def test_full_search_by_id(self, mocked_get_search_result,
mocked_get_session, mocked_update_session):
#
# First verify that if there is no CSRF token, the full_search
# function will call get_csrf_token to get one
#
mocked_cookies = Mock()
# Use this to mock the member variables
mocked_session = Mock(cookies=mocked_cookies)
mocked_get_session.return_value = mocked_session
client = QRadarAdvisorClient(qradar_host=QRADAR_HOST,
advisor_app_id=QRADAR_APP_ID,
qradar_token=QRADAR_TOKEN,
cafile=QRADAR_VERIFY,
log=logging)
#
# when a QRadarAdvisorClient is instantiated, its http_info shall
# has no csrf token
#
assert not client.http_info.xsrf_token
try:
mocked_session.get.return_value = _generate_response({}, 400)
client.full_search_by_id(123456)
assert False
except CsrfTokenError:
#
# because the CSRF token is None, full_search has to call get_csrf_token
# to get it. Since we returned 400 above, the full_search call
# shall throw this exception
#
assert True
#
# Now put a CSRF token
#
client.http_info.xsrf_token = CSRF_TOKEN
ret_cookies = {"XSRF-TOKEN": CSRF_TOKEN}
mocked_cookies.get_dict.return_value = ret_cookies
#
# This time full_search will call the full search endpoint
#
stix_json = {"type": "bundles"}
mocked_get_search_result.return_value = stix_json
search_id = 1234
ret = client.full_search_by_id(search_id)
mocked_get_search_result.assert_called_with(search_id)
assert ret == stix_json
def do_command(self):
client = QRadarAdvisorClient(qradar_host=self.system_host,
qradar_token=self.system_token,
advisor_app_id=self.opts_dict["app_id"],
cafile=False,
log=logging)
search_value = self.opts_dict["search"]
try:
search_id = int(search_value)
#
# It is a serach id.
# For example: -i 1102 -s 2
#
resp = client.full_search_by_id(search_id)
except ValueError as e:
#
# It is not a search_id. Try the full search from start
# For example: -i 1102 -s user:jsmith
#
resp = client.full_search(self.opts_dict["search"])
print(str(resp))