def test_bulk_scan_not_live(self):
"""
When scanner.bulk_scan is called, it should save all new results to the
database, even if one of the instances cannot be reached by HTTP. It
should save a result to the database for the instance that cannot be
reached by HTTP with live False
In addition to vcrpy, this test mocks requests.get to simulate a
ConnectionError for a URL that does not exist without actually sending
an HTTP request to that URL
"""
sd1 = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
sd2 = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url=NON_EXISTENT_URL,
onion_address='notreal-2.onion')
sd3 = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url='https://freedom.press',
onion_address='notreal-3.onion')
securedrop_pages_qs = DirectoryEntry.objects.all()
scanner.bulk_scan(securedrop_pages_qs)
self.assertTrue(
DirectoryEntry.objects.get(pk=sd1.pk).results.all()[0].live)
self.assertFalse(
DirectoryEntry.objects.get(pk=sd2.pk).results.all()[0].live)
self.assertTrue(
DirectoryEntry.objects.get(pk=sd3.pk).results.all()[0].live)
def test_cache_purged_for_directory_entry(self, purge_mock):
"Homepage cache should be purged when a new directory entry is added"
DirectoryEntryFactory.create()
# DirectoryEntry saving logic causes it to be saved twice, triggering
# the purge twice (this is not necessarily desireable, but it is
# mostly harmless)
purge_mock.assert_has_calls(
[call(self.home_page), call(self.home_page)])
def test_domain_annotation(self):
DirectoryEntryFactory.create(
landing_page_url="https://securedrop.org/subpath"
)
securedrop_page_qs = DirectoryEntry.objects.with_domain_annotation()
self.assertEqual(
securedrop_page_qs.values_list('domain', flat=True)[0],
'securedrop.org'
)
def test_forces_https_should_not_be_none(self):
domain = 'https://sourceanonyme.radio-canada.ca'
entry = DirectoryEntryFactory.create(title='Source Anonyme',
landing_page_url=domain,
onion_address='notreal.onion')
r = scanner.scan(entry, commit=True)
self.assertIsNotNone(r.forces_https)
def test_bulk_scan(self):
"""
When scanner.bulk_scan is called, it should save all new results to the
database, associated with the correct DirectoryEntrys
"""
DirectoryEntryFactory.create(title='SecureDrop',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
DirectoryEntryFactory.create(title='Freedom of the Press Foundation',
landing_page_url='https://freedom.press',
onion_address='notreal-2.onion')
securedrop_pages_qs = DirectoryEntry.objects.all()
scanner.bulk_scan(securedrop_pages_qs)
for page in DirectoryEntry.objects.all():
self.assertEqual(1, page.results.count())
def test_redirect_from_subdomain(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url='http://health.nytimes.com',
onion_address='notreal.onion',
)
r = scanner.scan(entry)
self.assertTrue(r.subdomain)
self.assertTrue(r.no_cross_domain_redirects)
def test_redirect_target_saved(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url='https://httpbin.org/redirect/3',
onion_address='notreal.onion',
)
result = scanner.scan(entry)
self.assertEqual(result.redirect_target, 'https://httpbin.org/get')
def test_scan_with_permitted_domain(self):
securedrop = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url='https://www.nytimes.com/tips',
onion_address='notreal.onion',
permitted_domains_for_assets=['nyt.com'],
)
result = scanner.scan(securedrop)
self.assertEqual(result.no_cross_domain_assets, True)
def test_scan_with_permitted_domains_with_subdomain(self):
securedrop = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion',
permitted_domains_for_assets=['analytics.freedom.press'],
)
result = scanner.scan(securedrop)
self.assertEqual(result.no_cross_domain_assets, True)
def test_redirect_target_not_saved_if_not_redirect(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion',
)
result = scanner.scan(entry)
self.assertIsNone(result.redirect_target)
def test_permanent_redirect_target_saved(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url=
'https://httpbin.org/redirect-to?status_code=301&url=https%3A%2F%2Fhttpbin.org%2Fget',
onion_address='notreal.onion',
)
result = scanner.scan(entry)
self.assertEqual(result.redirect_target, 'https://httpbin.org/get')
def test_cross_domain_redirect_detected_and_saved(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url=
'https://httpbin.org/redirect-to?url=http%3A%2F%2Fwww.google.com&status_code=302',
onion_address='notreal.onion',
)
r = scanner.scan(entry)
self.assertFalse(r.no_cross_domain_redirects)
def test_if_cross_domain_redirect_found_continue_to_scan(self):
"""if a cross-domain redirect is found, then we should make a full scan
of target domain"""
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url=
'https://httpbin.org/redirect-to?url=http%3A%2F%2Fwww.google.com&status_code=302',
onion_address='notreal.onion',
)
r = scanner.scan(entry)
self.assertTrue(r.live)
self.assertTrue(r.no_cross_domain_assets)
def test_redirection_not_200(self):
entry = DirectoryEntryFactory.create(
title='SecureDrop',
landing_page_url=
'https://httpbin.org/redirect-to?url=https%3A%2F%2Fhttpbin.org%2Fstatus%2F404',
onion_address='notreal.onion',
)
result = scanner.scan(entry)
self.assertEqual(result.redirect_target,
'https://httpbin.org/status/404')
self.assertFalse(result.http_status_200_ok)
def test_scan_and_no_commit(self):
"""
When scanner.scan is called without commit=True, it should not save
any results to the database
"""
securedrop = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
scanner.scan(securedrop)
self.assertEqual(
0,
DirectoryEntry.objects.get(pk=securedrop.pk).results.count())
def test_scan_and_commit(self):
"""
When scanner.scan is called with commit=True, the result of the scan
should be newly saved to the database and associated with the
correct DirectoryEntry
"""
securedrop = DirectoryEntryFactory.create(
title='Freedom of the Press Foundation',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
self.assertEqual(
0,
DirectoryEntry.objects.get(pk=securedrop.pk).results.count())
scanner.scan(securedrop, commit=True)
self.assertEqual(
1,
DirectoryEntry.objects.get(pk=securedrop.pk).results.count())
def test_delisted(self):
"""
QuerySet method `delisted` should return only delisted DirectoryEntries
"""
d1 = DirectoryEntryFactory.create(delisted='other')
d2 = DirectoryEntryFactory.create(delisted='other')
DirectoryEntryFactory.create()
DirectoryEntryFactory.create()
self.assertCountEqual(
DirectoryEntry.objects.delisted(),
[d1, d2]
)
def test_listed(self):
"""
QuerySet method `listed` should return only listed DirectoryEntries
"""
DirectoryEntryFactory.create(delisted='other')
DirectoryEntryFactory.create(delisted='other')
l1 = DirectoryEntryFactory.create()
l2 = DirectoryEntryFactory.create()
self.assertCountEqual(
DirectoryEntry.objects.listed(),
[l1, l2]
)