Ejemplo n.º 1
0
    def setUp(self):

        super(SantaModelTest, self).setUp()

        self.santa_blockable = santa.SantaBlockable(
            id='aaaabbbbccccdddd',
            id_type=constants.ID_TYPE.SHA256,
            blockable_hash='aaaabbbbccccdddd',
            file_name='Mac.app',
            publisher='Arple',
            product_name='New Shiny',
            version='2.0')

        self.santa_certificate = santa.SantaCertificate(
            id='mmmmnnnnoooopppp',
            id_type=constants.ID_TYPE.SHA256,
            blockable_hash='mmmmnnnnoooopppp',
            file_name='MagicCert',
            publisher='Total Legit CA',
            version='7.0',
            common_name='Trustee',
            organization='Big Lucky',
            organizational_unit='The Unit')

        quarantine = santa.QuarantineMetadata(
            data_url='http://notbad.com',
            referer_url='http://sourceforge.com',
            downloaded_dt=datetime.datetime.utcnow(),
            agent_bundle_id='123456')

        now = datetime.datetime.utcnow()
        self.santa_event = santa.SantaEvent(
            blockable_key=self.santa_blockable.key,
            event_type=constants.EVENT_TYPE.ALLOW_BINARY,
            file_name='Mac.app',
            file_path='/',
            executing_user='******',
            first_blocked_dt=now,
            last_blocked_dt=now,
            quarantine=quarantine)

        self.santa_blockable.put()
        self.santa_certificate.put()
        self.santa_event.put()

        self.PatchEnv(settings.ProdEnv, ENABLE_BIGQUERY_STREAMING=True)
Ejemplo n.º 2
0
def EnsureCritialRules():
    """Pre-populates Datastore with any critical Rule entities."""
    for critical_hash in settings.CRITICAL_MAC_OS_CERT_HASHES:

        cert = santa.SantaCertificate.get_by_id(critical_hash)

        if not cert:
            cert = santa.SantaCertificate(id=critical_hash,
                                          id_type=constants.ID_TYPE.SHA256)
            cert.put()

        # Check for at least one matching SantaRule.
        rule_missing = santa.SantaRule.query(ancestor=cert.key).get(
            keys_only=True) is None

        # Doesn't exist? Add it!
        if rule_missing:
            santa.SantaRule(parent=cert.key,
                            rule_type=constants.RULE_TYPE.CERTIFICATE,
                            policy=constants.RULE_POLICY.WHITELIST).put()
Ejemplo n.º 3
0
  def _GenerateCertificatesFromJsonEvent(cls, event):
    """Generates the list of Certificate entities associated with the event.

    Args:
      event: A single JSON event uploaded by the client.

    Returns:
      A list of the created-but-not-persisted SantaCertificate entities.
    """
    signing_chain = event.get(santa_const.EVENT_UPLOAD.SIGNING_CHAIN, [])
    certs = []
    for cert in signing_chain:
      cert_entity = santa_db.SantaCertificate(
          id=cert.get(santa_const.EVENT_UPLOAD.SHA256),
          id_type=common_const.ID_TYPE.SHA256,
          common_name=cert.get(santa_const.EVENT_UPLOAD.CN),
          organization=cert.get(santa_const.EVENT_UPLOAD.ORG),
          organizational_unit=cert.get(santa_const.EVENT_UPLOAD.OU),
          valid_from_dt=datetime.datetime.utcfromtimestamp(
              cert.get(santa_const.EVENT_UPLOAD.VALID_FROM)),
          valid_until_dt=datetime.datetime.utcfromtimestamp(
              cert.get(santa_const.EVENT_UPLOAD.VALID_UNTIL)))
      certs.append(cert_entity)
    return certs