Skip to content
Snippets Groups Projects
Commit 95a4692f authored by Bryan BRANCOTTE's avatar Bryan BRANCOTTE
Browse files

add missing settings

parent bbb71cb1
No related branches found
No related tags found
No related merge requests found
Pipeline #150880 passed
...@@ -3,8 +3,12 @@ import os ...@@ -3,8 +3,12 @@ import os
SECRET_KEY = 'fake-key' SECRET_KEY = 'fake-key'
INSTALLED_APPS = [ INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth', 'django.contrib.auth',
'django.contrib.contenttypes', 'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'live_settings', 'live_settings',
'tests', 'tests',
] ]
...@@ -20,3 +24,34 @@ DATABASES = { ...@@ -20,3 +24,34 @@ DATABASES = {
ROOT_URLCONF = 'tests.urls' ROOT_URLCONF = 'tests.urls'
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'basetheme_bootstrap.context_processors.processors',
'strass_app.context_processors.enrich_with_status',
'strass_app.context_processors.add_google_analytics_tracker',
"live_settings.context_processors.processors",
],
},
},
]
import json
import logging
from typing import Dict
from django.core import mail
from django.test import TestCase, override_settings
from django.urls import reverse
from django.urls import reverse_lazy
import cspmailreports.apps
import cspmailreports.conf
logger = logging.getLogger(__name__)
class CSPTooledTestCase(TestCase):
url = reverse_lazy('cspmailreports:csp-report')
def setUp(self):
super().setUp()
cspmailreports.conf.app_settings._reset_cache()
@staticmethod
def fake_report(referrer="http://127.0.0.1:8080") -> Dict:
return {
"csp-report": {
"blocked-uri": "inline",
"disposition": "enforce",
"document-uri": f"{referrer}/about/",
"effective-directive": "script-src-elem",
"line-number": 215,
"original-policy": "default-src 'self' *; script-src 'self' cdn.datatables.net",
"referrer": referrer,
"script-sample": "",
"source-file": f"{referrer}/about/",
"status-code": 200,
"violated-directive": "script-src-elem",
}
}
def report(self, report=None):
if report is None:
report = self.fake_report()
return self.client.post(self.url, data=json.dumps(report), content_type='application/csp-report')
class TestMain(CSPTooledTestCase):
def test_works(self):
url = reverse('cspmailreports:csp-report')
# check get ko
self.assertNotIn(self.client.get(url).status_code, [200])
# check post works
self.assertIn(self.report().status_code, [200])
def test_invalid_mime_type_refused(self):
self.assertNotIn(self.client.post(self.url, data=self.fake_report()).status_code, [200])
def test_invalid_data_accepted(self):
self.assertIn(
self.client.generic(
"POST",
self.url,
'zerzerz!sdf{',
'application/csp-report',
).status_code,
[200],
)
@override_settings(
CSP_MAIL_REPORTS_MAX_BEFORE_COOLDOWN=10,
ADMINS=(('ada', 'ada@pasteur.fr'),),
DEBUG=False,
)
class TestDOS(CSPTooledTestCase):
def test_it(self):
mail_count = len(mail.outbox)
self.client.defaults['REMOTE_ADDR'] = '1.2.3.4'
# trigger dos
for i in range(cspmailreports.conf.app_settings.max_report_before_cooldown):
self.assertIn(self.report().status_code, [200])
mail_count += 1
self.assertEqual(mail_count, len(mail.outbox))
# check blocked
self.assertIn(self.report().status_code, [429])
self.assertEqual(mail_count, len(mail.outbox))
# check other is not blocked
self.client.defaults['REMOTE_ADDR'] = '1.2.3.5'
self.assertIn(self.report().status_code, [200])
mail_count += 1
self.assertEqual(mail_count, len(mail.outbox))
@override_settings(
ADMINS=(('ada', 'ada@pasteur.fr'),),
)
class TestMailAdmin(CSPTooledTestCase):
def test_it(self):
mail_count = len(mail.outbox)
self.assertIn(self.report().status_code, [200])
mail_count += 1
self.assertEqual(mail_count, len(mail.outbox))
@override_settings(
ADMINS=(),
)
class TestMailNoAdmin(CSPTooledTestCase):
def test_it(self):
mail_count = len(mail.outbox)
self.assertIn(self.report().status_code, [200])
mail_count += 0 # in debug not mail to admin is sent
self.assertEqual(mail_count, len(mail.outbox))
@override_settings(
CSP_MAIL_REPORTS_MAX_BEFORE_COOLDOWN=-1,
)
class TestCheck1(CSPTooledTestCase):
def test_it(self):
cspmailreports.conf.app_settings._reset_cache()
self.assertEqual(len(cspmailreports.apps.check_settings(None)), 1)
@override_settings(
CSP_MAIL_REPORTS_COOLDOWN_IN_SECONDS=-1,
)
class TestCheck2(CSPTooledTestCase):
def test_it(self):
cspmailreports.conf.app_settings._reset_cache()
self.assertEqual(len(cspmailreports.apps.check_settings(None)), 1)
@override_settings(
CSP_MAIL_REPORTS_MAX_BEFORE_COOLDOWN=-1,
CSP_MAIL_REPORTS_COOLDOWN_IN_SECONDS=-1,
)
class TestCheckAll(CSPTooledTestCase):
def test_it(self):
cspmailreports.conf.app_settings._reset_cache()
self.assertEqual(len(cspmailreports.apps.check_settings(None)), 2)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment