feat: 实现完整安全防护系统

Phase 1 - 威胁检测引擎: - security/threat_detector.py: JNDI/SQL/XSS/路径遍历/命令注入检测 - security/constants.py: 威胁检测规则和评分常量 - 数据库表: threat_events, ip_risk_scores, user_risk_scores, ip_blacklist Phase 2 - 风险评分与黑名单: - security/risk_scorer.py: IP/用户风险评分引擎，支持分数衰减 - security/blacklist.py: 黑名单管理，自动封禁规则 Phase 3 - 响应策略: - security/honeypot.py: 蜜罐响应生成器 - security/response_handler.py: 渐进式响应策略 Phase 4 - 集成: - security/middleware.py: Flask安全中间件 - routes/admin_api/security.py: 管理后台安全仪表板API - 36个测试用例全部通过 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-27 01:28:38 +08:00
parent e3b0c35da6
commit 46253337eb
24 changed files with 3219 additions and 4 deletions
--- a/tests/test_response_handler.py
+++ b/tests/test_response_handler.py
@@ -0,0 +1,72 @@
+from __future__ import annotations
+
+import random
+
+import security.response_handler as rh
+from security import ResponseAction, ResponseHandler, ResponseStrategy
+
+
+def test_get_strategy_banned_blocks():
+    handler = ResponseHandler(rng=random.Random(0))
+    strategy = handler.get_strategy(10, is_banned=True)
+    assert strategy.action == ResponseAction.BLOCK
+    assert strategy.delay_seconds == 0
+    assert strategy.message == "访问被拒绝"
+
+
+def test_get_strategy_allow_levels():
+    handler = ResponseHandler(rng=random.Random(0))
+
+    s = handler.get_strategy(0)
+    assert s.action == ResponseAction.ALLOW
+    assert s.delay_seconds == 0
+    assert s.captcha_level == 1
+
+    s = handler.get_strategy(21)
+    assert s.action == ResponseAction.ALLOW
+    assert s.delay_seconds == 0
+    assert s.captcha_level == 2
+
+
+def test_get_strategy_delay_ranges():
+    handler = ResponseHandler(rng=random.Random(0))
+
+    s = handler.get_strategy(41)
+    assert s.action == ResponseAction.DELAY
+    assert 1.0 <= s.delay_seconds <= 2.0
+
+    s = handler.get_strategy(61)
+    assert s.action == ResponseAction.DELAY
+    assert 2.0 <= s.delay_seconds <= 5.0
+
+    s = handler.get_strategy(81)
+    assert s.action == ResponseAction.HONEYPOT
+    assert 3.0 <= s.delay_seconds <= 8.0
+
+
+def test_apply_delay_uses_time_sleep(monkeypatch):
+    handler = ResponseHandler(rng=random.Random(0))
+    strategy = ResponseStrategy(action=ResponseAction.DELAY, delay_seconds=1.234)
+
+    called = {"count": 0, "seconds": None}
+
+    def fake_sleep(seconds):
+        called["count"] += 1
+        called["seconds"] = seconds
+
+    monkeypatch.setattr(rh.time, "sleep", fake_sleep)
+
+    handler.apply_delay(strategy)
+    assert called["count"] == 1
+    assert called["seconds"] == 1.234
+
+
+def test_get_captcha_requirement():
+    handler = ResponseHandler(rng=random.Random(0))
+
+    req = handler.get_captcha_requirement(ResponseStrategy(action=ResponseAction.ALLOW, captcha_level=2))
+    assert req == {"required": True, "level": 2}
+
+    req = handler.get_captcha_requirement(ResponseStrategy(action=ResponseAction.BLOCK, captcha_level=2))
+    assert req == {"required": False, "level": 2}
+