Example #1
0
 def test_close_one_of_two_open_machine_incident(self):
     event_metadata1 = EventMetadata(event_type="test",
                                     machine_serial_number="YOLOFOMO1")
     event_metadata1.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                               "WINDOWS",
                                               "LAPTOP",
                                               serial_number="YOLOFOMO1")
     event1 = BaseEvent(event_metadata1, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event1))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event1),
         event1.metadata.machine_serial_number, event1.metadata.uuid)
     event_metadata2 = EventMetadata(event_type="test",
                                     machine_serial_number="YOLOFOMO2")
     event_metadata2.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                               "WINDOWS",
                                               "LAPTOP",
                                               serial_number="YOLOFOMO2")
     event2 = BaseEvent(event_metadata2, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event2))
     machine_incident2, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event2),
         event2.metadata.machine_serial_number, event2.metadata.uuid)
     # 2 machine incidents on 1 incident
     self.assertNotEqual(machine_incident1, machine_incident2)
     self.assertEqual(machine_incident1.serial_number, "YOLOFOMO1")
     self.assertEqual(machine_incident2.serial_number, "YOLOFOMO2")
     self.assertEqual(machine_incident1.incident,
                      machine_incident2.incident)
     # close one machine incident
     machine_incident3, event_payloads = update_or_create_open_machine_incident(
         self.probe_source, 0, event2.metadata.machine_serial_number,
         event2.metadata.uuid)
     self.assertEqual(machine_incident3, machine_incident2)
     self.assertEqual(machine_incident3.incident,
                      machine_incident2.incident)
     incident = machine_incident3.incident
     self.assertEqual(incident.status, STATUS_OPEN)
     self.assertEqual(machine_incident3.status, STATUS_CLOSED)
     machine_incident1.refresh_from_db()
     self.assertEqual(machine_incident1.status, STATUS_OPEN)
     self.assertEqual(len(event_payloads), 1)
     event_payload = event_payloads[0]
     self.assertEqual(event_payload["action"], "closed")
     self.assertEqual(event_payload["machine_incident"]["pk"],
                      machine_incident3.pk)
     self.assertEqual(event_payload["machine_incident"]["status"],
                      STATUS_CLOSED)
Example #2
0
    def test_osquery_conf(self):
        # default machine has a subset of the queries
        default_machine = MockMetaMachine([], [], None, None)
        config = build_osquery_conf(default_machine, enrollment=None)
        self.assertCountEqual(
            ["decorators", "schedule", "file_accesses", "file_paths"],
            config.keys())  # no packs
        schedule = config["schedule"]
        self.assertCountEqual(
            [INVENTORY_QUERY_NAME, self.query_1_key, self.query_2_key],
            schedule.keys())
        file_paths = config["file_paths"]
        self.assertCountEqual(
            file_paths.keys(),
            [self.query_1_filepath_hash, self.query_2_filepath_hash])
        for key, file_path in ((self.query_1_filepath_hash,
                                self.query_1_filepath),
                               (self.query_2_filepath_hash,
                                self.query_2_filepath)):
            self.assertEqual(file_paths.get(key), [file_path])
        file_accesses = config["file_accesses"]
        self.assertEqual([self.query_2_filepath_hash], file_accesses)

        # mbu has all the queries
        mbu_machine = MockMetaMachine([1], [], None, "SERVER")
        config = build_osquery_conf(mbu_machine, enrollment=None)
        self.assertCountEqual(
            ["decorators", "schedule", "file_accesses", "file_paths"],
            config.keys())  # no packs
        schedule = config["schedule"]
        self.assertCountEqual([
            INVENTORY_QUERY_NAME, self.query_1_key, self.query_2_key,
            self.query_mbu_key
        ], schedule.keys())
        file_paths = config["file_paths"]
        self.assertCountEqual(file_paths.keys(), [
