sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-04-27 15:07:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Attempt to improve legibility

Browse source
This commit is contained in:
Gonzalo 2018-01-19 12:00:38 -03:00
parent d5b89f2f74
commit 79d21fc3ac
7 changed files with 28 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
spec/allow2ban_spec.rb
View file

@ -1,4 +1,5 @@
require_relative 'spec_helper' require_relative 'spec_helper'
describe 'Rack::Attack.Allow2Ban' do describe 'Rack::Attack.Allow2Ban' do
before do before do
# Use a long findtime; failures due to cache key rotation less likely # Use a long findtime; failures due to cache key rotation less likely
@ -7,6 +8,7 @@ describe 'Rack::Attack.Allow2Ban' do
@bantime = 60 @bantime = 60
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
@f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2} @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
Rack::Attack.blocklist('pentest') do |req| Rack::Attack.blocklist('pentest') do |req|
Rack::Attack::Allow2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/} Rack::Attack::Allow2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
end end
@ -23,6 +25,7 @@ describe 'Rack::Attack.Allow2Ban' do
describe 'making qualifying request' do describe 'making qualifying request' do
describe 'when not at maxretry' do describe 'when not at maxretry' do
before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'succeeds' do it 'succeeds' do
last_response.status.must_equal 200 last_response.status.must_equal 200
end end
@ -58,7 +61,6 @@ describe 'Rack::Attack.Allow2Ban' do
key = "rack::attack:allow2ban:ban:1.2.3.4" key = "rack::attack:allow2ban:ban:1.2.3.4"
@cache.store.read(key).must_equal 1 @cache.store.read(key).must_equal 1
end end
end end
end end
end end
@ -116,6 +118,5 @@ describe 'Rack::Attack.Allow2Ban' do
@cache.store.read(key).must_equal 1 @cache.store.read(key).must_equal 1
end end
end end
end end
end end

4
spec/fail2ban_spec.rb
View file

@ -1,4 +1,5 @@
require_relative 'spec_helper' require_relative 'spec_helper'
describe 'Rack::Attack.Fail2Ban' do describe 'Rack::Attack.Fail2Ban' do
before do before do
# Use a long findtime; failures due to cache key rotation less likely # Use a long findtime; failures due to cache key rotation less likely
@ -7,6 +8,7 @@ describe 'Rack::Attack.Fail2Ban' do
@bantime = 60 @bantime = 60
Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
@f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2} @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
Rack::Attack.blocklist('pentest') do |req| Rack::Attack.blocklist('pentest') do |req|
Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/} Rack::Attack::Fail2Ban.filter(req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
end end
@ -23,6 +25,7 @@ describe 'Rack::Attack.Fail2Ban' do
describe 'making failing request' do describe 'making failing request' do
describe 'when not at maxretry' do describe 'when not at maxretry' do
before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'fails' do it 'fails' do
last_response.status.must_equal 403 last_response.status.must_equal 403
end end
@ -136,6 +139,5 @@ describe 'Rack::Attack.Fail2Ban' do
@cache.store.read(key).must_equal 1 @cache.store.read(key).must_equal 1
end end
end end
end end
end end

4
spec/integration/offline_spec.rb
View file

@ -4,7 +4,6 @@ require 'dalli'
require_relative '../spec_helper' require_relative '../spec_helper'
OfflineExamples = Minitest::SharedExamples.new do OfflineExamples = Minitest::SharedExamples.new do
it 'should write' do it 'should write' do
@cache.write('cache-test-key', 'foobar', 1) @cache.write('cache-test-key', 'foobar', 1)
end end
@ -16,7 +15,6 @@ OfflineExamples = Minitest::SharedExamples.new do
it 'should count' do it 'should count' do
@cache.send(:do_count, 'rack::attack::cache-test-key', 1) @cache.send(:do_count, 'rack::attack::cache-test-key', 1)
end end
end end
describe 'when Redis is offline' do describe 'when Redis is offline' do
@ -27,7 +25,6 @@ describe 'when Redis is offline' do
# Use presumably unused port for Redis client # Use presumably unused port for Redis client
@cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333) @cache.store = ActiveSupport::Cache::RedisStore.new(:host => '127.0.0.1', :port => 3333)
} }
end end
describe 'when Memcached is offline' do describe 'when Memcached is offline' do
@ -43,5 +40,4 @@ describe 'when Memcached is offline' do
after { after {
Dalli.logger.level = Logger::INFO Dalli.logger.level = Logger::INFO
} }
end end

