def stats(request):
db = BHRDB()
stats = db.stats()
stats['sources'] = db.source_stats()
return Response(stats)
def stats(request):
db = BHRDB()
stats = db.stats()
stats['sources'] = db.source_stats()
return Response(stats)
def get_context_data(self, source, *args):
all_blocks = BHRDB().expected()
blocks = all_blocks.filter(source=source).order_by("-added")[:500]
return {
'source': source,
'blocks': query_to_blocklist(blocks),
}
def get_context_data(self, source, *args):
all_blocks = BHRDB().expected()
blocks = all_blocks.filter(source=source).order_by("-added")[:500]
return {
'source': source,
'blocks': query_to_blocklist(blocks),
}
def get_context_data(self, *args):
all_blocks = BHRDB().expected()
manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
local_blocks = filter_local_networks(all_blocks)
return {
'manual_blocks': query_to_blocklist(manual_blocks),
'local_blocks': query_to_blocklist(local_blocks),
}
def get_context_data(self, *args):
all_blocks = BHRDB().expected()
manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
local_blocks = filter_local_networks(all_blocks)
return {
'manual_blocks': query_to_blocklist(manual_blocks),
'local_blocks': query_to_blocklist(local_blocks),
}
def get_context_data(self, *args):
all_blocks = BHRDB().expected()
manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
auto_blocks = all_blocks.filter(~Q(source="web") | Q(source="cli")).order_by("-added")[:50]
return {
'manual_blocks': query_to_blocklist(manual_blocks),
'auto_blocks': query_to_blocklist(auto_blocks),
}
def get_context_data(self, *args):
all_blocks = BHRDB().expected()
manual_blocks = all_blocks.filter(Q(source="web") | Q(source="cli"))
local_blocks = filter_local_networks(all_blocks)
auto_blocks = all_blocks.filter(~Q(source="web") | Q(source="cli")).order_by("-added")[:50]
return {
'manual_blocks': query_to_blocklist(manual_blocks),
'local_blocks': query_to_blocklist(local_blocks),
'auto_blocks': query_to_blocklist(auto_blocks),
'query': 'list',
}
def get(self, request):
# TODO: http://www.django-rest-framework.org/api-guide/filtering/ ?
source = self.request.query_params.get('source', None)
since = self.request.query_params.get('since', None)
queryset = BHRDB().expected()
if source:
queryset = queryset.filter(source=source)
if since:
queryset = queryset.filter(added__gte=since).order_by('added')
blocks = queryset.values_list('cidr', 'who__username', 'source', 'why', 'added', 'unblock_at')
return respond_csv(blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
def get(self, request):
#TODO: http://www.django-rest-framework.org/api-guide/filtering/ ?
source = self.request.query_params.get('source', None)
since = self.request.query_params.get('since', None)
queryset = BHRDB().expected()
if source:
queryset = queryset.filter(source=source)
if since:
queryset = queryset.filter(added__gte=since).order_by('added')
blocks = queryset.values_list('cidr','who__username','source','why', 'added', 'unblock_at')
return respond_csv(blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
def get_queryset(self):
ident = self.kwargs['ident']
timeout = int(self.request.QUERY_PARAMS.get('timeout', 0))
if not timeout:
return BHRDB().block_queue(ident, limit=200)
end = time.time() + timeout
while time.time() < end:
blocks = BHRDB().block_queue(ident, limit=200)
if blocks:
return blocks
time.sleep(1.0)
return blocks
def get_queryset(self):
ident = self.kwargs['ident']
timeout = int(self.request.query_params.get('timeout', 0))
added_since = self.request.query_params.get('added_since', '2014-09-01')
if not timeout:
return BHRDB().block_queue(ident, limit=200, added_since=added_since)
end = time.time() + timeout
while time.time() < end:
blocks = BHRDB().block_queue(ident, limit=200, added_since=added_since)
if list(blocks):
return blocks
time.sleep(1.0)
return blocks
def validate_cidr(self, attrs, source):
cidr = attrs[source]
b = BHRDB().get_block(cidr)
if not b:
raise serializers.ValidationError("%s is not currently blocked" %
cidr)
return attrs
def validate_cidr(self, value):
cidr = value
b = BHRDB().get_block(cidr)
if not b:
raise serializers.ValidationError("%s is not currently blocked" %
cidr)
return cidr
def post(self, request):
serializer = UnblockNowSerializer(data=request.DATA)
if serializer.is_valid():
d = serializer.data
BHRDB().unblock_now(d['cidr'], request.user, d['why'])
return Response({'status': 'ok'})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
resp = []
blocks = BHRDB().expected().values_list('cidr', 'who__username',
'source', 'why', 'added',
'unblock_at')
return respond_csv(
blocks, ["cidr", "who", "source", "why", "added", "unblock_at"])
def post(self, request):
context = {"request": request}
serializer = BlockRequestSerializer(data=request.data)
