def __init__(self, params):
self.initial_user_connector = ExpandedPyMISP(params['url'], params['key'], ssl=False, debug=False)
# Git pull
self.initial_user_connector.update_misp()
# Set the default role (id 3 on the VM is normal user)
self.initial_user_connector.set_default_role(3)
# Restart workers
self.initial_user_connector.restart_workers()
if not fast_mode:
# Load submodules
self.initial_user_connector.update_object_templates()
self.initial_user_connector.update_galaxies()
self.initial_user_connector.update_noticelists()
self.initial_user_connector.update_warninglists()
self.initial_user_connector.update_taxonomies()
self.initial_user_connector.toggle_global_pythonify()
# Create organisation
organisation = MISPOrganisation()
organisation.name = params['orgname']
self.test_org = self.initial_user_connector.add_organisation(organisation)
print(self.test_org.name, self.test_org.uuid)
# Create Site admin in new org
user = MISPUser()
user.email = params['email_site_admin']
user.org_id = self.test_org.id
user.role_id = 1 # Site admin
self.test_site_admin = self.initial_user_connector.add_user(user)
self.site_admin_connector = ExpandedPyMISP(params['url'], self.test_site_admin.authkey, ssl=False, debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Create org admin
user = MISPUser()
user.email = params['email_admin']
user.org_id = self.test_org.id
user.role_id = 2 # Org admin
self.test_org_admin = self.site_admin_connector.add_user(user)
self.org_admin_connector = ExpandedPyMISP(params['url'], self.test_org_admin.authkey, ssl=False, debug=False)
self.org_admin_connector.toggle_global_pythonify()
# Create user
user = MISPUser()
user.email = params['email_user']
user.org_id = self.test_org.id
self.test_usr = self.org_admin_connector.add_user(user)
self.user_connector = ExpandedPyMISP(params['url'], self.test_usr.authkey, ssl=False, debug=False)
self.user_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting('MISP.external_baseurl', params['external_baseurl'], force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl', params['url'], force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id', self.test_org.id)
self.external_base_url = params['external_baseurl']
self.sync = []
self.sync_servers = []
def setUpClass(cls):
warnings.simplefilter("ignore", ResourceWarning)
# Connect as admin
cls.admin_misp_connector = PyMISP(url, key)
cls.admin_misp_connector.set_server_setting('debug', 1, force=True)
cls.admin_misp_connector.global_pythonify = True
# Check if admin is really site admin
assert cls.admin_misp_connector._current_role.perm_site_admin
# Create advanced authkey, so connector will work even after advanced keys are required
cls.admin_advanced_authkey = cls.__create_advanced_authkey(
cls, cls.admin_misp_connector._current_user.id)
cls.admin_misp_connector.key = cls.admin_misp_connector.key + "," + cls.admin_advanced_authkey[
"authkey_raw"]
# Creates an org
organisation = MISPOrganisation()
organisation.name = 'Test Org ' + random() # make name always unique
cls.test_org = cls.admin_misp_connector.add_organisation(organisation)
check_response(cls.test_org)
# Creates org admin
org_admin = MISPUser()
org_admin.email = 'testorgadmin@user' + random(
) + '.local' # make name always unique
org_admin.org_id = cls.test_org.id
org_admin.role_id = 2 # Org admin role
cls.test_org_admin = cls.admin_misp_connector.add_user(org_admin)
check_response(cls.test_org_admin)
# Creates advanced auth key for org admin
cls.org_admin_advanced_authkey = cls.__create_advanced_authkey(
cls, cls.test_org_admin.id)
cls.org_admin_misp_connector = PyMISP(
url, cls.test_org_admin.authkey + "," +
cls.org_admin_advanced_authkey["authkey_raw"])
cls.org_admin_misp_connector.global_pythonify = True
# Creates an user
cls.test_usr_password = str(uuid.uuid4())
user = MISPUser()
user.email = 'testusr@user' + random(
) + '.local' # make name always unique
user.org_id = cls.test_org.id
user.role_id = 3 # User role
user.password = cls.test_usr_password
cls.test_usr = cls.admin_misp_connector.add_user(user)
check_response(cls.test_usr)
# Try to connect as user to check if everything works
PyMISP(url, cls.test_usr.authkey)
# Check if user can login with given password
assert login(url, cls.test_usr.email, cls.test_usr_password)
def create_sync_user(self, organisation):
sync_org = self.site_admin_connector.add_organisation(organisation)
short_org_name = sync_org.name.lower().replace(' ', '-')
user = MISPUser()
user.email = f"sync_user@{short_org_name}.local"
user.org_id = sync_org.id
user.role_id = 5 # Org admin
sync_user = self.site_admin_connector.add_user(user)
sync_user_connector = ExpandedPyMISP(self.site_admin_connector.root_url, sync_user.authkey, ssl=False, debug=False)
sync_server_config = sync_user_connector.get_sync_config(pythonify=True)