            self.query_1_filepath_hash, self.query_2_filepath_hash,
            self.query_mbu_filepath_hash
        ])
        for key, file_path in ((self.query_1_filepath_hash,
                                self.query_1_filepath),
                               (self.query_2_filepath_hash,
                                self.query_2_filepath),
                               (self.query_mbu_filepath_hash,
                                self.query_mbu_filepath)):
            self.assertEqual(file_paths.get(key), [file_path])
        file_accesses = config["file_accesses"]
        self.assertEqual([self.query_2_filepath_hash], file_accesses)
Example #3
0
 def test_close_manually_changed_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test", machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS", "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     # manually changed incident status
     machine_incident1.status = STATUS_IN_PROGRESS
     machine_incident1.save()
     machine_incident2, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         0,  # severity == 0 => close
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     # no changes, because the machine incident was manually changed
     self.assertEqual(machine_incident2, None)
     self.assertEqual(len(event_payloads), 0)
Example #4
0
 def test_enrich_event_machine_incident_match(self):
     event_metadata = EventMetadata(event_type="test", machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS", "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     enriched_events = list(enrich_event(event))
     self.assertEqual(len(enriched_events), 3)
     eevent1, eevent2, eevent3 = enriched_events
     # first event is the incident event
     self.assertIsInstance(eevent1, IncidentEvent)
     incident = Incident.objects.all()[0]
     self.assertEqual(eevent1.payload["action"], "created")
     self.assertEqual(eevent1.payload["pk"], incident.pk)
     self.assertEqual(eevent1.metadata.machine_serial_number, "YOLOFOMO")
     # second event is the machine incident event
     self.assertIsInstance(eevent2, MachineIncidentEvent)
     self.assertEqual(eevent2.payload["action"], "created")
     self.assertEqual(eevent2.payload["incident"]["pk"], incident.pk)
     self.assertEqual(eevent2.metadata.machine_serial_number, "YOLOFOMO")
     machine_incident = incident.machineincident_set.all()[0]
     self.assertEqual(eevent2.payload["pk"], machine_incident.pk)
     # third event is the original event
     self.assertEqual(eevent3, event)
     # machine incident in the original event metadata incidents
     self.assertEqual(len(eevent3.metadata.incidents), 1)
     eevent3_incident = eevent3.metadata.incidents[0]
     self.assertEqual(eevent3_incident["pk"], machine_incident.incident.pk)
     self.assertEqual(eevent3_incident["machine_incident"]["pk"], machine_incident.pk)
Example #5
0
 def test_update_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test", machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS", "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     machine_incident2, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event) + 100,
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     self.assertEqual(machine_incident1, machine_incident2)
     self.assertEqual(machine_incident2.incident, machine_incident1.incident)
     self.assertEqual(machine_incident2.incident.severity, SEVERITY_CRITICAL + 100)
     self.assertEqual(len(event_payloads), 1)
     event_payload = event_payloads[0]
     self.assertEqual(event_payload["action"], "updated")
     self.assertEqual(event_payload["diff"],
                      {"removed": {"severity": SEVERITY_CRITICAL},
                       "added": {"severity": SEVERITY_CRITICAL + 100}})
     self.assertEqual(event_payload["severity"], SEVERITY_CRITICAL + 100)
     self.assertEqual(event_payload.get("incident"), None)
     # meta machine
     self.assertEqual(MetaMachine("YOLOFOMO").max_incident_severity(), SEVERITY_CRITICAL + 100)
Example #6
0
 def test_close_manually_changed_incident_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test", machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS", "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     # manually changed incident status
     incident = machine_incident1.incident
