예제 #1
0
class DirectorySevereWarningTest(TestCase):
    def setUp(self):
        site = Site.objects.get()
        self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory(
            parent=site.root_page))
        self.result = ScanResultFactory(
            securedrop=self.entry,
            landing_page_url=self.entry.landing_page_url,
            severe_warning=True,
        )
        self.result.save()
        self.entry.save()

        self.client = Client()

    def test_warning_presence(self):
        """warning should be displayed if warnings flag in request"""
        response = self.client.get(self.entry.url)
        self.assertContains(
            response,
            'We strongly advise you to only visit this landing page <a href="https://www.torproject.org/download/download-easy.html.en">using the Tor browser</a>, with the <a href="https://tb-manual.torproject.org/en-US/security-slider.html">security slider</a> set to "safest".',
            status_code=200,
        )

    def test_warning_message_suppressed_if_page_ignores_all_triggered_warnings(
            self):
        self.entry.warnings_ignored = ['no_third_party_assets']
        self.entry.save()
        self.entry.refresh_from_db()
        response = self.client.get(self.entry.url)
        self.assertNotContains(
            response,
            'We strongly advise you to only visit this landing page <a href="https://www.torproject.org/download/download-easy.html.en">using the Tor browser</a>, with the <a href="https://tb-manual.torproject.org/en-US/security-slider.html">security slider</a> set to "safest".',
            status_code=200,
        )
예제 #2
0
class DirectoryModerateWarningTest(TestCase):
    def setUp(self):
        site = Site.objects.get()
        self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory(
            parent=site.root_page))
        self.result = ScanResultFactory(
            securedrop=self.entry,
            landing_page_url=self.entry.landing_page_url,
            moderate_warning=True,
        )
        self.result.save()
        self.entry.save()

        self.client = Client()

    def test_warning_presence(self):
        """warning should always be displayed"""
        response = self.client.get(self.entry.url)
        self.assertContains(
            response,
            'We recommend only visiting this SecureDrop landing page <a href="https://www.torproject.org/download/download-easy.html.en">using the Tor browser</a>.',
            status_code=200,
        )

    def test_warning_message_suppressed_if_page_ignores_all_triggered_warnings(
            self):
        self.entry.warnings_ignored = ['safe_onion_address']
        self.entry.save()

        response = self.client.get(self.entry.url)

        self.assertNotContains(
            response,
            'We recommend only visiting this SecureDrop landing page <a href="https://www.torproject.org/download/download-easy.html.en">using the Tor browser</a>.',
            status_code=200,
        )

    def test_single_warning_message_suppressed_if_page_ignores_that_warning(
            self):
        self.result.subdomain = True
        self.result.save()
        self.entry.warnings_ignored = ['safe_onion_address']
        self.entry.save()

        response = self.client.get(self.entry.url)
        self.assertContains(
            response,
            'is hosted on a subdomain',
            status_code=200,
        )

        self.assertNotContains(
            response,
            'includes a clickable link to a Tor Onion Service',
            status_code=200,
        )
예제 #3
0
    def setUp(self):
        site = Site.objects.get()
        self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory(
            parent=site.root_page))
        self.result = ScanResultFactory(
            securedrop=self.entry,
            landing_page_url=self.entry.landing_page_url,
            moderate_warning=True,
        )
        self.result.save()
        self.entry.save()

        self.client = Client()
예제 #4
0
    def handle(self, *args, **options):
        number_of_instances = options['number_of_instances']

        home_page = HomePage.objects.get(slug='home')
        directory = DirectoryPage.objects.first()
        if not directory:
            directory = DirectoryPageFactory(parent=home_page, title="Directory")
            directory.save()
        for i in range(number_of_instances):
            instance = DirectoryEntryFactory(parent=directory)
            if i % 3 == 0:
                scan = ScanResultFactory(
                    securedrop=instance,
                    landing_page_url=instance.landing_page_url,
                    no_failures=True,
                )
            elif i % 3 == 1:
                scan = ScanResultFactory(
                    securedrop=instance,
                    landing_page_url=instance.landing_page_url,
                    severe_warning=True,
                )
            else:
                scan = ScanResultFactory(
                    securedrop=instance,
                    landing_page_url=instance.landing_page_url,
                    moderate_warning=True,
                )
            scan.save()
            instance.save()
예제 #5
0
class DirectoryNoWarningTest(TestCase):
    def setUp(self):
        site = Site.objects.get()
        self.entry = DirectoryEntryFactory(parent=DirectoryPageFactory(
            parent=site.root_page))
        self.result = ScanResultFactory(
            securedrop=self.entry,
            landing_page_url=self.entry.landing_page_url,
            no_failures=True,
        )
        self.result.save()
        self.entry.save()

        self.client = Client()

    def test_page_request_should_succeed_if_no_warnings_on_result(self):
        response = self.client.get(self.entry.url)
        self.assertEqual(response.status_code, 200)
예제 #6
0
    def test_returns_latest_live_result(self):
        sd = DirectoryEntryFactory()
        ScanResultFactory(live=False, securedrop=sd, landing_page_url=sd.landing_page_url).save()
        ScanResultFactory(live=False, securedrop=sd, landing_page_url=sd.landing_page_url).save()
        r3 = ScanResultFactory(live=True, securedrop=sd, landing_page_url=sd.landing_page_url)
        r3.save()

        sd = DirectoryEntry.objects.get(pk=sd.pk)

        self.assertEqual(r3, sd.get_live_result())
예제 #7
0
 def test_instance_with_incorrect_referrer_policy_gets_moderate_warning(self):
     result = ScanResultFactory(no_failures=True, referrer_policy_set_to_no_referrer=False)
     self.assertEqual(self.securedrop.get_warnings(result)[0].level, WarningLevel.MODERATE)
예제 #8
0
 def test_instance_on_subdomain_gets_moderate_warning(self):
     result = ScanResultFactory(no_failures=True, subdomain=True)
     self.assertEqual(self.securedrop.get_warnings(result)[0].level, WarningLevel.MODERATE)
예제 #9
0
 def test_instance_with_cross_domain_assets_gets_severe_warning(self):
     result = ScanResultFactory(no_failures=True, no_cross_domain_assets=False)
     self.assertEqual(self.securedrop.get_warnings(result)[0].level, WarningLevel.SEVERE)
예제 #10
0
    def test_instance_with_cdn_gets_no_warning(self):
        result = ScanResultFactory(no_failures=True, no_cdn=False)

        self.assertEqual(self.securedrop.get_warnings(result), [])
예제 #11
0
 def test_instance_with_unsafe_onion_addresses_gets_moderate_warning(self):
     result = ScanResultFactory(no_failures=True, safe_onion_address=False)
     self.assertEqual(self.securedrop.get_warnings(result)[0].level, WarningLevel.MODERATE)
예제 #12
0
 def setUpTestData(self):
     site = Site.objects.get(is_default_site=True)
     self.directory_settings = DirectorySettings.for_site(site)
     self.directory = DirectoryPageFactory(parent=site.root_page)
     self.securedrop_page = DirectoryEntryFactory(parent=self.directory)
     self.result = ScanResultFactory(securedrop=self.securedrop_page)