def test_invalid_body(self, test_client, session):
agent = AgentFactory.create(workspace=self.workspace)
session.add(agent)
session.commit()
res = test_client.post(self.url() + f'{agent.id}/run/',
data='[" broken]"{')
assert res.status_code == 400
def test_invalid_body(self, test_client, session):
agent = AgentFactory.create(workspaces=[self.workspace])
session.add(agent)
session.commit()
res = test_client.post(urljoin(self.url(agent), 'run'),
data='[" broken]"{')
assert res.status_code == 400
def test_run_fails(self, test_client, session,csrf_token):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
session.commit()
agent = AgentFactory.create(
workspaces=[workspace, other_workspace]
)
executor = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param1": True
},
"executor": executor.name
},
}
res = test_client.post(
self.url(agent) + 'run/',
json=payload
)
assert res.status_code == 404
def test_update_bug_case(self, test_client, session):
agent = AgentFactory.create(workspace=self.workspace)
session.add(agent)
session.commit()
update_data = {"id": 1, "name": "Agent test", "is_online": True}
res = test_client.put(self.url(agent.id), data=update_data)
assert res.status_code == 200
def test_get_workspaced_other_fails(self, test_client, session):
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[other_workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 404
def test_update_agent(self, test_client, session):
agent = AgentFactory.create(workspace=self.workspace, active=True)
session.commit()
raw_agent = self.create_raw_agent(active=False)
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 200
assert not res.json['active']
def test_happy_path_valid_json(self, test_client, session, csrf_token):
agent = AgentFactory.create(workspaces=[self.workspace])
executor = ExecutorFactory.create(agent=agent)
executor2 = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
assert agent.last_run is None
assert executor.last_run is None
assert executor2.last_run is None
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param_name": "test"
},
"executor": executor.name
},
}
res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
assert res.status_code == 200
command_id = res.json["command_id"]
command = Command.query.filter(
Command.workspace_id == self.workspace.id).one()
assert command_id == command.id
assert agent.last_run is not None
assert executor.last_run is not None
assert executor2.last_run is None
assert agent.last_run == executor.last_run
def test_get_workspaced(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[self.workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 200
assert 'workspaces' not in res.json
def test_run_agent_invalid_missing_executorData(self, csrf_token, session,
test_client):
agent = AgentFactory.create(workspaces=[self.workspace])
session.add(agent)
session.commit()
payload = {'csrf_token': csrf_token}
res = test_client.post(self.url(agent) + 'run/', json=payload)
assert res.status_code == 400
def test_delete_agent(self, test_client, session):
initial_agent_count = len(session.query(Agent).all())
agent = AgentFactory.create(workspace=self.workspace)
session.commit()
assert len(session.query(Agent).all()) == initial_agent_count + 1
res = test_client.delete(self.url(agent.id))
assert res.status_code == 204
assert len(session.query(Agent).all()) == initial_agent_count
def _join_agent(test_client, session):
agent = AgentFactory.create(token='pepito')
session.add(agent)
session.commit()
headers = {"Authorization": "Agent {}".format(agent.token)}
token = test_client.post('v2/agent_websocket_token/',
headers=headers).json['token']
return token
def test_get_not_workspaced(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
res = test_client.get(self.url(agent))
assert res.status_code == 200
assert len(res.json['workspaces']) == 1
assert workspace.name in res.json['workspaces'][0]
def _join_agent(self, test_client, session):
agent = AgentFactory.create(token='pepito')
session.add(agent)
session.commit()
headers = {"Authorization": f"Agent {agent.token}"}
token = test_client.post(self.check_url('/v2/agent_websocket_token/'),
headers=headers).json['token']
return token
def test_run_agent(self, session, csrf_token, test_client):
agent = AgentFactory.create(workspaces=[self.workspace])
session.add(agent)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': '',
}
res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
assert res.status_code == 400
def test_new_executors_not_in_database(self, session):
agent = AgentFactory.create()
executors = [{
'executor_name': 'nmap_executor',
'args': {
'param1': True
}
}]
assert update_executors(agent, executors)
def test_run_agent(self, session, csrf_token, test_client):
agent = AgentFactory.create(workspace=self.workspace)
session.add(agent)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': '',
}
res = test_client.post(self.url() + f'{agent.id}/run/', json=payload)
assert res.status_code == 400
def test_invalid_json_on_executorData_breaks_the_api(
self, csrf_token, session, test_client):
agent = AgentFactory.create(workspaces=[self.workspace])
session.add(agent)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': '[][dassa',
}
res = test_client.post(self.url(agent) + 'run/', json=payload)
assert res.status_code == 400
def test_update_agent(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
raw_agent = self.create_raw_agent(active=False, workspaces=[workspace])
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 200, (res.json, raw_agent)
assert not res.json['active']
