def testNewBit9Binary_ForcedInstaller(self):
self.PatchSetting('ENABLE_BINARY_ANALYSIS_PRECACHING', True)
file_catalog_kwargs = {
'file_flags': bit9_constants.FileFlags.MARKED_INSTALLER}
event, cert = _CreateEventAndCert(
file_catalog_kwargs=file_catalog_kwargs)
file_catalog = event.get_expand(api.Event.file_catalog_id)
self.assertEntityCount(bit9_models.Bit9Binary, 0)
self.assertEntityCount(bit9_models.Bit9Rule, 0)
changed = sync._PersistBit9Binary(event, file_catalog, [cert]).get_result()
self.assertTrue(changed)
self.assertEntityCount(bit9_models.Bit9Binary, 1)
self.assertEntityCount(bit9_models.Bit9Rule, 1)
binary = bit9_models.Bit9Binary.query().get()
self.assertTrue(binary.is_installer)
self.assertFalse(binary.detected_installer)
rule = bit9_models.Bit9Rule.query().get()
self.assertTrue(constants.RULE_POLICY.FORCE_INSTALLER, rule.policy)
self.assertTaskCount(constants.TASK_QUEUE.METRICS, 1)
# Should be 1 for the new Binary
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY])
def testNewBit9Binary_ForcedInstaller(self):
self.PatchSetting('ENABLE_BINARY_ANALYSIS_PRECACHING', True)
event, signing_chain = _CreateEventTuple(
file_catalog=bit9_test_utils.CreateFileCatalog(
file_flags=bit9_constants.FileFlags.MARKED_INSTALLER))
file_catalog = event.get_expand(api.Event.file_catalog_id)
self.assertEntityCount(bit9_db.Bit9Binary, 0)
self.assertEntityCount(bit9_db.Bit9Rule, 0)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertTrue(changed)
self.assertEntityCount(bit9_db.Bit9Binary, 1)
self.assertEntityCount(bit9_db.Bit9Rule, 1)
binary = bit9_db.Bit9Binary.query().get()
self.assertTrue(binary.is_installer)
self.assertFalse(binary.detected_installer)
rule = bit9_db.Bit9Rule.query().get()
self.assertTrue(constants.RULE_POLICY.FORCE_INSTALLER, rule.policy)
self.assertTaskCount(constants.TASK_QUEUE.METRICS, 1)
# Should be 1 for the new Binary
self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE)
self.assertEntityCount(bigquery_db.BinaryRow, 1)
def testNewBit9Binary(self):
event, cert = _CreateEventAndCert(
event_kwargs={'subtype': bit9_constants.SUBTYPE.BANNED})
file_catalog = event.get_expand(api.Event.file_catalog_id)
self.assertEntityCount(bit9_models.Bit9Binary, 0)
changed = sync._PersistBit9Binary(
event, file_catalog, [cert]).get_result()
self.assertTrue(changed)
self.assertEntityCount(bit9_models.Bit9Binary, 1)
# Should be 2: 1 for new Binary, 1 For the BANNED State.
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY] * 2)
def testNoChanges(self):
bit9_binary = test_utils.CreateBit9Binary(detected_installer=False)
file_catalog_kwargs = {
'id': bit9_binary.file_catalog_id,
'sha256': bit9_binary.key.id(),
'file_flags': 0x0}
event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs)
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, [cert]).get_result()
self.assertFalse(changed)
# Empty because Binary is not new and State is not BANNED.
self.assertNoBigQueryInsertions()
def testNoChanges(self):
bit9_binary = test_utils.CreateBit9Binary(detected_installer=False)
event, signing_chain = _CreateEventTuple(
file_catalog=bit9_test_utils.CreateFileCatalog(
id=bit9_binary.file_catalog_id,
sha256=bit9_binary.key.id(),
file_flags=0x0))
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertFalse(changed)
# Empty because Binary is not new and State is not BANNED.
self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testNewBit9Binary(self):
event, signing_chain = _CreateEventTuple(
subtype=bit9_constants.SUBTYPE.BANNED)
file_catalog = event.get_expand(api.Event.file_catalog_id)
self.assertEntityCount(bit9_db.Bit9Binary, 0)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertTrue(changed)
self.assertEntityCount(bit9_db.Bit9Binary, 1)
