Ejemplo n.º 1
0
 def test_invalid_body(self, test_client, session):
     agent = AgentFactory.create(workspace=self.workspace)
     session.add(agent)
     session.commit()
     res = test_client.post(self.url() + f'{agent.id}/run/',
                            data='[" broken]"{')
     assert res.status_code == 400
Ejemplo n.º 2
0
 def test_invalid_body(self, test_client, session):
     agent = AgentFactory.create(workspaces=[self.workspace])
     session.add(agent)
     session.commit()
     res = test_client.post(urljoin(self.url(agent), 'run'),
                            data='[" broken]"{')
     assert res.status_code == 400
Ejemplo n.º 3
0
    def test_run_fails(self, test_client, session,csrf_token):
        workspace = WorkspaceFactory.create()
        session.add(workspace)
        other_workspace = WorkspaceFactory.create()
        session.add(other_workspace)
        session.commit()
        agent = AgentFactory.create(
            workspaces=[workspace, other_workspace]
        )
        executor = ExecutorFactory.create(agent=agent)

        session.add(executor)
        session.commit()
        payload = {
            'csrf_token': csrf_token,
            'executorData': {
                "args": {
                    "param1": True
                },
                "executor": executor.name
            },
        }
        res = test_client.post(
            self.url(agent) + 'run/',
            json=payload
        )
        assert res.status_code == 404
Ejemplo n.º 4
0
 def test_update_bug_case(self, test_client, session):
     agent = AgentFactory.create(workspace=self.workspace)
     session.add(agent)
     session.commit()
     update_data = {"id": 1, "name": "Agent test", "is_online": True}
     res = test_client.put(self.url(agent.id), data=update_data)
     assert res.status_code == 200
Ejemplo n.º 5
0
 def test_get_workspaced_other_fails(self, test_client, session):
     other_workspace = WorkspaceFactory.create()
     session.add(other_workspace)
     agent = AgentFactory.create(workspaces=[other_workspace], active=True)
     session.commit()
     res = test_client.get(self.url(agent))
     assert res.status_code == 404
Ejemplo n.º 6
0
 def test_update_agent(self, test_client, session):
     agent = AgentFactory.create(workspace=self.workspace, active=True)
     session.commit()
     raw_agent = self.create_raw_agent(active=False)
     res = test_client.put(self.url(agent.id), data=raw_agent)
     assert res.status_code == 200
     assert not res.json['active']
Ejemplo n.º 7
0
    def test_happy_path_valid_json(self, test_client, session, csrf_token):
        agent = AgentFactory.create(workspaces=[self.workspace])
        executor = ExecutorFactory.create(agent=agent)
        executor2 = ExecutorFactory.create(agent=agent)

        session.add(executor)
        session.commit()

        assert agent.last_run is None
        assert executor.last_run is None
        assert executor2.last_run is None

        payload = {
            'csrf_token': csrf_token,
            'executorData': {
                "args": {
                    "param_name": "test"
                },
                "executor": executor.name
            },
        }
        res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
        assert res.status_code == 200
        command_id = res.json["command_id"]
        command = Command.query.filter(
            Command.workspace_id == self.workspace.id).one()
        assert command_id == command.id
        assert agent.last_run is not None
        assert executor.last_run is not None
        assert executor2.last_run is None
        assert agent.last_run == executor.last_run
Ejemplo n.º 8
0
 def test_get_workspaced(self, test_client, session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     agent = AgentFactory.create(workspaces=[self.workspace], active=True)
     session.commit()
     res = test_client.get(self.url(agent))
     assert res.status_code == 200
     assert 'workspaces' not in res.json
Ejemplo n.º 9
0
 def test_run_agent_invalid_missing_executorData(self, csrf_token, session,
                                                 test_client):
     agent = AgentFactory.create(workspaces=[self.workspace])
     session.add(agent)
     session.commit()
     payload = {'csrf_token': csrf_token}
     res = test_client.post(self.url(agent) + 'run/', json=payload)
     assert res.status_code == 400
Ejemplo n.º 10
0
 def test_delete_agent(self, test_client, session):
     initial_agent_count = len(session.query(Agent).all())
     agent = AgentFactory.create(workspace=self.workspace)
     session.commit()
     assert len(session.query(Agent).all()) == initial_agent_count + 1
     res = test_client.delete(self.url(agent.id))
     assert res.status_code == 204
     assert len(session.query(Agent).all()) == initial_agent_count
def _join_agent(test_client, session):
    agent = AgentFactory.create(token='pepito')
    session.add(agent)
    session.commit()

