class ScalingTests(TestCase): def setUp(self): self.db = BHRDB() self.user = User.objects.create_user('admin', '*****@*****.**', 'admin') def add_older_block(self, age, duration): now = timezone.now() before = now - datetime.timedelta(seconds=age) unblock_at = before + datetime.timedelta(seconds=duration) b = Block(cidr='1.2.3.4', who=self.user, source='test', why='test', unblock_at=unblock_at) b.save() b.added = before b.save() self.db.set_blocked(b, 'bgp1') self.db.set_unblocked(b, 'bgp1') return b def test_get_last_block(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=10) lb = self.db.get_last_block('1.2.3.4') self.assertAlmostEqual(lb.duration.total_seconds(), 10, places=1) def test_that_scaling_doesnt_break_with_manual_unblock(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=None) self.db.unblock_now('1.2.3.4', self.user, 'testing') b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=300, autoscale=True) def scale_test(self, age, duration, new_duration, expected_duration): b = self.add_older_block(age, duration) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=new_duration, autoscale=True) lb = self.db.get_last_block('1.2.3.4') self.assertAlmostEqual(lb.duration.total_seconds(), expected_duration, places=1) def test_block_scaled_short(self): self.scale_test( age=60*60, duration=60*5, new_duration=60*5, expected_duration=60*10) def test_block_scaled_medium(self): self.scale_test( age=60*60*24*4, duration=60*60*24, new_duration=60*60, expected_duration=60*60*24)
class DBTests(TestCase): def setUp(self): self.db = BHRDB() self.user = User.objects.create_user('admin', '*****@*****.**', 'admin') def test_non_existing_block_is_none(self): b = self.db.get_block('1.2.3.4') self.assertEqual(b, None) def test_adding_a_block_works(self): b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing') self.assertEqual(str(b.cidr), '1.2.3.4/32') def test_adding_a_block_twice_gets_the_same_block(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.assertEqual(b1.id, b2.id) def test_blocking_changes_expected(self): expected = self.db.expected().all() self.assertEqual(len(expected), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 1) def test_blocking_does_not_change_current(self): current = self.db.current().all() self.assertEqual(len(current), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') current = self.db.current().all() self.assertEqual(len(current), 0) def test_block_entry_changes_current(self): current = self.db.current().all() self.assertEqual(len(current), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 1) def test_block_then_unblock_changes_current_but_not_expected(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 1) self.db.set_unblocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 0) expected = self.db.expected().all() self.assertEqual(len(expected), 1) def test_block_queue_empty(self): q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) def test_block_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 1) self.assertEqual(str(q[0].cidr), '1.2.3.4/32') self.db.set_blocked(b1, 'bgp1') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) def test_block_two_blockers(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') for ident in 'bgp1', 'bgp2': q = list(self.db.block_queue(ident)) self.assertEqual(len(q), 1) self.assertEqual(str(q[0].cidr), '1.2.3.4/32') self.db.set_blocked(b1, 'bgp1') self.db.set_blocked(b1, 'bgp2') for ident in 'bgp1', 'bgp2': q = list(self.db.block_queue(ident)) self.assertEqual(len(q), 0) def test_block_two_blockers_only_one(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) q = list(self.db.block_queue('bgp2')) self.assertEqual(len(q), 1) def test_block_two_blockers_doesnt_double_current(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') self.db.set_blocked(b1, 'bgp2') current = self.db.current().all() self.assertEqual(len(current), 1) def test_adding_a_block_adds_to_pending(self): pending = self.db.pending().all() self.assertEqual(len(pending), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') pending = self.db.pending().all() self.assertEqual(len(pending), 1) def test_blocking_removes_from_pending(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') pending = self.db.pending().all() self.assertEqual(len(pending), 1) self.db.set_blocked(b1, 'bgp1') pending = self.db.pending().all() self.assertEqual(len(pending), 0) def test_unblock_now_removes_from_expected(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 1) self.db.unblock_now('1.2.3.4', self.user, 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 0) def test_unblock_now_moves_to_pending_removal(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.unblock_now('1.2.3.4', self.user, 'testing') b1.refresh_from_db() # it needs to be blocked on a host to be able to be pending unblock self.db.set_blocked(b1, 'bgp1') pending_removal = self.db.pending_removal().all() self.assertEqual(len(pending_removal), 1) def test_unblock_queue_empty(self): q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_unblock_queue_empty_before_expiration(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=30) self.db.set_blocked(b1, 'bgp1') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_unblock_now_adds_to_unblock_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1) self.db.set_blocked(b1, 'bgp1') self.db.unblock_now('1.2.3.4', self.user, 'testing') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) def