anti
3dc5b509f6
Add passive TLS fingerprinting via a sniffer container on the MACVLAN interface, plus the Attacker table and periodic rebuild worker that correlates per-IP profiles from Log + Bounty + CorrelationEngine. - templates/sniffer/: Scapy sniffer with pure-Python TLS parser; emits tls_client_hello / tls_session RFC 5424 lines with ja3, ja3s, sni, alpn, raw_ciphers, raw_extensions; GREASE filtered per RFC 8701 - decnet/services/sniffer.py: service plugin (no ports, NET_RAW/NET_ADMIN) - decnet/web/db/models.py: Attacker SQLModel table + AttackersResponse - decnet/web/db/repository.py: 5 new abstract methods - decnet/web/db/sqlite/repository.py: implement all 5 (upsert, pagination, sort by recent/active/traversals, bounty grouping) - decnet/web/attacker_worker.py: 30s periodic rebuild via CorrelationEngine; extracts commands from log fields, merges fingerprint bounties - decnet/web/api.py: wire attacker_profile_worker into lifespan - decnet/web/ingester.py: extract JA3 bounty (fingerprint_type=ja3) - development/DEVELOPMENT.md: full attacker intelligence collection roadmap - pyproject.toml: scapy>=2.6.1 added to dev deps - tests: test_sniffer_ja3.py (40+ vectors), test_attacker_worker.py, test_base_repo.py / test_web_api.py updated for new surface
54 lines
2.3 KiB
Python
54 lines
2.3 KiB
Python
"""
|
|
Mock test for BaseRepository to ensure coverage of abstract pass lines.
|
|
"""
|
|
|
|
import pytest
|
|
from decnet.web.db.repository import BaseRepository
|
|
|
|
class DummyRepo(BaseRepository):
|
|
async def initialize(self) -> None: await super().initialize()
|
|
async def add_log(self, data): await super().add_log(data)
|
|
async def get_logs(self, **kw): await super().get_logs(**kw)
|
|
async def get_total_logs(self, **kw): await super().get_total_logs(**kw)
|
|
async def get_stats_summary(self): await super().get_stats_summary()
|
|
async def get_deckies(self): await super().get_deckies()
|
|
async def get_user_by_username(self, u): await super().get_user_by_username(u)
|
|
async def get_user_by_uuid(self, u): await super().get_user_by_uuid(u)
|
|
async def create_user(self, d): await super().create_user(d)
|
|
async def update_user_password(self, *a, **kw): await super().update_user_password(*a, **kw)
|
|
async def add_bounty(self, d): await super().add_bounty(d)
|
|
async def get_bounties(self, **kw): await super().get_bounties(**kw)
|
|
async def get_total_bounties(self, **kw): await super().get_total_bounties(**kw)
|
|
async def get_state(self, k): await super().get_state(k)
|
|
async def set_state(self, k, v): await super().set_state(k, v)
|
|
async def get_all_logs_raw(self): await super().get_all_logs_raw()
|
|
async def get_all_bounties_by_ip(self): await super().get_all_bounties_by_ip()
|
|
async def upsert_attacker(self, d): await super().upsert_attacker(d)
|
|
async def get_attackers(self, **kw): await super().get_attackers(**kw)
|
|
async def get_total_attackers(self, **kw): await super().get_total_attackers(**kw)
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_base_repo_coverage():
|
|
dr = DummyRepo()
|
|
# Call all to hit 'pass' statements
|
|
await dr.initialize()
|
|
await dr.add_log({})
|
|
await dr.get_logs()
|
|
await dr.get_total_logs()
|
|
await dr.get_stats_summary()
|
|
await dr.get_deckies()
|
|
await dr.get_user_by_username("a")
|
|
await dr.get_user_by_uuid("a")
|
|
await dr.create_user({})
|
|
await dr.update_user_password("a", "b")
|
|
await dr.add_bounty({})
|
|
await dr.get_bounties()
|
|
await dr.get_total_bounties()
|
|
await dr.get_state("k")
|
|
await dr.set_state("k", "v")
|
|
await dr.get_all_logs_raw()
|
|
await dr.get_all_bounties_by_ip()
|
|
await dr.upsert_attacker({})
|
|
await dr.get_attackers()
|
|
await dr.get_total_attackers()
|