5
spec/integration/rack_attack_cache_spec.rb
View file

@ -1,7 +1,6 @@
require_relative '../spec_helper' require_relative '../spec_helper'
describe Rack::Attack::Cache do describe Rack::Attack::Cache do
# A convenience method for deleting a key from cache. # A convenience method for deleting a key from cache.
# Slightly differnet than @cache.delete, which adds a prefix. # Slightly differnet than @cache.delete, which adds a prefix.
def delete(key) def delete(key)
@ -20,6 +19,7 @@ describe Rack::Attack::Cache do
require 'active_support/cache/mem_cache_store' require 'active_support/cache/mem_cache_store'
require 'active_support/cache/redis_store' require 'active_support/cache/redis_store'
require 'connection_pool' require 'connection_pool'
cache_stores = [ cache_stores = [
ActiveSupport::Cache::MemoryStore.new, ActiveSupport::Cache::MemoryStore.new,
ActiveSupport::Cache::DalliStore.new("127.0.0.1"), ActiveSupport::Cache::DalliStore.new("127.0.0.1"),
@ -32,8 +32,8 @@ describe Rack::Attack::Cache do
cache_stores.each do |store| cache_stores.each do |store|
store = Rack::Attack::StoreProxy.build(store) store = Rack::Attack::StoreProxy.build(store)
describe "with #{store.class}" do
describe "with #{store.class}" do
before { before {
@cache = Rack::Attack::Cache.new @cache = Rack::Attack::Cache.new
@key = "rack::attack:cache-test-key" @key = "rack::attack:cache-test-key"
@ -117,6 +117,5 @@ describe Rack::Attack::Cache do
end end
end end
end end
end end
end end

9
spec/rack_attack_spec.rb
View file

@ -33,11 +33,13 @@ describe 'Rack::Attack' do
describe "a bad request" do describe "a bad request" do
before { get '/', {}, 'REMOTE_ADDR' => @bad_ip } before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
it "should return a blocklist response" do it "should return a blocklist response" do
get '/', {}, 'REMOTE_ADDR' => @bad_ip get '/', {}, 'REMOTE_ADDR' => @bad_ip
last_response.status.must_equal 403 last_response.status.must_equal 403
last_response.body.must_equal "Forbidden\n" last_response.body.must_equal "Forbidden\n"
end end
it "should tag the env" do it "should tag the env" do
last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}" last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"
last_request.env['rack.attack.match_type'].must_equal :blocklist last_request.env['rack.attack.match_type'].must_equal :blocklist
@ -52,7 +54,7 @@ describe 'Rack::Attack' do
Rack::Attack.safelist("good ua") {|req| req.user_agent == @good_ua } Rack::Attack.safelist("good ua") {|req| req.user_agent == @good_ua }
end end
it('has a safelist'){ Rack::Attack.safelists.key?("good ua") } it('has a safelist') { Rack::Attack.safelists.key?("good ua") }
it('has a whitelist with a deprication warning') { it('has a whitelist with a deprication warning') {
_, stderror = capture_io do _, stderror = capture_io do
@ -63,10 +65,12 @@ describe 'Rack::Attack' do
describe "with a request match both safelist & blocklist" do describe "with a request match both safelist & blocklist" do
before { get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua } before { get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua }
it "should allow safelists before blocklists" do it "should allow safelists before blocklists" do
get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua get '/', {}, 'REMOTE_ADDR' => @bad_ip, 'HTTP_USER_AGENT' => @good_ua
last_response.status.must_equal 200 last_response.status.must_equal 200
end end
it "should tag the env" do it "should tag the env" do
last_request.env['rack.attack.matched'].must_equal 'good ua' last_request.env['rack.attack.matched'].must_equal 'good ua'
last_request.env['rack.attack.match_type'].must_equal :safelist last_request.env['rack.attack.match_type'].must_equal :safelist
@ -84,7 +88,6 @@ describe 'Rack::Attack' do
Rack::Attack.blacklisted_response Rack::Attack.blacklisted_response
end end
assert_match "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated. Please use 'blocklisted_response' instead.", stderror assert_match "[DEPRECATION] 'Rack::Attack.blacklisted_response' is deprecated. Please use 'blocklisted_response' instead.", stderror
end end
end end
@ -93,7 +96,5 @@ describe 'Rack::Attack' do
Rack::Attack.throttled_response.must_respond_to :call Rack::Attack.throttled_response.must_respond_to :call
end end
end end
end end
end end

12
spec/rack_attack_throttle_spec.rb
View file

@ -1,4 +1,5 @@
require_relative 'spec_helper' require_relative 'spec_helper'
describe 'Rack::Attack.throttle' do describe 'Rack::Attack.throttle' do
before do before do
@period = 60 # Use a long period; failures due to cache key rotation less likely @period = 60 # Use a long period; failures due to cache key rotation less likely
@ -6,11 +7,13 @@ describe 'Rack::Attack.throttle' do
Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |req| req.ip } Rack::Attack.throttle('ip/sec', :limit => 1, :period => @period) { |req| req.ip }
end end
it('should have a throttle'){ Rack::Attack.throttles.key?('ip/sec') } it('should have a throttle') { Rack::Attack.throttles.key?('ip/sec') }
allow_ok_requests allow_ok_requests
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'should set the counter for one request' do it 'should set the counter for one request' do
key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4" key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
Rack::Attack.cache.store.read(key).must_equal 1 Rack::Attack.cache.store.read(key).must_equal 1
@ -21,19 +24,23 @@ describe 'Rack::Attack.throttle' do
last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data last_request.env['rack.attack.throttle_data']['ip/sec'].must_equal data
end end
end end
describe "with 2 requests" do describe "with 2 requests" do
before do before do
2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } 2.times { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
end end
it 'should block the last request' do it 'should block the last request' do
last_response.status.must_equal 429 last_response.status.must_equal 429
end end
it 'should tag the env' do it 'should tag the env' do
last_request.env['rack.attack.matched'].must_equal 'ip/sec' last_request.env['rack.attack.matched'].must_equal 'ip/sec'
last_request.env['rack.attack.match_type'].must_equal :throttle last_request.env['rack.attack.match_type'].must_equal :throttle
last_request.env['rack.attack.match_data'].must_equal({:count => 2, :limit => 1, :period => @period}) last_request.env['rack.attack.match_data'].must_equal({:count => 2, :limit => 1, :period => @period})
last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4') last_request.env['rack.attack.match_discriminator'].must_equal('1.2.3.4')
end end
it 'should set a Retry-After header' do it 'should set a Retry-After header' do
last_response.headers['Retry-After'].must_equal @period.to_s last_response.headers['Retry-After'].must_equal @period.to_s
end end
@ -51,6 +58,7 @@ describe 'Rack::Attack.throttle with limit as proc' do
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'should set the counter for one request' do it 'should set the counter for one request' do
key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4" key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
Rack::Attack.cache.store.read(key).must_equal 1 Rack::Attack.cache.store.read(key).must_equal 1
@ -74,6 +82,7 @@ describe 'Rack::Attack.throttle with period as proc' do
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'should set the counter for one request' do it 'should set the counter for one request' do
key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4" key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
Rack::Attack.cache.store.read(key).must_equal 1 Rack::Attack.cache.store.read(key).must_equal 1
@ -97,6 +106,7 @@ describe 'Rack::Attack.throttle with block retuning nil' do
describe 'a single request' do describe 'a single request' do
before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' } before { get '/', {}, 'REMOTE_ADDR' => '1.2.3.4' }
it 'should not set the counter' do it 'should not set the counter' do
key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4" key = "rack::attack:#{Time.now.to_i/@period}:ip/sec:1.2.3.4"
Rack::Attack.cache.store.read(key).must_equal nil Rack::Attack.cache.store.read(key).must_equal nil

3
spec/rack_attack_track_spec.rb
View file

@ -18,7 +18,9 @@ describe 'Rack::Attack.track' do
before do before do
Rack::Attack.track("everything"){ |req| true } Rack::Attack.track("everything"){ |req| true }
end end
allow_ok_requests allow_ok_requests
it "should tag the env" do it "should tag the env" do
get '/' get '/'
last_request.env['rack.attack.matched'].must_equal 'everything' last_request.env['rack.attack.matched'].must_equal 'everything'
@ -34,6 +36,7 @@ describe 'Rack::Attack.track' do
ActiveSupport::Notifications.subscribe("rack.attack") do |*args| ActiveSupport::Notifications.subscribe("rack.attack") do |*args|
Counter.incr Counter.incr
end end
get "/" get "/"
end end