def test_put_user(standard, init_ac_general):
print()
login('fx', 'lost')
u = User.read(username='******')
r = client.get('api/user/%d' % u.id, headers=Headers.get())
assert r.status_code == 200
u.fname = 'Big'
u.lname = 'Bird'
r = client.put('api/user', headers=Headers.get(), json=u.get_dict())
assert r.status_code == 200
return
def test_get_ugrs_by_id(standard, init_ac_general):
login('fx', 'lost')
r = client.get('api/user', headers=Headers.get())
assert r.status_code == 200
r = client.get('api/ugrs/user/%d' % r.json['id'], headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
#print(r.json)
# WP_734
ugrs_dict = r.json
UGRS = "ugrs"
assert (UGRS in ugrs_dict)
ugrs_dle = ugrs_dict[UGRS]
ugr_dict_list_elem1 = ugrs_dle[0]
ugr_dl_elem = {
"_access_rights": {
"permissions": ["read", "write", "add", "delete"],
"read_only": [],
"read_write": ["uuid", "id", "role_tag", "user_id", "group_id"]
},
"_group_name": "Foundation",
"_obj_type": "user_group_role",
"group_id": 1,
"id": 1,
"role_tag": "admin",
"user_id": 1,
"uuid": "e11d5af1-0326-4f24-aad0-f3fe437dd990"
}
for ugrs_key in ugr_dl_elem:
assert (ugrs_key in ugr_dict_list_elem1)
acc_rights_dict = ugr_dict_list_elem1["_access_rights"]
assert ("permissions" in acc_rights_dict)
assert ("read_only" in acc_rights_dict)
assert ("read_write" in acc_rights_dict)
arp_list = acc_rights_dict["permissions"]
perm_list = ["read", "write", "add", "delete"]
for _elem in perm_list:
assert (_elem in arp_list)
arrw_list = acc_rights_dict["read_write"]
rw_list = ["uuid", "id", "role_tag", "user_id", "group_id"]
for _elem in rw_list:
assert (_elem in arrw_list)
arro_list = acc_rights_dict["read_only"]
assert (len(arro_list) == 0)
# WP_734
return
def test_get_groups(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.get('api/groups/summary', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
# TODO: verify data
r = client.get('api/groups/standard', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
# TODO: verify data
return
def test_get_assets(standard, init_ac_general):
print()
login('brad', 'lost')
r = client.get('api/assets', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
return
def test_register_asset(standard, init_ac_general, load_asset_dbs):
print()
login('fx', 'lost')
r = client.put('api/asset/C4wjiHHMu0gJ/register',
headers=Headers.get(),
json={
'name': 'purple haze',
'vendor': 'ACME'
})
assert r.status_code == 200
#print(r.json)
dvc = Device()
dvc.setDeviceId("C4wjiHHMu0gJ")
dvc.getRegInfo()
# check sentinels/asset data
assert (dvc.dvcNm == 'purple haze')
assert (dvc.custCode == 'ACME')
# check command list
dvc.getCommands()
cmds = ["initscan", "register"]
list_num = 0
for cmd in cmds:
cmd_list = dvc.commands[list_num]
assert (cmd_list[2] == cmd)
list_num = list_num + 1
return
def test_get_user_by_id(standard, init_ac_general):
login('fx', 'lost')
print()
u = User.read(username='******')
r = client.get('api/user/%d' % u.id, headers=Headers.get())
assert r.status_code == 200
return
def test_get_user_current(standard, prime):
login('fx', 'lost')
r = client.options('api/user')
assert r.status_code == 200
r = client.get('api/user', headers=Headers.get())
assert r.status_code == 200
return
def test_get_commands(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.get('api/asset/H5V2JiWiwCi0/commands', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
return
def test_get_user_by_id_bad(standard, init_ac_general):
Ac.set_user_id()
u = User.read(username='******')
login('grimly', 'lost')
r = client.get('api/user/%d' % u.id, headers=Headers.get())
assert r.status_code == 404
return
def test_get_users_known(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.get('api/users', headers=Headers.get())
assert r.status_code == 200
