async def test_no_duplicate_rules(self, knowledge_svc):
await knowledge_svc.add_rule(
Rule(action='BLOCK', trait='a.c', match='.*'))
await knowledge_svc.add_rule(
Rule(action='BLOCK', trait='a.c', match='.*'))
rules = await knowledge_svc.get_rules(dict(trait='a.c'))
assert len(rules) == 1
def test_no_duplicate_rules(self, loop, knowledge_svc):
loop.run_until_complete(
knowledge_svc.add_rule(
Rule(action='BLOCK', trait='a.c', match='.*')))
loop.run_until_complete(
knowledge_svc.add_rule(
Rule(action='BLOCK', trait='a.c', match='.*')))
rules = loop.run_until_complete(
knowledge_svc.get_rules(dict(trait='a.c')))
assert len(rules) == 1
def test_retrieve_rule(self, loop, knowledge_svc):
loop.run_until_complete(knowledge_svc.add_rule(Rule(action='tBLOCK', trait='ta.d', match='4.5.*')))
loop.run_until_complete(knowledge_svc.add_rule(Rule(action='tALLOW', trait='ta.d', match='*.5.*')))
rules = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d')))
assert len(rules) == 2
fuzzy1 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='4.5.6')))
assert len(fuzzy1) == 2
fuzzy2 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='6.5.4')))
assert len(fuzzy2) == 1
assert fuzzy2[0].action == 'tALLOW'
fuzzy3 = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ta.d', match='5.*')))
assert len(fuzzy3) == 2
def test_remove_rules(self, loop, knowledge_svc):
loop.run_until_complete(knowledge_svc.add_rule(Rule(action='rBLOCK', trait='ra.c', match='.*'),
constraints=dict(test_field='test_value')))
loop.run_until_complete(knowledge_svc.delete_rule(dict(trait='ra.c')))
rules = loop.run_until_complete(knowledge_svc.get_rules(dict(trait='ra.c')))
assert len(rules) == 0
assert len(knowledge_svc._KnowledgeService__loaded_knowledge_module.fact_ram['constraints']) == 0
async def test_retrieve_rule(self, knowledge_svc):
await knowledge_svc.add_rule(
Rule(action='tBLOCK', trait='ta.d', match='4.5.*'))
await knowledge_svc.add_rule(
Rule(action='tALLOW', trait='ta.d', match='*.5.*'))
rules = await knowledge_svc.get_rules(dict(trait='ta.d'))
assert len(rules) == 2
fuzzy1 = await knowledge_svc.get_rules(
dict(trait='ta.d', match='4.5.6'))
assert len(fuzzy1) == 2
fuzzy2 = await knowledge_svc.get_rules(
dict(trait='ta.d', match='6.5.4'))
assert len(fuzzy2) == 1
assert fuzzy2[0].action == 'tALLOW'
fuzzy3 = await knowledge_svc.get_rules(dict(trait='ta.d', match='5.*'))
assert len(fuzzy3) == 2
def test_rule_deserialize(self):
rule_serialized = {
"trait": "host.ip.address",
"action": "DENY",
"match": self.subnet1,
}
test_rule = Rule.load(rule_serialized)
assert test_rule.trait == 'host.ip.address'
assert test_rule.action == RuleAction.DENY
assert test_rule.match == self.subnet1
class TestIPRule:
host1 = '127.0.0.1'
host2 = '127.0.1.0'
host3 = '128.0.0.1'
host4 = '127.0.0.0/23'
host5 = '127.0.0.0/25'
subnet1 = '127.0.0.0/24'
fact1 = Fact(trait='host.ip.address', value=host1)
fact2 = Fact(trait='host.ip.address', value=host2)
fact3 = Fact(trait='host.ip.address', value=host3)
fact4 = Fact(trait='host.ip.address', value=host4)
fact5 = Fact(trait='host.ip.address', value=host5)
fact6 = Fact(trait='host.ip.address', value=subnet1)
rule = Rule(trait='host.ip.address', action=RuleAction.DENY, match=subnet1)
rs = RuleSet(rules=[rule])
def test_rule_serialize(self):
rule_display = self.rule.display
assert rule_display['trait'] == 'host.ip.address'
assert rule_display['action'] == 'DENY'
assert rule_display['match'] == self.subnet1
def test_rule_deserialize(self):
rule_serialized = {
"trait": "host.ip.address",
"action": "DENY",
"match": self.subnet1,
}
test_rule = Rule.load(rule_serialized)
assert test_rule.trait == 'host.ip.address'
assert test_rule.action == RuleAction.DENY
assert test_rule.match == self.subnet1
async def test_is_ip_rule_match(self):
assert await self.rs._is_ip_rule_match(self.rule, self.fact1)
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact2))
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact3))
async def test_is_fact_allowed(self):
assert (not await self.rs.is_fact_allowed(self.fact1))
assert await self.rs.is_fact_allowed(self.fact2)
assert await self.rs.is_fact_allowed(self.fact3)
async def test_smaller_subnet(self):
