anti
3dc5b509f6
Add passive TLS fingerprinting via a sniffer container on the MACVLAN interface, plus the Attacker table and periodic rebuild worker that correlates per-IP profiles from Log + Bounty + CorrelationEngine. - templates/sniffer/: Scapy sniffer with pure-Python TLS parser; emits tls_client_hello / tls_session RFC 5424 lines with ja3, ja3s, sni, alpn, raw_ciphers, raw_extensions; GREASE filtered per RFC 8701 - decnet/services/sniffer.py: service plugin (no ports, NET_RAW/NET_ADMIN) - decnet/web/db/models.py: Attacker SQLModel table + AttackersResponse - decnet/web/db/repository.py: 5 new abstract methods - decnet/web/db/sqlite/repository.py: implement all 5 (upsert, pagination, sort by recent/active/traversals, bounty grouping) - decnet/web/attacker_worker.py: 30s periodic rebuild via CorrelationEngine; extracts commands from log fields, merges fingerprint bounties - decnet/web/api.py: wire attacker_profile_worker into lifespan - decnet/web/ingester.py: extract JA3 bounty (fingerprint_type=ja3) - development/DEVELOPMENT.md: full attacker intelligence collection roadmap - pyproject.toml: scapy>=2.6.1 added to dev deps - tests: test_sniffer_ja3.py (40+ vectors), test_attacker_worker.py, test_base_repo.py / test_web_api.py updated for new surface
157 lines
6.4 KiB
Python
157 lines
6.4 KiB
Python
"""
|
|
Tests for decnet/web/api.py lifespan and decnet/web/dependencies.py auth helpers.
|
|
"""
|
|
|
|
import asyncio
|
|
from unittest.mock import AsyncMock, MagicMock, patch
|
|
|
|
import pytest
|
|
|
|
from decnet.web.auth import create_access_token
|
|
|
|
|
|
# ── get_current_user ──────────────────────────────────────────────────────────
|
|
|
|
class TestGetCurrentUser:
|
|
@pytest.mark.asyncio
|
|
async def test_valid_token(self):
|
|
from decnet.web.dependencies import get_current_user
|
|
token = create_access_token({"uuid": "test-uuid-123"})
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": f"Bearer {token}"}
|
|
result = await get_current_user(request)
|
|
assert result == "test-uuid-123"
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_no_auth_header(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_current_user
|
|
request = MagicMock()
|
|
request.headers = {}
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
await get_current_user(request)
|
|
assert exc_info.value.status_code == 401
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_invalid_jwt(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_current_user
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": "Bearer invalid-token"}
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
await get_current_user(request)
|
|
assert exc_info.value.status_code == 401
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_missing_uuid_in_payload(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_current_user
|
|
token = create_access_token({"sub": "no-uuid-field"})
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": f"Bearer {token}"}
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
await get_current_user(request)
|
|
assert exc_info.value.status_code == 401
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_bearer_prefix_required(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_current_user
|
|
token = create_access_token({"uuid": "test-uuid"})
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": f"Token {token}"}
|
|
with pytest.raises(HTTPException):
|
|
await get_current_user(request)
|
|
|
|
|
|
# ── get_stream_user ───────────────────────────────────────────────────────────
|
|
|
|
class TestGetStreamUser:
|
|
@pytest.mark.asyncio
|
|
async def test_bearer_header(self):
|
|
from decnet.web.dependencies import get_stream_user
|
|
token = create_access_token({"uuid": "stream-uuid"})
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": f"Bearer {token}"}
|
|
result = await get_stream_user(request, token=None)
|
|
assert result == "stream-uuid"
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_query_param_fallback(self):
|
|
from decnet.web.dependencies import get_stream_user
|
|
token = create_access_token({"uuid": "query-uuid"})
|
|
request = MagicMock()
|
|
request.headers = {}
|
|
result = await get_stream_user(request, token=token)
|
|
assert result == "query-uuid"
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_no_token_raises(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_stream_user
|
|
request = MagicMock()
|
|
request.headers = {}
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
await get_stream_user(request, token=None)
|
|
assert exc_info.value.status_code == 401
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_invalid_token_raises(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_stream_user
|
|
request = MagicMock()
|
|
request.headers = {}
|
|
with pytest.raises(HTTPException):
|
|
await get_stream_user(request, token="bad-token")
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_missing_uuid_raises(self):
|
|
from fastapi import HTTPException
|
|
from decnet.web.dependencies import get_stream_user
|
|
token = create_access_token({"sub": "no-uuid"})
|
|
request = MagicMock()
|
|
request.headers = {"Authorization": f"Bearer {token}"}
|
|
with pytest.raises(HTTPException):
|
|
await get_stream_user(request, token=None)
|
|
|
|
|
|
# ── web/api.py lifespan ──────────────────────────────────────────────────────
|
|
|
|
class TestLifespan:
|
|
@pytest.mark.asyncio
|
|
async def test_lifespan_startup_and_shutdown(self):
|
|
from decnet.web.api import lifespan
|
|
mock_app = MagicMock()
|
|
mock_repo = MagicMock()
|
|
mock_repo.initialize = AsyncMock()
|
|
|
|
with patch("decnet.web.api.repo", mock_repo):
|
|
with patch("decnet.web.api.log_ingestion_worker", return_value=asyncio.sleep(0)):
|
|
with patch("decnet.web.api.log_collector_worker", return_value=asyncio.sleep(0)):
|
|
with patch("decnet.web.api.attacker_profile_worker", return_value=asyncio.sleep(0)):
|
|
async with lifespan(mock_app):
|
|
mock_repo.initialize.assert_awaited_once()
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_lifespan_db_retry(self):
|
|
from decnet.web.api import lifespan
|
|
mock_app = MagicMock()
|
|
mock_repo = MagicMock()
|
|
_call_count: int = 0
|
|
|
|
async def _failing_init():
|
|
nonlocal _call_count
|
|
_call_count += 1
|
|
if _call_count < 3:
|
|
raise Exception("DB locked")
|
|
|
|
mock_repo.initialize = _failing_init
|
|
|
|
with patch("decnet.web.api.repo", mock_repo):
|
|
with patch("decnet.web.api.asyncio.sleep", new_callable=AsyncMock):
|
|
with patch("decnet.web.api.log_ingestion_worker", return_value=asyncio.sleep(0)):
|
|
with patch("decnet.web.api.log_collector_worker", return_value=asyncio.sleep(0)):
|
|
with patch("decnet.web.api.attacker_profile_worker", return_value=asyncio.sleep(0)):
|
|
async with lifespan(mock_app):
|
|
assert _call_count == 3
|