Added password complexity test

rsmusllp · Jan 4, 2017 · 39567f7 · 39567f7
1 parent 584e357
commit 39567f7
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 0 deletions.
diff --git a/docs/source/king_phisher/utilities.rst b/docs/source/king_phisher/utilities.rst
@@ -28,6 +28,8 @@ Functions
 
 .. autofunction:: king_phisher.utilities.parse_datetime
 
+.. autofunction:: king_phisher.utilities.password_is_complex
+
 .. autofunction:: king_phisher.utilities.random_string
 
 .. autofunction:: king_phisher.utilities.random_string_lower_numeric

diff --git a/king_phisher/templates.py b/king_phisher/templates.py
@@ -95,6 +95,7 @@ def __init__(self, loader=None, global_vars=None):
 		# global functions
 		self.globals['random_integer'] = random.randint
 		self.globals['parse_user_agent'] = ua_parser.parse_user_agent
+		self.globals['password_is_complex'] = utilities.password_is_complex
 
 		# additional globals
 		if global_vars:

diff --git a/king_phisher/utilities.py b/king_phisher/utilities.py
@@ -315,6 +315,31 @@ def parse_datetime(ts):
 	assert_arg_type(ts, str)
 	return datetime.datetime.strptime(ts, TIMESTAMP_FORMAT)
 
+def password_is_complex(password, min_len=12):
+	"""
+	Check that the string specified appears to be a valid, complex password.
+	
+	:param str password: The password to validate.
+	:param int min_len: The mininum length the password should be.
+	:return: Whether the strings appears to be complex or not
+	:rtype: str
+	"""
+	has_upper = False
+	has_lower = False
+	has_digit = False
+	if len(password) < min_len:
+		return False	
+	for char in password:
+		if char.isupper():
+			has_upper = True
+		if char.islower():
+			has_lower = True
+		if char.isdigit():
+			has_digit = True
+		if has_upper and has_lower and has_digit:
+			return True
+	return False
+
 def random_string(size):
 	"""
 	Generate a random string consisting of uppercase letters, lowercase letters

diff --git a/tests/utilities.py b/tests/utilities.py
@@ -81,5 +81,25 @@ def test_mock_instance_attributes(self):
 		self.assertEqual(mock.__file__, os.devnull)
 		self.assertEqual(mock.__path__, os.devnull)
 
+	def test_password_is_complex(self):
+		valid_passwords = [
+			'Thisisatestf00l',
+			'Welcome2SS!!!!!',
+			'HelloAndGoodbyeW0rld'
+		]
+		invalid_passwords = [
+			'THISISATESTFOOL',
+			'THISISATESTF00L',
+			'Thisisatestfool',
+			'i know this is spam',
+			'123456789101112',
+			'Fo0',
+			''
+		]
+		for password in valid_passwords:
+			self.assertTrue(utilities.password_is_complex(password))
+		for password in invalid_passwords:
+			self.assertFalse(utilities.password_is_complex(password))
+
 if __name__ == '__main__':
 	unittest.main()