def setup(self):
"""Setup before each method"""
self._dispatcher = CarbonBlackOutput(REGION, ACCOUNT_ID, FUNCTION_NAME,
CONFIG)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def setup(self, provider_constructor):
"""Setup before each method"""
provider = MagicMock()
provider_constructor.return_value = provider
provider.load_credentials = Mock(
side_effect=lambda x: self.CREDS if x == self.DESCRIPTOR else None
)
self._provider = provider
self._dispatcher = CarbonBlackOutput(CONFIG)
def setup(self):
"""Setup before each method"""
self._mock_s3 = mock_s3()
self._mock_s3.start()
self._mock_kms = mock_kms()
self._mock_kms.start()
self._dispatcher = CarbonBlackOutput(CONFIG)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def test_get_user_defined_properties(self):
"""CarbonBlackOutput - User Defined Properties"""
assert_is_instance(CarbonBlackOutput.get_user_defined_properties(), OrderedDict)
class TestCarbonBlackOutput(object):
"""Test class for CarbonBlackOutput"""
DESCRIPTOR = 'unit_test_carbonblack'
SERVICE = 'carbonblack'
OUTPUT = ':'.join([SERVICE, DESCRIPTOR])
CREDS = {'url': 'carbon.foo.bar',
'ssl_verify': 'Y',
'token': '1234567890127a3d7f37f4153270bff41b105899'}
@patch('stream_alert.alert_processor.outputs.output_base.OutputCredentialsProvider')
def setup(self, provider_constructor):
"""Setup before each method"""
provider = MagicMock()
provider_constructor.return_value = provider
provider.load_credentials = Mock(
side_effect=lambda x: self.CREDS if x == self.DESCRIPTOR else None
)
self._provider = provider
self._dispatcher = CarbonBlackOutput(CONFIG)
def test_get_user_defined_properties(self):
"""CarbonBlackOutput - User Defined Properties"""
assert_is_instance(CarbonBlackOutput.get_user_defined_properties(), OrderedDict)
@patch('logging.Logger.error')
def test_dispatch_no_context(self, mock_logger):
"""CarbonBlackOutput - Dispatch No Context"""
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
mock_logger.assert_has_calls([
call('[%s] Alert must contain context to run actions', 'carbonblack'),
call('Failed to send alert to %s:%s', 'carbonblack', 'unit_test_carbonblack')
])
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_already_banned(self, mock_cb):
"""CarbonBlackOutput - Dispatch Already Banned"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'BANNED_ENABLED_HASH'
}
}
assert_true(self._dispatcher.dispatch(get_alert(context=alert_context), self.OUTPUT))
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_banned_disabled(self, mock_cb):
"""CarbonBlackOutput - Dispatch Banned Disabled"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'BANNED_DISABLED_HASH'
}
}
assert_true(self._dispatcher.dispatch(get_alert(context=alert_context), self.OUTPUT))
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_not_banned(self, mock_cb):
"""CarbonBlackOutput - Dispatch Not Banned"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'NOT_BANNED_HASH'
}
}
assert_true(self._dispatcher.dispatch(get_alert(context=alert_context), self.OUTPUT))
@patch('logging.Logger.error')
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_invalid_action(self, mock_cb, mock_logger):
"""CarbonBlackOutput - Invalid Action"""
alert_context = {
'carbonblack': {
'action': 'rickroll',
}
}
assert_false(self._dispatcher.dispatch(get_alert(context=alert_context), self.OUTPUT))
mock_logger.assert_has_calls([
call('[%s] Action not supported: %s', 'carbonblack', 'rickroll'),
call('Failed to send alert to %s:%s', 'carbonblack', 'unit_test_carbonblack')
])
class TestCarbonBlackOutput(object):
"""Test class for CarbonBlackOutput"""
DESCRIPTOR = 'unit_test_carbonblack'
SERVICE = 'carbonblack'
OUTPUT = ':'.join([SERVICE, DESCRIPTOR])
CREDS = {
'url': 'carbon.foo.bar',
'ssl_verify': 'Y',
'token': '1234567890127a3d7f37f4153270bff41b105899'
}
def setup(self):
"""Setup before each method"""
self._dispatcher = CarbonBlackOutput(REGION, ACCOUNT_ID, FUNCTION_NAME,
CONFIG)
remove_temp_secrets()
output_name = self._dispatcher.output_cred_name(self.DESCRIPTOR)
put_mock_creds(output_name, self.CREDS,
self._dispatcher.secrets_bucket, REGION, KMS_ALIAS)
def test_get_user_defined_properties(self):
"""CarbonBlackOutput - User Defined Properties"""
assert_is_instance(CarbonBlackOutput.get_user_defined_properties(),
OrderedDict)
@patch('logging.Logger.error')
def test_dispatch_no_context(self, mock_logger):
"""CarbonBlackOutput - Dispatch No Context"""
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
mock_logger.assert_has_calls([
call('[%s] Alert must contain context to run actions',
'carbonblack'),
call('Failed to send alert to %s:%s', 'carbonblack',
'unit_test_carbonblack')
])
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_already_banned(self, mock_cb):
"""CarbonBlackOutput - Dispatch Already Banned"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'BANNED_ENABLED_HASH'
}
}
assert_true(
self._dispatcher.dispatch(get_alert(context=alert_context),
self.OUTPUT))
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_banned_disabled(self, mock_cb):
"""CarbonBlackOutput - Dispatch Banned Disabled"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'BANNED_DISABLED_HASH'
}
}
assert_true(
self._dispatcher.dispatch(get_alert(context=alert_context),
self.OUTPUT))
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_not_banned(self, mock_cb):
"""CarbonBlackOutput - Dispatch Not Banned"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'NOT_BANNED_HASH'
}
}
assert_true(
self._dispatcher.dispatch(get_alert(context=alert_context),
self.OUTPUT))
@patch('logging.Logger.error')
@patch.object(carbonblack, 'CbResponseAPI', side_effect=MockCBAPI)
def test_dispatch_invalid_action(self, mock_cb, mock_logger):
"""CarbonBlackOutput - Invalid Action"""
alert_context = {
'carbonblack': {
'action': 'rickroll',
}
}
assert_false(
self._dispatcher.dispatch(get_alert(context=alert_context),
self.OUTPUT))
mock_logger.assert_has_calls([
call('[%s] Action not supported: %s', 'carbonblack', 'rickroll'),
call('Failed to send alert to %s:%s', 'carbonblack',
'unit_test_carbonblack')
])