def test_input_regex_attack(self):
"""
check if a Regular expression Denial of Service (ReDoS) works
the test is successful if the result is returned within 2 seconds
:return:
"""
self._set_text_logger()
db = DatabaseSQLite(self.output_test_path,
self.TEST_DB_FILENAME,
None,
delete_all_data_from_db=True)
element = "a" * 40
attack = ["a", "a", "a", "a", "a", "a", "a", "a", "a", "b"]
logging.debug("filter: " + str(attack))
self.assertTrue(db.add_element(element, "", []))
db.save_changes()
tick = datetime.now()
res = db.get_last_n_filtered_elements(generic_filters=attack)
tock = datetime.now()
diff = tock - tick
self.assertEqual(len(res), 0)
self.assertGreater(2, diff.seconds) # TODO find solution
db.close()
def test_fill_db_with_100_entries(self):
"""
fill db with 100 different entries and then check if db contain 100 entries
:return:
"""
self._set_text_logger()
db = DatabaseSQLite(self.output_test_path,
self.TEST_DB_FILENAME,
None,
delete_all_data_from_db=True)
tot_line = 100
for i in range(tot_line):
self.assertTrue(
db.add_element("ls " + str(i), "test " + str(i),
["sec" + str(i)]))
db.save_changes()
# try to retrieve 200 entries
res = db.get_last_n_filtered_elements(n=tot_line * 2)
self.assertEqual(len(res), tot_line)
db.close()