# Should be 2: 1 for new Binary, 1 For the BANNED State.
self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE)
self.assertEntityCount(bigquery_db.BinaryRow, 2)
def testFileCatalogIdInitiallyMissing(self):
bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None)
sha256 = bit9_binary.key.id()
file_catalog_kwargs = {'id': '12345', 'sha256': sha256}
event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs)
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, [cert]).get_result()
self.assertTrue(changed)
bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256)
self.assertEqual('12345', bit9_binary.file_catalog_id)
# Should be Empty: No new Binary or BANNED State.
self.assertNoBigQueryInsertions()
def testStateChangedToBanned(self):
bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED)
sha256 = bit9_binary.key.id()
event_kwargs = {'subtype': bit9_constants.SUBTYPE.BANNED}
file_catalog_kwargs = {'id': '12345', 'sha256': sha256}
event, cert = _CreateEventAndCert(
event_kwargs=event_kwargs, file_catalog_kwargs=file_catalog_kwargs)
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, [cert]).get_result()
self.assertTrue(changed)
bit9_binary = bit9_models.Bit9Binary.get_by_id(sha256)
self.assertEqual(constants.STATE.BANNED, bit9_binary.state)
# Should be 1 for the BANNED State.
self.assertBigQueryInsertions([constants.BIGQUERY_TABLE.BINARY])
def testFileCatalogIdInitiallyMissing(self):
bit9_binary = test_utils.CreateBit9Binary(file_catalog_id=None)
sha256 = bit9_binary.key.id()
event, signing_chain = _CreateEventTuple(
file_catalog=bit9_test_utils.CreateFileCatalog(
id='12345',
sha256=sha256))
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertTrue(changed)
bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256)
self.assertEqual('12345', bit9_binary.file_catalog_id)
# Should be Empty: No new Binary or BANNED State.
self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
def testStateChangedToBanned(self):
bit9_binary = test_utils.CreateBit9Binary(state=constants.STATE.UNTRUSTED)
sha256 = bit9_binary.key.id()
event, signing_chain = _CreateEventTuple(
subtype=bit9_constants.SUBTYPE.BANNED,
file_catalog=bit9_test_utils.CreateFileCatalog(
id='12345',
sha256=sha256))
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertTrue(changed)
bit9_binary = bit9_db.Bit9Binary.get_by_id(sha256)
self.assertEqual(constants.STATE.BANNED, bit9_binary.state)
# Should be 1 for the BANNED State.
self.DrainTaskQueue(constants.TASK_QUEUE.BQ_PERSISTENCE)
self.assertEntityCount(bigquery_db.BinaryRow, 1)
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self):
bit9_binary = test_utils.CreateBit9Binary(
detected_installer=False, is_installer=False)
test_utils.CreateBit9Rule(
bit9_binary.key,
is_committed=True,
policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER)
file_catalog_kwargs = {
'id': bit9_binary.file_catalog_id,
'sha256': bit9_binary.key.id(),
'file_flags': bit9_constants.FileFlags.MARKED_INSTALLER}
event, cert = _CreateEventAndCert(file_catalog_kwargs=file_catalog_kwargs)
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, [cert]).get_result()
self.assertTrue(changed)
self.assertTrue(bit9_binary.key.get().is_installer)
# Empty because Binary is not new and State is not BANNED.
self.assertNoBigQueryInsertions()
def testForcedInstaller_PreexistingRule_ConflictingPolicy(self):
bit9_binary = test_utils.CreateBit9Binary(
detected_installer=False, is_installer=False)
test_utils.CreateBit9Rule(
bit9_binary.key,
is_committed=True,
policy=constants.RULE_POLICY.FORCE_NOT_INSTALLER)
event, signing_chain = _CreateEventTuple(
file_catalog=bit9_test_utils.CreateFileCatalog(
id=bit9_binary.file_catalog_id,
sha256=bit9_binary.key.id(),
file_flags=bit9_constants.FileFlags.MARKED_INSTALLER))
file_catalog = event.get_expand(api.Event.file_catalog_id)
changed = sync._PersistBit9Binary(
event, file_catalog, signing_chain).get_result()
self.assertTrue(changed)
self.assertTrue(bit9_binary.key.get().is_installer)
# Empty because Binary is not new and State is not BANNED.
self.assertTaskCount(constants.TASK_QUEUE.BQ_PERSISTENCE, 0)
