def test_url_to_domain_schema_without_query(self):
test_url = "example.com"
expected_url = "example.com"
info("Requested URL: {}".format(test_url))
result = url_helper.url_to_domain(test_url)
assert_type(result, str, "Check if returned result is of correct type")
assert_equal(result, expected_url, "Check if method returned correct url")
def test_verify_api_unauthorized(self):
api_key = token_hex(6)
info("Requested api key: {}".format(api_key))
with allure.step(
"[STEP] Check if proper exception is raised: {}".format(
Unauthorized)):
with pytest.raises(Unauthorized):
security.verify_api(apikey=api_key, required_scopes=None)
def test_get_ip_details_empty_ip(self):
ip_body = {"ip": ""}
info("Requested ip body: {}".format(ip_body))
with allure.step(
"[STEP] Check if proper exception is raised: {}".format(
BadRequest)):
with pytest.raises(BadRequest, match="Wrong IP"):
get_ip_details(ip_body)
def test_search_newest(self, urlscan_data):
url = urlscan_data[0]
info("Requested URL: {}".format(url))
r, date = search_newest(url)
assert_type(r, dict, "Check if returned search data is valid dict")
assert_not_empty(r, "Check if returned search data is not empty")
assert_type(date, datetime,
"Check if returned search data is valid datetime object")
def test_lookup_url_exception(self):
url = None
info("Requested empty url")
assert_exception(lookup_url,
SafeBrowsingException,
"Check if empty url throws Exception",
args=url)
def test_get_entropy(self):
string = "ab"
info("Checked string - {}".format(string))
e = get_entropy(string)
info("Calculated entropy: {}".format(e))
assert_true(e > 0, "Check if calculated entropy is bigger than 0")
assert_equal(e, 1,
"Check if calculated entropy is equal to predicted one")
def test_get_cert_results(self):
domain = "example.com"
info("Requested domain - {}".format(domain))
l = get_results(domain)
assert_type(
l, dict,
"Check if returned object with certificate details is proper dict")
assert_not_empty(l, "Check if cert details dict is not empty")
def test_get_cert_results_empty(self):
domain = "http://."
info("Requested domain - {}".format(domain))
l = get_results(domain)
assert_none(
l,
"Check if returned object with unexisting certificate details is empty/None"
)
def test_get_urlscan_details_wrong_url(self):
url = token_hex(32)
url_body = {"url": url}
info("Requested url body: {}".format(url_body))
resp = get_crtsh_details(url_body)
assert_type(resp, Response,
"Check if returned result is of correct type")
assert_equal(resp.status_code, 202,
"Check if correct status code was returned")
def urlscan_data():
search_url = "example.com"
wait(5)
info("Requested url - {}".format(search_url))
uid = submit(search_url)
info("Submited search with id {}".format(uid), pre=True)
r = results(uid, wait_time=120)
newest = search_newest(search_url)
yield search_url, uid, r, newest
def test_submit_google_url(self):
url = "google.com"
info("Requested url - {}".format(url))
assert_exception(
submit,
UrlscanException,
"Check if submit with google.com throws UrlscanException",
args=url)
def test_get_ip_details_bad_body(self):
ip_body = {"tmp": 1}
info("Requested ip body: {}".format(ip_body))
with allure.step(
"[STEP] Check if proper exception is raised: {}".format(
BadRequest)):
with pytest.raises(BadRequest,
match="'ip' is a required property"):
get_ip_details(ip_body)
def test_verify_entropy_malicious(self):
malicious_url = "abcdefghijklmnoprstukv/!$#%^#$#@"
info("Requested URL: {}".format(malicious_url))
result = uv.verify_entropy(malicious_url)
assert_type(result, bool,
"Check if returned result is of correct type")
assert_equal(result, True, "Check if method returned correct verdict")
def test_verify_entropy_good(self):
malicious_url = "abc"
info("Requested URL: {}".format(malicious_url))
result = uv.verify_entropy('test_domain')
assert_type(result, bool,
"Check if returned result is of correct type")
assert_equal(result, False, "Check if method returned correct verdict")
def test_summary(self, urlscan_data):
uid = urlscan_data[1]
result_url = "https://urlscan.io/api/v1/result/{}".format(uid)
info("GET {}".format(result_url))
response = get(result_url)
assert_equal(response.status_code, 200, "Check if response's status code is correct (200)")
r = summary(response.json())
assert_type(r, dict, "Check if returned search data is valid dict")
assert_not_empty(r, "Check if returned search data is not empty")
def test_submit_wrong_url(self):
url = "ftp://localhost"
info("Requested url - {}".format(url))
assert_exception(
submit,
UrlscanException,
"Check if submit with wrong url throws UrlscanException",
args=url)
def test_get_entropy_details_no_url(self):
ip = token_hex(6)
url_body = {"ip": ip}
info("Requested url body: {}".format(url_body))
with allure.step(
"[STEP] Check if proper exception is raised: {}".format(
BadRequest)):
with pytest.raises(BadRequest,
match="'url' is a required property"):
get_entropy_details(url_body)
def test_add_cert_invalid(self, mock_add_cert):
# Mock Cert response
mocked_id = -1
mock_add_cert.return_value = mocked_id
info("Created mock Cert with id: {}".format(mocked_id))
status, cid = db_helper.add_cert(".")
