From baffa836876b19d96084029f9dc9e904dcd1311b Mon Sep 17 00:00:00 2001
From: madlep <madlep@madlep.com>
Date: Fri, 14 Jun 2013 15:37:02 +1000
Subject: [PATCH] spec for Fail2Ban

---
 spec/fail2ban_spec.rb | 121 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 spec/fail2ban_spec.rb

diff --git a/spec/fail2ban_spec.rb b/spec/fail2ban_spec.rb
new file mode 100644
index 0000000..84ae839
--- /dev/null
+++ b/spec/fail2ban_spec.rb
@@ -0,0 +1,121 @@
+require_relative 'spec_helper'
+describe 'Rack::Attack.Fail2Ban' do
+  before do
+    # Use a long findtime; failures due to cache key rotation less likely
+    @cache = Rack::Attack.cache
+    @findtime = 60
+    @bantime  = 60
+    Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
+    @f2b_options = {:bantime => @bantime, :findtime => @findtime, :maxretry => 2}
+    Rack::Attack.blacklist('pentest') do |req| 
+      Rack::Attack::Fail2Ban.filter("pentest", req.ip, @f2b_options){req.query_string =~ /OMGHAX/}
+    end
+  end
+  
+  describe 'discriminator has not been banned' do
+    describe 'making ok request' do
+      it 'succeeds' do
+        get '/', {}, 'REMOTE_ADDR' => '1.2.3.4'
+        last_response.status.must_equal 200
+      end
+    end
+
+    describe 'making failing request' do
+      describe 'when not at maxretry' do
+        before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
+        it 'fails' do
+          last_response.status.must_equal 503
+        end
+        
+        it 'increases fail count' do
+          key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
+          @cache.store.read(key).must_equal 1
+        end
+ 
+        it 'is not banned' do
+          key = "rack::attack:fail2ban:1.2.3.4"
+          @cache.store.read(key).must_be_nil
+        end
+      end
+      
+      describe 'when at maxretry' do
+        before do
+          # maxretry is 2 - so hit with an extra failed request first
+          get '/?test=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+          get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+        end
+
+        it 'fails' do
+          last_response.status.must_equal 503
+        end
+
+        it 'increases fail count' do
+          key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
+          @cache.store.read(key).must_equal 2
+        end
+
+        it 'is banned' do
+          key = "rack::attack:fail2ban:1.2.3.4"
+          @cache.store.read(key).must_equal 1
+        end
+
+      end
+    end
+  end
+
+  describe 'discriminator has been banned' do
+    before do
+      # maxretry is 2 - so hit enough times to get banned
+      get '/?test=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+      get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+    end
+
+    describe 'making request for other discriminator' do
+      it 'succeeds' do
+        get '/', {}, 'REMOTE_ADDR' => '2.2.3.4'
+        last_response.status.must_equal 200
+      end
+    end
+
+    describe 'making ok request' do
+      before do
+        get '/', {}, 'REMOTE_ADDR' => '1.2.3.4'
+      end
+
+      it 'fails' do
+        last_response.status.must_equal 503
+      end
+
+      it 'does not increase fail count' do
+        key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
+        @cache.store.read(key).must_equal 2
+      end
+
+      it 'is still banned' do
+        key = "rack::attack:fail2ban:1.2.3.4"
+        @cache.store.read(key).must_equal 1
+      end
+    end
+    
+    describe 'making failing request' do
+      before do
+        get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4'
+      end
+
+      it 'fails' do
+        last_response.status.must_equal 503
+      end
+
+      it 'does not increase fail count' do
+        key = "rack::attack:#{Time.now.to_i/@findtime}:pentest:1.2.3.4"
+        @cache.store.read(key).must_equal 2
+      end
+
+      it 'is still banned' do
+        key = "rack::attack:fail2ban:1.2.3.4"
+        @cache.store.read(key).must_equal 1
+      end
+    end
+    
+  end
+end