self.sync.append((sync_org, sync_user, sync_server_config))
def create_user(self, email, role_id):
user = MISPUser()
user.email = email
user.org_id = self.host_org.id
user.role_id = role_id
new_user = self.site_admin_connector.add_user(user)
if not isinstance(new_user, MISPUser):
users = self.site_admin_connector.users()
for user in users:
if user.email == email:
new_user = user
break
else:
raise Exception('Unable to find admin user')
return new_user
def create_sync_user(self, organisation: MISPOrganisation) -> MISPServer:
sync_org = self.site_admin_connector.add_organisation(organisation)
if not isinstance(sync_org, MISPOrganisation):
# The organisation is probably already there
organisations = self.site_admin_connector.organisations(
scope='all')
for org in organisations:
if org.name == organisation.name:
if not org.local:
org.local = True
org = self.site_admin_connector.update_organisation(
org)
sync_org = org
break
else:
raise Exception('Unable to find sync organisation')
short_org_name = sync_org.name.lower().replace(' ', '-')
email = f"sync_user@{short_org_name}.local"
user = MISPUser()
user.email = email
user.org_id = sync_org.id
user.role_id = 5 # Sync user
sync_user = self.site_admin_connector.add_user(user)
if not isinstance(sync_user, MISPUser):
users = self.site_admin_connector.users()
for user in users:
if user.email == email:
sync_user = user
break
else:
raise Exception('Unable to find sync user')
sync_user_connector = PyMISP(self.site_admin_connector.root_url,
sync_user.authkey,
ssl=self.secure_connection,
debug=False)
return sync_user_connector.get_sync_config(pythonify=True)
def test_Organisations(self):
"""
This test creats new organisations from the org.json file and adds user from the user.json file to it.
After all organisations and user are created the tests removes them and checks if they are correctly removed
"""
### Create organisations from org.json file
org_list = readInFile("samples/org.json")
tested_keys = [
'name', 'description', 'nationality', 'sector', 'uuid', 'contacts'
]
for item in org_list:
org = MISPOrganisation()
org.name = org_list[item]['name']
org.description = org_list[item]['description']
org.nationality = org_list[item]['nationality']
org.sector = org_list[item]['sector']
org.uuid = org_list[item]['uuid']
org.contacts = org_list[item]['contacts']
#org.local = org_list[item]['local']
logging.info("OrgManagement - try to create organization \"" +
org_list[item]['name'] + "\"")
response = self._misp.add_organisation(org, pythonify=True)
self.assertTrue(
org_list[item]['uuid'] in response.uuid,
msg="The created organisation has no or a wrong UUID")
self.assertTrue(
org_list[item]['name'] in response.name,
msg="The created organisation has no or a wrong name")
self.assertTrue(
org_list[item]['description'] in response.description,
msg="The created organisation has no or a wrong description")
self.assertTrue(
org_list[item]['nationality'] in response.nationality,
msg="The created organisation has no or a wrong nationality")
self.assertTrue(
response.local,
msg=
"The created organisation is not a local organisation but should be a local organisation"
)
self.assertTrue(
org_list[item]['sector'] in response.sector,
msg="The created organisation has no or a wrong sector")
response = self._misp.organisations(scope="local", pythonify=True)
logging.info(
"OrgManagement - check if the admin and both test organisations exist"
)
self.assertGreaterEqual(
len(response), 3,
"MISP responded with less then 3 existing organisations - there shold exactly be 3"
)
### Add new user from the user.json file
list_user = readInFile("samples/user.json")
users = self._misp.users(pythonify=True)
for item in list_user:
for org in response:
if org.name in list_user[item]['org_id']:
logging.info("OrgManagement - try to add user \"" +
list_user[item]['email'] + "\"")
usr = MISPUser()
usr.email = list_user[item]['email']
usr.org_id = org.id
usr.role_id = list_user[item]['role_id']
usr_response = self._misp.add_user(usr, pythonify=True)
# legnth of regular authkeys is 40 chars or longer
self.assertTrue(
usr_response.email in list_user[item]['email'],
msg="The created users has no or a wrong email")
self.assertTrue(
usr_response.role_id in list_user[item]['role_id'],
msg="The created users has no or a wrong role id")
self.assertGreaterEqual(
len(usr_response.authkey),
40,
msg=
"MISP responded with a wrong authkey - should be exactly 40 chars"
)
### An authentication test could be inserted here
### An user change role test could be inserted here
logging.info(
"OrgManagement - check if all user where created successfully")
response = self._misp.users(pythonify=True)
self.assertGreaterEqual(
len(response),
len(list_user),
msg=
"MISP responded with a wrong number of users - it seems that not all users could be created."