assert_false(status, "Check if method return correct status")
assert_equal(cid, mocked_id, "Check if method returned correct id")
def test_calculate_distance_zero(self):
base = "test"
target = base
info("Base keyword: {}".format(base))
info("Target keyword: {}".format(target))
l = calculate_levenstein(base, target)
assert_type(l, int, "Check if proper type is returned")
assert_equal(l, 0, "Check if proper distance is calculated")
def test_add_baddie_correct(self, mock_add_baddie):
mocked_id = 1
mock_add_baddie.return_value = mocked_id
info("Created mock Baddie with id: {}".format(mocked_id))
cid = db_helper.add_baddie(None, None, None, None, None, None, None)
assert_type(cid, int, "Check if id is correct int")
assert_equal(cid, mocked_id, "Check if method returned correct id")
# TODO More unit tests
def test_get_ip_details_reserved_range(self):
ip = "127.0.0.1"
info("Requested ip - {}".format(ip))
details = get_ip_details(ip)
assert_type(details, dict, "Check if returned results are of type dict")
assert_not_empty(details, "Check if returned results are not empty")
field = 'status'
expected = 'reserved_range'
assert_equal(details[field], expected, "Check if returned status is equal to expected one")
field = 'ip'
expected = ip
assert_equal(details[field], expected, "Check if returned ip is equal to expected one")
def test_get_urlscan_details(self):
url = "example.com"
url_body = {"url": url}
info("Requested url body: {}".format(url_body))
resp = get_crtsh_details(url_body)
assert_type(resp, Response,
"Check if returned result is of correct type")
assert_is_in(resp.status_code, [200, 202],
"Check if correct status code was returned")
if resp.status_code == 202:
info("Returned 202 - skipping rest of asserts")
return
json_data = json.loads(resp.data.decode('utf-8'))
assert_type(json_data, dict,
"Check if returned result is of correct type")
assert_not_empty(json_data, "Check if returned dict is not empty")
field = "details"
assert_dict_contains_key(
json_data, field,
"Check if returned dict contains '{}' key".format(field))
field = "caid"
assert_dict_contains_key(
json_data['details'], field,
"Check if returned dict contains '{}' key".format(field))
field = "registered_at"
assert_dict_contains_key(
json_data['details'], field,
"Check if returned dict contains '{}' key".format(field))
field = "subject"
assert_dict_contains_key(
json_data['details'], field,
"Check if returned dict contains '{}' key".format(field))
field = "issuer"
assert_dict_contains_key(
json_data['details'], field,
"Check if returned dict contains '{}' key".format(field))
field = "multi_dns_amount"
assert_dict_contains_key(
json_data['details'], field,
"Check if returned dict contains '{}' key".format(field))
field = "org_name"
assert_dict_contains_key(
json_data['details']['subject'], field,
"Check if returned dict contains '{}' key".format(field))
field = "country"
assert_dict_contains_key(
json_data['details']['subject'], field,
"Check if returned dict contains '{}' key".format(field))
field = "common_name"
assert_dict_contains_key(
json_data['details']['issuer'], field,
"Check if returned dict contains '{}' key".format(field))
def client_with_db():
info("Set up Flask client with db", pre=True)
flask_app = connexion.FlaskApp(__name__,
specification_dir="../../../src/swagger")
flask_app.app.config['SQLALCHEMY_DATABASE_URI'] = SQLALCHEMY_DATABASE_URI
flask_app.app.config[
'SQLALCHEMY_TRACK_MODIFICATIONS'] = SQLALCHEMY_TRACK_MODIFICATIONS
flask_app.app.json_encoder = json.JSONEncoder
flask_app.add_api('swagger.yml', base_path=BASE_PATH, arguments=arguments)
db = SQLAlchemy(flask_app.app)
with flask_app.app.test_client() as c:
yield c, db
db.session.remove()
db.drop_all()
def test_database_creation(self, client_with_db):
client = client_with_db[0]
endpoint = '/server/create_db'
headers = {
"X-API-Key": AUTH_API_KEY
}
info("GET {}".format(endpoint))
response = client.get(BASE_PATH + endpoint, headers=headers)
assert_equal(response.status_code, 200, "Check status code")
j = data_to_json(response.data)
field = "message"
expected_value = "Database created."
