def test_record_to_incident_american_time(self): """ Given: record with american time (month first) When: fetching incidents Then: assert return dates are right """ client = Client(BASE_URL, '', '', '', '') incident = INCIDENT_RECORD.copy() incident['record']['Date/Time Reported'] = '03/26/2018 10:03 AM' incident['raw']['Field'][1][ '@xmlConvertedValue'] = '2018-03-26T10:03:00Z' incident, incident_created_time = client.record_to_incident( INCIDENT_RECORD, 75, '305') assert incident_created_time == datetime(2018, 3, 26, 10, 3, tzinfo=timezone.utc) assert incident['occurred'] == '2018-03-26T10:03:00Z'
def test_record_to_incident(): client = Client(BASE_URL, '', '', '', '') incident, incident_created_time = client.record_to_incident( INCIDENT_RECORD, 75, 'Date/Time Reported') assert incident_created_time.strftime( '%Y-%m-%dT%H:%M:%SZ') == '2018-03-26T10:03:32Z' assert incident['name'] == 'RSA Archer Incident: 227602' assert incident['occurred'] == '2018-03-26T10:03:32Z'
def test_record_to_incident(self): client = Client(BASE_URL, '', '', '', '') record = copy.deepcopy(INCIDENT_RECORD) record['raw']['Field'][1]['@xmlConvertedValue'] = '2018-03-26T10:03:00Z' incident, incident_created_time = client.record_to_incident(record, 75, '305') assert incident_created_time == datetime(2018, 3, 26, 10, 3, tzinfo=timezone.utc) assert incident['name'] == 'RSA Archer Incident: 227602' assert incident['occurred'] == '2018-03-26T10:03:00Z'
def test_get_level_by_app_id(self, requests_mock): requests_mock.post(BASE_URL + 'api/core/security/login', json={'RequestedObject': {'SessionToken': 'session-id', }, 'IsSuccessful': True}) requests_mock.get(BASE_URL + 'api/core/system/level/module/1', json=GET_LEVEL_RES) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/level/123', json=FIELD_DEFINITION_RES) client = Client(BASE_URL, '', '', '', '') levels = client.get_level_by_app_id('1') assert levels == GET_LEVELS_BY_APP
def test_get_record_failed(self, requests_mock): requests_mock.post(BASE_URL + 'api/core/security/login', json={'RequestedObject': {'SessionToken': 'session-id'}}) requests_mock.get(BASE_URL + 'api/core/content/1010', json=GET_RECORD_RES_failed) client = Client(BASE_URL, '', '', '', '') record, res, errors = client.get_record(75, 1010) assert errors == 'No resource found.' assert res assert record == {}
def test_get_record_success(self, requests_mock): requests_mock.post(BASE_URL + 'api/core/security/login', json={'RequestedObject': {'SessionToken': 'session-id'}}) requests_mock.get(BASE_URL + 'api/core/content/1010', json=GET_RECORD_RES_SUCCESS) requests_mock.get(BASE_URL + 'api/core/system/level/module/1', json=GET_LEVEL_RES) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/level/123', json=FIELD_DEFINITION_RES) client = Client(BASE_URL, '', '', '', '') record, res, errors = client.get_record(1, 1010) assert errors is None assert res assert record == {'Device Name': 'The device name', 'Id': 1010}
def test_get_field_value_list(self, requests_mock): cache = demisto.getIntegrationContext() cache['fieldValueList'] = {} demisto.setIntegrationContext(cache) requests_mock.post(BASE_URL + 'api/core/security/login', json={'RequestedObject': {'SessionToken': 'session-id'}}) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/304', json=GET_FIElD_DEFINITION_RES) requests_mock.get(BASE_URL + 'api/core/system/valueslistvalue/valueslist/62', json=VALUE_LIST_RES) client = Client(BASE_URL, '', '', '', '') field_data = client.get_field_value_list(304) assert VALUE_LIST_FIELD_DATA == field_data
def test_search_records(self, requests_mock): requests_mock.post(BASE_URL + 'api/core/security/login', json={'RequestedObject': {'SessionToken': 'session-id'}}) requests_mock.post(BASE_URL + 'ws/general.asmx', text=GET_TOKEN_SOAP) requests_mock.get(BASE_URL + 'api/core/system/level/module/1', json=GET_LEVEL_RES) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/level/123', json=FIELD_DEFINITION_RES) requests_mock.post(BASE_URL + 'ws/search.asmx', text=SEARCH_RECORDS_RES) client = Client(BASE_URL, '', '', '', '') records, raw_res = client.search_records(1, ['External Links', 'Device Name']) assert raw_res assert len(records) == 1 assert records[0]['record']['Id'] == '238756' assert records[0]['record']['Device Name'] == 'DEVICE NAME'
