From 9fdbd018b4cb9ad74c3fdcc5be6d79509234f6f5 Mon Sep 17 00:00:00 2001 From: TheTechromancer Date: Wed, 30 Oct 2024 00:59:05 -0400 Subject: [PATCH 1/3] update httpx --- poetry.lock | 45 ++++++++++++++++++++++++--------------------- pyproject.toml | 6 +++--- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/poetry.lock b/poetry.lock index bcae1fe..e54733e 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2,13 +2,13 @@ [[package]] name = "anyio" -version = "4.6.0" +version = "4.6.2.post1" description = "High level compatibility layer for multiple asynchronous event loop implementations" optional = false python-versions = ">=3.9" files = [ - {file = "anyio-4.6.0-py3-none-any.whl", hash = "sha256:c7d2e9d63e31599eeb636c8c5c03a7e108d73b345f064f1c19fdc87b79036a9a"}, - {file = "anyio-4.6.0.tar.gz", hash = "sha256:137b4559cbb034c477165047febb6ff83f390fc3b20bf181c1fc0a728cb8beeb"}, + {file = "anyio-4.6.2.post1-py3-none-any.whl", hash = "sha256:6d170c36fba3bdd840c73d3868c1e777e33676a69c3a72cf0a0d5d6d8009b61d"}, + {file = "anyio-4.6.2.post1.tar.gz", hash = "sha256:4c8bc31ccdb51c7f7bd251f51c609e038d63e34219b44aa86e47576389880b4c"}, ] [package.dependencies] @@ -19,7 +19,7 @@ typing-extensions = {version = ">=4.1", markers = "python_version < \"3.11\""} [package.extras] doc = ["Sphinx (>=7.4,<8.0)", "packaging", "sphinx-autodoc-typehints (>=1.2.0)", "sphinx-rtd-theme"] -test = ["anyio[trio]", "coverage[toml] (>=7)", "exceptiongroup (>=1.2.0)", "hypothesis (>=4.0)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "uvloop (>=0.21.0b1)"] +test = ["anyio[trio]", "coverage[toml] (>=7)", "exceptiongroup (>=1.2.0)", "hypothesis (>=4.0)", "psutil (>=5.9)", "pytest (>=7.0)", "pytest-mock (>=3.6.1)", "trustme", "truststore (>=0.9.1)", "uvloop (>=0.21.0b1)"] trio = ["trio (>=0.26.1)"] [[package]] @@ -393,6 +393,8 @@ files = [ {file = "coverage-7.6.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:e8ea055b3ea046c0f66217af65bc193bbbeca1c8661dc5fd42698db5795d2627"}, {file = "coverage-7.6.2-cp39-cp39-win32.whl", hash = "sha256:6c2ba1e0c24d8fae8f2cf0aeb2fc0a2a7f69b6d20bd8d3749fd6b36ecef5edf0"}, {file = "coverage-7.6.2-cp39-cp39-win_amd64.whl", hash = "sha256:2186369a654a15628e9c1c9921409a6b3eda833e4b91f3ca2a7d9f77abb4987c"}, + {file = "coverage-7.6.2-pp39.pp310-none-any.whl", hash = "sha256:667952739daafe9616db19fbedbdb87917eee253ac4f31d70c7587f7ab531b4e"}, + {file = "coverage-7.6.2.tar.gz", hash = "sha256:a5f81e68aa62bc0cfca04f7b19eaa8f9c826b53fc82ab9e2121976dc74f131f3"}, ] [package.dependencies] @@ -688,13 +690,13 @@ trio = ["trio (>=0.22.0,<1.0)"] [[package]] name = "httpx" -version = "0.26.0" +version = "0.27.2" description = "The next generation HTTP client." optional = false python-versions = ">=3.8" files = [ - {file = "httpx-0.26.0-py3-none-any.whl", hash = "sha256:8915f5a3627c4d47b73e8202457cb28f1266982d1159bd5779d86a80c0eab1cd"}, - {file = "httpx-0.26.0.tar.gz", hash = "sha256:451b55c30d5185ea6b23c2c793abf9bb237d2a7dfb901ced6ff69ad37ec1dfaf"}, + {file = "httpx-0.27.2-py3-none-any.whl", hash = "sha256:7bb2708e112d8fdd7829cd4243970f0c223274051cb35ee80c03301ee29a3df0"}, + {file = "httpx-0.27.2.tar.gz", hash = "sha256:f7c2be1d2f3c3c3160d441802406b206c2b76f5947b11115e6df10c6c65e66c2"}, ] [package.dependencies] @@ -709,6 +711,7 @@ brotli = ["brotli", "brotlicffi"] cli = ["click (==8.*)", "pygments (==2.*)", "rich (>=10,<14)"] http2 = ["h2 (>=3,<5)"] socks = ["socksio (==1.*)"] +zstd = ["zstandard (>=0.18.0)"] [[package]] name = "idna" @@ -1386,13 +1389,13 @@ files = [ [[package]] name = "pytest" -version = "7.4.4" +version = "8.3.3" description = "pytest: simple powerful testing with Python" optional = false -python-versions = ">=3.7" +python-versions = ">=3.8" files = [ - {file = "pytest-7.4.4-py3-none-any.whl", hash = "sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8"}, - {file = "pytest-7.4.4.tar.gz", hash = "sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280"}, + {file = "pytest-8.3.3-py3-none-any.whl", hash = "sha256:a6853c7375b2663155079443d2e45de913a911a11d669df02a50814944db57b2"}, + {file = "pytest-8.3.3.tar.gz", hash = "sha256:70b98107bd648308a7952b06e6ca9a50bc660be218d53c257cc1fc94fda10181"}, ] [package.dependencies] @@ -1400,11 +1403,11 @@ colorama = {version = "*", markers = "sys_platform == \"win32\""} exceptiongroup = {version = ">=1.0.0rc8", markers = "python_version < \"3.11\""} iniconfig = "*" packaging = "*" -pluggy = ">=0.12,<2.0" -tomli = {version = ">=1.0.0", markers = "python_version < \"3.11\""} +pluggy = ">=1.5,<2" +tomli = {version = ">=1", markers = "python_version < \"3.11\""} [package.extras] -testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "nose", "pygments (>=2.7.2)", "requests", "setuptools", "xmlschema"] +dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygments (>=2.7.2)", "requests", "setuptools", "xmlschema"] [[package]] name = "pytest-asyncio" @@ -1444,21 +1447,21 @@ testing = ["fields", "hunter", "process-tests", "pytest-xdist", "six", "virtuale [[package]] name = "pytest-httpx" -version = "0.28.0" +version = "0.33.0" description = "Send responses to httpx." optional = false python-versions = ">=3.9" files = [ - {file = "pytest_httpx-0.28.0-py3-none-any.whl", hash = "sha256:045774556a3633688742315a6981aab2806ce93bcbcc8444253ab87bca286800"}, - {file = "pytest_httpx-0.28.0.tar.gz", hash = "sha256:a82505fdf59f19eaaf2853db3f3832b3dee35d3bc58000232db2b65c5fca0614"}, + {file = "pytest_httpx-0.33.0-py3-none-any.whl", hash = "sha256:bdd1b00a846cfe857194e4d3ba72dc08ba0d163154a4404269c9b971f357c05d"}, + {file = "pytest_httpx-0.33.0.tar.gz", hash = "sha256:4af9ab0dae5e9c14cb1e27d18af3db1f627b2cf3b11c02b34ddf26aff6b0a24c"}, ] [package.dependencies] -httpx = "==0.26.*" -pytest = "==7.*" +httpx = "==0.27.*" +pytest = "==8.*" [package.extras] -testing = ["pytest-asyncio (==0.23.*)", "pytest-cov (==4.*)"] +testing = ["pytest-asyncio (==0.24.*)", "pytest-cov (==5.*)"] [[package]] name = "pytest-mock" @@ -2160,4 +2163,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "13cc4830d4e1b8ec29ff0a42c19ccc09e20f030d6a0d2e383fa18e510c5dbef9" +content-hash = "3027aef5154518a238d67688bc47b6bb637664041af2dee4b2823aa6ccd5d6af" diff --git a/pyproject.toml b/pyproject.toml index 759ec6b..1aedd34 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,24 +15,24 @@ python = "^3.9" pyyaml = "^6.0.1" dnspython = "^2.4.1" colorama = "^0.4.6" -httpx = "^0.26.0" python-whois = "^0.9.4" tldextract = "^3.4.4" python-dateutil = "2.9.0.post0" setuptools = "^69.0.3" +httpx = "^0.27.2" [tool.poetry.group.dev.dependencies] -pytest-httpx = "^0.28.0" pyfakefs = "^5.2.3" requests-mock = "^1.11.0" -pytest = "^7.4.0" pytest-cov = "^4.0.0" pytest-asyncio = "^0.21.1" mock = "^5.1.0" pytest-mock = "^3.11.1" poetry-dynamic-versioning = {extras = ["plugin"], version = "^1.2.0"} requests = "^2.31.0" +pytest = "^8.3.3" +pytest-httpx = "^0.33.0" [tool.poetry.group.docs.dependencies] From ba64b3ba02e3b76f916e83c2c3a96787af02822d Mon Sep 17 00:00:00 2001 From: TheTechromancer Date: Wed, 30 Oct 2024 00:59:45 -0400 Subject: [PATCH 2/3] bump version --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 1aedd34..a566140 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "baddns" -version = "1.1.0" +version = "1.2.0" description = "Check subdomains for subdomain takeovers and other DNS tomfoolery" authors = ["liquidsec "] repository = "https://github.com/blacklanternsecurity/baddns" @@ -57,4 +57,4 @@ build-backend = "poetry_dynamic_versioning.backend" [tool.poetry-dynamic-versioning] enable = true metadata = true -format = 'v1.1.{distance}' +format = 'v1.2.{distance}' From da0bd74469f7ae5703a0a0f6d58d0d888cef5e37 Mon Sep 17 00:00:00 2001 From: TheTechromancer Date: Wed, 30 Oct 2024 10:12:49 -0400 Subject: [PATCH 3/3] fix tests --- tests/cli_test.py | 3 +++ tests/cname_test.py | 4 ++++ tests/references_test.py | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/tests/cli_test.py b/tests/cli_test.py index 64fbf3f..2bfa076 100644 --- a/tests/cli_test.py +++ b/tests/cli_test.py @@ -1,6 +1,7 @@ import os import sys import dns +import pytest from mock import patch SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) @@ -54,6 +55,7 @@ def test_cli_cname_nxdomain(monkeypatch, capsys, mocker, configure_mock_resolver