Skip to content

Commit

Permalink
Merge pull request #1799 from beefproject/test
Browse files Browse the repository at this point in the history
Tests for the linear run
  • Loading branch information
jcrew99 authored Dec 10, 2019
2 parents 3273513 + 7043212 commit bc6d7dc
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 58 deletions.
114 changes: 58 additions & 56 deletions spec/beef/api/auth_rate_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,65 +6,67 @@

RSpec.describe 'BeEF API Rate Limit' do

before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
@config = BeEF::Core::Configuration.instance
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@pids = fork do
before(:all) do
# Note: rake spec passes --patterns which causes BeEF to pickup this argument via optparse. I can't see a better way at the moment to filter this out. Therefore ARGV=[] for this test.
ARGV = []
DataMapper.setup(:default, 'sqlite3::memory:')
DataMapper.auto_migrate!
@config = BeEF::Core::Configuration.instance
http_hook_server = BeEF::Core::Server.instance
http_hook_server.prepare
@pids = fork do
BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
end
@pid = fork do
http_hook_server.start
end
@pid = fork do
http_hook_server.start
end
# wait for server to start
sleep 1
end
# wait for server to start
sleep 1
end

after(:all) do
Process.kill("INT",@pid)
Process.kill("INT",@pids)
end

after(:all) do
Process.kill("INT",@pid)
Process.kill("INT",@pids)
end

it 'adheres to auth rate limits' do
passwds = (1..9).map { |i| "broken_pass"}
passwds.push BEEF_PASSWD
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
l = apis.length
#If this is failing with expect(test_api.auth()[:payload]["success"]).to be(true) expected true but received nil
#make sure in config.yaml the password = BEEF_PASSWD, which is currently 'beef'
(0..2).each do |again| # multiple sets of auth attempts
# first pass -- apis in order, valid passwd on 9th attempt
# subsequent passes apis shuffled
puts "speed requesets" # all should return 401
(0..50).each do |i|
# t = Time.now()
#puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
result = test_api.auth()[:payload]
expect(result).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
# t0 = t
end
# again with more time between calls -- there should be success (1st iteration)
puts "delayed requests"
(0..(l*2)).each do |i|
# t = Time.now()
#puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
if (test_api.is_pass?(BEEF_PASSWD))
expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
else
expect(test_api.auth()[:payload]).to eql("401 Unauthorized")
end
sleep(0.5)
# t0 = t
end
apis.shuffle! # new order for next iteration
apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
end # multiple sets of auth attempts
end
it 'adheres to auth rate limits' do
passwds = (1..9).map { |i| "broken_pass"}
passwds.push BEEF_PASSWD
apis = passwds.map { |pswd| BeefRestClient.new('http', ATTACK_DOMAIN, '3000', BEEF_USER, pswd) }
l = apis.length
#If this is failing with expect(test_api.auth()[:payload]["success"]).to be(true) expected true but received nil
#make sure in config.yaml the password = BEEF_PASSWD, which is currently 'beef'
(0..2).each do |again| # multiple sets of auth attempts
# first pass -- apis in order, valid passwd on 9th attempt
# subsequent passes apis shuffled
puts "speed requesets" # all should return 401
(0..50).each do |i|
# t = Time.now()
#puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
expect(test_api.auth()[:payload]).to eql("401 Unauthorized") # all (unless the valid is first 1 in 10 chance)
# t0 = t
end
# again with more time between calls -- there should be success (1st iteration)
puts "delayed requests"
(0..(l*2)).each do |i|
# t = Time.now()
#puts "#{i} : #{t - t0} : #{apis[i%l].auth()[:payload]}"
test_api = apis[i%l]
if (test_api.is_pass?(BEEF_PASSWD))
expect(test_api.auth()[:payload]["success"]).to be(true) # valid pass should succeed
else
expect(test_api.auth()[:payload]).to eql("401 Unauthorized")
end
sleep(0.5)
# t0 = t
end
apis.shuffle! # new order for next iteration
apis = apis.reverse if (apis[0].is_pass?(BEEF_PASSWD)) # prevent the first from having valid passwd
end # multiple sets of auth attempts
end

end
4 changes: 2 additions & 2 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@

RSpec.configure do |config|
config.disable_monkey_patching!
config.bisect_runner = :shell
config.include Rack::Test::Methods
config.expect_with :rspec do |c|
c.syntax = :expect
end
config.order = :random
Kernel.srand config.seed

end

0 comments on commit bc6d7dc

Please sign in to comment.