     incident.status = STATUS_IN_PROGRESS
     incident.save()
     machine_incident2, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         0,  # severity == 0 => close
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     self.assertEqual(machine_incident1, machine_incident2)
     self.assertEqual(machine_incident2.incident, machine_incident1.incident)
     self.assertEqual(machine_incident2.status, STATUS_CLOSED)
     self.assertEqual(incident.status, STATUS_IN_PROGRESS)  # not touched because manually changed
     self.assertEqual(len(event_payloads), 1)
     event_payload = event_payloads[0]
     self.assertEqual(event_payload["action"], "closed")
     self.assertEqual(event_payload["pk"], machine_incident2.pk)
     self.assertEqual(event_payload["status"], STATUS_CLOSED)  # machine incident closed
     self.assertEqual(event_payload["incident"]["pk"], incident.pk)
     self.assertEqual(event_payload["incident"]["status"], STATUS_IN_PROGRESS)  # incident still in progress
Example #7
0
 def test_probes_test_event(self):
     default_machine = MockMetaMachine([], [], None, None)
     windows = MockMetaMachine([1], [1], "WINDOWS", None)
     tests = (
       # wrong hash
       (self.probe_1, self.query_2_result_name, default_machine, False),
       (self.probe_2, self.query_1_result_name, windows, False),
       (self.probe_windows, self.query_1_result_name, windows, False),
       # ok
       (self.probe_1, self.query_1_result_name, default_machine, True),
       (self.probe_2, self.query_2_result_name, windows, True),
       # windows
       (self.probe_windows, self.query_windows_result_name, default_machine, False),
       (self.probe_windows, self.query_windows_result_name, windows, True),
     )
     for probe, query_name, machine, result in tests:
         event = build_osquery_result_event(query_name)
         event.metadata.machine = machine  # hack
         self.assertEqual(probe.test_event(event), result)
Example #8
0
    def test_santa_conf(self):
        def frozenrules(l):  # TODO: better ?
            return set(frozenset(r.items()) for r in l)

        # default machine has a subset of the rules
        default_machine = MockMetaMachine([], [], None, None)
        config = build_santa_conf(default_machine)
        self.assertEqual(len(config["rules"]), 4)
        self.assertEqual(
            frozenrules(config["rules"]),
            frozenrules(self.blacklist_rules + self.whitelist_rules))

        # tablet has all the rules
        tablet = MockMetaMachine([], [], None, "TABLET")
        config = build_santa_conf(tablet)
        self.assertEqual(len(config["rules"]), 6)
        self.assertEqual(
            frozenrules(config["rules"]),
            frozenrules(self.blacklist_rules + self.whitelist_rules +
                        self.tablet_rules))
Example #9
0
    def test_osquery_conf(self):
        # default machine has a subset of the queries
        default_machine = MockMetaMachine([], [], None, None)
        config = build_osquery_conf(default_machine)
        # schedule with query 1
        schedule = config["schedule"]
        self.assertIsInstance(schedule, dict)
        self.assertCountEqual(
            [DEFAULT_ZENTRAL_INVENTORY_QUERY_NAME, self.query_1_key],
            schedule.keys())
        # 1 pack with query 2
        packs = config["packs"]
        self.assertIsInstance(packs, dict)
        self.assertCountEqual([self.query_pack_key], packs.keys())
        pack = packs[self.query_pack_key]
        self.assertIsInstance(pack, dict)
        self.assertCountEqual(["discovery", "queries"], pack.keys())
        self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
        pack_queries = pack["queries"]
        self.assertCountEqual([self.query_2_key], pack_queries.keys())

        # windows has all the queries
        windows = MockMetaMachine([1], [1], "WINDOWS", None)
        config = build_osquery_conf(windows)
        # schedule with query 1
        schedule = config["schedule"]
        self.assertIsInstance(schedule, dict)
        self.assertCountEqual(
            [DEFAULT_ZENTRAL_INVENTORY_QUERY_NAME, self.query_1_key],
            schedule.keys())
        # 1 pack with query 2 and query windows
        packs = config["packs"]
        self.assertIsInstance(packs, dict)
