def test_time_based_judgment_should_deny__add_new_entry_to_log(
_prepare_test_data):
global test_db_path
ip = log_parser.ip_to_int('8.7.6.5')
line = 512
log_file = "some-log-file.log"
log_entry = log_parser.LogEntry(log_file,
line,
ip=ip,
time=datetime.strptime(
"2019-03-28 11:12:30.000+0100",
judgment.DATETIME_FORMAT_PATTERN),
status=401,
byte=4286)
conn = sqlite3.connect(test_db_path)
with conn:
blocker = judgment.TimeBasedIpJudgment(conn)
to_be_deny, cause = blocker.should_deny(log_entry)
assert to_be_deny is False
c = conn.cursor()
c.execute("SELECT COUNT(*) FROM log_ip WHERE ip = ?", (ip, ))
row = c.fetchone()
ip_count = row[0]
assert ip_count == 1
c.execute(
"SELECT COUNT(*) FROM processed_log_ip WHERE ip = ? AND line = ? AND log_file = ?",
(ip, line, log_file))
row2 = c.fetchone()
ip_count = row2[0]
assert ip_count == 1
conn.close()
def test_update_deny(_prepare_test_data):
global test_db_path
ip_network = "123.456.789.321/22"
log_entry = log_parser.LogEntry("some-log-file.log",
2,
ip=log_parser.ip_to_int("1.2.3.4"),
time=datetime.strptime(
"2019-03-28 11:15:33.000+0100",
judgment.DATETIME_FORMAT_PATTERN),
status=401,
request="GET /manager/html",
byte=4286)
judge = "judge of party"
cause = "just for fun"
judgment.update_deny(ip_network, log_entry, judge, cause, test_db_path)
conn = sqlite3.connect(test_db_path)
c = conn.cursor()
c.execute(
"SELECT COUNT(*), cause_of_block FROM block_network WHERE ip = ?",
(log_entry.ip, ))
row = c.fetchone()
ip_count = row[0]
cause_of_block = row[1]
assert ip_count == 1
assert cause_of_block == cause
def test_user_agent_based_judgment_2():
ip = log_parser.ip_to_int('54.36.150.103')
log_entry = log_parser.LogEntry(
"some-log-file.log",
2,
ip=ip,
user_agent=
"Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)")
blacklist_agent = ['http://ahrefs.com', 'http://www.semrush.com']
blocker = judgment.UserAgentBasedIpJudgment(blacklist_agent)
deny, cause = blocker.should_deny(log_entry)
assert deny is True
def test_time_based_judgment__ready_processed():
global test_db_path
processed_ip = ip_processed_data[0]
log_entry = log_parser.LogEntry(processed_ip[2],
processed_ip[1],
ip=processed_ip[0],
time=datetime.strptime(
"2019-03-28 11:12:30.000+0100",
judgment.DATETIME_FORMAT_PATTERN),
status=401,
byte=4286)
conn = sqlite3.connect(test_db_path)
with conn:
blocker = judgment.TimeBasedIpJudgment(test_db_path)
is_processed = blocker._ready_processed(log_entry)
assert is_processed is True
conn.close()
def test_path_based_judgment_free():
bot_path = {
"/phpMyAdmin/", "/pma/", "/myadmin", "/MyAdmin/", "/wp-login",
"/webdav/", "/manager/html"
}
blocker = judgment.PathBasedIpJudgment(bot_path)
entry = log_parser.LogEntry("dummy-log.txt",
1234,
ip=log_parser.ip_to_int('111.21.253.2'),
time=datetime.strptime(
"2019-03-28 11:15:33.000+0100",
judgment.DATETIME_FORMAT_PATTERN),
status=401,
request="GET /test",
byte=4286)
(block, cause) = blocker.should_deny(entry)
assert not block
def test_FileBasedUFWBlock(clean_output_file):
log = [log_parser.LogEntry(
"some-file",
1234,
ip=log_parser.ip_to_int("1.2.3.4"),
network="1.2.3.4/"+str(x),
time=None,
status=404,
request="GET /abcd",
byte=1024,
user=None
)for x in range(10)]
blocker = execution.FileBasedUWFBlock(ufw_script)
blocker.begin_execute()
for l in log:
blocker.block(l)
blocker.end_execute()
pass
def test_time_based_judgment_update_access_time(_prepare_test_data):
global test_db_path
ip = log_parser.ip_to_int('9.10.11.12')
log_entry = log_parser.LogEntry("some-log-file.log",
2,
ip=ip,
time=datetime.strptime(
"2019-03-28 11:15:33.000+0100",
judgment.DATETIME_FORMAT_PATTERN),
status=401,
byte=4286)
conn = sqlite3.connect(test_db_path)
with conn:
blocker = judgment.TimeBasedIpJudgment(test_db_path)
to_be_deny, cause = blocker.should_deny(log_entry)
assert to_be_deny == False
c = conn.cursor()
c.execute("SELECT access_count FROM log_ip WHERE ip = ?", (ip, ))
row = c.fetchone()
ip_count = row[0]
assert ip_count == 5
conn.close()