def test_try_json(mox): """Test the try_json method operation.""" resp_data = {'Something': 'Going On'} resp1 = StubResponse(resp_data) resp2 = StubResponse(resp_data) mox.StubOutWithMock(resp2, 'json') resp2.json().AndRaise(ValueError) mox.ReplayAll() rc1 = try_json(resp1) assert rc1 == resp_data rc2 = try_json(resp2) assert rc2 == {} mox.VerifyAll()
def _execute_delete(url): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs/abcdefg" if _was_called: pytest.fail("_execute_delete should not be called twice!") _was_called = True return StubResponse(None)
def _uninstall_sensor(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "UNINSTALL_SENSOR", "search": {"query": "foobar", "criteria": {}, "exclusions": {}}} _was_called = True return StubResponse(None, 204)
def _do_dismiss(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/ESD14U2C/workflow" assert body == {"state": "DISMISSED", "remediation_state": "Fixed", "comment": "Yessir"} _was_called = True return StubResponse({"state": "DISMISSED", "remediation": "Fixed", "comment": "Yessir", "changed_by": "Robocop", "last_update_time": "2019-10-31T16:03:13.951Z"})
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/devices/_search" assert body == { "query": "foobar", "criteria": { "ad_group_id": [14, 25], "os": ["LINUX"], "policy_id": [8675309], "status": ["ALL"], "target_priority": ["HIGH"] }, "exclusions": { "sensor_version": ["0.1"] }, "sort": [{ "field": "name", "order": "DESC" }] } _was_called = True return StubResponse({ "results": [{ "id": 6023, "organization_name": "thistestworks" }], "num_found": 1 })
def _do_update(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/threat/B0RG/workflow" assert body == {"state": "OPEN", "remediation_state": "Fixed", "comment": "NoSir"} _was_called = True return StubResponse({"state": "OPEN", "remediation": "Fixed", "comment": "NoSir", "changed_by": "Robocop", "last_update_time": "2019-10-31T16:03:13.951Z"})
def _execute_stop(url, body, **kwargs): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs/abcdefg/status" assert body == {"status": "CANCELLED"} _was_called = True return StubResponse( {"error_message": "The query is not presently running."}, 409)
def _quarantine(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "QUARANTINE", "search": {"query": "foobar", "criteria": {}, "exclusions": {}}, "options": {"toggle": "ON"}} _was_called = True return StubResponse(None, 204)
def _do_dismiss(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/vmware/workflow/_criteria" assert body == {"query": "Blort", "state": "DISMISSED", "remediation_state": "Fixed", "comment": "Yessir", "criteria": {"device_name": ["HAL9000"]}} _was_called = True return StubResponse({"request_id": "497ABX"})
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/_search" assert body == { "query": "Blort", "criteria": { "last_update_time": { "range": "-3w" } }, "rows": 100 } _was_called = True return StubResponse({ "results": [{ "id": "S0L0", "org_key": "Z100", "threat_id": "B0RG", "workflow": { "state": "OPEN" } }], "num_found": 1 })
def _run_facet_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/watchlist/_facet" assert body == { "query": "Blort", "criteria": { "workflow": ["OPEN"] }, "terms": { "rows": 0, "fields": ["REPUTATION", "STATUS"] }, "rows": 100 } _was_called = True return StubResponse({ "results": [{ "field": {}, "values": [{ "id": "reputation", "name": "reputationX", "total": 4 }] }, { "field": {}, "values": [{ "id": "status", "name": "statusX", "total": 9 }] }] })
def _background_scan(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "BACKGROUND_SCAN", "search": {"query": "foobar", "criteria": {}, "exclusions": {}}, "options": {"toggle": "ON"}} _was_called = True return StubResponse(None, 204)
def _do_update(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/threat/workflow/_criteria" assert body == {"threat_id": ["B0RG", "F3R3NG1"], "state": "OPEN", "remediation_state": "Fixed", "comment": "NoSir"} _was_called = True return StubResponse({"request_id": "497ABX"})
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/devices/_search" assert body == {"query": "foobar", "criteria": {"last_contact_time": {"range": "-3w"}}, "exclusions": {}} _was_called = True return StubResponse({"results": [{"id": 6023, "organization_name": "thistestworks"}], "num_found": 1})
