def setUp(self):
RestAPITestBase.setUp(self)
APITestCase.setUp(self)
self.source = Source.objects.create(name='test source', created_date=timezone.now(),
method='local', datatype='sig')
self.source.save()
self.source_at_version = SourceAtVersion.objects.create(source=self.source, version='42')
self.source_at_version.save()
self.category = Category.objects.create(name='test category', filename='test',
source=self.source)
self.category.save()
content = """alert ip $HOME_NET any -> [103.207.29.161,103.207.29.171,103.225.168.222,103.234.36.190,103.234.37.4,103.4.164.34,
103.6.207.37,104.131.93.109,104.140.137.152,104.143.5.144,104.144.167.131,104.144.167.251,104.194.206.108,
104.199.121.36,104.207.154.26,104.223.87.207,104.43.200.222,106.187.48.236,107.161.19.71]
any (msg:"ET CNC Shadowserver Reported CnC Server IP group 1";
reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,www.shadowserver.org;
threshold: type limit, track by_src, seconds 3600, count 1; flowbits:set,ET.Evil;
flowbits:set,ET.BotccIP; classtype:trojan-activity; sid:2404000; rev:4933;)"""
self.rule = Rule.objects.create(sid=1, category=self.category, msg='test rule',
content=content)
self.rule.save()
self.ruleset = Ruleset.objects.create(name='test ruleset', descr='descr', created_date=timezone.now(),
updated_date=timezone.now())
self.ruleset.save()
self.ruleset.sources.add(self.source_at_version)
self.ruleset.categories.add(self.category)
def setUp(self):
RestAPITestBase.setUp(self)
APITestCase.setUp(self)
self.source = Source.objects.create(name='test source',
created_date=timezone.now(),
method='local',
datatype='sig')
self.source.save()
self.source_at_version = SourceAtVersion.objects.create(
source=self.source, version='42')
self.source_at_version.save()
self.category = Category.objects.create(name='test category',
filename='test',
source=self.source)
self.category.save()
self.rule = Rule.objects.create(sid=1,
category=self.category,
msg='test rule',
content='test rule')
self.rule.save()
self.ruleset = Ruleset.objects.create(name='test ruleset',
descr='descr',
created_date=timezone.now(),
updated_date=timezone.now())
self.ruleset.save()
self.ruleset.sources.add(self.source_at_version)
self.ruleset.categories.add(self.category)
def test_get_invalid(self, deleted_record=False):
if self.client and self.detail_view_name:
response = self.client.get(
reverse(self.detail_view_name, kwargs=self.get_kwargs(valid=deleted_record)))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND, response.data)
else:
APITestCase.skipTest(self, 'Lack of data')
def setUpClass(cls):
WithForm460ADataTest.setUpClass()
APITestCase.setUpClass()
for m in IndependentMoney.objects.all():
if hasattr(m.benefactor, 'committeebenefactor'):
cls.committee = m.benefactor.committeebenefactor
break
def test_get_obj_data(self, obj=None, msg=None):
if self.client and self.detail_view_name and self.serializer:
response = self.client.get(reverse(self.detail_view_name, kwargs=self.get_kwargs(obj)))
self.assertJSONEqual(
json.dumps(response.data), self.serializer(instance=(obj or self.obj), context=self.context).data,
(f"{msg}: " if msg else "") + f"{response.data}")
else:
APITestCase.skipTest(self, 'Lack of data')
def setUpClass(cls):
WithForm460ADataTest.setUpClass()
APITestCase.setUpClass()
for m in IndependentMoney.objects.all():
if hasattr(m.benefactor, 'committeebenefactor'):
cls.committee = m.benefactor.committeebenefactor
break
def setUp(self):
APITestCase.setUp(self)
self.user = User.objects.create_superuser(
username="******",
email="*****@*****.**",
password="******",
)
self.password = '******'
self.factory = APIRequestFactory()
def test_get_list_data(self):
if self.client and self.list_view_name and self.model and self.list_serializer:
response = self.client.get(reverse(self.list_view_name))
self.assertJSONEqual(
json.dumps(response.data),
self.list_serializer(instance=self.model.objects.all(), many=True, context=self.context).data,
response.data)
else:
APITestCase.skipTest(self, 'Lack of data')
def test_del_invalid_data(self):
if self.client and self.detail_view_name:
response = self.client.delete(
reverse(self.detail_view_name, kwargs=self.get_kwargs(valid=False)))
self.assertEqual(
response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED if self.delete_forbidden else status.HTTP_404_NOT_FOUND,
response.data)
else:
APITestCase.skipTest(self, 'Lack of data')
def test_post_invalid_data_payload_raw(self, payload_data=None):
if self.client and self.list_view_name:
records = [_.pk for _ in self.model.objects.all()]
for msg, data in (payload_data or self.invalid_post_data_payload).items():
with APITestCase.subTest(self, msg):