def test_same_record_returned_in_two_fetches(self, mocker): """ Given: - Same record returned in 2 fetch queries When: - Fetching incidents (2 iterations) Then: Check that the new next fetch is greater than last_fetch on both calls. Check the wanted next_fetch is equals to the date in the incident in both calls. Assert occurred time """ client = Client(BASE_URL, '', '', '', '') mocker.patch.object( client, 'search_records', side_effect=[ ([INCIDENT_RECORD_US_TZ], {}), ([INCIDENT_RECORD_US_TZ], {}) ] ) params = { 'applicationId': '75', 'applicationDateField': 'created date' } field_time_id = '53075' first_fetch = parser('2021-02-24T08:45:55Z') incidents, first_next_fetch = fetch_incidents(client, params, first_fetch, field_time_id) assert first_fetch < first_next_fetch assert first_next_fetch == datetime(2021, 2, 25, 8, 45, 55, 977000, tzinfo=timezone.utc) assert incidents[0]['occurred'] == '2021-02-25T08:45:55.977Z' # first_next_fetch_dt simulates the set to last_run done in fetch-incidents first_next_fetch_dt = parser(first_next_fetch.strftime(OCCURRED_FORMAT)) incidents, second_next_fetch = fetch_incidents(client, params, first_next_fetch_dt, field_time_id) assert first_next_fetch == datetime(2021, 2, 25, 8, 45, 55, 977000, tzinfo=timezone.utc) assert not incidents
def test_fetch_time_change(self, mocker): """ Given: incident with date/time reported european time (day first) - True or false When: Fetching incidents Then: Check that the new next fetch is greater than last_fetch Check the wanted next_fetch is true Assert occurred time """ client = Client(BASE_URL, '', '', '', '') date_time_reported = '2018-04-03T10:03:00.000Z' params = { 'applicationId': '75', 'applicationDateField': 'Date/Time Reported' } record = copy.deepcopy(INCIDENT_RECORD) record['record']['Date/Time Reported'] = date_time_reported record['raw']['Field'][1]['@xmlConvertedValue'] = date_time_reported last_fetch = get_fetch_time( {'last_fetch': '2018-03-01T10:03:00Z'}, params.get('fetch_time', '3 days') ) mocker.patch.object(client, 'search_records', return_value=([record], {})) incidents, next_fetch = fetch_incidents(client, params, last_fetch, '305') assert last_fetch < next_fetch assert next_fetch == datetime(2018, 4, 3, 10, 3, tzinfo=timezone.utc) assert incidents[0]['occurred'] == date_time_reported
def test_fetch_time_change_with_offset(self, mocker): """ Given: offset of -120 (2 hours) When: Fetching incidents Then: Check that the new last fetch is equals to record reported time (no delta) and is after the last_fetch Assert occurred time """ client = Client(BASE_URL, '', '', '', '') record = copy.deepcopy(INCIDENT_RECORD) record['record']['Date/Time Reported'] = '03/04/2018 10:03 AM' params = { 'applicationId': '75', 'applicationDateField': 'Date/Time Reported', 'time_zone': -120, 'useEuropeanTime': 'true' } last_fetch = get_fetch_time({'last_fetch': '2018-03-24T10:03:00Z'}, params.get('fetch_time', '3 days'), 0) mocker.patch.object(client, 'search_records', return_value=([record], {})) incidents, next_fetch = fetch_incidents(client, params, last_fetch) assert last_fetch < next_fetch assert next_fetch == datetime(2018, 4, 3, 10, 3, tzinfo=timezone.utc) assert incidents[0]['occurred'] == '2018-04-03T12:03:00Z'
def test_search_records_by_report_command(self, mocker): """ Given: - search_records_by_report_command command args When: - run search_records_by_report_command Then: - Verify response outputs - verify response readable output """ mock_args = {'reportGuid': 'id'} client = Client(BASE_URL, '', '', '', '', 400) mocker.patch.object(client, 'do_soap_request', return_value=[ SEARCH_RECORDS_BY_REPORT_RES, SEARCH_RECORDS_BY_REPORT_RES ]) mocker.patch.object(client, 'do_request', return_value=GET_LEVEL_RES_2) mocker.patch.object(demisto, 'results') search_records_by_report_command(client, mock_args) assert demisto.results.call_args_list[0][0][0][ 'HumanReadable'] == MOCK_READABLE_SEARCH_RECORDS_BY_REPORT assert demisto.results.call_args_list[0][0][0][ 'Contents'] == MOCK_RESULTS_SEARCH_RECORDS_BY_REPORT
def test_fetch_times_with_impossible_date(self, mocker, date_time_reported: str, use_european_time: bool, occurred: str): """ Given: incident with date/time reported. The day/months can't be misplaced (29-11, 11-29) european time (day first) - True or false When: Fetching incidents Then: Check that the new next fetch is greater than last_fetch Check the wanted next_fetch is true Assert occurred time """ client = Client(BASE_URL, '', '', '', '') params = { 'applicationId': '75', 'applicationDateField': 'Date/Time Reported', 'time_zone': 0, 'useEuropeanTime': use_european_time } record = copy.deepcopy(INCIDENT_RECORD) record['record']['Date/Time Reported'] = date_time_reported last_fetch = get_fetch_time({'last_fetch': '2018-03-01T10:03:00Z'}, params.get('fetch_time', '3 days'), 0) mocker.patch.object(client, 'search_records', return_value=([record], {})) incidents, next_fetch = fetch_incidents(client, params, last_fetch) assert last_fetch < next_fetch assert next_fetch == datetime(2018, 11, 29, 10, 3, tzinfo=timezone.utc) assert incidents[0]['occurred'] == occurred