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact4))
assert await self.rs.is_fact_allowed(self.fact4)
async def test_larger_subnet(self):
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact5))
assert await self.rs.is_fact_allowed(self.fact5)
async def test_same_subnet(self):
assert await self.rs._is_ip_rule_match(self.rule, self.fact6)
assert (not await self.rs.is_fact_allowed(self.fact6))
async def _load_sources(self, plugin):
for filename in glob.iglob('%s/sources/*.yml' % plugin.data_dir, recursive=False):
for src in self.strip_yml(filename):
source = Source(
identifier=src['id'],
name=src['name'],
facts=[Fact(trait=f['trait'], value=str(f['value'])) for f in src.get('facts')],
adjustments=await self._create_adjustments(src.get('adjustments')),
rules=[Rule(**r) for r in src.get('rules', [])]
)
source.access = plugin.access
await self.store(source)
def replaced_source_payload(test_source):
source_data = test_source.schema.dump(test_source)
fact = {'trait': 'replaced_test_fact', 'value': 3}
rule = Rule(action=RuleAction.DENY, trait='replaced_test_rule')
relationship = {
'source': fact,
'edge': 'delta',
'origin': "replaced_test_operation"
}
source_data.update(
dict(name='a replaced test source',
facts=[fact],
rules=[rule.schema.dump(rule)],
relationships=[relationship]))
return source_data
def updated_source_payload():
fact = {'trait': 'updated_test_fact', 'value': 2}
rule = Rule(action=RuleAction.DENY, trait='updated_test_rule')
relationship = {
'source': fact,
'edge': 'beta',
'origin': "updated_test_operation"
}
source = {
'id': '123',
'name': 'updated test source',
'facts': [fact],
'rules': [rule.schema.dump(rule)],
'relationships': [relationship]
}
return source
def new_source_payload():
fact = {'trait': 'test_fact', 'value': 1}
rule = Rule(action=RuleAction.ALLOW, trait="test_rule")
relationship = {
'source': fact,
'edge': 'alpha',
'origin': "new_test_operation"
}
source = {
'id': '456',
'name': 'new test source',
'facts': [fact],
'rules': [rule.schema.dump(rule)],
'relationships': [relationship],
'plugin': ''
}
return source
def test_source(loop, mocker, mock_time):
with mocker.patch(
'app.objects.secondclass.c_fact.datetime') as mock_datetime:
mock_datetime.return_value = mock_datetime
mock_datetime.now.return_value = mock_time
fact = Fact(trait='test_fact', value=1)
rule = Rule(RuleAction.ALLOW, trait='test_rule')
relationship = Relationship(source=fact,
edge="alpha",
origin="test_operation")
source = Source(id='123',
name='Test Source',
facts=[fact],
rules=[rule],
adjustments=[],
relationships=[relationship])
loop.run_until_complete(
BaseService.get_service('data_svc').store(source))
return source
class TestIPRule:
host1 = '127.0.0.1'
host2 = '127.0.1.0'
host3 = '128.0.0.1'
host4 = '127.0.0.0/23'
host5 = '127.0.0.0/25'
subnet1 = '127.0.0.0/24'
fact1 = Fact(trait='host.ip.address', value=host1)
fact2 = Fact(trait='host.ip.address', value=host2)
fact3 = Fact(trait='host.ip.address', value=host3)
fact4 = Fact(trait='host.ip.address', value=host4)
fact5 = Fact(trait='host.ip.address', value=host5)
fact6 = Fact(trait='host.ip.address', value=subnet1)
rule = Rule(trait='host.ip.address', action=RuleAction.DENY, match=subnet1)
rs = RuleSet(rules=[rule])
async def test_is_ip_rule_match(self):
assert await self.rs._is_ip_rule_match(self.rule, self.fact1)
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact2))
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact3))
async def test_is_fact_allowed(self):
assert (not await self.rs.is_fact_allowed(self.fact1))
assert await self.rs.is_fact_allowed(self.fact2)
assert await self.rs.is_fact_allowed(self.fact3)
async def test_smaller_subnet(self):
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact4))
assert await self.rs.is_fact_allowed(self.fact4)
async def test_larger_subnet(self):
assert (not await self.rs._is_ip_rule_match(self.rule, self.fact5))
assert await self.rs.is_fact_allowed(self.fact5)
async def test_same_subnet(self):
assert await self.rs._is_ip_rule_match(self.rule, self.fact6)
assert (not await self.rs.is_fact_allowed(self.fact6))
def _generate_rule(action, trait, *args, **kwargs):
return Rule(action=action, trait=trait, *args, **kwargs)
