Don't actually bruteforce in the tests

google · Sep 27, 2023 · fbd8aa0 · fbd8aa0
1 parent b5e86cf
commit fbd8aa0
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/turbinia/workers/analysis/postgresql_acct_test.py b/turbinia/workers/analysis/postgresql_acct_test.py
@@ -15,6 +15,7 @@
 """Tests for the PostgreSQL account analysis task."""
 
 import os
+import mock
 import unittest
 
 from turbinia import config
@@ -35,7 +36,7 @@ class PostgresAcctAnalysisTaskTest(TestTurbiniaTaskBase):
 
   POSTGRES_REPORT = """#### **PostgreSQL analysis found 1 weak password(s)**
 * **1 weak password(s) found:**
-    * User 'postgres' with password 'password'"""
+    * User 'postgres' with password 'postgres'"""
 
   def setUp(self):
     super(PostgresAcctAnalysisTaskTest, self).setUp()
@@ -63,7 +64,8 @@ def test_extract_md5_creds(self):
     hashes, _ = task._extract_creds(['/database'], self.evidence)
     self.assertDictEqual(hashes, self.EXPECTED_MD5_CREDENTIALS)
 
-  def test_extract_scram_creds(self):
+
+  def test_extract_scram_creds(self, bruteforce_mock):
     """Tests the _extract_creds method."""
     config.LoadConfig()
     task = postgresql_acct.PostgresAccountAnalysisTask()
@@ -72,22 +74,34 @@ def test_extract_scram_creds(self):
     _, hashes = task._extract_creds(['/scram_database'], self.evidence)
     self.assertDictEqual(hashes, self.EXPECTED_SCRAM_CREDENTIALS)
 
-  def test_analyse_md5_postgres_creds(self):
+  @mock.patch('turbinia.workers.analysis.postgresql_acct.bruteforce_password_hashes')
+  def test_analyse_md5_postgres_creds(self, bruteforce_mock):
     """Tests the _analyse_postgres_creds method."""
     config.LoadConfig()
     task = postgresql_acct.PostgresAccountAnalysisTask()
 
+    bruteforce_mock.side_effect = [
+        [(list(self.EXPECTED_MD5_CREDENTIALS.keys())[0], 'postgres')],
+        []
+    ]
+
     (report, priority, summary) = task._analyse_postgres_creds(
         self.EXPECTED_MD5_CREDENTIALS, {})
     self.assertEqual(report, self.POSTGRES_REPORT)
     self.assertEqual(priority, 10)
     self.assertEqual(summary, 'PostgreSQL analysis found 1 weak password(s)')
 
-  def test_analyse_scram_postgres_creds(self):
+  @mock.patch('turbinia.workers.analysis.postgresql_acct.bruteforce_password_hashes')
+  def test_analyse_scram_postgres_creds(self, bruteforce_mock):
     """Tests the _analyse_postgres_creds method."""
     config.LoadConfig()
     task = postgresql_acct.PostgresAccountAnalysisTask()
 
+    bruteforce_mock.side_effect = [
+        [],
+        [(list(self.EXPECTED_SCRAM_CREDENTIALS.keys())[0], 'postgres')]
+    ]
+
     (report, priority, summary) = task._analyse_postgres_creds(
         {}, self.EXPECTED_SCRAM_CREDENTIALS)
     self.assertEqual(report, self.POSTGRES_REPORT)