280 lines
9.4 KiB
Python
280 lines
9.4 KiB
Python
"""
|
|
Script to populate the database with potentially problematic content for testing
|
|
"""
|
|
import os
|
|
import sys
|
|
from datetime import datetime, timedelta
|
|
import random
|
|
from faker import Faker
|
|
|
|
# Add the project root to the path so we can import modules
|
|
project_root = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
sys.path.insert(0, project_root)
|
|
|
|
from core.app import create_app
|
|
from database.models import db, Board, Thread, Post
|
|
|
|
fake = Faker()
|
|
|
|
def create_problematic_data():
|
|
app = create_app()
|
|
|
|
with app.app_context():
|
|
# Clear existing data
|
|
Post.query.delete()
|
|
Thread.query.delete()
|
|
Board.query.delete()
|
|
|
|
# Create sample boards
|
|
boards = [
|
|
Board(name='general', title='General Discussion', description='Talk about anything'),
|
|
Board(name='security', title='Security Testing', description='Testing security features'),
|
|
Board(name='exploits', title='Exploit Testing', description='Testing for vulnerabilities')
|
|
]
|
|
|
|
for board in boards:
|
|
db.session.add(board)
|
|
|
|
db.session.commit()
|
|
|
|
# Get the boards
|
|
general_board = Board.query.filter_by(name='general').first()
|
|
security_board = Board.query.filter_by(name='security').first()
|
|
exploits_board = Board.query.filter_by(name='exploits').first()
|
|
|
|
# Create threads with potentially problematic content
|
|
|
|
# 1. Thread with extremely long post content
|
|
thread1 = Thread(
|
|
subject="Extremely Long Post Test",
|
|
board=general_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread1)
|
|
db.session.flush()
|
|
|
|
# Extremely long content to test text wrapping and performance
|
|
long_content = "A" * 10000 # 10,000 character string
|
|
post1 = Post(
|
|
content=long_content,
|
|
author_name="LongTester",
|
|
tripcode="!longtest",
|
|
ip_address="192.168.1.1",
|
|
thread=thread1,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post1)
|
|
|
|
# 2. Thread with XSS attempts
|
|
thread2 = Thread(
|
|
subject="XSS Test Thread",
|
|
board=security_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread2)
|
|
db.session.flush()
|
|
|
|
xss_attempts = [
|
|
"<script>alert('XSS')</script>",
|
|
"<img src=x onerror=alert('XSS')>",
|
|
"<svg onload=alert('XSS')>",
|
|
"javascript:alert('XSS')",
|
|
"<iframe src=\"javascript:alert('XSS')\"></iframe>"
|
|
]
|
|
|
|
for i, xss_content in enumerate(xss_attempts):
|
|
post = Post(
|
|
content=xss_content,
|
|
author_name=f"XSSUser{i}",
|
|
tripcode=f"!xss{i}",
|
|
ip_address=f"192.168.1.{i+10}",
|
|
thread=thread2,
|
|
created_at=datetime.utcnow() - timedelta(minutes=i+2)
|
|
)
|
|
db.session.add(post)
|
|
|
|
# 3. Thread with SQL injection attempts
|
|
thread3 = Thread(
|
|
subject="SQL Injection Test",
|
|
board=security_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread3)
|
|
db.session.flush()
|
|
|
|
sql_injection_attempts = [
|
|
"'; DROP TABLE posts; --",
|
|
"' OR '1'='1",
|
|
"'; EXEC xp_cmdshell('dir');--",
|
|
"' UNION SELECT username,password FROM users--",
|
|
"'; WAITFOR DELAY '00:00:10'--"
|
|
]
|
|
|
|
for i, sql_content in enumerate(sql_injection_attempts):
|
|
post = Post(
|
|
content=sql_content,
|
|
author_name=f"SQLUser{i}",
|
|
tripcode=f"!sql{i}",
|
|
ip_address=f"192.168.1.{i+20}",
|
|
thread=thread3,
|
|
created_at=datetime.utcnow() - timedelta(minutes=i+5)
|
|
)
|
|
db.session.add(post)
|
|
|
|
# 4. Thread with massive quote chains to test recursion
|
|
thread4 = Thread(
|
|
subject="Quote Chain Test",
|
|
board=exploits_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread4)
|
|
db.session.flush()
|
|
|
|
# Create posts that reference each other heavily
|
|
post_refs = []
|
|
for i in range(10):
|
|
content = f"This is post {i+1}. Replying to >>{i if i > 0 else 1}"
|
|
post = Post(
|
|
content=content,
|
|
author_name=f"Quoter{i}",