test_unblock_queue_exists_after_expiration(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1) self.db.set_blocked(b1, 'bgp1') sleep(2) q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) def test_set_unblocked_removes_from_unblock_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') self.db.unblock_now('1.2.3.4', self.user, 'testing') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) self.db.set_unblocked(b1, 'bgp1') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_stats(self): def check_counts(block_pending=0, unblock_pending=0, current=0, expected=0): stats = self.db.stats() self.assertEqual(stats["block_pending"], block_pending) self.assertEqual(stats["unblock_pending"], unblock_pending) self.assertEqual(stats["current"], current) self.assertEqual(stats["expected"], expected) check_counts() b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') check_counts(block_pending=1, expected=1) self.db.set_blocked(b1, 'bgp1') check_counts(current=1, expected=1) self.db.unblock_now('1.2.3.4', self.user, 'testing') check_counts(current=1, expected=0, unblock_pending=1) self.db.set_unblocked(b1, 'bgp1') check_counts() def test_source_stats(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.assertEqual(self.db.source_stats(), {"test": 1}) b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing') b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing') self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2}) def test_whitelist(self): WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save() self.assertEqual(bool(is_whitelisted("1.2.3.4")), False) self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False) self.assertEqual(bool(is_whitelisted("141.142.2.2")), True) self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True) self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True) def test_block_then_whitelist_then_unblock_works(self): b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save() self.db.unblock_now('1.2.3.4', self.user, 'testing') @override_settings() def test_prefixlen_too_small(self): from django.conf import settings settings.BHR['minimum_prefixlen'] = 24 self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False) self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False) self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True) settings.BHR['minimum_prefixlen'] = 32 self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True) @override_settings() def test_prefixlen_too_small_v6(self): from django.conf import settings settings.BHR['minimum_prefixlen_v6'] = 64 self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True) self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False) def test_source_blacklisted(self): self.assertEqual(bool(is_source_blacklisted("test")), False) SourceBlacklistEntry(who=self.user, why='test', source='test').save() self.assertEqual(bool(is_source_blacklisted("test")), True) def test_filter_local(self): b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0) b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 1) @override_settings() def test_filter_local_unset(self): from django.conf import settings del settings.BHR['local_networks'] b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0) b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0)
class DBTests(TestCase): def setUp(self): self.db = BHRDB() self.user = User.objects.create_user('admin', '*****@*****.**', 'admin') def test_non_existing_block_is_none(self): b = self.db.get_block('1.2.3.4') self.assertEqual(b, None) def test_adding_a_block_works(self): b = self.db.add_block('1.2.3.4/32', self.user, 'test', 'testing') self.assertEqual(str(b.cidr), '1.2.3.4/32') def test_adding_a_block_twice_gets_the_same_block(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') b2 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.assertEqual(b1.id, b2.id) def test_blocking_changes_expected(self): expected = self.db.expected().all() self.assertEqual(len(expected), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 1) def test_blocking_does_not_change_current(self): current = self.db.current().all() self.assertEqual(len(current), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') current = self.db.current().all() self.assertEqual(len(current), 0) def test_block_entry_changes_current(self): current = self.db.current().all() self.assertEqual(len(current), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 1) def test_block_then_unblock_changes_current_but_not_expected(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 1) self.db.set_unblocked(b1, 'bgp1') current = self.db.current().all() self.assertEqual(len(current), 0) expected = self.db.expected().all() self.assertEqual(len(expected), 1) def test_block_queue_empty(self): q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) def test_block_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 1) self.assertEqual(str(q[0].cidr), '1.2.3.4/32') self.db.set_blocked(b1, 'bgp1') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) def test_block_two_blockers(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') for ident in 'bgp1', 'bgp2': q = list(self.db.block_queue(ident)) self.assertEqual(len(q), 1) self.assertEqual(str(q[0].cidr), '1.2.3.4/32') self.db.set_blocked(b1, 'bgp1') self.db.set_blocked(b1, 'bgp2') for ident in 'bgp1', 'bgp2': q = list(self.db.block_queue(ident)) self.assertEqual(len(q), 0) def test_block_two_blockers_only_one(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') q = list(self.db.block_queue('bgp1')) self.assertEqual(len(q), 0) q = list(self.db.block_queue('bgp2')) self.assertEqual(len(q), 1) def test_block_two_blockers_doesnt_double_current(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') self.db.set_blocked(b1, 'bgp2') current = self.db.current().all() self.assertEqual(len(current), 1) def test_adding_a_block_adds_to_pending(self): pending = self.db.pending().all() self.assertEqual(len(pending), 0) b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') pending = self.db.pending().all() self.assertEqual(len(pending), 1) def test_blocking_removes_from_pending(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') pending = self.db.pending().all() self.assertEqual(len(pending), 1) self.db.set_blocked(b1, 'bgp1') pending = self.db.pending().all() self.assertEqual(len(pending), 0) def test_unblock_now_removes_from_expected(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 1) self.db.unblock_now('1.2.3.4', self.user, 'testing') expected = self.db.expected().all() self.assertEqual(len(expected), 0) def test_unblock_now_moves_to_pending_removal(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.unblock_now('1.2.3.4', self.user, 'testing') b1.refresh_from_db() #it needs to be blocked on a host to be able to be pending unblock self.db.set_blocked(b1, 'bgp1') pending_removal = self.db.pending_removal().all() self.assertEqual(len(pending_removal), 1) def test_unblock_queue_empty(self): q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_unblock_queue_empty_before_expiration(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=30) self.db.set_blocked(b1, 'bgp1') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_unblock_now_adds_to_unblock_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1) self.db.set_blocked(b1, 'bgp1') self.db.unblock_now('1.2.3.4', self.user, 'testing') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) def test_unblock_queue_exists_after_expiration(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing', duration=1) self.db.set_blocked(b1, 'bgp1') sleep(2) q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) def test_set_unblocked_removes_from_unblock_queue(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.db.set_blocked(b1, 'bgp1') self.db.unblock_now('1.2.3.4', self.user, 'testing') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 1) self.db.set_unblocked(b1, 'bgp1') q = self.db.unblock_queue('bgp1') self.assertEqual(len(q), 0) def test_stats(self): def check_counts(block_pending=0, unblock_pending=0, current=0, expected=0): stats = self.db.stats() self.assertEqual(stats["block_pending"], block_pending) self.assertEqual(stats["unblock_pending"], unblock_pending) self.assertEqual(stats["current"], current) self.assertEqual(stats["expected"], expected) check_counts() b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') check_counts(block_pending=1, expected=1) self.db.set_blocked(b1, 'bgp1') check_counts(current=1, expected=1) self.db.unblock_now('1.2.3.4', self.user, 'testing') check_counts(current=1, expected=0, unblock_pending=1) self.db.set_unblocked(b1, 'bgp1') check_counts() def test_source_stats(self): b1 = self.db.add_block('1.2.3.4', self.user, 'test', 'testing') self.assertEqual(self.db.source_stats(), {"test": 1}) b1 = self.db.add_block('1.2.3.5', self.user, 'other', 'testing') b1 = self.db.add_block('1.2.3.6', self.user, 'other', 'testing') self.assertEqual(self.db.source_stats(), {"test": 1, "other": 2}) def test_whitelist(self): WhitelistEntry(who=self.user, why='test', cidr='141.142.0.0/16').save() self.assertEqual(bool(is_whitelisted("1.2.3.4")), False) self.assertEqual(bool(is_whitelisted("1.2.3.0/24")), False) self.assertEqual(bool(is_whitelisted("141.142.2.2")), True) self.assertEqual(bool(is_whitelisted("141.142.4.0/24")), True) self.assertEqual(bool(is_whitelisted("141.0.0.0/8")), True) def test_block_then_whitelist_then_unblock_works(self): b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') WhitelistEntry(who=self.user, why='test', cidr='1.2.3.0/24').save() self.db.unblock_now('1.2.3.4', self.user, 'testing') @override_settings() def test_prefixlen_too_small(self): from django.conf import settings settings.BHR['minimum_prefixlen'] = 24 self.assertEqual(is_prefixlen_too_small(u"1.2.3.4"), False) self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), False) self.assertEqual(is_prefixlen_too_small(u"1.2.0.0/20"), True) settings.BHR['minimum_prefixlen'] = 32 self.assertEqual(is_prefixlen_too_small(u"1.2.3.0/24"), True) @override_settings() def test_prefixlen_too_small_v6(self): from django.conf import settings settings.BHR['minimum_prefixlen_v6'] = 64 self.assertEqual(is_prefixlen_too_small(u"fe80::/32"), True) self.assertEqual(is_prefixlen_too_small(u"fe80::1/128"), False) def test_source_blacklisted(self): self.assertEqual(bool(is_source_blacklisted("test")), False) SourceBlacklistEntry(who=self.user, why='test', source='test').save() self.assertEqual(bool(is_source_blacklisted("test")), True) def test_filter_local(self): b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0) b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 1) @override_settings() def test_filter_local_unset(self): from django.conf import settings del settings.BHR['local_networks'] b1 = self.db.add_block('1.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0) b1 = self.db.add_block('10.2.3.4', self.user, 'other', 'testing') local = filter_local_networks(self.db.expected()) self.assertEqual(len(local), 0)