def test_generate_field_value_values_list_input(self, requests_mock): cache = demisto.getIntegrationContext() cache['fieldValueList'] = {} demisto.setIntegrationContext(cache) requests_mock.post(BASE_URL + 'api/core/security/login', json={ 'RequestedObject': { 'SessionToken': 'session-id' }, 'IsSuccessful': True }) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/304', json=GET_FIElD_DEFINITION_RES) requests_mock.get(BASE_URL + 'api/core/system/valueslistvalue/valueslist/62', json=VALUE_LIST_RES) client = Client(BASE_URL, '', '', '', '', 400) field_key, field_value = generate_field_value(client, "", { 'Type': 4, 'FieldId': 304 }, ["High"]) assert field_key == 'Value' assert field_value == {'ValuesListIds': [473]}
def test_generate_field_users_groups_input(self): """ Given: Valid value from dictionary type under "fieldsToValues" argument When: - running archer-update-record Then: - assert fields are generated correctly """ client = Client(BASE_URL, '', '', '', '', 400) field_key, field_value = generate_field_value(client, "", {'Type': 8}, { "users": [20], "groups": [30] }) assert field_key == 'Value' assert field_value == { "UserList": [{ "ID": 20 }], "GroupList": [{ "ID": 30 }] }
def test_fetch_got_exact_same_time(self, mocker): """ Given: last_fetch is in the exact same time as the incident When: Fetching incidents Then: Check that the next fetch is equals last fetch (no new incident) Check that no incidents brought back """ client = Client(BASE_URL, '', '', '', '') date_time_reported = '2018-03-01T10:02:00.000Z' params = { 'applicationId': '75', 'applicationDateField': 'Date/Time Reported' } record = copy.deepcopy(INCIDENT_RECORD) record['record']['Date/Time Reported'] = date_time_reported record['raw']['Field'][1]['@xmlConvertedValue'] = date_time_reported last_fetch = get_fetch_time( {'last_fetch': date_time_reported}, params.get('fetch_time', '3 days') ) mocker.patch.object(client, 'search_records', return_value=([record], {})) incidents, next_fetch = fetch_incidents(client, params, last_fetch, '305') assert last_fetch == next_fetch assert not incidents, 'Should not get new incidents.'
def test_generate_field_external_link_input(self): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 7}, [{"value": "github", "link": "https://github.com"}, {"value": "google", "link": "https://google.com"}]) assert field_key == 'Value' assert field_value == [{"Name": "github", "URL": "https://github.com"}, {"Name": "google", "URL": "https://google.com"}]
def test_generate_field_users_groups_input(): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 8}, { "users": [20], "groups": [30] }) assert field_key == 'Value' assert field_value == {"UserList": [{"ID": 20}], "GroupList": [{"ID": 30}]}
def test_update_session_fail_parsing(self, mocker): """ Given: an exception raised from _http_request who failed to pares json object When: - initiating session Then: - Raise exception with message to check the provided url """ mocker.patch.object(Client, '_http_request', side_effect=DemistoException("Failed to parse json object from " "response: b\"<html><head><script>" "window.top.location='/Default.aspx';" "</script></head><body>" "</body></html>")) client = Client(BASE_URL, '', '', '', '') with pytest.raises(DemistoException) as e: client.update_session() assert "Check the given URL, it can be a redirect issue" in str(e.value)
def test_record_to_incident_american_time(self): """ Given: record with american time (month first) When: fetching incidents Then: assert return dates are right """ client = Client(BASE_URL, '', '', '', '') incident = INCIDENT_RECORD.copy() incident['record']['Date/Time Reported'] = '03/26/2018 10:03 AM' incident, incident_created_time = client.record_to_incident( INCIDENT_RECORD, 75, 'Date/Time Reported', day_first=False) assert incident_created_time.strftime( '%Y-%m-%dT%H:%M:%SZ') == '2018-03-26T10:03:00Z' assert incident['occurred'] == '2018-03-26T10:03:00Z'