        self.assertCountEqual([self.query_pack_key], packs.keys())
        pack = packs[self.query_pack_key]
        self.assertIsInstance(pack, dict)
        self.assertCountEqual(["discovery", "queries"], pack.keys())
        self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
        pack_queries = pack["queries"]
        self.assertCountEqual([self.query_2_key, self.query_windows_key],
                              pack_queries.keys())
 def test_probes_test_event(self):
     default_machine = MockMetaMachine([], [], None, None)
     tag_machine = MockMetaMachine([1], [1], "WINDOWS", None)
     tests = (
         # wrong hash
         (self.probe_pfu, self.query_pfg_key, default_machine, False),
         (self.probe_pfg, self.query_pfu_key, default_machine, False),
         (self.probe_fc, self.query_pfu_key, tag_machine, False),
         (self.probe_tag, self.query_pfu_key, tag_machine, False),
         # ok
         (self.probe_pfu, self.query_pfu_key, default_machine, True),
         (self.probe_pfg, self.query_pfg_key, default_machine, True),
         (self.probe_tag, self.query_tag_key, tag_machine, True),
         # tag
         (self.probe_tag, self.query_tag_key, default_machine, False),
         (self.probe_tag, self.query_tag_key, tag_machine, True),
     )
     for probe, query_name, machine, result in tests:
         event = build_osquery_result_event(query_name)
         event.metadata.machine = machine  # hack
         self.assertEqual(probe.test_event(event), result)
Example #11
0
 def test_probe_test_event(self):
     for mbuis, tis, p, t, result in (([1238971298], [self.tag1.id], "WINDOWS", "LAPTOP", False),
                                      ([self.mbu1.id], [self.tag1.id], "WINDOWS", "LAPTOP", True),
                                      ([self.mbu1.id], [self.tag1.id], "WINDOWS", "VM", True),
                                      ):
         event = _build_event("base", machine_serial_number="YO")
         event_metadata = event.metadata
         # TODO hack
         event_metadata.machine = MockMetaMachine(mbuis, tis, p, t)
         event = BaseEvent(event_metadata, {"godzilla": "kommt"})
         self.assertEqual(self.probe.test_event(event), result)
         self.assertEqual(self.error_probe.test_event(event), False)
 def test_probes_test_event(self):
     default_machine = MockMetaMachine([], [], None, None)
     windows = MockMetaMachine([1], [1], "WINDOWS", None)
     tests = (
         # wrong probe id
         (self.probe_1, self.probe_2.pk, default_machine, False),
         (self.probe_2, self.probe_1.pk, windows, False),
         (self.probe_windows, self.probe_1.pk, windows, False),
         # ok
         (self.probe_1, self.probe_1.pk, default_machine, True),
         (self.probe_2, self.probe_2.pk, windows, True),
         # windows
         (self.probe_windows, self.probe_windows.pk, default_machine, False
          ),
         (self.probe_windows, self.probe_windows.pk, windows, True),
     )
     for probe, query_id, machine, result in tests:
         event = build_osquery_distributed_query_result_event(
             "NAME NOT TESTED", query_id)
         event.metadata.machine = machine  # hack
         self.assertEqual(probe.test_event(event), result)
Example #13
0
 def test_default_machine_distributed_queries(self):
     default_machine = MockMetaMachine([], [],
                                       None,
                                       None,
                                       serial_number="MSN1")
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     self.assertEqual(len(queries), 2)
     for key, query in ((self.query_1_key, self.query_1), (self.query_2_key,
                                                           self.query_2)):
         self.assertEqual(queries[key], query)
     extra_queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     self.assertEqual(extra_queries, {})
Example #14
0
    def test_inventory_filter_test_machine(self):
        inventory_filter = self.probe.inventory_filters[0]

        for mbuis, tis, p, t, result in (([], [], None, None, False),
                                         ([self.mbu1.id], [], "WINDOWS", "LAPTOP", False),
                                         ([self.mbu1.id], [12983719238], "WINDOWS", "LAPTOP", False),
                                         ([1238971298], [self.tag1.id], "WINDOWS", "LAPTOP", False),
