-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_phishing_detector.py
More file actions
198 lines (164 loc) · 7.47 KB
/
Copy pathtest_phishing_detector.py
File metadata and controls
198 lines (164 loc) · 7.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Unit tests for Phishing URL Detector
"""
import unittest
import sys
import os
# Add the project root to Python path
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
from phishing_detector import PhishingDetector # noqa: E402
class TestPhishingDetector(unittest.TestCase):
"""Test cases for PhishingDetector class"""
def setUp(self):
"""Set up test fixtures before each test method."""
self.detector = PhishingDetector()
def test_parse_valid_url(self):
"""Test parsing of valid URLs"""
scheme, domain, is_valid = self.detector.parse_url(
"https://www.google.com"
)
self.assertEqual(scheme, "https")
self.assertEqual(domain, "www.google.com")
self.assertTrue(is_valid)
def test_parse_url_without_scheme(self):
"""Test parsing URL without scheme (http:// should be added)"""
scheme, domain, is_valid = self.detector.parse_url("www.google.com")
self.assertEqual(scheme, "http")
self.assertEqual(domain, "www.google.com")
self.assertTrue(is_valid)
def test_parse_invalid_url(self):
"""Test parsing of invalid URLs"""
scheme, domain, is_valid = self.detector.parse_url("invalid-url")
self.assertFalse(is_valid)
def test_known_phishing_domain_detection(self):
"""Test detection of known phishing domains"""
self.assertTrue(
self.detector.check_known_phishing_domain("paypal-security.com")
)
self.assertFalse(
self.detector.check_known_phishing_domain("www.google.com")
)
def test_suspicious_characters_detection(self):
"""Test detection of suspicious characters"""
has_suspicious, chars = self.detector.check_suspicious_characters(
"http://example.com@malicious.com"
)
self.assertTrue(has_suspicious)
self.assertIn("@", chars)
has_suspicious, chars = self.detector.check_suspicious_characters(
"https://www.google.com"
)
self.assertFalse(has_suspicious)
self.assertEqual(len(chars), 0)
def test_https_scheme_check(self):
"""Test HTTPS scheme validation"""
self.assertTrue(self.detector.check_https_scheme("https"))
self.assertFalse(self.detector.check_https_scheme("http"))
self.assertFalse(self.detector.check_https_scheme("ftp"))
def test_analyze_safe_url(self):
"""Test analysis of a safe URL"""
result = self.detector.analyze_url("https://www.google.com")
self.assertFalse(result['is_suspicious'])
self.assertTrue(result['is_valid'])
self.assertEqual(result['risk_level'], 'LOW')
def test_analyze_phishing_url(self):
"""Test analysis of a known phishing URL"""
result = self.detector.analyze_url("http://paypal-security.com")
self.assertTrue(result['is_suspicious'])
self.assertTrue(result['is_valid'])
self.assertEqual(result['risk_level'], 'HIGH')
def test_analyze_suspicious_url_with_at_symbol(self):
"""Test analysis of URL with @ symbol"""
result = self.detector.analyze_url(
"http://google.com@malicious-site.com"
)
self.assertTrue(result['is_suspicious'])
self.assertTrue(result['is_valid'])
self.assertIn('MEDIUM', [result['risk_level'], 'HIGH'])
def test_analyze_invalid_url(self):
"""Test analysis of invalid URL"""
result = self.detector.analyze_url("not-a-valid-url")
self.assertTrue(result['is_suspicious'])
self.assertFalse(result['is_valid'])
self.assertEqual(result['risk_level'], 'HIGH')
def test_domain_validation(self):
"""Test domain validation logic"""
# Valid domains
self.assertTrue(self.detector._is_valid_domain("google.com"))
self.assertTrue(self.detector._is_valid_domain("sub.domain.com"))
self.assertTrue(self.detector._is_valid_domain("test-site.org"))
# Invalid domains
self.assertFalse(self.detector._is_valid_domain(""))
self.assertFalse(self.detector._is_valid_domain(".com"))
self.assertFalse(self.detector._is_valid_domain("site..com"))
def test_risk_factor_calculation(self):
"""Test risk factor calculation for different scenarios"""
# High risk: known phishing + http + suspicious chars
result = self.detector.analyze_url(
"http://paypal-security.com@fake.com"
)
self.assertEqual(result['risk_level'], 'HIGH')
self.assertTrue(result['risk_factors'] >= 3)
# Medium risk: only http (no https)
result = self.detector.analyze_url("http://legitimate-site.com")
self.assertEqual(result['risk_level'], 'MEDIUM')
self.assertEqual(result['risk_factors'], 1)
# Low risk: https and no suspicious features
result = self.detector.analyze_url("https://legitimate-site.com")
self.assertEqual(result['risk_level'], 'LOW')
self.assertEqual(result['risk_factors'], 0)
def test_multiple_suspicious_characters(self):
"""Test URL with multiple suspicious characters"""
result = self.detector.analyze_url(
"http://fake--site..com@phishing__domain.org"
)
self.assertTrue(result['is_suspicious'])
# Should detect multiple suspicious characters
has_suspicious, chars = self.detector.check_suspicious_characters(
"http://fake--site..com@phishing__domain.org"
)
self.assertTrue(len(chars) >= 3) # @, .., --, __
class TestPhishingDetectorEdgeCases(unittest.TestCase):
"""Test edge cases and error handling"""
def setUp(self):
"""Set up test fixtures before each test method."""
self.detector = PhishingDetector()
def test_empty_url(self):
"""Test handling of empty URL"""
result = self.detector.analyze_url("")
self.assertTrue(result['is_suspicious'])
self.assertFalse(result['is_valid'])
def test_whitespace_url(self):
"""Test handling of URL with only whitespace"""
result = self.detector.analyze_url(" ")
self.assertTrue(result['is_suspicious'])
self.assertFalse(result['is_valid'])
def test_very_long_url(self):
"""Test handling of very long URLs"""
long_url = "https://www." + "a" * 1000 + ".com"
result = self.detector.analyze_url(long_url)
# Should handle gracefully without crashing
self.assertIsInstance(result, dict)
self.assertIn('is_suspicious', result)
def test_unicode_url(self):
"""Test handling of URLs with unicode characters"""
unicode_url = "https://www.tëst.com"
result = self.detector.analyze_url(unicode_url)
# Should handle gracefully without crashing
self.assertIsInstance(result, dict)
def test_url_with_port(self):
"""Test handling of URLs with port numbers"""
result = self.detector.analyze_url("https://example.com:8080")
self.assertFalse(result['is_suspicious'])
self.assertTrue(result['is_valid'])
def test_ip_address_url(self):
"""Test handling of URLs with IP addresses"""
result = self.detector.analyze_url("http://192.168.1.1")
# IP addresses should be parsed but flagged as medium risk (no HTTPS)
self.assertTrue(result['is_valid'])
self.assertEqual(result['risk_level'], 'MEDIUM')
if __name__ == '__main__':
# Run tests with verbose output
unittest.main(verbosity=2)