def _call_update_sensor_version(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "UPDATE_SENSOR_VERSION", "device_id": [6023], "options": {"sensor_version": {"RHEL": "2.3.4.5"}}} _was_called = True return StubResponse(None, 204)
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/_search" assert body == { "query": "Blort", "rows": 100, "criteria": { "create_time": { "start": "2019-09-30T12:34:56", "end": "2019-10-01T12:00:12" } } } _was_called = True return StubResponse({ "results": [{ "id": "S0L0", "org_key": "Z100", "threat_id": "B0RG", "workflow": { "state": "OPEN" } }], "num_found": 1 })
def _run_facet_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/_facet" assert body["query"] == "Blort" t = body["criteria"] assert t["workflow"] == ["OPEN"] t = body["terms"] assert t["rows"] == 0 assert t["fields"] == ["REPUTATION", "STATUS"] _was_called = True return StubResponse({ "results": [{ "field": {}, "values": [{ "id": "reputation", "name": "reputationX", "total": 4 }] }, { "field": {}, "values": [{ "id": "status", "name": "statusX", "total": 9 }] }] })
def _valid_deployment_type(url, body, **kwargs): assert url == "/appservices/v6/orgs/Z100/devices/_search" assert body == {"query": "", "criteria": {"deployment_type": ["ENDPOINT"]}, "exclusions": {}} return StubResponse({"results": [{"id": 6023, "deployment_type": ["ENDPOINT"]}], "num_found": 1})
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs" assert body == {"sql": "select * from whatever;", "name": "AmyWasHere", "notify_on_finish": True, "device_filter": {"device_id": [1, 2, 3], "os": ["Alpha", "Bravo", "Charlie"], "policy_id": [16]}} _was_called = True return StubResponse({"org_key": "Z100", "name": "FoobieBletch", "id": "abcdefg"})
def _update_sensor_version(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "UPDATE_SENSOR_VERSION", "search": {"query": "foobar", "criteria": {}, "exclusions": {}}, "options": {"sensor_version": {"RHEL": "2.3.4.5"}}} _was_called = True return StubResponse(None, 204)
def _update_policy(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == {"action_type": "UPDATE_POLICY", "search": {"query": "foobar", "criteria": {}, "exclusions": {}}, "options": {"policy_id": 8675309}} _was_called = True return StubResponse(None, 204)
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs/_search" assert body == {"query": "xyzzy", "sort": [{"field": "id", "order": "ASC"}], "start": 0} _was_called = True return StubResponse({"org_key": "Z100", "num_found": 3, "results": [{"org_key": "Z100", "name": "FoobieBletch", "id": "abcdefg"}, {"org_key": "Z100", "name": "Aoxomoxoa", "id": "cdefghi"}, {"org_key": "Z100", "name": "Read_Me", "id": "efghijk"}]})
def test_BaseAPI_delete_object(mox): """Test the operation of delete_object.""" sut = BaseAPI(url='https://example.com', token='ABCDEFGH', org_key='A1B2C3D4') mox.StubOutWithMock(sut.session, 'http_request') sut.session.http_request('DELETE', '/path', headers={}, data=None).AndReturn(StubResponse({'zyx': 100})) mox.ReplayAll() rc = sut.delete_object('/path') assert rc.json() == {'zyx': 100} mox.VerifyAll()
def test_BaseAPI_get_raw_data_returns(mox, expath, code, response, params, default, expected): """Test the cases where get_raw_data returns a value.""" sut = BaseAPI(url='https://example.com', token='ABCDEFGH', org_key='A1B2C3D4') mox.StubOutWithMock(sut.session, 'http_request') sut.session.http_request('GET', expath, headers={}, data=None).AndReturn(StubResponse(None, code, response)) mox.ReplayAll() rc = sut.get_raw_data('/path', params, default) assert rc == expected mox.VerifyAll()