)
for item in response:
if item.org_id not in '1' or item.id not in '1':
logging.info("OrgManagement - try to delete user \"" +
item.email + "\"")
usr_response = self._misp.delete_user(item)
self.assertTrue("User deleted" in usr_response['message'],
msg="User could ne be deleted")
pass
logging.info(
"OrgManagement - check if user list now only contains the admin user"
)
response = self._misp.users(pythonify=True)
self.assertEqual(
len(response), 1,
"MISP responded with a wrong number of users - it seems that not all users could be deleted."
)
### Remove organisations
response = self._misp.organisations(pythonify=True)
for item in response:
if item.id not in "1":
logging.info("Try to remove organization: \"" + item.name +
"\"")
org_response = self._misp.delete_organisation(item)
self.assertTrue(
'deleted' in org_response['message'],
msg="Organisations could not be deleted from MISP")
pass
response = self._misp.organisations(pythonify=True)
logging.info("OrgManagement - check if only admin org exist")
self.assertEqual(
len(response),
1,
msg=
"MISP responded with a wrong number of organisations - it seems that not all organisations could be deleted."
)
def __init__(self, misp_instance_dir: Path, secure_connection: bool):
with (misp_instance_dir / 'config.json').open() as f:
self.instance_config = json.load(f)
print('Initialize', self.instance_config['admin_orgname'])
self.secure_connection = secure_connection
self.synchronisations = {}
self.name = self.instance_config['admin_orgname']
# NOTE: never use that user again after initial config.
initial_user_connector = PyMISP(self.instance_config['baseurl'],
self.instance_config['admin_key'],
ssl=self.secure_connection,
debug=False)
# Set the default role (id 3 is normal user)
initial_user_connector.set_default_role(3)
initial_user_connector.toggle_global_pythonify()
self.baseurl = self.instance_config['baseurl']
self.external_baseurl = self.instance_config['external_baseurl']
# Create organisation
organisation = MISPOrganisation()
organisation.name = self.instance_config['admin_orgname']
self.host_org = initial_user_connector.add_organisation(organisation)
if not isinstance(self.host_org, MISPOrganisation):
# The organisation is probably already there
organisations = initial_user_connector.organisations()
for organisation in organisations:
if organisation.name == self.instance_config['admin_orgname']:
self.host_org = organisation
break
else:
raise Exception('Unable to find admin organisation')
# Create Site admin in new org
user = MISPUser()
user.email = self.instance_config['email_site_admin']
user.org_id = self.host_org.id
user.role_id = 1 # Site admin
self.host_site_admin = initial_user_connector.add_user(user)
if not isinstance(self.host_site_admin, MISPUser):
users = initial_user_connector.users()
for user in users:
if user.email == self.instance_config['email_site_admin']:
self.host_site_admin = user
break
else:
raise Exception('Unable to find admin user')
self.site_admin_connector = PyMISP(self.baseurl,
self.host_site_admin.authkey,
ssl=self.secure_connection,
debug=False)
self.site_admin_connector.toggle_global_pythonify()
# Setup external_baseurl
self.site_admin_connector.set_server_setting('MISP.external_baseurl',
self.external_baseurl,
force=True)
# Setup baseurl
self.site_admin_connector.set_server_setting('MISP.baseurl',
self.baseurl,
force=True)
# Setup host org
self.site_admin_connector.set_server_setting('MISP.host_org_id',
self.host_org.id)
# create other useful users
self.orgadmin = self.create_user(
self.instance_config['email_orgadmin'], 2)
self.user = self.create_user(self.instance_config['email_user'], 3)
# And connectors
self.org_admin_connector = PyMISP(self.baseurl,
self.orgadmin.authkey,
ssl=self.secure_connection,
debug=False)
self.org_admin_connector.toggle_global_pythonify()
self.user_connector = PyMISP(self.baseurl,
self.user.authkey,
ssl=self.secure_connection,
debug=False)
self.user_connector.toggle_global_pythonify()