response = self.client.post(reverse(self.list_view_name), data=data)
self.assertEqual(
response.status_code, status.HTTP_400_BAD_REQUEST, f"{response.data}")
# double check records' pks
self.assertEqual(records, [_.pk for _ in self.model.objects.all()])
else:
APITestCase.skipTest(self, 'Lack of data')
def test_patch_invalid_data_payload_raw(self, base_obj=None, payload_data=None):
if self.client and self.detail_view_name:
for msg, data in (payload_data or self.invalid_partial_data).items():
with APITestCase.subTest(self, msg):
response = self.client.patch(
reverse(self.detail_view_name, kwargs=self.get_kwargs(base_obj)), data=data)
self.assertEqual(
response.status_code, status.HTTP_400_BAD_REQUEST, f"{response.data}")
# check if self.obj was not changed
self.test_get_obj_data(obj=base_obj, msg=msg)
else:
APITestCase.skipTest(self, 'Lack of data')
def setUp(self):
RestAPITestBase.setUp(self)
APITestCase.setUp(self)
self.ruleset = Ruleset.objects.create(name='test ruleset', descr='descr', created_date=timezone.now(), updated_date=timezone.now())
self.ruleset.save()
content = 'alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Metasploit Meterpreter stdapi_* Command Request"; \
flow:established; content:"|00 01 00 01|stdapi_"; offset:12; depth:11; classtype:successful-user; sid:2014530; rev:3; \
metadata:affected_product Any, attack_target Client_and_Server, deployment Perimeter, deployment Internet, deployment Internal, \
deployment Datacenter, tag Metasploit, signature_severity Critical, created_at 2012_04_06, updated_at 2016_07_01;)'
with open('/tmp/rules.rules', 'w') as f:
f.write(content)
def test_put_invalid_data_payload_json(self, base_obj=None, payload_data=None):
if self.client and self.detail_view_name:
for msg, data in (payload_data or self.invalid_put_data_payload).items():
with APITestCase.subTest(self, msg):
response = self.client.put(
reverse(self.detail_view_name, kwargs=self.get_kwargs(base_obj)),
data=json.dumps(data),
content_type='application/json')
self.assertEqual(
response.status_code, status.HTTP_400_BAD_REQUEST, f"{response.data}")
# check if self.obj was not changed
self.test_get_obj_data(obj=base_obj, msg=msg)
else:
APITestCase.skipTest(self, 'Lack of data')
def test_del_data(self, obj=None):
if self.client and self.detail_view_name:
response = self.client.delete(
reverse(self.detail_view_name, kwargs=self.get_kwargs(obj)))
self.assertEqual(
response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED if self.delete_forbidden else status.HTTP_204_NO_CONTENT,
response.data)
# check if record has/hasn't been deleted
if self.delete_forbidden:
self.test_get_obj_code(obj)
else:
self.test_get_invalid(deleted_record=True)
else:
APITestCase.skipTest(self, 'Lack of data')
def test_post_data_payload_raw(self, payload_data=None):
if self.client and self.list_view_name:
for msg, data in (payload_data or self.valid_post_data_payload).items():
with APITestCase.subTest(self, msg):
response = self.client.post(reverse(self.list_view_name), data=data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED, f"{response.data}")
# try to get created model instance
obj = self.get_obj(data)
self.assertIsNotNone(obj)
# check response code with get method
self.test_get_obj_code(obj=obj, msg=msg)
# check data integrity of data sent and serialized instance
self.assertJSONEqual(
json.dumps(response.data), self.serializer(instance=obj, context=self.context).data)
else:
APITestCase.skipTest(self, 'Lack of data')
def test_status_code_post_valid_rate(self):
for rate in self.valid_rates:
with APITestCase.subTest(self, f"rate: {rate}"):
response = self.client.post(self.valid_urls['car-models-rate'],
data={'rate': rate})
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.data or response)
def test_status_code_get_invalid_car(self):
for msg, urls in self.invalid_urls.items():
for view, url in urls.items():
with APITestCase.subTest(self, f"{msg} url: {url}"):
response = self.client.get(url)
self.assertEqual(response.status_code,
status.HTTP_404_NOT_FOUND, response.data
or response)
def test_status_code_post_invalid_rate(self):
for msg, rate in self.invalid_rates.items():
with APITestCase.subTest(self, f"rate: {msg}"):
response = self.client.post(self.valid_urls['car-models-rate'],
data={'rate': rate})
self.assertEqual(response.status_code,
status.HTTP_400_BAD_REQUEST, response.data
or response)
def test_patch_data_payload_raw(self, base_obj=None, payload_data=None):
if self.client and self.detail_view_name:
obj = base_obj
for msg, data in (payload_data or self.valid_partial_data).items():
with APITestCase.subTest(self, msg):
response = self.client.patch(
reverse(self.detail_view_name, kwargs=self.get_kwargs(obj)), data=data)
