def observe_observables(): observables = get_observables() g.bundle = Bundle() key = get_key() if key is None: raise AuthenticationRequiredError url = current_app.config['AVOTX_URL'] headers = {'User-Agent': current_app.config['CTR_USER_AGENT']} client = Client(key, url, headers=headers) limit = current_app.config['CTR_ENTITIES_LIMIT'] for observable in observables: observable = Observable.instance_for(**observable) if observable is None: continue bundle = observable.observe(client, limit=limit) g.bundle |= bundle data = g.bundle.json() return jsonify_data(data)
def observe_observables(): input_observables = get_observables() g.bundle = Bundle() key = get_key() if key is None: raise AuthenticationRequiredError url = current_app.config['AVOTX_URL'] headers = {'User-Agent': current_app.config['CTR_USER_AGENT']} client = Client(key, url, headers=headers) limit = current_app.config['CTR_ENTITIES_LIMIT'] prepared_observables = [] for input_observable in input_observables: prepared_observable = Observable.instance_for(**input_observable) if prepared_observable is not None: prepared_observables.append(prepared_observable) def make_bundle(observable): return observable.observe(client, limit=limit) with ThreadPoolExecutor( max_workers=get_workers(prepared_observables)) as executor: bundles = executor.map(make_bundle, prepared_observables) for bundle in bundles: g.bundle |= bundle data = g.bundle.json() return jsonify_data(data)
def test_delete_segment(self, test_segment_data): client = Client() client.login() response = client.create_segment(test_segment_data) segment_id = response.json()['id'] response = client.delete_segment(segment_id) assert response.status_code == 204
def auth_client(request): url = request.config.getoption("--base-url") username = request.config.getoption("--username") password = request.config.getoption("--password") client = Client(url=url) client.set_cookies(UserData(username=username, password=password)) return client
def test_not_authorized(connection, added_user_del): """Test that without called /login we have no access to api.""" user = gen_user() with added_user_del(user): res = Client().add_user(user.username, user.password, user.email) assert not connection.get_user(user.username) assert res.status_code == Codes.NOT_AUTHORIZED
def health(): credentials = get_jwt() url = 'https://api.securitycenter.windows.com/api/exposureScore' client = Client(credentials) client.open_session() client.call_api(url) client.close_session() return jsonify_data({'status': 'ok'})
def api_client(mysql_orm_client, mysql_worker, logger_api): username = next(gen) password = f'{username}_pass' email = f'{username}@mail.ru' client = User(username=username, password=password, email=email, access=1, active=0) # это запись в базу mysql_orm_client.session.add(client) mysql_orm_client.session.query(User.id).count() # любой запрос в базу yield Client(username, password, email, logger_api) # это клиент API mysql_orm_client.session.delete(client) mysql_orm_client.session.query(User.id).count()
def client(request): setup() logger.setLevel('INFO') url = request.config.getoption("--base-url") user = request.config.getoption("--username") password = request.config.getoption("--password") client = Client(url) data = UserData(user, password) client.authorize(data) return client
def health(): key = get_key() if key is None: raise AuthenticationRequiredError url = current_app.config['AVOTX_URL'] headers = {'User-Agent': current_app.config['CTR_USER_AGENT']} client = Client(key, url, headers=headers) _ = client.query('/api/v1/user/me') return jsonify_data({'status': 'ok'})
def test_delete_self_user(self, api_client, mysql_worker, logger_api): ''' Тест на удаление несуществующего пользователя Возвращает 404, как и ожидалось ''' username = next(gen) r = api_client.add_user(username=username, email=f'{username}@mail.ru', password='******') new_user_for_deleting_himself = Client(username, '12345678', f'{username}@mail.ru', logger_api) assert mysql_worker.find_count_by_name(username) == 1 r = new_user_for_deleting_himself.delete_user(username) assert r.status_code == 204 assert mysql_worker.find_count_by_name(username) == 0
def test_use_user_with_little_name(self, api_client, logger_api): ''' Тест на каки-нибудь действия пользователя с логином <6 символов апи клиент создает такого пользователя, после чего этот пользователь пытается заблокировать апи клиента Ожидается что это получится (код 200), однако на самом деле будет код 401 По итогам, как и в ui с таким коротким логином ничего нельзя сделать ''' username = '******' r = api_client.add_user(username=username, email=f'{username}@mail.ru', password='******') new_user_with_little_name = Client(username, '12345678', f'{username}@mail.ru', logger_api) r = new_user_with_little_name.block_user(api_client.username) api_client.delete_user(username) assert r.status_code == 200, f"Expected code 200, got {r.status_code}"