assert users_in_response(r) == ['fx', 'bill', 'brad', 'george', 'grimly']
login('bill', 'lost')
r = client.get('api/users', headers=Headers.get())
assert r.status_code == 200
assert users_in_response(r) == ['bill', 'brad', 'george', 'grimly']
login('grimly', 'lost')
r = client.get('api/users', headers=Headers.get())
assert r.status_code == 200
assert users_in_response(r) == []
return
def api_put(path):
print('%s =>' % path)
r = client.put(
'%s' % path,
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
return
def test_rename_host(standard, fixture):
print()
login('fx', 'lost')
r = client.patch('/api/asset/H5V2JiWiwCi0/host/3',
headers=Headers.get(),
json={'name': 'The Third Host'})
assert r.status_code == 200
print(r.json)
return
def test_ack_alerts(standard, fixture):
print()
login('fx', 'lost')
r = client.patch(
'/api/asset/H5V2JiWiwCi0/alerts/acknowledge',
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
return
def test_shutdown_asset(standard, init_ac_general, load_asset_dbs):
print()
login('fx', 'lost')
r = client.put(
'api/asset/C4wjiHHMu0gJ/shutdown',
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
return
def drive_asset_switches(prepath, *switches):
for switch in switches:
r = client.put(
'%s/%s' % (prepath, switch),
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
r = client.delete(
'%s/%s' % (prepath, switch),
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
r = client.put(
'%s/%s' % (prepath, switch),
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
return
def test_delete_command(standard, fixture):
print()
login('fx', 'lost')
# reboot will create a command
r = client.put(
'api/asset/C4wjiHHMu0gJ/reboot',
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
# delete the reboot command
r = client.delete(
'/api/asset/C4wjiHHMu0gJ/command/1',
headers=Headers.get(),
)
assert r.status_code == 200
print(r.json)
return
def test_post_user(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.post('api/user',
headers=Headers.get(),
json={
'username': '******',
'group_id': 2,
'password': '******'
})
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
return
def test_get_users_with_roles(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.get('api/users/roles', headers=Headers.get())
assert r.status_code == 200
#print(r.json)
#print(json.dumps(r.json, indent=3))
# WP_732
verify_ugr_data(r.json, 'fx')
login('bill', 'lost')
r = client.get('api/users/roles', headers=Headers.get())
assert r.status_code == 200
#print(r.json)
print(json.dumps(r.json, indent=3))
verify_ugr_data(r.json, 'bill')
login('grimly', 'lost')
r = client.get('api/users/roles', headers=Headers.get())
assert r.status_code == 200
#print(r.json)
print(json.dumps(r.json, indent=3))
#verify_ugr_data(r.json, 'grimly')
return
def test_generate_2fa(standard, prime):
login('fx', 'lost')
r = client.put('user/2fa', headers=Headers.get())
assert r.status_code == 200
return
class Response(object):
"""Response(sock, request) -> new Response object
A Response object that holds the response to
send back to the client. This ensure that the correct data
is sent in the correct order.
"""
chunked = False
body = Body()
def __init__(self, sock, request):
"initializes x; see x.__class__.__doc__ for signature"
self.sock = sock
self.request = request
self.clear()
def __repr__(self):
return "<Response %s %s (%d)>" % (
self.status, self.headers["Content-Type"],
(len(self.body) if type(self.body) == str else 0))
def __str__(self):
self.prepare()
protocol = self.protocol
status = self.status
headers = self.headers
return "%s %s\r\n%s" % (protocol, status, headers)
def clear(self):
self.done = False
self.close = False
if self.request.server:
server_version = self.request.server.version
else:
server_version = SERVER_VERSION
self.headers = Headers([("Date", strftime("%a, %d %b %Y %H:%M:%S %Z")),