                                         ([self.mbu1.id], [self.tag1.id], None, "LAPTOP", False),
                                         ([self.mbu1.id], [self.tag1.id], "WINDOWS", None, False),
                                         ([self.mbu1.id], [self.tag1.id], "WINDOWS", "LAPTOP", True)):
            mmm = MockMetaMachine(mbuis, tis, p, t)
            self.assertEqual(inventory_filter.test_machine(mmm), result)
            self.assertEqual(self.probe.test_machine(mmm), result)
            self.assertEqual(self.error_probe.test_machine(mmm), False)
    def test_osquery_conf(self):
        # default machine has a subset of the queries
        default_machine = MockMetaMachine([], [], None, None)
        config = build_osquery_conf(default_machine)
        self.assertCountEqual(
            ["decorators", "schedule"],
            config.keys())  # no file_paths, file_accesses or packs
        schedule = config["schedule"]
        self.assertCountEqual([
            INVENTORY_QUERY_NAME, self.query_pfu_key, self.query_pfg_key,
            self.query_fc_key
        ], schedule.keys())

        # tag has all the queries
        tag_machine = MockMetaMachine([], [1], None, "SERVER")
        config = build_osquery_conf(tag_machine)
        self.assertCountEqual(
            ["decorators", "schedule"],
            config.keys())  # no file_paths, file_accesses or packs
        schedule = config["schedule"]
        self.assertCountEqual([
            INVENTORY_QUERY_NAME, self.query_pfu_key, self.query_pfg_key,
            self.query_fc_key, self.query_tag_key
        ], schedule.keys())
Example #16
0
 def test_windows_machine_distributed_queries(self):
     windows_machine = MockMetaMachine([], [],
                                       "WINDOWS",
                                       None,
                                       serial_number="MSN2")
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         windows_machine)
     self.assertEqual(len(queries), 3)
     for key, query in ((self.query_1_key, self.query_1), (self.query_2_key,
                                                           self.query_2),
                        (self.query_windows_key, self.query_windows)):
         self.assertEqual(queries[key], query)
     extra_queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         windows_machine)
     self.assertEqual(extra_queries, {})
Example #17
0
 def test_close_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test", machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS", "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     self.assertEqual(machine_incident1.status, STATUS_OPEN)
     self.assertEqual(machine_incident1.incident.status, STATUS_OPEN)
     machine_incident2, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         0,  # severity == 0 => close
         event.metadata.machine_serial_number,
         event.metadata.uuid
     )
     self.assertEqual(machine_incident1, machine_incident2)
     self.assertEqual(machine_incident2.incident, machine_incident1.incident)
     self.assertEqual(machine_incident2.status, STATUS_CLOSED)
     incident = machine_incident2.incident
     self.assertEqual(incident.severity, SEVERITY_CRITICAL)
     self.assertEqual(incident.status, STATUS_CLOSED)
     self.assertEqual(len(event_payloads), 2)
     event_payload1, event_payload2 = event_payloads
     # machine incident event payload
     self.assertEqual(event_payload1["action"], "closed")
     self.assertEqual(event_payload1["incident"]["pk"], incident.pk)
     self.assertEqual(event_payload1["incident"]["status"], STATUS_OPEN)  # Incident still open
     self.assertEqual(event_payload1["pk"], machine_incident2.pk)
     self.assertEqual(event_payload1["status"], machine_incident2.status)
     self.assertEqual(event_payload1["event_id"], str(event.metadata.uuid))
     self.assertEqual(event_payload1["diff"], {"removed": {"status": STATUS_OPEN},
                                               "added": {"status": STATUS_CLOSED}})
     # incident event payload
     self.assertEqual(event_payload2["action"], "closed")
     self.assertEqual(event_payload2["pk"], incident.pk)
     self.assertEqual(event_payload2["status"], STATUS_CLOSED)  # Incident closed now
     self.assertEqual(event_payload2.get("incident"), None)
