def testWhitelist_NoEvent(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key, host_id='2222', user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False)
# Mock out the Bit9 API interactions.
file_instance = api.FileInstance(
id=3333,
file_catalog_id=1111,
computer_id=2222,
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([file_instance], file_instance)
change_set.ChangeLocalState(
binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED)
# Verify the Bit9 API interactions.
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET', api_route='fileInstance',
query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']),
mock.call(
'POST', api_route='fileInstance',
data={'id': 3333,
'localState': 2,
'fileCatalogId': 1111,
'computerId': 2222},
query_args=None)])
self.assertTrue(local_rule.key.get().is_fulfilled)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testWhitelist_HasEvent(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key,
host_id='2222',
user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST,
is_fulfilled=False)
# Create a Bit9Event corresponding to the Bit9Rule.
pairs = [('User', user.email), ('Host', '2222'),
('Blockable', binary.key.id()), ('Event', '1')]
event_key = ndb.Key(pairs=pairs)
first_blocked_dt = datetime.datetime.utcnow() - datetime.timedelta(
hours=3)
test_utils.CreateBit9Event(binary,
key=event_key,
first_blocked_dt=first_blocked_dt)
# Mock out the Bit9 API interactions.
file_instance = api.FileInstance(
id=3333,
file_catalog_id=1111,
computer_id=2222,
local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED)
self.PatchApiRequests([file_instance], file_instance)
change_set.ChangeLocalState(binary, local_rule,
bit9_constants.APPROVAL_STATE.APPROVED)
# Verify the Bit9 API interactions.
self.mock_ctx.ExecuteRequest.assert_has_calls([
mock.call(
'GET',
api_route='fileInstance',
query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']),
mock.call('POST',
api_route='fileInstance',
data={
'id': 3333,
'localState': 2,
'fileCatalogId': 1111,
'computerId': 2222
},
query_args=None)
])
self.assertTrue(local_rule.key.get().is_fulfilled)
self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testNoFileInstances(self):
binary = test_utils.CreateBit9Binary(file_catalog_id='1111')
user = test_utils.CreateUser()
local_rule = test_utils.CreateBit9Rule(
binary.key, host_id='2222', user_key=user.key,
policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False)
# Simulate getting no fileInstances from Bit9.
self.PatchApiRequests([])
change_set.ChangeLocalState(
binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED)
self.assertFalse(local_rule.key.get().is_fulfilled)
self.assertNoBigQueryInsertions()