self.assertEqual(response.status_code, status.HTTP_200_OK, f"{response.data}")
# try to get updated model instance
obj = self.get_obj_by_pk(self.obj.pk)
self.assertIsNotNone(obj)
# check response code with get method
self.test_get_obj_code(obj=obj, msg=msg)
# check data integrity of data sent and serialized instance
if self.serializer:
self.assertJSONEqual(
json.dumps(response.data), self.serializer(instance=obj, context=self.context).data)
else:
APITestCase.skipTest(self, 'Lack of data')
def setUp(self):
RestAPITestBase.setUp(self)
# Create scirius user is_superuser
APITestCase.setUp(self)
self.sciriususer_super = SciriusUser.objects.create(user=self.user,
timezone='UTC')
# Create Scirius User is_staff
params = {
'username': '******',
'timezone': 'UTC',
'password': '******',
'is_superuser': False,
'is_staff': True,
'is_active': True
}
response = self.http_post(reverse('sciriususer-list'),
params,
status=status.HTTP_201_CREATED)
self.sciriususer_staff = SciriusUser.objects.get(pk=response['pk'])
self.assertEqual(self.sciriususer_staff is not None, True)
self.assertEqual(self.sciriususer_staff.user.username, 'sonic_staff')
# Create scirius user is_active
params = {
'username': '******',
'timezone': 'UTC',
'password': '******',
'is_superuser': False,
'is_staff': False,
'is_active': True
}
response = self.http_post(reverse('sciriususer-list'),
params,
status=status.HTTP_201_CREATED)
self.sciriususer_active = SciriusUser.objects.get(pk=response['pk'])
self.assertEqual(self.sciriususer_active.user.username, 'sonic_active')
# Connect by default with is_staff user
self.client.force_login(self.sciriususer_staff.user)
def test_status_code_post_invalid_car(self):
for make_msg, make in self.invalid_car_data['make_data'].items():
for model_msg, model in self.invalid_car_data['model_data'].items(
):
with APITestCase.subTest(
self, f"make: {make_msg}; model: {model_msg}"):
response = self.client.post(self.valid_urls['cars-list'],
data={
**make,
**model
})
self.assertEqual(response.status_code,
status.HTTP_400_BAD_REQUEST, response.data
or response)
def tearDownClass(cls):
ElectionDayTest.tearDownClass()
APITestCase.tearDownClass()
def setUpClass(cls):
WithForm460ADataTest.setUpClass(test_agency='COS', test_year='2015')
APITestCase.setUpClass()
def test_get_obj_code(self, obj=None, msg=None):
if self.client and self.detail_view_name:
response = self.client.get(reverse(self.detail_view_name, kwargs=self.get_kwargs(obj)))
self.assertEqual(response.status_code, status.HTTP_200_OK, (f"{msg}: " if msg else "") + f"{response.data}")
else:
APITestCase.skipTest(self, 'Lack of data')
def _fixture_teardown(self):
try:
APITestCase._fixture_teardown(self)
except:
pass
def __init__(self, *args, **kwargs):
APITestCase.__init__(self, *args, **kwargs)
def setUpClass(cls):
WithForm460ADataTest.setUpClass()
APITestCase.setUpClass()
def tearDownClass(cls):
LocalityTest.tearDownClass()
APITestCase.tearDownClass()
def __init__(self, *args, **kwargs):
APITestCase.__init__(self, *args, **kwargs)
self.view_mixins = list(map(
(lambda x: x.__name__), self.viewset.__bases__))
def setUpClass(cls):
WithForm460ADataTest.setUpClass()
APITestCase.setUpClass()
money = IndependentMoney.objects.all()[0]
cls.beneficiary = money.beneficiary
def tearDown(self):
APITestCase.tearDown(self)
HttpTestcaseMixin.setUp(self)
ResourceTestCaseMixin.tearDown(self)
def setUpClass(cls):
APITestCase.setUpClass()
def __init__(self, *args, **kwargs):
APITestCase.__init__(self, *args, **kwargs)
self.view_mixins = map(
(lambda x: x.__name__), self.viewset.__bases__)
def setUpClass(cls):
ElectionDayTest.setUpClass()
APITestCase.setUpClass()
def setUpClass(cls):
LocalityTest.setUpClass()
APITestCase.setUpClass()
def setUpClass(cls):
LocalityTest.setUpClass()
APITestCase.setUpClass()
def setUpClass(cls):
WithForm460ADataTest.setUpClass()
APITestCase.setUpClass()
def tearDownClass(cls):
LocalityTest.tearDownClass()
APITestCase.tearDownClass()
def __init__(self, *args, **kwargs):
# TODO remove __init__ if it does nothing...
APITestCase.__init__(self, *args, **kwargs)
def test_status_code_get_valid(self):
for view, url in self.valid_urls.items():
with APITestCase.subTest(self, f"url: {url}"):
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.data or response)
def setUp(self):
APITestCase.setUp(self)
HttpTestcaseMixin.setUp(self)
ResourceTestCaseMixin.setUp(self)
self.extra_header = dict(self.user_agent_header())
def test_get_list_code(self):
if self.client and self.list_view_name:
response = self.client.get(reverse(self.list_view_name))
self.assertEqual(response.status_code, status.HTTP_200_OK, response.data)
else:
APITestCase.skipTest(self, 'Lack of data')