    headers = {"Authorization": "Agent {}".format(agent.token)}
    token = test_client.post('v2/agent_websocket_token/',
                             headers=headers).json['token']
    return token
Ejemplo n.º 12
0
 def test_get_not_workspaced(self, test_client, session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     agent = AgentFactory.create(workspaces=[workspace], active=True)
     session.commit()
     res = test_client.get(self.url(agent))
     assert res.status_code == 200
     assert len(res.json['workspaces']) == 1
     assert workspace.name in res.json['workspaces'][0]
    def _join_agent(self, test_client, session):
        agent = AgentFactory.create(token='pepito')
        session.add(agent)
        session.commit()

        headers = {"Authorization": f"Agent {agent.token}"}
        token = test_client.post(self.check_url('/v2/agent_websocket_token/'),
                                 headers=headers).json['token']
        return token
Ejemplo n.º 14
0
 def test_run_agent(self, session, csrf_token, test_client):
     agent = AgentFactory.create(workspaces=[self.workspace])
     session.add(agent)
     session.commit()
     payload = {
         'csrf_token': csrf_token,
         'executorData': '',
     }
     res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
     assert res.status_code == 400
    def test_new_executors_not_in_database(self, session):
        agent = AgentFactory.create()
        executors = [{
            'executor_name': 'nmap_executor',
            'args': {
                'param1': True
            }
        }]

        assert update_executors(agent, executors)
Ejemplo n.º 16
0
 def test_run_agent(self, session, csrf_token, test_client):
     agent = AgentFactory.create(workspace=self.workspace)
     session.add(agent)
     session.commit()
     payload = {
         'csrf_token': csrf_token,
         'executorData': '',
     }
     res = test_client.post(self.url() + f'{agent.id}/run/', json=payload)
     assert res.status_code == 400
Ejemplo n.º 17
0
 def test_invalid_json_on_executorData_breaks_the_api(
         self, csrf_token, session, test_client):
     agent = AgentFactory.create(workspaces=[self.workspace])
     session.add(agent)
     session.commit()
     payload = {
         'csrf_token': csrf_token,
         'executorData': '[][dassa',
     }
     res = test_client.post(self.url(agent) + 'run/', json=payload)
     assert res.status_code == 400
Ejemplo n.º 18
0
 def test_update_agent(self, test_client, session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     agent = AgentFactory.create(workspaces=[workspace], active=True)
     session.commit()
     raw_agent = self.create_raw_agent(active=False, workspaces=[workspace])
     res = test_client.put(self.url(agent.id), data=raw_agent)
     assert res.status_code == 200, (res.json, raw_agent)
     assert not res.json['active']
     assert len(res.json['workspaces']) == 1
     assert workspace.name in res.json['workspaces'][0]
    def test_remove_all_executors(self, session):
        agent = AgentFactory.create()
        params = {'old_param': True}
        executor = ExecutorFactory.create(name='old_executor',
                                          agent=agent,
                                          parameters_metadata=params)
        session.add(executor)
        session.commit()
        executors = []

        assert update_executors(agent, executors)
        count_executors = Executor.query.filter_by(agent=agent).count()
        assert count_executors == 0
    def test_executors_with_some_invalid_executors(self, session):
        agent = AgentFactory.create()
        executors = [{
            'invalid_key': 'nmap_executor'
        }, {
            'executor_name': 'executor 1',
            'args': {
                'param1': True
            }
        }]

        assert update_executors(agent, executors)
        count_executors = Executor.query.filter_by(agent=agent).count()
        assert count_executors == 1
Ejemplo n.º 21
0
 def test_happy_path_valid_json(self, test_client, session, csrf_token):
     agent = AgentFactory.create(workspace=self.workspace)
     session.add(agent)
     session.commit()
     payload = {
         'csrf_token': csrf_token,
         'executorData': {
             "args": {
                 "param1": True
             },
             "executor": "executor_name"
         },
     }
     res = test_client.post(self.url() + f'{agent.id}/run/', json=payload)
     assert res.status_code == 200
Ejemplo n.º 22
0
 def test_invalid_executor(self, test_client, session, csrf_token):
     agent = AgentFactory.create(workspaces=[self.workspace])
     session.add(agent)
     session.commit()
     payload = {
         'csrf_token': csrf_token,
         'executorData': {
             "args": {
                 "param1": True
             },
             "executor": "executor_name"
         },
     }
     res = test_client.post(self.url(agent) + 'run/', json=payload)
     assert res.status_code == 400
    def test_executor_already_in_database_but_new_parameters_incoming(
            self, session):
        agent = AgentFactory.create()
        old_params = {'old_param': True}
        executor = ExecutorFactory.create(agent=agent,
                                          parameters_metadata=old_params)
        session.add(executor)
        session.commit()
        new_params = old_params
        new_params.update({'param1': True})
        executors = [{'executor_name': executor.name, 'args': new_params}]