def test_generate_invalid_field_users_groups_input(self): """ Given: Invalid value under "fieldsToValues" argument with type 8 (lists) When: - running archer-update-record Then: - Raise exception indicates that the value is not with the right format """ client = Client(BASE_URL, '', '', '', '') with pytest.raises(DemistoException) as e: generate_field_value(client, "test", {'Type': 8}, 'user1, user2') assert "The value of the field: test must be a dictionary type and include a list under \"users\" key or " \ "\"groups\" key e.g: {\"Policy Owner\":{\"users\":[20],\"groups\":[30]}}" in str(e.value)
def test_update_session(self, mocker, requests_mock, requested_object, is_successful): requests_mock.post(BASE_URL + 'api/core/security/login', json=requested_object) mocker.patch.object(demisto, 'results') client = Client(BASE_URL, '', '', '', '') if is_successful: client.update_session() assert demisto.results.call_count == 0 else: with pytest.raises(SystemExit) as e: # in case login wasn't successful, return_error will exit with a reason (for example, LoginNotValid) # return_error reached client.update_session() assert e
def test_two_fetches(self, mocker): """ Given: 2 incident with date/time reported running two fetches. When: Fetching incidents Then: Check that the new next fetch is greater than last_fetch on both calls. Check the wanted next_fetch is equals to the date in the incident in both calls. Assert occurred time """ client = Client(BASE_URL, '', '', '', '') params = { 'applicationId': '75', 'applicationDateField': 'Date/Time Reported' } record1, record2 = copy.deepcopy(INCIDENT_RECORD), copy.deepcopy( INCIDENT_RECORD) record1['record']['Date/Time Reported'] = '18/03/2020 10:30 AM' record2['record']['Date/Time Reported'] = '18/03/2020 03:30 PM' record1['raw']['Field'][1][ '@xmlConvertedValue'] = '2020-03-18T10:30:00.000Z' record2['raw']['Field'][1][ '@xmlConvertedValue'] = '2020-03-18T15:30:00.000Z' last_fetch = parser('2020-18-03T09:00:00Z') mocker.patch.object(client, 'search_records', side_effect=[([record1], {}), ([record2], {})]) incidents, next_fetch = fetch_incidents(client, params, last_fetch, '305') assert last_fetch < next_fetch assert next_fetch == datetime(2020, 3, 18, 10, 30, tzinfo=timezone.utc) assert incidents[0]['occurred'] == '2020-03-18T10:30:00.000Z' incidents, next_fetch = fetch_incidents(client, params, next_fetch, '305') assert last_fetch < next_fetch assert next_fetch == datetime(2020, 3, 18, 15, 30, tzinfo=timezone.utc) assert incidents[0]['occurred'] == '2020-03-18T15:30:00.000Z'
def test_generate_field_value(requests_mock): """ Given - generate_field_value on Values List type When - the source is not a list Then - ensure generate_field_value will handle it """ cache = demisto.getIntegrationContext() cache['fieldValueList'] = {} demisto.setIntegrationContext(cache) requests_mock.get(BASE_URL + 'api/core/system/fielddefinition/16172', json=GET_FIElD_DEFINITION_RES) requests_mock.post(BASE_URL + 'api/core/security/login', json={ 'RequestedObject': { 'SessionToken': 'session-id' }, 'IsSuccessful': 'yes' }) requests_mock.get(BASE_URL + 'api/core/system/valueslistvalue/valueslist/62', json=VALUE_LIST_RES_FOR_SOURCE) client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value( client, "Source", { 'FieldId': '16172', 'IsRequired': False, 'Name': 'Source', 'RelatedValuesListId': 2092, 'Type': 4 }, 'ArcSight') assert field_key == 'Value' assert field_value == {'ValuesListIds': [471]}
def test_generate_field_ip_address_input(): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 19}, '127.0.0.1') assert field_key == 'IpAddressBytes' assert field_value == '127.0.0.1'
def test_generate_field_cross_reference_input(field_value, result): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 9}, field_value) assert field_key == 'Value' assert field_value == result
def test_generate_field_value_text_input(): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 1}, "Demisto") assert field_key == 'Value' assert field_value == 'Demisto'
def test_generate_field_contents(): client = Client(BASE_URL, '', '', '', '') field = generate_field_contents(client, '{"Device Name":"Macbook"}', GET_LEVELS_BY_APP[0]['mapping']) assert field == {'2': {'Type': 1, 'Value': 'Macbook', 'FieldId': '2'}}
def test_generate_field_cross_reference_input(): client = Client(BASE_URL, '', '', '', '') field_key, field_value = generate_field_value(client, "", {'Type': 9}, [1, 2]) assert field_key == 'Value' assert field_value == [{"ContentID": 1}, {"ContentID": 2}]