def test_request_helper_methods(mox): """Test the four helper methods of http_request.""" creds = Credentials({'url': 'https://example.com', 'token': 'ABCDEFGH'}) conn = Connection(creds) mox.StubOutWithMock(conn.session, 'request') conn.session.request('GET', 'https://example.com/getpath', headers=IgnoreArg(), verify=True, proxies=conn.proxies, timeout=conn._timeout).AndReturn( StubResponse({'get': True})) conn.session.request('POST', 'https://example.com/postpath', headers=IgnoreArg(), verify=True, proxies=conn.proxies, timeout=conn._timeout).AndReturn( StubResponse({'post': True})) conn.session.request('PUT', 'https://example.com/putpath', headers=IgnoreArg(), verify=True, proxies=conn.proxies, timeout=conn._timeout).AndReturn( StubResponse({'put': True})) conn.session.request('DELETE', 'https://example.com/delpath', headers=IgnoreArg(), verify=True, proxies=conn.proxies, timeout=conn._timeout).AndReturn( StubResponse({'delete': True})) mox.ReplayAll() resp = conn.get('/getpath') assert resp.json()['get'] resp = conn.post('/postpath') assert resp.json()['post'] resp = conn.put('/putpath') assert resp.json()['put'] resp = conn.delete('/delpath') assert resp.json()['delete'] mox.VerifyAll()
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/cbanalytics/_search" assert body == { "query": "Blort", "rows": 100, "criteria": { "category": ["SERIOUS", "CRITICAL"], "device_id": [6023], "device_name": ["HAL"], "device_os": ["LINUX"], "device_os_version": ["0.1.2"], "device_username": ["JRN"], "group_results": True, "id": ["S0L0"], "legacy_alert_id": ["S0L0_1"], "minimum_severity": 6, "policy_id": [8675309], "policy_name": ["Strict"], "process_name": ["IEXPLORE.EXE"], "process_sha256": ["0123456789ABCDEF0123456789ABCDEF"], "reputation": ["SUSPECT_MALWARE"], "tag": ["Frood"], "target_value": ["HIGH"], "threat_id": ["B0RG"], "type": ["WATCHLIST"], "workflow": ["OPEN"], "blocked_threat_category": ["RISKY_PROGRAM"], "device_location": ["ONSITE"], "kill_chain_status": ["EXECUTE_GOAL"], "not_blocked_threat_category": ["NEW_MALWARE"], "policy_applied": ["APPLIED"], "reason_code": ["ATTACK_VECTOR"], "run_state": ["RAN"], "sensor_action": ["DENY"], "threat_cause_vector": ["WEB"] }, "sort": [{ "field": "name", "order": "DESC" }] } _was_called = True return StubResponse({ "results": [{ "id": "S0L0", "org_key": "Z100", "threat_id": "B0RG", "workflow": { "state": "OPEN" } }], "num_found": 1 })
def _run_summaries(url, body, **kwargs): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs/abcdefg/results/device_summaries/_search" assert body == { "query": "foo", "criteria": { "device.name": ["AxCx", "A7X"] }, "sort": [{ "field": "device_name", "order": "ASC" }], "start": 0 } _was_called = True return StubResponse({ "org_key": "Z100", "num_found": 2, "results": [{ "id": "ghijklm", "total_results": 2, "device": { "id": 314159, "name": "device1" }, "metrics": [{ "key": "aaa", "value": 0.0 }, { "key": "bbb", "value": 0.0 }] }, { "id": "mnopqrs", "total_results": 3, "device": { "id": 271828, "name": "device2" }, "metrics": [{ "key": "aaa", "value": 0.0 }, { "key": "bbb", "value": 0.0 }] }] })
def _execute_stop(url, body, **kwargs): nonlocal _was_called assert url == "/livequery/v1/orgs/Z100/runs/abcdefg/status" assert body == {"status": "CANCELLED"} _was_called = True return StubResponse({ "org_key": "Z100", "name": "FoobieBletch", "id": "abcdefg", "status": "CANCELLED" })
def _bypass(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/device_actions" assert body == { "action_type": "BYPASS", "device_id": [6023], "options": { "toggle": "OFF" } } _was_called = True return StubResponse(None, 204)
def _run_query(url, body, **kwargs): nonlocal _was_called assert url == "/appservices/v6/orgs/Z100/alerts/devicecontrol/_search" assert body == { "query": "Blort", "rows": 100, "criteria": { "category": ["SERIOUS", "CRITICAL"], "device_id": [6023], "device_name": ["HAL"], "device_os": ["LINUX"], "device_os_version": ["0.1.2"], "device_username": ["JRN"], "group_results": True, "id": ["S0L0"], "legacy_alert_id": ["S0L0_1"], "minimum_severity": 6, "policy_id": [8675309], "policy_name": ["Strict"], "process_name": ["IEXPLORE.EXE"], "process_sha256": ["0123456789ABCDEF0123456789ABCDEF"], "reputation": ["SUSPECT_MALWARE"], "tag": ["Frood"], "target_value": ["HIGH"], "threat_id": ["B0RG"], "type": ["WATCHLIST"], "workflow": ["OPEN"], "external_device_friendly_name": ["/dev/ice"], "external_device_id": ["626"], "product_id": ["0x5581"], "product_name": ["Ultra"], "serial_number": ["4C531001331122115172"], "vendor_id": ["0x0781"], "vendor_name": ["SanDisk"] }, "sort": [{ "field": "name", "order": "DESC" }] } _was_called = True return StubResponse({ "results": [{ "id": "S0L0", "org_key": "Z100", "threat_id": "B0RG", "workflow": { "state": "OPEN" } }], "num_found": 1 })