def test_add_event(self):
username = "******"
password = "******"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some events to disable the account
for i in range(15):
ESAPI.intrusion_detector().add_event("test", "test message")
self.assertTrue(user.is_locked())
def test_add_event(self):
username = "******"
password = "******"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some events to disable the account
for i in range(15):
ESAPI.intrusion_detector().add_event("test", "test message")
self.assertTrue(user.is_locked())
def __init__(self, user_message, log_message, cause=None):
"""
Creates a new instance of IntrusionException.
@param user_message: the message displayed to the user
@param log_message: the message logged
@param cause: the Exception that caused this one
"""
Exception.__init__(self, user_message)
self.user_message = user_message
self.log_message = log_message
self.cause = cause
self.logger = ESAPI.logger("IntrusionException")
self.logger.error(Logger.SECURITY_FAILURE, _("INTRUSION") + " - " + self.log_message)
ESAPI.intrusion_detector().add_exception(self)
def __init__(self, user_message, log_message, cause=None):
"""
Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
using this API, applications will generate an extensive security log. In addition, this exception is
automatically registered with the IntrusionDetector, so that quotas can be checked.
@param user_message: the message displayed to the user
@param log_message: the message logged
@param cause: the Exception that caused this one
"""
Exception.__init__(self, user_message)
self.user_message = user_message
self.log_message = log_message
self.cause = cause
self.logger = ESAPI.logger("EnterpriseSecurityException")
# Logging is done in add_exception()
ESAPI.intrusion_detector().add_exception(self)
def test_add_exception(self):
ESAPI.intrusion_detector().add_exception(RuntimeError('message'))
ESAPI.intrusion_detector().add_exception(
ValidationException("user message", "log message"))
ESAPI.intrusion_detector().add_exception(
IntrusionException("user message", "log message"))
username = "******"
password = "******"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some exceptions to disable the account
for i in range(15):
IntegrityException("IntegrityException %s" % i,
"IntegrityException %s" % i)
self.assertFalse(user.is_logged_in())
self.assertTrue(user.is_locked())
def test_add_exception(self):
ESAPI.intrusion_detector().add_exception( RuntimeError('message') )
ESAPI.intrusion_detector().add_exception(
ValidationException("user message", "log message") )
ESAPI.intrusion_detector().add_exception(
IntrusionException("user message", "log message") )
username = "******"
password = "******"
auth = ESAPI.authenticator()
user = auth.create_user(username, password, password)
user.enable()
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
user.login_with_password(password)
# Generate some exceptions to disable the account
for i in range(15):
IntegrityException(
"IntegrityException %s" % i,
"IntegrityException %s" % i )
self.assertFalse(user.is_logged_in())
self.assertTrue(user.is_locked())