def create_test(): url = '114.212.87.52:2376' version = '1.21' volume = None network = None client = Client(url, version) dic = {} dic['image'] = 'training/webapp' # dic['container_name'] = 'test' # dic['command'] = '/bin/sleep 30' dic['hostname'] = 'testhostname' dic['mem_limit'] = '24m' dic['ports'] = [80, 8000] dic['cpu_shares'] = 3 volume = Volume(['/home/monkey/fuli:/fuli:rw', '/home/monkey/fire:/fire']) network = Network('test', 'bridge') dic['privileged'] = True con = Container(client, dic, volume, network) con.create() return con
def api_client(): email = EMAIL password = PASSWORD return Client(email, password)
def api_client(config): return Client(config['username'], config['password'])
import click from api.client import Client c = Client() @click.group() def main(): """Simple CLI for querying data""" @main.command() @click.argument('pk') def get(pk): """Get score from pk""" score = c.get_score(pk) click.echo(score) @main.command() @click.argument('directory') def update(directory): """Update database with jsonl in directory""" status = c.update_data(directory) click.echo(status) if __name__ == "__main__": main()
def api_client(config, add_user): name, email = add_user return Client(name, config['default_password'])
def client(): client = Client(host) return client
def client(added_user): client = Client() user = gen_user() with added_user(user) as user: client.login(user.username, user.password) yield client
def unauth_client(request): url = request.config.getoption("--base-url") return Client(url=url)
def __init__(self): self._key = self._get_stack_key() self._url = "https://api.stackexchange.com" self._site = "stackoverflow" self._client = Client()
def observe_observables(): observables, error = get_observables() if error: return jsonify_errors(error) observables = group_observables(observables) if not observables: return jsonify_data({}) data = {} g.sightings = [] credentials = get_jwt() client = Client(credentials) for observable in observables: client.open_session() response = get_alert(client, observable) if not response or not response.get('value'): alerts = [] else: alerts = response['value'] alerts.sort(key=lambda x: x['alertCreationTime'], reverse=True) count = len(alerts) if count >= current_app.config['CTR_ENTITIES_LIMIT']: alerts = alerts[:current_app.config['CTR_ENTITIES_LIMIT']] events = [] else: events = call_advanced_hunting( client, observable['value'], observable['type'], current_app.config['CTR_ENTITIES_LIMIT'] - count) count = count + len(events) events.sort(key=lambda x: x['Timestamp'], reverse=True) mapping = Mapping(client, observable, count) if alerts: with ThreadPoolExecutor(max_workers=min(len(alerts), cpu_count() or 1) * 5) as executor: alerts = executor.map(mapping.build_sighting_from_alert, alerts) [g.sightings.append(alert) for alert in alerts if alert] if events: with ThreadPoolExecutor(max_workers=min(len(events), cpu_count() or 1) * 5) as executor: events = executor.map(mapping.build_sighting_from_ah, events) [g.sightings.append(event) for event in events if event] client.close_session() if g.sightings: data['sightings'] = format_docs(g.sightings) return jsonify_data(data)
def test_create_segment(self, test_segment_data): client = Client() client.login() response = client.create_segment(test_segment_data) assert response.status_code == 200
def client(): return Client()
def respond_trigger(): mapping_by_type = { 'sha1': 'FileSha1', 'sha256': 'FileSha256', 'ip': 'IpAddress', 'ipv6': 'IpAddress', 'domain': 'DomainName' } data, error = get_action_form_params() if error: return jsonify_errors(error) title = 'From SecureX Threat Response' description = 'This indicator was added via SecureX Threat Response ' \ 'by the UI or API response actions' if data['observable_type'] == 'ms_machine_id': comment = 'Performed via SecureX Threat Response' actions = { 'microsoft-defender-FullIsolation': { 'url': '{base_url}/machines/{machine_id}/isolate'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment, 'IsolationType': 'Full' } }, 'microsoft-defender-SelectiveIsolation': { 'url': '{base_url}/machines/{machine_id}/isolate'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment, 'IsolationType': 'Selective' } }, 'microsoft-defender-Unisolate': { 'url': '{base_url}/machines/{machine_id}/unisolate'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment } }, 'microsoft-defender-RestrictCodeExecution': { 'url': '{base_url}/machines/{machine_id}' '/restrictCodeExecution'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment } }, 'microsoft-defender-UnrestrictCodeExecution': { 'url': '{base_url}/machines/{machine_id}' '/unrestrictCodeExecution'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment } }, 'microsoft-defender-RunAntiVirusScanQuick': { 'url': '{base_url}/machines/{machine_id}' '/runAntiVirusScan'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment, 'ScanType': 'Quick' } }, 'microsoft-defender-RunAntiVirusScanFull': { 'url': '{base_url}/machines/{machine_id}' '/runAntiVirusScan'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment, 'ScanType': 'Full' } }, 'microsoft-defender-CollectInvestigationPackage': { 'url': '{base_url}/machines/{machine_id}' '/collectInvestigationPackage'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment } }, 'microsoft-defender-InitiateInvestigation': { 'url': '{base_url}/machines/{machine_id}' '/startInvestigation'.format( base_url=current_app.config['BASE_URL'], machine_id=data['observable_value']), 'method': 'POST', 'data': { 'Comment': comment } } } else: actions = { 'microsoft-defender-add-indicator-alert': { 'url': current_app.config['INDICATOR_URL'], 'method': 'POST', 'data': { 'indicatorValue': data['observable_value'], 'indicatorType': mapping_by_type.get(data['observable_type']), 'action': 'Alert', 'title': title, 'description': description, 'severity': 'High' } }, 'microsoft-defender-add-indicator-alert-and-block': { 'url': current_app.config['INDICATOR_URL'], 'method': 'POST', 'data': { 'indicatorValue': data['observable_value'], 'indicatorType': mapping_by_type.get(data['observable_type']), 'action': 'AlertAndBlock', 'title': title, 'description': description, 'severity': 'High' } }, 'microsoft-defender-add-indicator-allowed': { 'url': current_app.config['INDICATOR_URL'], 'method': 'POST', 'data': { 'indicatorValue': data['observable_value'], 'indicatorType': mapping_by_type.get(data['observable_type']), 'action': 'Allowed', 'title': title, 'description': description } }, 'microsoft-defender' '-remove-indicator': { 'url': current_app.config['INDICATOR_URL'] + '/' + str(data.get('indicator_id', '')), 'method': 'DELETE', 'data': {} } } result = {'data': {'status': 'success'}} item = actions.get(data['action-id']) if not item: result['data']['status'] = 'failure' result['errors'] = [ CTRBadRequestError("Unsupported action.").json, ] return jsonify(result) if data['observable_type'] != 'ms_machine_id' and \ not item['data']['indicatorType']: raise UnsupportedTypeError(data['observable_type']) if item['data']: action = json.dumps(item['data']).encode('utf-8') else: action = None credentials = get_jwt() client = Client(credentials) client.open_session() response, error = client.call_api(item['url'], item['method'], data=action) client.close_session() if error is not None: result['data']['status'] = 'failure' result['errors'] = [ CTRBadRequestError(error).json, ] return jsonify(result)
def respond_observables(): observables, error = get_observables() if error: return jsonify_errors(error) observables = group_observables(observables, 'respond') if not observables: return jsonify_data([]) g.actions = [] credentials = get_jwt() client = Client(credentials) client.open_session() for observable in observables: query_params = { 'observable_type': observable['type'], 'observable_value': observable['value'] } if observable['type'] == 'ms_machine_id': _actions = get_supported_actions(client, observable['value']) _actions = get_reverse_actions(client, observable['value'], _actions) actions = [] for item in _actions: action = {} action['id'] = \ f'microsoft-defender-{_TR_SUPPORTED_ACTIONS[item]}' action['title'] = item action['description'] = item action['categories'] = [ 'Microsoft Defender for Endpoint', 'Machine Actions' ] action['query-params'] = query_params actions.append(action) else: params = "$filter=indicatorValue+eq+'{value}'&$top=1".format( value=observable['value']).encode('utf-8') response, error = client.call_api( current_app.config['INDICATOR_URL'], params=params) if response and response.get('value'): obj = response['value'][0] human_action = 'Alert and Block' \ if obj['action'] == 'AlertAndBlock' else obj['action'] query_params['indicator_id'] = obj['id'] actions = [ { 'id': 'microsoft-defender-remove-indicator', 'title': 'Remove indicator: {action} - {title}'.format( action=human_action, title=obj['title']), 'description': f'Remove indicator with {human_action} ' f'action for {observable["value"]}', 'categories': [ 'Microsoft Defender for Endpoint', 'Remove Indicator' ], 'query-params': query_params }, ] else: actions = [{ 'id': 'microsoft-defender-add-indicator-alert', 'title': 'Add indicator: Alert', 'description': f'Add indicator with Alert action ' f'for {observable["value"]}', 'categories': ['Microsoft Defender for Endpoint', 'Add Indicator'], 'query-params': query_params }, { 'id': 'microsoft-defender-' 'add-indicator-alert-and-block', 'title': 'Add indicator: Alert and Block', 'description': f'Add indicator with ' f'Alert and Block action' f' for {observable["value"]}', 'categories': ['Microsoft Defender for Endpoint', 'Add Indicator'], 'query-params': query_params }, { 'id': 'microsoft-defender-add-indicator-allowed', 'title': 'Add indicator: Allow', 'description': f'Add indicator with Allow action ' f'for {observable["value"]}', 'categories': ['Microsoft Defender for Endpoint', 'Add Indicator'], 'query-params': query_params }] g.actions.extend(actions) client.close_session() return jsonify_data(g.actions)
def api(request): client = Client(host=get_option(request, "host")) return client
def test_fail_auth(self): wrong_data = ('*****@*****.**', 'password42') client = Client(wrong_data) with pytest.raises(WrongAuthData): client.login()
def test_auth(self): client = Client() assert client.login() == 200