy_good(self): malicious_url = "abc" info("Requested URL: {}".format(malicious_url)) result = uv.verify_entropy('test_domain') assert_type(result, bool, "Check if returned result is of correct type") assert_equal(result, False, "Check if method returned correct verdict")
def test_summary(self, urlscan_data): uid = urlscan_data[1] result_url = "https://urlscan.io/api/v1/result/{}".format(uid) info("GET {}".format(result_url)) response = get(result_url) assert_equal(response.status_code, 200, "Check if response's status code is correct (200)") r = summary(response.json()) assert_type(r, dict, "Check if returned search data is valid dict") assert_not_empty(r, "Check if returned search data is not empty")
def test_submit_wrong_url(self): url = "ftp://localhost" info("Requested url - {}".format(url)) assert_exception( submit, UrlscanException, "Check if submit with wrong url throws UrlscanException", args=url)
def test_get_entropy_details_no_url(self): ip = token_hex(6) url_body = {"ip": ip} info("Requested url body: {}".format(url_body)) with allure.step( "[STEP] Check if proper exception is raised: {}".format( BadRequest)): with pytest.raises(BadRequest, match="'url' is a required property"): get_entropy_details(url_body)
def test_add_cert_invalid(self, mock_add_cert): # Mock Cert response mocked_id = -1 mock_add_cert.return_value = mocked_id info("Created mock Cert with id: {}".format(mocked_id)) status, cid = db_helper.add_cert(".") assert_false(status, "Check if method return correct status") assert_equal(cid, mocked_id, "Check if method returned correct id")
def test_calculate_distance_zero(self): base = "test" target = base info("Base keyword: {}".format(base)) info("Target keyword: {}".format(target)) l = calculate_levenstein(base, target) assert_type(l, int, "Check if proper type is returned") assert_equal(l, 0, "Check if proper distance is calculated")
def test_add_baddie_correct(self, mock_add_baddie): mocked_id = 1 mock_add_baddie.return_value = mocked_id info("Created mock Baddie with id: {}".format(mocked_id)) cid = db_helper.add_baddie(None, None, None, None, None, None, None) assert_type(cid, int, "Check if id is correct int") assert_equal(cid, mocked_id, "Check if method returned correct id") # TODO More unit tests
def test_get_ip_details_reserved_range(self): ip = "127.0.0.1" info("Requested ip - {}".format(ip)) details = get_ip_details(ip) assert_type(details, dict, "Check if returned results are of type dict") assert_not_empty(details, "Check if returned results are not empty") field = 'status' expected = 'reserved_range' assert_equal(details[field], expected, "Check if returned status is equal to expected one") field = 'ip' expected = ip assert_equal(details[field], expected, "Check if returned ip is equal to expected one")
def test_get_urlscan_details(self): url = "example.com" url_body = {"url": url} info("Requested url body: {}".format(url_body)) resp = get_crtsh_details(url_body) assert_type(resp, Response, "Check if returned result is of correct type") assert_is_in(resp.status_code, [200, 202], "Check if correct status code was returned") if resp.status_code == 202: info("Returned 202 - skipping rest of asserts") return json_data = json.loads(resp.data.decode('utf-8')) assert_type(json_data, dict, "Check if returned result is of correct type") assert_not_empty(json_data, "Check if returned dict is not empty") field = "details" assert_dict_contains_key( json_data, field, "Check if returned dict contains '{}' key".format(field)) field = "caid" assert_dict_contains_key( json_data['details'], field, "Check if returned dict contains '{}' key".format(field)) field = "registered_at" assert_dict_contains_key( json_data['details'], field, "Check if returned dict contains '{}' key".format(field)) field = "subject" assert_dict_contains_key( json_data['details'], field, "Check if returned dict contains '{}' key".format(field)) field = "issuer" assert_dict_contains_key( json_data['details'], field, "Check if returned dict contains '{}' key".format(field)) field = "multi_dns_amount" assert_dict_contains_key( json_data['details'], field, "Check if returned dict contains '{}' key".format(field)) field = "org_name" assert_dict_contains_key( json_data['details']['subject'], field, "Check if returned dict contains '{}' key".format(field)) field = "country" assert_dict_contains_key( json_data['details']['subject'], field, "Check if returned dict contains '{}' key".format(field)) field = "common_name" assert_dict_contains_key( json_data['details']['issuer'], field, "Check if returned dict contains '{}' key".format(field))
def client_with_db(): info("Set up Flask client with db", pre=True) flask_app = connexion.FlaskApp(__name__, specification_dir="../../../src/swagger") flask_app.app.config['SQLALCHEMY_DATABASE_URI'] = SQLALCHEMY_DATABASE_URI flask_app.app.config[ 'SQLALCHEMY_TRACK_MODIFICATIONS'] = SQLALCHEMY_TRACK_MODIFICATIONS flask_app.app.json_encoder = json.JSONEncoder flask_app.add_api('swagger.yml', base_path=BASE_PATH, arguments=arguments) db = SQLAlchemy(flask_app.app) with flask_app.app.test_client() as c: yield c, db db.session.remove() db.drop_all()