assert len(res.json['workspaces']) == 1
assert workspace.name in res.json['workspaces'][0]
def test_remove_all_executors(self, session):
agent = AgentFactory.create()
params = {'old_param': True}
executor = ExecutorFactory.create(name='old_executor',
agent=agent,
parameters_metadata=params)
session.add(executor)
session.commit()
executors = []
assert update_executors(agent, executors)
count_executors = Executor.query.filter_by(agent=agent).count()
assert count_executors == 0
def test_executors_with_some_invalid_executors(self, session):
agent = AgentFactory.create()
executors = [{
'invalid_key': 'nmap_executor'
}, {
'executor_name': 'executor 1',
'args': {
'param1': True
}
}]
assert update_executors(agent, executors)
count_executors = Executor.query.filter_by(agent=agent).count()
assert count_executors == 1
def test_happy_path_valid_json(self, test_client, session, csrf_token):
agent = AgentFactory.create(workspace=self.workspace)
session.add(agent)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param1": True
},
"executor": "executor_name"
},
}
res = test_client.post(self.url() + f'{agent.id}/run/', json=payload)
assert res.status_code == 200
def test_invalid_executor(self, test_client, session, csrf_token):
agent = AgentFactory.create(workspaces=[self.workspace])
session.add(agent)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param1": True
},
"executor": "executor_name"
},
}
res = test_client.post(self.url(agent) + 'run/', json=payload)
assert res.status_code == 400
def test_executor_already_in_database_but_new_parameters_incoming(
self, session):
agent = AgentFactory.create()
old_params = {'old_param': True}
executor = ExecutorFactory.create(agent=agent,
parameters_metadata=old_params)
session.add(executor)
session.commit()
new_params = old_params
new_params.update({'param1': True})
executors = [{'executor_name': executor.name, 'args': new_params}]
assert update_executors(agent, executors)
from_db_executor = Executor.query.filter_by(id=executor.id,
agent=agent).first()
assert from_db_executor.parameters_metadata == new_params
def test_update_bug_case(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
agent = AgentFactory.create(workspaces=[workspace])
session.add(agent)
session.commit()
update_data = {
"id": 1,
"name": "Agent test",
"is_online": True,
"workspaces": [workspace.name]
}
res = test_client.put(self.url(agent.id), data=update_data)
assert res.status_code == 200, (res.json, update_data)
assert workspace.name in res.json['workspaces']
assert len(res.json['workspaces']) == 1
def test_update_agent_add_a_inexistent_workspace(self, test_client,
session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[workspace], active=True)
session.commit()
raw_agent = self.create_raw_agent(
workspaces=[workspace, other_workspace])
raw_agent["workspaces"] = ["donotexist"]
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 404
workspaces = Agent.query.get(agent.id).workspaces
assert len(workspaces) == 1
assert workspace in workspaces
def test_update_agent_delete_a_workspace(self, test_client, session):
workspace = WorkspaceFactory.create()
session.add(workspace)
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(workspaces=[workspace, other_workspace],
active=True)
session.commit()
raw_agent = self.create_raw_agent(workspaces=[workspace])
res = test_client.put(self.url(agent.id), data=raw_agent)
assert res.status_code == 200
assert len(res.json['workspaces']) == 1
assert other_workspace.name not in res.json['workspaces']
assert workspace.name in res.json['workspaces']
workspaces = Agent.query.get(agent.id).workspaces
assert len(workspaces) == 1
assert workspaces[0] == workspace
def test_happy_path_valid_json(self, test_client, session, csrf_token):
agent = AgentFactory.create(workspaces=[self.workspace])
executor = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param1": True
},
"executor": executor.name
},
}
res = test_client.post(self.url(agent.id) + 'run/', json=payload)
assert res.status_code == 200
def test_workspaced_delete(self, session, test_client):
initial_agent_count = len(session.query(Agent).all())
other_workspace = WorkspaceFactory.create()
session.add(other_workspace)
agent = AgentFactory.create(
workspaces=[self.workspace, other_workspace])
session.commit()
assert len(session.query(Agent).all()) == initial_agent_count + 1
res = test_client.delete(self.url(agent.id))
assert res.status_code == 204
assert len(session.query(Agent).all()) == initial_agent_count + 1
res = test_client.delete(self.url(agent.id))
assert res.status_code == 404
res = test_client.get(self.url(agent.id))
assert res.status_code == 404
workspaces = Agent.query.get(agent.id).workspaces
assert len(workspaces) == 1
assert other_workspace in workspaces
def test_invalid_parameter_type(self, test_client, session, csrf_token):
agent = AgentFactory.create(workspaces=[self.workspace])
executor = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
payload = {
'csrf_token': csrf_token,
'executorData': {
"args": {
"param_name": ["test"]
},
"executor": executor.name
},
}
res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
assert res.status_code == 400
def test_run_agent_invalid_executor_argument(self, session, test_client):
agent = AgentFactory.create(workspaces=[self.workspace])
executor = ExecutorFactory.create(agent=agent)
session.add(executor)
session.commit()
payload = {
'executorData': {
"args": {
"another_param_name": 'param_content'
},
"executor": executor.name
}
}
res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
assert res.status_code == 400