Skip to content

Commit

Permalink
Add tests for new message filtering functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
@legoktm
legoktm committed Mar 10, 2022
1 parent 5dcad2d commit 9e8e6f7
Show file tree
Hide file tree
Showing 3 changed files with 114 additions and 1 deletion.
40 changes: 40 additions & 0 deletions securedrop/tests/test_journalist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1878,6 +1878,46 @@ def test_prevent_document_uploads_invalid(journalist_app, test_admin):
assert InstanceConfig.get_current().allow_document_uploads is False


def test_message_filtering(config, journalist_app, test_admin):
with journalist_app.test_client() as app:
_login_user(app, test_admin['username'], test_admin['password'],
test_admin['otp_secret'])
# Assert status quo
assert InstanceConfig.get_current().initial_message_min_len == 0
# Try to set min length to 10, but don't tick the "prevent short messages" checkbox
form = journalist_app_module.forms.SubmissionPreferencesForm(
prevent_short_messages=False,
min_message_length=10)
app.post(url_for('admin.update_submission_preferences'),
data=form.data,
follow_redirects=True)
# Still 0
assert InstanceConfig.get_current().initial_message_min_len == 0
# Now tick the "prevent short messages" checkbox
form = journalist_app_module.forms.SubmissionPreferencesForm(
prevent_short_messages=True,
min_message_length=10)
app.post(url_for('admin.update_submission_preferences'),
data=form.data,
follow_redirects=True)
assert InstanceConfig.get_current().initial_message_min_len == 10

# Submit junk data for min_message_length
resp = app.post(url_for('admin.update_submission_preferences'),
data={**form.data, 'min_message_length': 'abcdef'},
follow_redirects=True)
html = resp.data.decode('utf-8')
assert 'To configure a minimum message length, you must set the required' in html
# Now rejecting codenames
assert InstanceConfig.get_current().reject_message_with_codename is False
form = journalist_app_module.forms.SubmissionPreferencesForm(
reject_codename_messages=True)
app.post(url_for('admin.update_submission_preferences'),
data=form.data,
follow_redirects=True)
assert InstanceConfig.get_current().reject_message_with_codename is True


def test_orgname_default_set(journalist_app, test_admin):

class dummy_current():
Expand Down
61 changes: 61 additions & 0 deletions securedrop/tests/test_source.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,40 @@ def test_submit_big_message(source_app):
assert "Message text too long." in text


def test_submit_initial_short_message(source_app):
"""
Test the message size limit.
"""
with source_app.test_client() as app:
InstanceConfig.get_default().update_submission_prefs(
allow_uploads=True, min_length=10, reject_codenames=False)
new_codename(app, session)
resp = app.post(
url_for('main.submit'),
data=dict(msg="A" * 5, fh=(StringIO(''), '')),
follow_redirects=True)
assert resp.status_code == 200
text = resp.data.decode('utf-8')
assert "Your first message must be at least 10 characters long." in text
# Now retry with a longer message
resp = app.post(
url_for('main.submit'),
data=dict(msg="A" * 25, fh=(StringIO(''), '')),
follow_redirects=True)
assert resp.status_code == 200
text = resp.data.decode('utf-8')
assert "Thank you for sending this information to us." in text
# Now send another short message, that should still be accepted since
# it's no longer the initial one
resp = app.post(
url_for('main.submit'),
data=dict(msg="A", fh=(StringIO(''), '')),
follow_redirects=True)
assert resp.status_code == 200
text = resp.data.decode('utf-8')
assert "Thanks! We received your message." in text


def test_submit_file(source_app):
with source_app.test_client() as app:
new_codename(app, session)
Expand Down Expand Up @@ -461,6 +495,33 @@ def test_submit_antispam(source_app):
assert resp.status_code == 403


def test_submit_codename(source_app):
"""
Test preventions against people submitting their codename.
"""
with source_app.test_client() as app:
InstanceConfig.get_default().update_submission_prefs(
allow_uploads=True, min_length=0, reject_codenames=True)
codename = new_codename(app, session)
resp = app.post(
url_for('main.submit'),
data=dict(msg=codename, fh=(StringIO(''), '')),
follow_redirects=True)
assert resp.status_code == 200
text = resp.data.decode('utf-8')
assert "Please do not submit your codename!" in text
# Do a dummy submission
_dummy_submission(app)
# Now resubmit the codename, should be accepted.
resp = app.post(
url_for('main.submit'),
data=dict(msg=codename, fh=(StringIO(''), '')),
follow_redirects=True)
assert resp.status_code == 200
text = resp.data.decode('utf-8')
assert "Thanks! We received your message" in text


def test_delete_all_successfully_deletes_replies(source_app, app_storage):
with source_app.app_context():
journalist, _ = utils.db_helper.init_journalist()
Expand Down
14 changes: 13 additions & 1 deletion securedrop/tests/test_source_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@
import json
import os

import pytest
import werkzeug

from source_app.utils import check_url_file, fit_codenames_into_cookie
from source_app.utils import check_url_file, codename_detected, fit_codenames_into_cookie
from .test_journalist import VALID_PASSWORD


Expand Down Expand Up @@ -61,3 +62,14 @@ def test_fit_codenames_into_cookie(config):
assert(len(serialized) > werkzeug.Response.max_cookie_size)
serialized = json.dumps(fit_codenames_into_cookie(codenames)).encode()
assert(len(serialized) < werkzeug.Response.max_cookie_size)


@pytest.mark.parametrize('message,expected', (
('Foo', False),
('codename', True),
(' codename ', True),
('Codename codename', True),
('foocodenamebar', False),
))
def test_codename_detected(message, expected):
assert codename_detected(message, 'codename') is expected

0 comments on commit 9e8e6f7

Please sign in to comment.