("X-Powered-By", server_version)])
if self.request.server is not None:
self.headers.add_header("Server", server_version)
self.cookie = self.request.cookie
self.stream = False
self._body = []
self.time = time()
self.status = "200 OK"
self.protocol = "HTTP/%d.%d" % self.request.server_protocol
def prepare(self):
if self.body and type(self.body) is ListType:
if unicode in map(type, self.body):
cLength = sum(map(lambda s: len(s.encode("utf-8")), self.body))
else:
cLength = sum(map(len, self.body))
self.headers.setdefault("Content-Type", "text/html")
self.headers["Content-Length"] = str(cLength)
if self.stream:
self.headers.setdefault("Content-Type", "application/octet-stream")
for k, v in self.cookie.iteritems():
self.headers.add_header("Set-Cookie", v.OutputString())
status = int(self.status.split(" ", 1)[0])
if status == 413:
self.close = True
elif "Content-Length" not in self.headers:
if status < 200 or status in (204, 205, 304):
pass
else:
if self.protocol == "HTTP/1.1" \
and self.request.method != "HEAD" \
and self.request.server is not None:
self.chunked = True
self.headers.add_header("Transfer-Encoding", "chunked")
else:
self.close = True
if self.request.server is not None and "Connection" not in self.headers:
if self.protocol == "HTTP/1.1":
if self.close:
self.headers.add_header("Connection", "close")
else:
if not self.close:
self.headers.add_header("Connection", "Keep-Alive")
if self.headers.get("Transfer-Encoding", "") == "chunked":
self.chunked = True
def test_get_asset(standard, init_ac_general, load_asset_dbs):
print()
login('fx', 'lost')
r = client.get('api/asset/H5V2JiWiwCi0', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
# WP_721
asset_dict = r.json
asset_prop_dict = {}
asset_prop_dict = {
"sub_start": "",
"sub_expire": "",
"userid": "",
"_rogueDevCnt": 0,
"_attackCnt": 0,
"_portScanCnt": 0,
"_rogueServiceCnt": 0,
"_authDevCnt": 0,
"_messageCnt": 0,
"_onlineDev": 0,
"_offlineDev": 0,
"_blockedCnt": 0,
"_health": 0, # Enum - check range
"_asset_config_options": {
"countermeasures": 0,
"firmware_version": "1.21.125",
"lcd_status": 1
},
}
asset_prop_keys = asset_prop_dict.keys()
for _key in asset_prop_keys:
print("key = <%s>" % _key)
assert (_key in asset_dict)
assert (asset_dict.get("_asset_config_options").get("countermeasures") !=
None)
assert (asset_dict.get("_asset_config_options").get("firmware_version") !=
None)
assert (asset_dict.get("_asset_config_options").get("lcd_status") != None)
# WP_721
# WP_726 - Verify Counts
# get expected Counts ...
dvc = Device()
dvc.setDeviceId("H5V2JiWiwCi0")
dvc.getDvcDataCounts()
# Alert Counts
assert (asset_dict["_attackCnt"] == dvc.dvcDataCounts["attackAlerts"])
#assert(asset_dict["_messageCnt"]) == 0
assert (asset_dict["_attackCnt"] == dvc.dvcDataCounts["messageAlerts"])
#assert(asset_dict["_rogueDevCnt"]) == 0
assert (asset_dict["_rogueDevCnt"] == dvc.dvcDataCounts["rougueAlerts"])
#assert(asset_dict["_rogueServiceCnt"]) == 0
assert (
asset_dict["_rogueServiceCnt"] == dvc.dvcDataCounts["rougueSvcAlerts"])
#assert(asset_dict["_portScanCnt"]) == 1
assert (asset_dict["_portScanCnt"] == dvc.dvcDataCounts["scanAlerts"])
# Alert Counts
# Conn Hosts
#assert(asset_dict["_authDevCnt"]) == 4
assert (asset_dict["_authDevCnt"] == dvc.dvcDataCounts["trstCH"])
#assert(asset_dict["_blockedCnt"]) == 0
assert (asset_dict["_blockedCnt"] == dvc.dvcDataCounts["blckCH"])
assert (asset_dict["_offlineDev"] == dvc.dvcDataCounts["offlCH"])
assert (asset_dict["_onlineDev"] == dvc.dvcDataCounts["onliCH"])
# Conn Hosts
# WP_726 - Verify Counts
return
class Response(object):
"""Response(sock, request) -> new Response object
A Response object that holds the response to
send back to the client. This ensure that the correct data
is sent in the correct order.