assert_dict_contains_key(j, field, "Check if dict contains given key - \"{}\"".format(field))
assert_equal(j[field], expected_value, "Check if item \"{}\" is equal to \"{}\"".format(field, expected_value))
def test_levenstein_check_no_match(self):
fake = Faker()
keywords = [fake.domain_word()]
info("Generated keyword: {}".format(keywords))
domain = "{}x.com".format(fake.domain_word())
info("Requested domain - {}".format(domain))
l = levenstein_check(keywords, domain.split('.'))
assert_type(l, tuple, "Check if proper tuple is returned")
assert_false(l[0], "Check if keyword matches domain")
assert_none(l[1], "Check if no keyword matches domain")
assert_none(l[2], "Check if no keyword is returned")
assert_none(l[3], "Check if no levenstein distance is returned")
def test_lookup_url(self):
url = "google.com"
info("Requested url - {}".format(url))
l = lookup_url(url)
assert_type(l, dict, "Check if proper dict is returned")
assert_not_empty(l, "Check if response is not empty")
field = "url"
expected = url
assert_dict_contains_key(l, field, "Check if url is in response")
assert_equal(l[field], expected, "Check if proper url is returned")
field = "malicious"
expected = False
assert_dict_contains_key(l, field, "Check if malicious is in response")
assert_equal(l[field], expected, "Check if proper status is returned")
def test_match_keyword(self, mock_goodie):
fake = Faker()
mocked_keyword = fake.domain_word()
# Mock Goodies response
mock_goodie.return_value = [{'good_keyword': mocked_keyword}]
info("Created mock Goodie with keyword: {}".format(mocked_keyword))
domain = "{}x.com".format(mocked_keyword)
info("Requested domain - {}".format(domain))
l = match_keyword(domain)
assert_type(l, tuple, "Check if proper tuple is returned")
assert_true(l[0], "Check if keyword matches domain")
assert_equal(l[1], mocked_keyword,
"Check if returned keyword is equal to mocked one")
def test_lookup_url_malicious(self):
url = 'http://malware.testing.google.test/testing/malware/'
info("Requested url - {}".format(url))
l = lookup_url(url)
assert_type(l, dict, "Check if proper dict is returned")
assert_not_empty(l, "Check if response is not empty")
field = "url"
expected = url
assert_dict_contains_key(l, field, "Check if url is in response")
assert_equal(l[field], expected, "Check if proper url is returned")
field = "malicious"
expected = True
assert_dict_contains_key(l, field, "Check if malicious is in response")
assert_equal(l[field], expected, "Check if proper status is returned")
def test_get_results(self):
url = "google.com"
info("Requested url - {}".format(url))
r = get_results(url)
info("URL returned: {}".format(r))
assert_type(r, dict, "Check if proper dict is returned")
field = "registrar"
assert_dict_contains_key(r, field, "Check if registrar is present in results")
field = "creation_date"
assert_dict_contains_key(r, field, "Check if registrar is present in results")
field = "name"
assert_dict_contains_key(r, field, "Check if registrar is present in results")
field = "org"
assert_dict_contains_key(r, field, "Check if registrar is present in results")
field = "country"
assert_dict_contains_key(r, field, "Check if registrar is present in results")
def test_details_crtsh(self, client_with_db):
client = client_with_db[0]
endpoint = '/details/crtsh'
data = {'url': 'example.com'}
headers = {'Content-Type': "application/json"}
info("POST {}".format(endpoint))
response = client.post(BASE_PATH + endpoint,
data=json.dumps(data),
headers=headers)
assert_equal(response.status_code, 200, "Check status code")
j = data_to_json(response.data)
field = "details"
assert_dict_contains_key(
j, field,
"Check if dict contains given key - \"{}\"".format(field))
field = "caid"
assert_dict_contains_key(
j['details'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "registered_at"
assert_dict_contains_key(
j['details'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "subject"
assert_dict_contains_key(
j['details'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "org_name"
assert_dict_contains_key(
j['details']['subject'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "country"
assert_dict_contains_key(
j['details']['subject'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "issuer"
assert_dict_contains_key(
j['details'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "common_name"
assert_dict_contains_key(
j['details']['issuer'], field,
"Check if dict contains given key - \"{}\"".format(field))
field = "multi_dns_amount"
assert_dict_contains_key(
j['details'], field,
"Check if dict contains given key - \"{}\"".format(field))