if serializer.is_valid():
b = BHRDB().add_block(who=request.user, **serializer.validated_data)
return Response(BlockSerializer(b, context=context).data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
context = {"request": request}
serializer = BlockRequestSerializer(data=request.data, many=True)
created = []
if serializer.is_valid():
created = BHRDB().add_block_multi(who=request.user, blocks=serializer.validated_data)
return Response(BlockSerializer(created, many=True, context=context).data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def set_blocked(self, request, pk=None):
if not request.user.has_perm('bhr.add_blockentry'):
raise PermissionDenied()
block = self.get_object()
serializer = SetBlockedSerializer(data=request.data)
if serializer.is_valid():
ident = serializer.validated_data['ident']
BHRDB().set_blocked(block, ident)
return Response({'status': 'ok'})
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
def get(self, request):
if self.request.GET:
form = QueryBlockForm(self.request.GET)
else:
form = QueryBlockForm()
if not form.is_valid():
return render(self.request, "bhr/query.html", {"form": form})
query = form.cleaned_data['query']
blocks = BHRDB().get_history(query).prefetch_related("blockentry_set")
return render(self.request, self.result_template_name, {"query": query, "form": form, "blocks": blocks})
def post(self, request):
context = {"request": request}
serializer = BlockRequestSerializer(data=request.data, many=True)
created = []
if serializer.is_valid():
#FIXME: move this into BHRDB directly
with transaction.atomic():
for block in serializer.validated_data:
b = BHRDB().add_block(who=request.user, **block)
created.append(b)
return Response(BlockSerializer(created, many=True, context=context).data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def metrics(request):
"""Export metrics in a format that prometheus can understand"""
db = BHRDB()
stats = db.stats()
source_stats = db.source_stats()
now = int(1000 * time.time())
out = []
def add(k, v):
out.append("bhr_{} {} {}\n".format(k, v, now))
out.append('''
# HELP bhr_blocked_total total hosts blocked
# TYPE bhr_blocked_total gauge
''')
add('blocked_total{type="current"}', stats["current"])
add('blocked_total{type="expected"}', stats["expected"])
out.append('''
# HELP bhr_pending_total total hosts pending
# TYPE bhr_pending_total gauge
''')
add('pending_total{type="block"}', stats["block_pending"])
add('pending_total{type="unblock"}', stats["unblock_pending"])
out.append('''
# HELP bhr_blocked_total_by_source total hosts blocked by each source
# TYPE bhr_blocked_total_by_source gauge
''')
for source, count in source_stats.items():
add('blocked_total_by_source{source="%s"}' % source, count)
resp = "".join(out)
return HttpResponse(resp, content_type="text/plain")
def metrics(request):
"""Export metrics in a format that prometheus can understand"""
db = BHRDB()
stats = db.stats()
source_stats = db.source_stats()
now = int(1000 * time.time())
out = []
def add(k, v):
out.append("bhr_{} {} {}\n".format(k, v, now))
out.append('''
# HELP bhr_blocked_total total hosts blocked
# TYPE bhr_blocked_total gauge
''')
add('blocked_total{type="current"}', stats["current"])
add('blocked_total{type="expected"}', stats["expected"])
out.append('''
# HELP bhr_pending_total total hosts pending
# TYPE bhr_pending_total gauge
''')
add('pending_total{type="block"}', stats["block_pending"])
add('pending_total{type="unblock"}', stats["unblock_pending"])
out.append('''
# HELP bhr_blocked_total_by_source total hosts blocked by each source
# TYPE bhr_blocked_total_by_source gauge
''')
for source, count in source_stats.items():
add('blocked_total_by_source{source="%s"}' % source, count)
resp = "".join(out)
return HttpResponse(resp, content_type="text/plain")
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
class ScalingTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def add_older_block(self, age, duration):
now = timezone.now()
before = now - datetime.timedelta(seconds=age)
unblock_at = before + datetime.timedelta(seconds=duration)
b = Block(cidr='1.2.3.4',
who=self.user,
source='test',
why='test',
unblock_at=unblock_at)
b.save()
b.added = before
b.save()
self.db.set_blocked(b, 'bgp1')
self.db.set_unblocked(b, 'bgp1')
return b
def test_get_last_block(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=10)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1)
def test_that_scaling_doesnt_break_with_manual_unblock(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=None)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=300,
autoscale=True)
def scale_test(self, age, duration, new_duration, expected_duration):
b = self.add_older_block(age, duration)
