happyDomain/checker-blacklist
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
checker-blacklist/checker/botvrij_test.go
Pierre-Olivier Mercier 9916ab0732 Add Botvrij.eu domain blocklist source 
Downloads the Botvrij.eu public IOC domain list (no API key required),
caches it in-process with a 6h TTL, and flags any registered domain
that appears directly or as a parent of a feed entry.
2026-05-15 21:36:24 +08:00

94 lines
2.9 KiB
Go
Raw Blame History

package checker
import (
"context"
"net/http"
"net/http/httptest"
"testing"
sdk "git.happydns.org/checker-sdk-go/checker"
)
const botvrijFakeFeed = `# Botvrij.eu IOC list - domains
# comment line
evil.com
malware.example.org
c2.badactor.net
`
func TestBotvrijSource_Listed_ExactMatch(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
_, _ = w.Write([]byte(botvrijFakeFeed))
}))
defer srv.Close()
s := &botvrijSource{cache: newBotvrijCache(srv.URL)}
r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_botvrij": true})[0]
if !r.Enabled || r.Error != "" {
t.Fatalf("expected enabled and no error, got %+v", r)
}
if len(r.Evidence) != 1 || r.Evidence[0].Value != "evil.com" {
t.Errorf("expected evidence [evil.com], got %+v", r.Evidence)
}
if listed, sev := s.Evaluate(r); !listed || sev != SeverityCrit {
t.Errorf("expected (true, crit), got (%v, %q)", listed, sev)
}
}
func TestBotvrijSource_Listed_SubdomainInFeed(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
_, _ = w.Write([]byte(botvrijFakeFeed))
}))
defer srv.Close()
// Feed has "malware.example.org"; querying registered "example.org" should match.
s := &botvrijSource{cache: newBotvrijCache(srv.URL)}
r := s.Query(context.Background(), "sub.example.org", "example.org", sdk.CheckerOptions{"enable_botvrij": true})[0]
if len(r.Evidence) != 1 || r.Evidence[0].Value != "malware.example.org" {
t.Errorf("expected subdomain match, got %+v", r.Evidence)
}
if listed, _ := s.Evaluate(r); !listed {
t.Error("expected listed=true")
}
}
func TestBotvrijSource_NotListed(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
_, _ = w.Write([]byte(botvrijFakeFeed))
}))
defer srv.Close()
s := &botvrijSource{cache: newBotvrijCache(srv.URL)}
r := s.Query(context.Background(), "safe.com", "safe.com", sdk.CheckerOptions{"enable_botvrij": true})[0]
if !r.Enabled || r.Error != "" || len(r.Evidence) != 0 {
t.Fatalf("expected clean result, got %+v", r)
}
if listed, _ := s.Evaluate(r); listed {
t.Error("expected listed=false")
}
}
func TestBotvrijSource_Disabled(t *testing.T) {
s := &botvrijSource{cache: newBotvrijCache("http://nope")}
r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_botvrij": false})[0]
if r.Enabled {
t.Errorf("expected disabled, got %+v", r)
}
}
func TestBotvrijSource_HTTPError(t *testing.T) {
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
w.WriteHeader(http.StatusInternalServerError)
}))
defer srv.Close()
s := &botvrijSource{cache: newBotvrijCache(srv.URL)}
r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_botvrij": true})[0]
if r.Error == "" || r.Error != "botvrij HTTP 500" {
t.Errorf("expected HTTP 500 error, got %q", r.Error)
}
}
Reference in a new issue View git blame Copy permalink