def testWhitelist_NoEvent(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Mock out the Bit9 API interactions. file_instance = api.FileInstance( id=3333, file_catalog_id=1111, computer_id=2222, local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests([file_instance], file_instance) change_set.ChangeLocalState( binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) # Verify the Bit9 API interactions. self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']), mock.call( 'POST', api_route='fileInstance', data={'id': 3333, 'localState': 2, 'fileCatalogId': 1111, 'computerId': 2222}, query_args=None)]) self.assertTrue(local_rule.key.get().is_fulfilled) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testWhitelist_HasEvent(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Create a Bit9Event corresponding to the Bit9Rule. pairs = [('User', user.email), ('Host', '2222'), ('Blockable', binary.key.id()), ('Event', '1')] event_key = ndb.Key(pairs=pairs) first_blocked_dt = datetime.datetime.utcnow() - datetime.timedelta( hours=3) test_utils.CreateBit9Event(binary, key=event_key, first_blocked_dt=first_blocked_dt) # Mock out the Bit9 API interactions. file_instance = api.FileInstance( id=3333, file_catalog_id=1111, computer_id=2222, local_state=bit9_constants.APPROVAL_STATE.UNAPPROVED) self.PatchApiRequests([file_instance], file_instance) change_set.ChangeLocalState(binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) # Verify the Bit9 API interactions. self.mock_ctx.ExecuteRequest.assert_has_calls([ mock.call( 'GET', api_route='fileInstance', query_args=[r'q=computerId:2222', 'q=fileCatalogId:1111']), mock.call('POST', api_route='fileInstance', data={ 'id': 3333, 'localState': 2, 'fileCatalogId': 1111, 'computerId': 2222 }, query_args=None) ]) self.assertTrue(local_rule.key.get().is_fulfilled) self.assertBigQueryInsertion(constants.BIGQUERY_TABLE.RULE)
def testNoFileInstances(self): binary = test_utils.CreateBit9Binary(file_catalog_id='1111') user = test_utils.CreateUser() local_rule = test_utils.CreateBit9Rule( binary.key, host_id='2222', user_key=user.key, policy=constants.RULE_POLICY.WHITELIST, is_fulfilled=False) # Simulate getting no fileInstances from Bit9. self.PatchApiRequests([]) change_set.ChangeLocalState( binary, local_rule, bit9_constants.APPROVAL_STATE.APPROVED) self.assertFalse(local_rule.key.get().is_fulfilled) self.assertNoBigQueryInsertions()