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=new_duration,
autoscale=True)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(),
expected_duration,
places=1)
def test_block_scaled_short(self):
self.scale_test(age=60 * 60,
duration=60 * 5,
new_duration=60 * 5,
expected_duration=60 * 10)
def test_block_scaled_medium(self):
self.scale_test(age=60 * 60 * 24 * 4,
duration=60 * 60 * 24,
new_duration=60 * 60,
expected_duration=60 * 60 * 24)
class DBTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def test_non_existing_block_is_none(self):
b = self.db.get_block('1.2.3.4')
self.assertEqual(b, None)
def test_adding_a_block_works(self):
b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
self.assertEqual(str(b.cidr), '1.2.3.4/32')
def test_adding_a_block_twice_gets_the_same_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(b1.id, b2.id)
def test_blocking_changes_expected(self):
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_blocking_does_not_change_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
current = self.db.current().all()
self.assertEqual(len(current), 0)
def test_block_entry_changes_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_block_then_unblock_changes_current_but_not_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
self.db.set_unblocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 0)
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_block_queue_empty(self):
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_two_blockers(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 0)
def test_block_two_blockers_only_one(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
q = list(self.db.block_queue('bgp2'))
self.assertEqual(len(q), 1)
def test_block_two_blockers_doesnt_double_current(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_adding_a_block_adds_to_pending(self):
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
def test_blocking_removes_from_pending(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
self.db.set_blocked(b1, 'bgp1')
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
def test_unblock_now_removes_from_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
def test_unblock_now_moves_to_pending_removal(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1.refresh_from_db()
# it needs to be blocked on a host to be able to be pending unblock
self.db.set_blocked(b1, 'bgp1')
pending_removal = self.db.pending_removal().all()
self.assertEqual(len(pending_removal), 1)
def test_unblock_queue_empty(self):
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_queue_empty_before_expiration(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=30)
self.db.set_blocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_now_adds_to_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=1)
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_unblock_queue_exists_after_expiration(self):
b1 = self.db.add_block('1.2.3.4',
self.user,
'test',
'testing',
duration=1)
self.db.set_blocked(b1, 'bgp1')
sleep(2)
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_set_unblocked_removes_from_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
self.db.set_unblocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_stats(self):
def check_counts(block_pending=0,
unblock_pending=0,
current=0,
expected=0):
stats = self.db.stats()
self.assertEqual(stats["block_pending"], block_pending)
self.assertEqual(stats["unblock_pending"], unblock_pending)
self.assertEqual(stats["current"], current)
self.assertEqual(stats["expected"], expected)
check_counts()
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
check_counts(block_pending=1, expected=1)
self.db.set_blocked(b1, 'bgp1')
check_counts(current=1, expected=1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
check_counts(current=1, expected=0, unblock_pending=1)
self.db.set_unblocked(b1, 'bgp1')
check_counts()
def test_source_stats(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1})
b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})
def test_whitelist(self):
WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()
self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)
self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)
def test_block_then_whitelist_then_unblock_works(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
self.db.unblock_now('1.2.3.4', self.user, 'testing')
@override_settings()
def test_prefixlen_too_small(self):
from django.conf import settings
settings.BHR['minimum_prefixlen'] = 24
self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)
settings.BHR['minimum_prefixlen'] = 32
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)
@override_settings()
def test_prefixlen_too_small_v6(self):