|
|
tripcode=f"!quote{i}",
|
|
ip_address=f"192.168.2.{i+1}",
|
|
thread=thread4,
|
|
created_at=datetime.utcnow() - timedelta(minutes=i)
|
|
)
|
|
db.session.add(post)
|
|
post_refs.append(post)
|
|
|
|
# 5. Thread with extremely wide content to test layout
|
|
thread5 = Thread(
|
|
subject="Wide Content Test",
|
|
board=exploits_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread5)
|
|
db.session.flush()
|
|
|
|
# Extremely long single line to test word wrapping
|
|
wide_content = "supercalifragilisticexpialidocious" * 1000
|
|
post5 = Post(
|
|
content=wide_content,
|
|
author_name="WideUser",
|
|
tripcode="!wide",
|
|
ip_address="192.168.3.1",
|
|
thread=thread5,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post5)
|
|
|
|
# 6. Thread with Unicode and special characters
|
|
thread6 = Thread(
|
|
subject="Unicode Test",
|
|
board=general_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread6)
|
|
db.session.flush()
|
|
|
|
unicode_content = "Unicode test: 🚀 💩 🌶️ 🍆 👻 🤖 🦄 🦎 🦕 🦖 中文 العربية русский Ελληνικά ñáñëëd chàrs"
|
|
post6 = Post(
|
|
content=unicode_content,
|
|
author_name="UnicodeUser",
|
|
tripcode="!unicode",
|
|
ip_address="192.168.4.1",
|
|
thread=thread6,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post6)
|
|
|
|
# 7. Thread with HTML tags (should be sanitized)
|
|
thread7 = Thread(
|
|
subject="HTML Tags Test",
|
|
board=security_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread7)
|
|
db.session.flush()
|
|
|
|
html_content = "<h1>This should not render as HTML</h1><p>Tags should be escaped</p><div>More content</div>"
|
|
post7 = Post(
|
|
content=html_content,
|
|
author_name="HTMLUser",
|
|
tripcode="!html",
|
|
ip_address="192.168.5.1",
|
|
thread=thread7,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post7)
|
|
|
|
# 8. Thread with extremely long author names and tripcodes
|
|
thread8 = Thread(
|
|
subject="Long Names Test",
|
|
board=general_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread8)
|
|
db.session.flush()
|
|
|
|
long_author_name = "A" * 100 # 100 character author name (field limit is 100)
|
|
long_tripcode = "!" + "B" * 19 # 20 character tripcode (field limit is 20)
|
|
|
|
post8 = Post(
|
|
content="Testing long names and tripcodes",
|
|
author_name=long_author_name,
|
|
tripcode=long_tripcode,
|
|
ip_address="192.168.6.1",
|
|
thread=thread8,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post8)
|
|
|
|
# 9. Thread with recursive quote references
|
|
thread9 = Thread(
|
|
subject="Recursive Quotes Test",
|
|
board=exploits_board,
|
|
bumped_at=datetime.utcnow()
|
|
)
|
|
db.session.add(thread9)
|
|
db.session.flush()
|
|
|
|
# Create a circular reference scenario
|
|
post_a = Post(
|
|
content="Post A referencing >>TEST_B",
|
|
author_name="RecursionA",
|
|
tripcode="!recA",
|
|
ip_address="192.168.7.1",
|
|
thread=thread9,
|
|
created_at=datetime.utcnow() - timedelta(minutes=3)
|
|
)
|
|
db.session.add(post_a)
|
|
db.session.flush()
|
|
|
|
post_b = Post(
|
|
content=f"Post B referencing >>{post_a.id} and also >>TEST_C",
|
|
author_name="RecursionB",
|
|
tripcode="!recB",
|
|
ip_address="192.168.7.2",
|
|
thread=thread9,
|
|
created_at=datetime.utcnow() - timedelta(minutes=2)
|
|
)
|
|
db.session.add(post_b)
|
|
db.session.flush()
|
|
|
|
post_c = Post(
|
|
content=f"Post C referencing >>{post_b.id} and >>{post_a.id}",
|
|
author_name="RecursionC",
|
|
tripcode="!recC",
|
|
ip_address="192.168.7.3",
|
|
thread=thread9,
|
|
created_at=datetime.utcnow() - timedelta(minutes=1)
|
|
)
|
|
db.session.add(post_c)
|
|
|
|
db.session.commit()
|
|
print("Database populated with potentially problematic test data!")
|
|
print(f"Created {Board.query.count()} boards")
|
|
print(f"Created {Thread.query.count()} threads")
|
|
print(f"Created {Post.query.count()} posts with various test scenarios")
|
|
|
|
if __name__ == "__main__":
|
|
create_problematic_data() |