assert "baddns.azurewebsites.net" in captured.out +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) def test_cli_cname_http(monkeypatch, capsys, mocker, httpx_mock, configure_mock_resolver): monkeypatch.setattr( "sys.argv", @@ -80,6 +82,7 @@ def test_cli_cname_http(monkeypatch, capsys, mocker, httpx_mock, configure_mock_ assert "Bigcartel Takeover Detection" in captured.out +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) def test_cli_direct(monkeypatch, capsys, mocker, httpx_mock, configure_mock_resolver): monkeypatch.setattr( "sys.argv", diff --git a/tests/cname_test.py b/tests/cname_test.py index 09bb6f1..8995732 100644 --- a/tests/cname_test.py +++ b/tests/cname_test.py @@ -110,6 +110,7 @@ async def test_cname_dnsnxdomain_azure_negative(fs, mock_dispatch_whois, configu @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_cname_http_bigcartel_match(fs, mock_dispatch_whois, httpx_mock, configure_mock_resolver): mock_data = {"bad.dns": {"CNAME": ["baddns.bigcartel.com"]}, "baddns.bigcartel.com": {"A": ["127.0.0.1"]}} mock_resolver = configure_mock_resolver(mock_data) @@ -268,6 +269,7 @@ async def test_cname_whois_expired(fs, mock_dispatch_whois, httpx_mock, configur @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) @pytest.mark.parametrize("mock_dispatch_whois", [mock_whois_unregistered], indirect=True) async def test_cname_whois_unregistered_match(fs, mock_dispatch_whois, httpx_mock, configure_mock_resolver): mock_data = {"bad.dns": {"CNAME": ["worse.dns."]}, "worse.dns": {"A": ["127.0.0.2"]}} @@ -328,6 +330,7 @@ async def test_cname_whois_unregistered_match(fs, mock_dispatch_whois, httpx_moc @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) @pytest.mark.parametrize("mock_dispatch_whois", [whois_mock_expired_baddata], indirect=True) async def test_cname_whois_unregistered_baddata(fs, mock_dispatch_whois, httpx_mock, configure_mock_resolver): with patch("sys.exit") as exit_mock: @@ -378,6 +381,7 @@ async def test_cname_whois_unregistered_baddata(fs, mock_dispatch_whois, httpx_m @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) @pytest.mark.parametrize("mock_dispatch_whois", [whois_mock_expired_missingdata], indirect=True) async def test_cname_whois_unregistered_missingdata(fs, mock_dispatch_whois, httpx_mock, configure_mock_resolver): with patch("sys.exit") as exit_mock: diff --git a/tests/references_test.py b/tests/references_test.py index e0777d8..ef51bbf 100644 --- a/tests/references_test.py +++ b/tests/references_test.py @@ -83,6 +83,7 @@ @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_cname_css(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = {"bad.dns": {"A": ["127.0.0.1"]}} @@ -115,6 +116,7 @@ async def test_references_cname_css(fs, httpx_mock, configure_mock_resolver, cac @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_cname_js(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = {"bad.dns": {"A": ["127.0.0.1"]}} @@ -148,6 +150,7 @@ async def test_references_cname_js(fs, httpx_mock, configure_mock_resolver, cach @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_direct_js(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = {"bad.dns": {"A": ["127.0.0.1"]}, "_NXDOMAIN": ["direct.azurewebsites.net"]} @@ -180,6 +183,7 @@ async def test_references_direct_js(fs, httpx_mock, configure_mock_resolver, cac @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_direct_css(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = {"bad.dns": {"A": ["127.0.0.1"]}, "_NXDOMAIN": ["direct.azurewebsites.net"]} @@ -213,6 +217,7 @@ async def test_references_direct_css(fs, httpx_mock, configure_mock_resolver, ca @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_direct_csp(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = { @@ -260,6 +265,7 @@ async def test_references_direct_csp(fs, httpx_mock, configure_mock_resolver, ca @pytest.mark.asyncio +@pytest.mark.httpx_mock(assert_all_requests_were_expected=False) async def test_references_direct_cors(fs, httpx_mock, configure_mock_resolver, cached_suffix_list): with patch("sys.exit") as exit_mock: mock_data = {