     self.assertEqual(event_payload2["diff"],
                      {"removed": {"status": STATUS_OPEN},
                       "added": {"status": STATUS_CLOSED}})
     # meta machine
     self.assertEqual(MetaMachine("YOLOFOMO").max_incident_severity(), None)
 def test_default_machine_older_distributed_queries(self):
     default_machine = MockMetaMachine([], [],
                                       None,
                                       None,
                                       serial_number="MSN3")
     # simulate all_probes sync
     all_probes.clear()
     # consume all queries
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     self.assertEqual(len(queries), 2)
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     self.assertEqual(len(queries), 0)
     # make a query that is one hour too old
     probe_source_too_old = ProbeSource.objects.create(
         model="OsqueryDistributedQueryProbe",
         name="QUERY TOO OLD",
         status=ProbeSource.ACTIVE,
         body={"distributed_query": "SELECT 'QUERY TOO OLD';"},
     )
     # simulate all_probes sync
     all_probes.clear()
     probe_source_too_old.created_at = timezone.now(
     ) - MAX_DISTRIBUTED_QUERY_AGE - timedelta(hours=1)
     probe_source_too_old.save()
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     # it's not there
     self.assertEqual(len(queries), 0)
     # make a query that is one hour younger than the limit
     probe_source_ok = ProbeSource.objects.create(
         model="OsqueryDistributedQueryProbe",
         name="QUERY OK",
         status=ProbeSource.ACTIVE,
         body={"distributed_query": "SELECT 'QUERY OK';"},
     )
     probe_source_ok.created_at = timezone.now(
     ) - MAX_DISTRIBUTED_QUERY_AGE + timedelta(hours=1)
     probe_source_ok.save()
     # simulate all_probes sync
     all_probes.clear()
     # it's there
     queries = DistributedQueryProbeMachine.objects.new_queries_for_machine(
         default_machine)
     self.assertEqual(len(queries), 1)
     self.assertEqual(queries["dq_{}".format(probe_source_ok.pk)],
                      "SELECT 'QUERY OK';")
Example #19
0
def build_munki_event(name, install_type, unattended, machine_tag_id):
    MunkiEvent = event_types["munki_event"]
    payload = payload_template.copy()
    payload["name"] = name
    payload["display_name"] = name.capitalize()
    payload["type"] = install_type
    payload["unattended"] = unattended
    event = MunkiEvent(
        EventMetadata(machine_serial_number="YO",
                      event_type=MunkiEvent.event_type), payload)
    if machine_tag_id:
        # hack
        event.metadata.machine = MockMetaMachine([], [machine_tag_id],
                                                 None,
                                                 None,
                                                 serial_number="YO")
    return event
Example #20
0
 def test_create_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test",
                                    machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS",
                                              "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number, event.metadata.uuid)
     # machine incident
     self.assertEqual([machine_incident],
                      list(MachineIncident.objects.all()))
     self.assertEqual(machine_incident.status, STATUS_OPEN)
     self.assertEqual(machine_incident.event_id, event.metadata.uuid)
     # incident
     incident = machine_incident.incident
     self.assertEqual([incident], list(Incident.objects.all()))
     self.assertEqual(incident.probe_source, self.probe_source)
     self.assertEqual(incident.name, "base probe")
     self.assertEqual(incident.status, STATUS_OPEN)
     self.assertEqual(incident.severity, SEVERITY_CRITICAL)
     self.assertEqual(incident.event_id, event.metadata.uuid)
     # event payloads
     self.assertEqual(len(event_payloads), 2)
     event_payload1, event_payload2 = event_payloads
     # incident event payload
     self.assertEqual(event_payload1["action"], "created")
     self.assertEqual(event_payload1["pk"], incident.pk)
     self.assertEqual(event_payload1.get("machine_incident"), None)
     # machine incident event payload
     self.assertEqual(event_payload2["action"], "created")
     self.assertEqual(