def test_database_creation(self, client_with_db): client = client_with_db[0] endpoint = '/server/create_db' headers = { "X-API-Key": AUTH_API_KEY } info("GET {}".format(endpoint)) response = client.get(BASE_PATH + endpoint, headers=headers) assert_equal(response.status_code, 200, "Check status code") j = data_to_json(response.data) field = "message" expected_value = "Database created." assert_dict_contains_key(j, field, "Check if dict contains given key - \"{}\"".format(field)) assert_equal(j[field], expected_value, "Check if item \"{}\" is equal to \"{}\"".format(field, expected_value))
def test_levenstein_check_no_match(self): fake = Faker() keywords = [fake.domain_word()] info("Generated keyword: {}".format(keywords)) domain = "{}x.com".format(fake.domain_word()) info("Requested domain - {}".format(domain)) l = levenstein_check(keywords, domain.split('.')) assert_type(l, tuple, "Check if proper tuple is returned") assert_false(l[0], "Check if keyword matches domain") assert_none(l[1], "Check if no keyword matches domain") assert_none(l[2], "Check if no keyword is returned") assert_none(l[3], "Check if no levenstein distance is returned")
def test_lookup_url(self): url = "google.com" info("Requested url - {}".format(url)) l = lookup_url(url) assert_type(l, dict, "Check if proper dict is returned") assert_not_empty(l, "Check if response is not empty") field = "url" expected = url assert_dict_contains_key(l, field, "Check if url is in response") assert_equal(l[field], expected, "Check if proper url is returned") field = "malicious" expected = False assert_dict_contains_key(l, field, "Check if malicious is in response") assert_equal(l[field], expected, "Check if proper status is returned")
def test_match_keyword(self, mock_goodie): fake = Faker() mocked_keyword = fake.domain_word() # Mock Goodies response mock_goodie.return_value = [{'good_keyword': mocked_keyword}] info("Created mock Goodie with keyword: {}".format(mocked_keyword)) domain = "{}x.com".format(mocked_keyword) info("Requested domain - {}".format(domain)) l = match_keyword(domain) assert_type(l, tuple, "Check if proper tuple is returned") assert_true(l[0], "Check if keyword matches domain") assert_equal(l[1], mocked_keyword, "Check if returned keyword is equal to mocked one")
def test_lookup_url_malicious(self): url = 'http://malware.testing.google.test/testing/malware/' info("Requested url - {}".format(url)) l = lookup_url(url) assert_type(l, dict, "Check if proper dict is returned") assert_not_empty(l, "Check if response is not empty") field = "url" expected = url assert_dict_contains_key(l, field, "Check if url is in response") assert_equal(l[field], expected, "Check if proper url is returned") field = "malicious" expected = True assert_dict_contains_key(l, field, "Check if malicious is in response") assert_equal(l[field], expected, "Check if proper status is returned")
def test_get_results(self): url = "google.com" info("Requested url - {}".format(url)) r = get_results(url) info("URL returned: {}".format(r)) assert_type(r, dict, "Check if proper dict is returned") field = "registrar" assert_dict_contains_key(r, field, "Check if registrar is present in results") field = "creation_date" assert_dict_contains_key(r, field, "Check if registrar is present in results") field = "name" assert_dict_contains_key(r, field, "Check if registrar is present in results") field = "org" assert_dict_contains_key(r, field, "Check if registrar is present in results") field = "country" assert_dict_contains_key(r, field, "Check if registrar is present in results")
def test_details_crtsh(self, client_with_db): client = client_with_db[0] endpoint = '/details/crtsh' data = {'url': 'example.com'} headers = {'Content-Type': "application/json"} info("POST {}".format(endpoint)) response = client.post(BASE_PATH + endpoint, data=json.dumps(data), headers=headers) assert_equal(response.status_code, 200, "Check status code") j = data_to_json(response.data) field = "details" assert_dict_contains_key( j, field, "Check if dict contains given key - \"{}\"".format(field)) field = "caid" assert_dict_contains_key( j['details'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "registered_at" assert_dict_contains_key( j['details'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "subject" assert_dict_contains_key( j['details'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "org_name" assert_dict_contains_key( j['details']['subject'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "country" assert_dict_contains_key( j['details']['subject'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "issuer" assert_dict_contains_key( j['details'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "common_name" assert_dict_contains_key( j['details']['issuer'], field, "Check if dict contains given key - \"{}\"".format(field)) field = "multi_dns_amount" assert_dict_contains_key( j['details'], field, "Check if dict contains given key - \"{}\"".format(field))