from django.conf import settings
settings.BHR['minimum_prefixlen_v6'] = 64
self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)
def test_source_blacklisted(self):
self.assertEqual(bool(is_source_blacklisted("test")), False)
SourceBlacklistEntry(who=self.user, why='test', source='test').save()
self.assertEqual(bool(is_source_blacklisted("test")), True)
def test_filter_local(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 1)
@override_settings()
def test_filter_local_unset(self):
from django.conf import settings
del settings.BHR['local_networks']
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
class ScalingTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def add_older_block(self, age, duration):
now = timezone.now()
before = now - datetime.timedelta(seconds=age)
unblock_at = before + datetime.timedelta(seconds=duration)
b = Block(cidr='1.2.3.4', who=self.user, source='test', why='test', unblock_at=unblock_at)
b.save()
b.added = before
b.save()
self.db.set_blocked(b, 'bgp1')
self.db.set_unblocked(b, 'bgp1')
return b
def test_get_last_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=10)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1)
def test_that_scaling_doesnt_break_with_manual_unblock(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=None)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=300, autoscale=True)
def scale_test(self, age, duration, new_duration, expected_duration):
b = self.add_older_block(age, duration)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=new_duration, autoscale=True)
lb = self.db.get_last_block('1.2.3.4')
self.assertAlmostEqual(lb.duration.total_seconds(), expected_duration, places=1)
def test_block_scaled_short(self):
self.scale_test(
age=60*60,
duration=60*5,
new_duration=60*5,
expected_duration=60*10)
def test_block_scaled_medium(self):
self.scale_test(
age=60*60*24*4,
duration=60*60*24,
new_duration=60*60,
expected_duration=60*60*24)
def get_context_data(self, *args):
blocks = BHRDB().expected().values('id', 'cidr', 'who__username',
'source', 'why', 'added',
'unblock_at')
return {'blocks': blocks}
def stats(request):
stats = BHRDB().stats()
return Response(stats)
def post(self, request):
ids = request.DATA['ids']
BHRDB().set_unblocked_multi(ids)
return Response({'status': 'ok'})
def post(self, request, ident):
ids = request.data['ids']
BHRDB().set_blocked_multi(ident, ids)
return Response({'status': 'ok'})
def get_queryset(self):
ident = self.kwargs['ident']
return BHRDB().unblock_queue(ident)[:200]
def get_context_data(self, *args):
db = BHRDB()
return {
'stats': db.stats(),
'source_stats': db.source_stats(),
}
def form_valid(self, form):
block_request = form.cleaned_data
block_request['cidr'] = str(block_request['cidr'])
BHRDB().add_block(who=self.request.user, source='web', **block_request)
return redirect(reverse("query") + "?query=" + block_request["cidr"])
def bhlistpub(request):
resp = []
blocks = BHRDB().expected().values_list('cidr', 'added', 'unblock_at')
return respond_csv(blocks, ["cidr", "added", "unblock_at"])
def get_context_data(self, *args):
db = BHRDB()
return {
'stats': db.stats(),
'source_stats': db.source_stats(),
}
class DBTests(TestCase):
def setUp(self):
self.db = BHRDB()
self.user = User.objects.create_user('admin', '*****@*****.**', 'admin')
def test_non_existing_block_is_none(self):
b = self.db.get_block('1.2.3.4')
self.assertEqual(b, None)
def test_adding_a_block_works(self):
b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing')
self.assertEqual(str(b.cidr), '1.2.3.4/32')
def test_adding_a_block_twice_gets_the_same_block(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(b1.id, b2.id)
def test_blocking_changes_expected(self):
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_blocking_does_not_change_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
current = self.db.current().all()
self.assertEqual(len(current), 0)
def test_block_entry_changes_current(self):
current = self.db.current().all()
self.assertEqual(len(current), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_block_then_unblock_changes_current_but_not_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 1)
self.db.set_unblocked(b1, 'bgp1')
current = self.db.current().all()
self.assertEqual(len(current), 0)
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
def test_block_queue_empty(self):
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
def test_block_two_blockers(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 1)
self.assertEqual(str(q[0].cidr), '1.2.3.4/32')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
for ident in 'bgp1', 'bgp2':
q = list(self.db.block_queue(ident))
self.assertEqual(len(q), 0)
def test_block_two_blockers_only_one(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
