Skip to content

Commit

Permalink
Get target blacklist dynamically for each validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@pablosnt
pablosnt committed Dec 9, 2023
1 parent 26787d6 commit f19766a
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 30 deletions.
13 changes: 4 additions & 9 deletions src/backend/security/target_validator.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import ipaddress
import re
from re import RegexFlag
from typing import Any
from typing import Any, List

from django.core.validators import RegexValidator
from django.forms import ValidationError
Expand All @@ -20,22 +20,17 @@ def __init__(
self.code = code
flags = None # Needed to prevent TypeError
super().__init__(regex, message, code, inverse_match, flags)
try:
self.target_blacklist = TargetBlacklist.objects.all().values_list(
"target", flat=True
)
except: # pragma: no cover
self.target_blacklist = []

def __call__(self, value: str | None) -> None:
super().__call__(value)
if value in self.target_blacklist:
blacklist = TargetBlacklist.objects.all().values_list("target", flat=True)
if value in blacklist:
raise ValidationError(
f"Target is disallowed by policy",
code=self.code,
params={"value": value},
)
for denied_value in self.target_blacklist:
for denied_value in blacklist:
try:
match = re.fullmatch(denied_value, value)
except:
Expand Down
42 changes: 21 additions & 21 deletions src/backend/tests/test_target_blacklist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,27 +66,27 @@ class TargetBlacklistTest(ApiTest):
data=target_blacklist3,
expected={"id": 16, "default": False, **target_blacklist3},
),
# ApiTestCase(
# ["admin1", "auditor1"],
# "post",
# 400,
# {"project": 1, "target": "rekono.com"},
# endpoint="/api/targets/",
# ),
# ApiTestCase(
# ["admin1", "auditor1"],
# "post",
# 400,
# {"project": 1, "target": "subdomain.rekono.com"},
# endpoint="/api/targets/",
# ),
# ApiTestCase(
# ["admin1", "auditor1"],
# "post",
# 400,
# {"project": 1, "target": "10.10.10.1"},
# endpoint="/api/targets/",
# ),
ApiTestCase(
["admin1", "auditor1"],
"post",
400,
{"project": 1, "target": "rekono.com"},
endpoint="/api/targets/",
),
ApiTestCase(
["admin1", "auditor1"],
"post",
400,
{"project": 1, "target": "subdomain.rekono.com"},
endpoint="/api/targets/",
),
ApiTestCase(
["admin1", "auditor1"],
"post",
400,
{"project": 1, "target": "10.10.10.1"},
endpoint="/api/targets/",
),
ApiTestCase(
["admin1", "admin2"],
"put",
Expand Down

0 comments on commit f19766a

Please sign in to comment.