def test_mitigation_to_hit(self, pg_db_conn, cleanup): # pylint: disable=unused-argument """Test replacing rule which has mitigation and is actvie with another one which is inactive but has mitigation""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: inv_id = 'INV-17' system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system( system, { 1: { 'id': 1, 'mitigation_reason': 'SELinux mitigates', 'cve_name': 'CVE-2014-1' }, 9: { 'id': 4, 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2018-1' } }) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, 1, 9) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_rule_adding_cve(self, pg_db_conn, cleanup, cve_id, rule_id, cve_name): # pylint: disable=unused-argument """ Tests adding a rule which adds one CVE to a system In some we are removing other rules from a system, but the rules in this tests were chosen so they're either not active or not VMaaS mitigated """ with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: system = deepcopy(SYSTEM_DICT) system['inventory_id'] = 'INV-4' rule_hits = { cve_id: { 'id': rule_id, 'details': '{"detail_key": "detail_value"}', 'cve_name': cve_name } } orig_cve_count_cache = self._system_cache(cur, 'INV-4') orig_caches = self._account_caches(cur) db_import_system(system, rule_hits) new_cve_count_cache = self._system_cache(cur, 'INV-4') new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, 1, cve_id) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_rule_not_changing_cves(self, pg_db_conn, cleanup, inv_id, cve_id, rule_id, cve_name): # pylint: disable=unused-argument """Inserts CVE which is tied to inactive rule, nothing shall happen""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id rule_hits = { cve_id: { 'id': rule_id, 'details': '{"detail_key": "detail_value"}', 'cve_name': cve_name } } orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system(system, rule_hits) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) assert orig_cve_count_cache == new_cve_count_cache assert orig_caches == new_caches assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_new_rule_unknown_cve(self, pg_db_conn, cleanup): # pylint: disable=unused-argument """Tests adding completely new rule with completely new CVE""" with DatabasePool(3): with DatabasePoolConnection() as conn: with conn.cursor() as cur: db_import_rule('new_rule|ERROR_KEY', ['CVE-2068-124']) cur.execute( "SELECT id FROM insights_rule WHERE name = 'new_rule|ERROR_KEY'" ) rule_id = cur.fetchone()[0] cur.execute( "UPDATE insights_rule SET active = 'T' WHERE name = 'new_rule|ERROR_KEY'" ) cur.execute( "SELECT id FROM cve_metadata WHERE cve = 'CVE-2068-124'" ) cve_id = cur.fetchone()[0] conn.commit() inv_id = 'INV-6' system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id rule_hits = { cve_id: { 'id': rule_id, 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2068-124' } } orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system(system, rule_hits) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) assert orig_cve_count_cache + 1 == new_cve_count_cache assert new_caches[cve_id] == 1 del new_caches[cve_id] assert orig_caches == new_caches assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_adding_inactive(self, pg_db_conn, cleanup): # pylint: disable=unused-argument """Tests adding inactive rule mitigation to a system""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: inv_id = 'INV-5' system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system( system, { 1: { 'id': 3, 'mitigation_reason': 'SELinux mitigates', 'cve_name': 'CVE-2014-1' }, 8: { 'id': 4, 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2017-6' }, 10: { 'id': 5, 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2017-8' }, 11: { 'id': 5, 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2018-1' } }) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, 0, 1) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_simple_import(self, pg_db_conn): # pylint: disable=unused-argument """Test importing new system with one rule""" with DatabasePool(1): system = deepcopy(SYSTEM_DICT) system['inventory_id'] = 'INV-112' rule_hits = {} rule_hits[CVES_CACHE['CVE-2014-1']] = { 'id': RULES_CACHE['CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2'], 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2014-1' } db_import_system(system, rule_hits) # add a additional CVE to rule rule_hits[CVES_CACHE['CVE-2016-1']] = { 'id': RULES_CACHE['CVE_2018_3639_cpu_kernel|CVE_2018_3639_CPU_BAD_MICROCODE_2'], 'details': '{"detail_key": "detail_value"}', 'cve_name': 'CVE-2016-1' } db_import_system(system, rule_hits)
def test_unmitigation(self, pg_db_conn, cleanup): # pylint: disable=unused-argument """Test removing rule mitigations from system for a system with 2 CVEs from which only one is reported by VMaaS""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: inv_id = 'INV-17' system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system(system, {}) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, 1, 9) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_removing_all_rules(self, pg_db_conn, cleanup): # pylint: disable=unused-argument """Tests removing all rules from system""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: inv_id = 'INV-5' system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system(system, {}) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, -1, 8) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])
def test_rule_removing_cve(self, pg_db_conn, cleanup, inv_id, cve_id, rule_hits): # pylint: disable=unused-argument """Tests removing rule from system where the CVE is not reported by VMaaS""" with DatabasePool(2): with DatabasePoolConnection() as conn: with conn.cursor() as cur: system = deepcopy(SYSTEM_DICT) system['inventory_id'] = inv_id orig_cve_count_cache = self._system_cache(cur, inv_id) orig_caches = self._account_caches(cur) db_import_system(system, rule_hits) new_cve_count_cache = self._system_cache(cur, inv_id) new_caches = self._account_caches(cur) self._test_counts(orig_cve_count_cache, new_cve_count_cache, orig_caches, new_caches, -1, cve_id) assert all([ self._cache_check(cur, account_id) for account_id in ('0', '1', '2') ])