"""
chunked = False
body = Body()
def __init__(self, sock, request):
"initializes x; see x.__class__.__doc__ for signature"
self.sock = sock
self.request = request
self.clear()
def __repr__(self):
return "<Response %s %s (%d)>" % (
self.status,
self.headers["Content-Type"],
(len(self.body) if type(self.body) == str else 0))
def __str__(self):
self.prepare()
protocol = self.protocol
status = self.status
headers = self.headers
return "%s %s\r\n%s" % (protocol, status, headers)
def clear(self):
self.done = False
self.close = False
if self.request.server:
server_version = self.request.server.version
else:
server_version = SERVER_VERSION
self.headers = Headers([
("Date", strftime("%a, %d %b %Y %H:%M:%S %Z")),
("X-Powered-By", server_version)])
if self.request.server is not None:
self.headers.add_header("Server", server_version)
self.cookie = self.request.cookie
self.stream = False
self._body = []
self.time = time()
self.status = "200 OK"
self.protocol = "HTTP/%d.%d" % self.request.server_protocol
def prepare(self):
if self.body and type(self.body) is ListType:
if unicode in map(type, self.body):
cLength = sum(map(lambda s: len(s.encode("utf-8")), self.body))
else:
cLength = sum(map(len, self.body))
self.headers.setdefault("Content-Type", "text/html")
self.headers["Content-Length"] = str(cLength)
if self.stream:
self.headers.setdefault("Content-Type", "application/octet-stream")
for k, v in self.cookie.iteritems():
self.headers.add_header("Set-Cookie", v.OutputString())
status = int(self.status.split(" ", 1)[0])
if status == 413:
self.close = True
elif "Content-Length" not in self.headers:
if status < 200 or status in (204, 205, 304):
pass
else:
if self.protocol == "HTTP/1.1" \
and self.request.method != "HEAD" \
and self.request.server is not None:
self.chunked = True
self.headers.add_header("Transfer-Encoding", "chunked")
else:
self.close = True
if self.request.server is not None and "Connection" not in self.headers:
if self.protocol == "HTTP/1.1":
if self.close:
self.headers.add_header("Connection", "close")
else:
if not self.close:
self.headers.add_header("Connection", "Keep-Alive")
if self.headers.get("Transfer-Encoding", "") == "chunked":
self.chunked = True
def test_get_hosts(standard, init_ac_general):
print()
login('fx', 'lost')
r = client.get('api/asset/H5V2JiWiwCi0/hosts', headers=Headers.get())
assert r.status_code == 200
print(json.dumps(r.json, indent=3))
# WP_720
hostS_dict = r.json
assert ("hosts" in hostS_dict)
assert (len(hostS_dict) != 0)
#MariaDB [H5V2JiWiwCi0]> SELECT COUNT(*) FROM hosts;
#+----------+
#| COUNT(*) |
#+----------+
#| 4 |
#+----------+
#1 row in set (0.00 sec)
#
#MariaDB [H5V2JiWiwCi0]>
NUM_HOSTS = 4
last_hosts = hostS_dict["hosts"][NUM_HOSTS - 1]
assert (last_hosts != None)
host1 = hostS_dict["hosts"][0]
#assert(host1["_countermeasures"] != None)
#assert(host1["_obj_type"] != None)
#assert(host1["_ports"] != None)
host_data_dict = {
"_countermeasures": [],
"_obj_type": "asset_host",
"_ports": [],
"authorized": 1,
"deviceid": "H5V2JiWiwCi0",
"devicename": "\r",
"hostname": "None",
"id": 4,
"ip": "192.168.1.102",
"last_update": "Mon, 04 Mar 2019 21:50:08 GMT",
"mac": "FC:25:3F:D4:53:59",
"mac_vendor": "Apple",
"os_accuracy": "",
"os_family": "",
"os_gen": "",
"os_name": "",
"os_vendor": "",
"protocol": "ipv4",
"state": "up",
"status": ""
}
for host_key in host_data_dict:
assert ((host_key in host1) == True)
port1 = host1["_ports"]
assert (len(port1) != None)
port1_host1 = port1[0]
assert (port1_host1 != None)
if len(port1_host1) != 0:
port_dict = {
"_obj_type": "asset_host_port",
"deviceid": "H5V2JiWiwCi0",
"id": 1,
"info": "",
"ip": "192.168.1.1",
"mac": "08:00:27:4B:58:FB",
"name": "www-http",
"port": 80,
"protocol": "tcp",
"service": "World Wide Web HTTP",
"state": "open",
"status": ""
}
for port_key in port_dict:
assert ((port_key in port1_host1) == True)
# WP_720
return