q = list(self.db.block_queue('bgp1'))
self.assertEqual(len(q), 0)
q = list(self.db.block_queue('bgp2'))
self.assertEqual(len(q), 1)
def test_block_two_blockers_doesnt_double_current(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.set_blocked(b1, 'bgp2')
current = self.db.current().all()
self.assertEqual(len(current), 1)
def test_adding_a_block_adds_to_pending(self):
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
def test_blocking_removes_from_pending(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
pending = self.db.pending().all()
self.assertEqual(len(pending), 1)
self.db.set_blocked(b1, 'bgp1')
pending = self.db.pending().all()
self.assertEqual(len(pending), 0)
def test_unblock_now_removes_from_expected(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
expected = self.db.expected().all()
self.assertEqual(len(expected), 0)
def test_unblock_now_moves_to_pending_removal(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
b1.refresh_from_db()
#it needs to be blocked on a host to be able to be pending unblock
self.db.set_blocked(b1, 'bgp1')
pending_removal = self.db.pending_removal().all()
self.assertEqual(len(pending_removal), 1)
def test_unblock_queue_empty(self):
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_queue_empty_before_expiration(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=30)
self.db.set_blocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_unblock_now_adds_to_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_unblock_queue_exists_after_expiration(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1)
self.db.set_blocked(b1, 'bgp1')
sleep(2)
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
def test_set_unblocked_removes_from_unblock_queue(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.db.set_blocked(b1, 'bgp1')
self.db.unblock_now('1.2.3.4', self.user, 'testing')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 1)
self.db.set_unblocked(b1, 'bgp1')
q = self.db.unblock_queue('bgp1')
self.assertEqual(len(q), 0)
def test_stats(self):
def check_counts(block_pending=0, unblock_pending=0, current=0, expected=0):
stats = self.db.stats()
self.assertEqual(stats["block_pending"], block_pending)
self.assertEqual(stats["unblock_pending"], unblock_pending)
self.assertEqual(stats["current"], current)
self.assertEqual(stats["expected"], expected)
check_counts()
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
check_counts(block_pending=1, expected=1)
self.db.set_blocked(b1, 'bgp1')
check_counts(current=1, expected=1)
self.db.unblock_now('1.2.3.4', self.user, 'testing')
check_counts(current=1, expected=0, unblock_pending=1)
self.db.set_unblocked(b1, 'bgp1')
check_counts()
def test_source_stats(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1})
b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing')
b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing')
self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2})
def test_whitelist(self):
WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save()
self.assertEqual(bool(is_whitelisted("1.2.3.4")), False)
self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False)
self.assertEqual(bool(is_whitelisted("141.142.2.2")), True)
self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True)
self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True)
def test_block_then_whitelist_then_unblock_works(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save()
self.db.unblock_now('1.2.3.4', self.user, 'testing')
@override_settings()
def test_prefixlen_too_small(self):
from django.conf import settings
settings.BHR['minimum_prefixlen'] = 24
self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False)
self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True)
settings.BHR['minimum_prefixlen'] = 32
self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True)
@override_settings()
def test_prefixlen_too_small_v6(self):
from django.conf import settings
settings.BHR['minimum_prefixlen_v6'] = 64
self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True)
self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False)
def test_source_blacklisted(self):
self.assertEqual(bool(is_source_blacklisted("test")), False)
SourceBlacklistEntry(who=self.user, why='test', source='test').save()
self.assertEqual(bool(is_source_blacklisted("test")), True)
def test_filter_local(self):
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 1)
@override_settings()
def test_filter_local_unset(self):
from django.conf import settings
del settings.BHR['local_networks']
b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing')
local = filter_local_networks(self.db.expected())
self.assertEqual(len(local), 0)