         event_payload2["machine_incident"], {
             "pk": machine_incident.pk,
             "status": machine_incident.status,
             "event_id": str(event.metadata.uuid)
         })
     # meta machine
     self.assertEqual(
         MetaMachine("YOLOFOMO").max_incident_severity(), SEVERITY_CRITICAL)
Example #21
0
 def test_same_open_machine_incident(self):
     event_metadata = EventMetadata(event_type="test",
                                    machine_serial_number="YOLOFOMO")
     event_metadata.machine = MockMetaMachine([self.mbu1], [self.tag1],
                                              "WINDOWS",
                                              "LAPTOP",
                                              serial_number="YOLOFOMO")
     event = BaseEvent(event_metadata, {"joe": "jackson"})
     self.assertTrue(self.probe.test_event(event))
     machine_incident1, _ = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number, event.metadata.uuid)
     machine_incident2, event_payloads = update_or_create_open_machine_incident(
         self.probe_source,
         self.probe.get_matching_event_incident_severity(event),
         event.metadata.machine_serial_number, event.metadata.uuid)
     self.assertEqual(machine_incident1, machine_incident2)
     self.assertEqual(len(event_payloads), 0)
Example #22
0
 def test_probes_test_event(self):
     for rule_type, sha256, decision, bl_result, wl_result in (
             # wrong sha256
         ("BINARY", self.certificate_sha256, "ALLOW_BINARY", False, False),
         ("BINARY", self.certificate_sha256, "BLOCK_BINARY", False, False),
         ("CERTIFICATE", self.binary_sha256, "ALLOW_CERTIFICATE", False,
          False),
         ("CERTIFICATE", self.binary_sha256, "BLOCK_CERTIFICATE", False,
          False),
             # unknown decision
         ("BINARY", self.binary_sha256, "ALLOW_SCOPE", False, False),
         ("CERTIFICATE", self.certificate_sha256, "BLOCK_SCOPE", False,
          False),
         ("BINARY", self.binary_sha256, "ALLOW_UNKNOWN", False, False),
         ("CERTIFICATE", self.certificate_sha256, "BLOCK_UNKNOWN", False,
          False),
             # wrong decision
         ("BINARY", self.binary_sha256, "ALLOW_CERTIFICATE", False, False),
         ("BINARY", self.binary_sha256, "BLOCK_CERTIFICATE", False, False),
         ("CERTIFICATE", self.certificate_sha256, "ALLOW_BINARY", False,
          False),
         ("CERTIFICATE", self.certificate_sha256, "BLOCK_BINARY", False,
          False),
             # OK
         ("BINARY", self.binary_sha256, "ALLOW_BINARY", False, True),
         ("BINARY", self.binary_sha256, "BLOCK_BINARY", True, False),
         ("CERTIFICATE", self.certificate_sha256, "ALLOW_CERTIFICATE",
          False, True),
         ("CERTIFICATE", self.certificate_sha256, "BLOCK_CERTIFICATE", True,
          False)):
         event = build_matching_santa_event(rule_type, sha256, decision)
         self.assertEqual(self.probe_blacklist.test_event(event), bl_result)
         self.assertEqual(self.probe_whitelist.test_event(event), wl_result)
         # tablet
         sha256 = sha256[::-1]
         event = build_matching_santa_event(rule_type, sha256, decision)
         self.assertEqual(self.probe_tablet.test_event(event), False)
         # hack
         tablet = MockMetaMachine([], [], None, "TABLET")
         event.metadata.machine = tablet
         self.assertEqual(self.probe_tablet.test_event(event), bl_result)
def build_munki_event(name,
                      install_type,
                      unattended,
                      machine_tag_id,
                      failed=False):
    event_type = f"munki_{install_type}"
    if failed:
        event_type += "_failed"
    event_cls = event_types[event_type]
    payload = payload_template.copy()
    payload["name"] = name
    payload["display_name"] = name.capitalize()
    payload["type"] = install_type
    payload["unattended"] = unattended
    event = event_cls(EventMetadata(machine_serial_number="YO"), payload)
    if machine_tag_id:
        # hack
        event.metadata.machine = MockMetaMachine([], [machine_tag_id],
                                                 None,
                                                 None,
                                                 serial_number="YO")
    return event