        assert update_executors(agent, executors)
        from_db_executor = Executor.query.filter_by(id=executor.id,
                                                    agent=agent).first()
        assert from_db_executor.parameters_metadata == new_params
Ejemplo n.º 24
0
 def test_update_bug_case(self, test_client, session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     agent = AgentFactory.create(workspaces=[workspace])
     session.add(agent)
     session.commit()
     update_data = {
         "id": 1,
         "name": "Agent test",
         "is_online": True,
         "workspaces": [workspace.name]
     }
     res = test_client.put(self.url(agent.id), data=update_data)
     assert res.status_code == 200, (res.json, update_data)
     assert workspace.name in res.json['workspaces']
     assert len(res.json['workspaces']) == 1
Ejemplo n.º 25
0
 def test_update_agent_add_a_inexistent_workspace(self, test_client,
                                                  session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     other_workspace = WorkspaceFactory.create()
     session.add(other_workspace)
     agent = AgentFactory.create(workspaces=[workspace], active=True)
     session.commit()
     raw_agent = self.create_raw_agent(
         workspaces=[workspace, other_workspace])
     raw_agent["workspaces"] = ["donotexist"]
     res = test_client.put(self.url(agent.id), data=raw_agent)
     assert res.status_code == 404
     workspaces = Agent.query.get(agent.id).workspaces
     assert len(workspaces) == 1
     assert workspace in workspaces
Ejemplo n.º 26
0
 def test_update_agent_delete_a_workspace(self, test_client, session):
     workspace = WorkspaceFactory.create()
     session.add(workspace)
     other_workspace = WorkspaceFactory.create()
     session.add(other_workspace)
     agent = AgentFactory.create(workspaces=[workspace, other_workspace],
                                 active=True)
     session.commit()
     raw_agent = self.create_raw_agent(workspaces=[workspace])
     res = test_client.put(self.url(agent.id), data=raw_agent)
     assert res.status_code == 200
     assert len(res.json['workspaces']) == 1
     assert other_workspace.name not in res.json['workspaces']
     assert workspace.name in res.json['workspaces']
     workspaces = Agent.query.get(agent.id).workspaces
     assert len(workspaces) == 1
     assert workspaces[0] == workspace
Ejemplo n.º 27
0
    def test_happy_path_valid_json(self, test_client, session, csrf_token):
        agent = AgentFactory.create(workspaces=[self.workspace])
        executor = ExecutorFactory.create(agent=agent)

        session.add(executor)
        session.commit()
        payload = {
            'csrf_token': csrf_token,
            'executorData': {
                "args": {
                    "param1": True
                },
                "executor": executor.name
            },
        }
        res = test_client.post(self.url(agent.id) + 'run/', json=payload)
        assert res.status_code == 200
Ejemplo n.º 28
0
 def test_workspaced_delete(self, session, test_client):
     initial_agent_count = len(session.query(Agent).all())
     other_workspace = WorkspaceFactory.create()
     session.add(other_workspace)
     agent = AgentFactory.create(
         workspaces=[self.workspace, other_workspace])
     session.commit()
     assert len(session.query(Agent).all()) == initial_agent_count + 1
     res = test_client.delete(self.url(agent.id))
     assert res.status_code == 204
     assert len(session.query(Agent).all()) == initial_agent_count + 1
     res = test_client.delete(self.url(agent.id))
     assert res.status_code == 404
     res = test_client.get(self.url(agent.id))
     assert res.status_code == 404
     workspaces = Agent.query.get(agent.id).workspaces
     assert len(workspaces) == 1
     assert other_workspace in workspaces
Ejemplo n.º 29
0
    def test_invalid_parameter_type(self, test_client, session, csrf_token):
        agent = AgentFactory.create(workspaces=[self.workspace])
        executor = ExecutorFactory.create(agent=agent)

        session.add(executor)
        session.commit()

        payload = {
            'csrf_token': csrf_token,
            'executorData': {
                "args": {
                    "param_name": ["test"]
                },
                "executor": executor.name
            },
        }
        res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)
        assert res.status_code == 400
Ejemplo n.º 30
0
    def test_run_agent_invalid_executor_argument(self, session, test_client):
        agent = AgentFactory.create(workspaces=[self.workspace])
        executor = ExecutorFactory.create(agent=agent)

        session.add(executor)
        session.commit()

        payload = {
            'executorData': {
                "args": {
                    "another_param_name": 'param_content'
                },
                "executor": executor.name
            }
        }

        res = test_client.post(urljoin(self.url(agent), 'run'), json=payload)

        assert res.status_code == 400