Skip to content

Commit ef52fcc

Browse files
bitterpanda63bitterpanda63
committed
Update attack waves
1 parent 456da70 commit ef52fcc

File tree

1 file changed

+51
-82
lines changed

1 file changed

+51
-82
lines changed

aikido_zen/vulnerabilities/attack_wave_detection/attack_wave_detector_test.py

Lines changed: 51 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -3,25 +3,6 @@
33
from .attack_wave_detector import AttackWaveDetector
44

55

6-
class Context:
7-
def __init__(self, route, method, ip):
8-
self.remote_address = ip
9-
self.method = method
10-
self.url = "http://example.com"
11-
self.query = {}
12-
self.headers = {}
13-
self.body = {}
14-
self.cookies = {}
15-
self.route_params = {}
16-
self.source = "flask"
17-
self.route = route
18-
self.parsed_userinput = {}
19-
20-
21-
def get_test_context(ip, path="/", method="GET"):
22-
return Context(path, method, ip)
23-
24-
256
def new_attack_wave_detector():
267
return AttackWaveDetector(
278
attack_wave_threshold=6,
@@ -38,32 +19,20 @@ def mock_get_unixtime_ms(monotonic=True, mock_time=0):
3819

3920
def test_no_ip_address():
4021
detector = new_attack_wave_detector()
41-
assert not detector.check(get_test_context(None, "/wp-config.php", "GET"))
42-
43-
44-
def test_not_a_web_scanner():
45-
detector = new_attack_wave_detector()
46-
assert not detector.check(get_test_context("::1", "/", "OPTIONS"))
47-
assert not detector.check(get_test_context("::1", "/", "GET"))
48-
assert not detector.check(get_test_context("::1", "/login", "GET"))
49-
assert not detector.check(get_test_context("::1", "/dashboard", "GET"))
50-
assert not detector.check(get_test_context("::1", "/dashboard/2", "GET"))
51-
assert not detector.check(get_test_context("::1", "/settings", "GET"))
52-
assert not detector.check(get_test_context("::1", "/", "GET"))
53-
assert not detector.check(get_test_context("::1", "/dashboard", "GET"))
22+
assert not detector.check(None)
5423

5524

5625
def test_a_web_scanner():
5726
detector = new_attack_wave_detector()
58-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
59-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
60-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
61-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
62-
assert not detector.check(get_test_context("::1", "/.htaccess", "GET"))
27+
assert not detector.check("::1")
28+
assert not detector.check("::1")
29+
assert not detector.check("::1")
30+
assert not detector.check("::1")
31+
assert not detector.check("::1")
6332
# Is true because the threshold is 6
64-
assert detector.check(get_test_context("::1", "/.htpasswd", "GET"))
33+
assert detector.check("::1")
6534
# False again because event should have been sent last time
66-
assert not detector.check(get_test_context("::1", "/.htpasswd", "GET"))
35+
assert not detector.check("::1")
6736

6837

6938
def test_a_web_scanner_with_delays():
@@ -72,44 +41,44 @@ def test_a_web_scanner_with_delays():
7241
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=0),
7342
):
7443
detector = new_attack_wave_detector()
75-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
76-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
77-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
78-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
44+
assert not detector.check("::1")
45+
assert not detector.check("::1")
46+
assert not detector.check("::1")
47+
assert not detector.check("::1")
7948

8049
with patch(
8150
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
8251
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=30 * 1000),
8352
):
84-
assert not detector.check(get_test_context("::1", "/.htaccess", "GET"))
53+
assert not detector.check("::1")
8554
# Is true because the threshold is 6
86-
assert detector.check(get_test_context("::1", "/.htpasswd", "GET"))
55+
assert detector.check("::1")
8756
# False again because event should have been sent last time
88-
assert not detector.check(get_test_context("::1", "/.htpasswd", "GET"))
57+
assert not detector.check("::1")
8958

9059
with patch(
9160
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
9261
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=60 * 60 * 1000),
9362
):
9463
# Still false because minimum time between events is 1 hour
95-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
96-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
97-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
98-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
99-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
100-
assert not detector.check(get_test_context("::1", "/.htaccess", "GET"))
64+
assert not detector.check("::1")
65+
assert not detector.check("::1")
66+
assert not detector.check("::1")
67+
assert not detector.check("::1")
68+
assert not detector.check("::1")
69+
assert not detector.check("::1")
10170

10271
with patch(
10372
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
10473
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=92 * 60 * 1000),
10574
):
10675
# Should resend event after 1 hour
107-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
108-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
109-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
110-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
111-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
112-
assert detector.check(get_test_context("::1", "/.htaccess", "GET"))
76+
assert not detector.check("::1")
77+
assert not detector.check("::1")
78+
assert not detector.check("::1")
79+
assert not detector.check("::1")
80+
assert not detector.check("::1")
81+
assert detector.check("::1")
11382

11483

11584
def test_a_slow_web_scanner_that_triggers_in_the_second_interval():
@@ -118,21 +87,21 @@ def test_a_slow_web_scanner_that_triggers_in_the_second_interval():
11887
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=0),
11988
):
12089
detector = new_attack_wave_detector()
121-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
122-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
123-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
124-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
90+
assert not detector.check("::1")
91+
assert not detector.check("::1")
92+
assert not detector.check("::1")
93+
assert not detector.check("::1")
12594

12695
with patch(
12796
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
12897
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=62 * 1000),
12998
):
130-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
131-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
132-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
133-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
134-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
135-
assert detector.check(get_test_context("::1", "/.htaccess", "GET"))
99+
assert not detector.check("::1")
100+
assert not detector.check("::1")
101+
assert not detector.check("::1")
102+
assert not detector.check("::1")
103+
assert not detector.check("::1")
104+
assert detector.check("::1")
136105

137106

138107
def test_a_slow_web_scanner_that_triggers_in_the_third_interval():
@@ -141,29 +110,29 @@ def test_a_slow_web_scanner_that_triggers_in_the_third_interval():
141110
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=0),
142111
):
143112
detector = new_attack_wave_detector()
144-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
145-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
146-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
147-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
113+
assert not detector.check("::1")
114+
assert not detector.check("::1")
115+
assert not detector.check("::1")
116+
assert not detector.check("::1")
148117

149118
with patch(
150119
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
151120
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=62 * 1000),
152121
):
153122
# Still false because minimum time between events is 1 hour
154-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
155-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
156-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
157-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
123+
assert not detector.check("::1")
124+
assert not detector.check("::1")
125+
assert not detector.check("::1")
126+
assert not detector.check("::1")
158127

159128
with patch(
160129
"aikido_zen.helpers.get_current_unixtime_ms.get_unixtime_ms",
161130
side_effect=lambda **kw: mock_get_unixtime_ms(**kw, mock_time=124 * 1000),
162131
):
163132
# Should resend event after 1 hour
164-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
165-
assert not detector.check(get_test_context("::1", "/wp-config.php", "GET"))
166-
assert not detector.check(get_test_context("::1", "/wp-config.php.bak", "GET"))
167-
assert not detector.check(get_test_context("::1", "/.git/config", "GET"))
168-
assert not detector.check(get_test_context("::1", "/.env", "GET"))
169-
assert detector.check(get_test_context("::1", "/.htaccess", "GET"))
133+
assert not detector.check("::1")
134+
assert not detector.check("::1")
135+
assert not detector.check("::1")
136+
assert not detector.check("::1")
137+
assert not detector.check("::1")
138+
assert detector.check("::1")

0 commit comments

Comments
 (0)